H3C Technologies H3C Intelligent Management Center User Manual
Page 48

34
resources you want to manage. In addition, you need to ensure that the TCP and UDP ports that IMC uses
to communicate with other servers and modules are also permitted.
Alternatively, your organization may have a management VLAN or subnet dedicated to management
systems for which this traffic is permitted for devices in the VLAN or subnet. If your organization has such
a VLAN or subnet, be sure to locate the IMC servers in this VLAN or subnet.
To manage a device using SNMP, Telnet, and SSH, you need to configure the device to support these
protocols. For SNMP, this requires enabling SNMP on every managed device, using the version of SNMP
your organization mandates. It also requires configuring the device to forward SNMP traps to IMC if you
have designated IMC as the device to process and display SNMP traps. You need to configure IMC with
the SNMP configuration information that allows it to both SNMP poll devices as well as to receive SNMP
traps from managed devices. Use the SNMP templates feature to configure IMC for all devices that are
monitored and managed using SNMP. You can configure IMC to receive traps from devices when the
devices are auto-discovered or added to IMC.
With Telnet and SSH, you need to configure every device to enable Telnet and/or SSH sessions to it. See
the vendor documentation for instructions. You also need to configure IMC with the Telnet or SSH
configuration information in order for IMC to establish a session with a managed device. You can use
Telnet and SSH templates to simplify the process of adding device specific Telnet and SSH configuration
information to IMC. Some features in IMC require a Telnet or SSH application on the operator's local
computer. IMC can use the native Telnet and SSH clients that most operating systems provide. Check with
your organization's requirements regarding the use of Telnet or SSH for secure access to managed
devices.
Identifying security policies and restrictions for monitoring
To successfully deploy IMC, you must identify the various zones and application tiers in your network and
what the access policies are for each of them. Is ICMP, SNMP, Telnet, and SSH traffic permitted to and
from each one of these zones that contains one or more devices you want to manage and the VLANs or
subnets that IMC resides on? Or, what is required to permit ICMP, SNMP, Telnet, and SSH traffic to these
zones and tiers?
You need to configure the version of SNMP that is mandated by your organization on each device to be
managed using SNMP. This SNMP configuration on the device must match the SNMP configuration for
the device in IMC.
You need to identify your organization's requirements for the use of Telnet or SSH for managed devices
and configure each device and IMC accordingly.
Identifying your organization's password requirements for SNMP community strings, Telnet, and SSH
passwords as well as IMC operator accounts enables you to configure IMC to meet those requirements.
Identifying the integration requirements and
opportunities
IMC may not be the only management system in your infrastructure. Consider the following questions to
determine how to accomplish integration:
•
Is IMC the destination for events and alarms generated by IMC as well as by other management
systems?
•
Is IMC the repository and console for SNMP traps and Syslog events?