Prerequisites

General

The tar file cisco-aci-agent-solution-v6.8.0-build-271947.tar.gz can be downloaded from IBM Passport Advantage ( https://www.ibm.com/software/passportadvantage/pao_download_software.html ) via Passport Advantage Online . However, if you are on a legacy / flexible SevOne contract and do not have access to IBM Passport Advantage but have an active Support contract, please contact IBM SevOne Support for the tar file. The tar must contain the following components:

  • Cisco ACI Agent Docker image
  • launch script
  • conf directory
  • version.txt
  • install.sh
Important: SevOne SDN Collector has been tested with Cisco ACI version 3.2 and version 4.0. Please refer to SevOne SDN Collector Set APIC User Account for details on how to setup an APIC user account.

If you are using multi-site mode, please refer to SevOne SDN Collector Set MSO User Account for details on how to setup an MSO user account.

The solution employs a SevOne ACI Collector, which runs as a Docker container. It queries the Cisco ACI APIC to discover the ACI components and their related status and performance data. The collector also subscribes via a WebSocket to the Cisco ACI APIC for faults generated in the APIC and forwards them to SevOne NMS as SevOne NMS Alerts.

SevOne Cisco ACI collector forwards its information to SevOne NMS for data storage and analysis. The user views the data via SevOne Data Insight, which requests data from SevOne NMS based on the information requested from the user.

  • SevOne ACI Collector requires a login to the APIC with read-only admin privilege in order for the APIC to return the necessary data to monitor the fabric components.
  • Monitoring policies must be enabled on the APIC in order for performance data to be collected and available to SevOne Cisco ACI Collector.

SevOne SDN Collector 6.8 Solution can collect data from multiple sites and it can be done using the following two ways. This information is included in the multi_site_config.json file that has been introduced in 2.4 solution. For additional details on the .json file, please refer to SevOne SDN Collector Set Collector Using 'launch configure' Option.

  • The collector can gather the list of sites by connecting to the Cisco Multi-Site Controller. It will then be connected to each site separately to gather the data.
  • A list of sites may be provided to the collector along with credentials to connect to those sites.

SevOne SDN Collector 6.8 Solution can control which ACI Faults trigger creation of SevOne Alerts. It also allows user to decide severity of SevOne alarm that is created . This information is included in the fault configuration json file that has been introduced in 6.8 solution. For more details on this configuration, please refer to SevOne SDN Collector Filter Alerts Using 'launch generate-fault-config' Option.

Network/Firewall

Configure the following port information.

SevOne SDN Collector and Cisco Application Policy Infrastructure Controllers (APICs)

To facilitate the collection of ACI fabric performance and status data, TCP port 443 must be open between SevOne Cisco ACI collector and Cisco APICs.

SevOne SDN Collector and Cisco Multi-Site Controller

To facilitate the collection of site information from a multi-site controller, TCP port 443 must be open between SevOne Cisco ACI collector and Cisco Multi-Site Controller.

SevOne SDN Collector and SevOne NMS PAS

To facilitate the transfer of collected ACI fabric data to SevOne NMS PAS for processing and storage, TCP port 443 must be open between SevOne Cisco ACI collector and SevOne NMS PAS.

SevOne SDN REST API

You need the following information for SevOne SDN REST API:

  • A Cisco APIC account. It is necessary for authenticating to Cisco ACI REST API endpoints and collecting data from the endpoints.
  • User name and password for the Cisco APIC account.
  • Cisco APIC IP addresses or domain names to configure SevOne Cisco ACI collector.

Signature-based Authentication

When using a signature-based authentication to connect to the APIC v3.2+, you are required to have a certificate - private key pair. The certificate must be associated with the user account that has access to historical data. Also, note down the certificate name under which it is saved. Then copy over the generated private key, rename it to private.key and place it in /opt/cisco-aci-agent/credentials. Create the directory, if needed. Then configure the multi_site_config.json file to have the name of certificate and key file location like:

"certificate":"/aci-auth/YourCertName",
"key":"/aci-auth/private.key"

Note: If the certificate and key are assigned a value, the collector will default to Signature-based Authentication. If you prefer to use password-based authentication, certificate and key must be left as blank.

Signature-based Authentication applies to APIC cluster only. It does not apply to MSM.

SevOne NMS PAS

  • Version 5.7.2.32+
  • An administrator-level account in SevOne NMS. SevOne Cisco ACI collector must communicate with SevOne Universal Collector (UC) REST API.
  • User name and password for the administrator-level account.
  • IP address of the PAS.

Docker

Important: Docker 18.06.1.ce is a minimum requirement. If docker is not installed and you need to install Docker components, please contact IBM SevOne Support.
  • SSH into SevOne NMS or the system on which the collector needs to be deployed.
  • To avoid typing sudo whenever you run the docker command, add your username to the docker group.
    Important: You need to log out and log in again to take this into effect.
    $ usermod -aG docker <username>

    Example

    $ usermod -aG docker sevone