- Overview of HCM
- Terminology Used In HCM
- HCM Service Assurance Architecture
- What's New in HCM 1.2
- Getting Started with HCM 1.2
- Starting HCM Service Assurance
- Configuring Session Timeout Value
- Modifying Database User Password in HCM Service Assurance Configuration File
- Modifying ACS Password in HCM Service Assurance Configuration File
- Performing a Manual Backup and Restore
- Understanding HCM Service Assurance User Interface
- Understanding HCM Service Assurance Roles
Introduction
This chapter describes the Hosted Collaboration Mediation (HCM) software. It includes:
•HCM Service Assurance Architecture
•Starting HCM Service Assurance
•Configuring Session Timeout Value
•Modifying Database User Password in HCM Service Assurance Configuration File
•Modifying ACS Password in HCM Service Assurance Configuration File
•Performing a Manual Backup and Restore
•Understanding HCM Service Assurance User Interface
•Understanding HCM Service Assurance Roles
Overview of HCM
HCM is intended for use in a Managed Service Provider (MSP) Network Operations Center (NOC). The main component in HCM is called Service Assurance. For more information, see HCM Service Assurance.
HCM Service Assurance
HCM Service Assurance provides a single pane view of assurance data in the hosted environment and provides various summaries and reports. This component was earlier known as Dashboard Layer. HCM Service Assurance acts as a bridge among customer-specific implementations of the following domain managers, in a virtualized environment:
•Cisco Unified Operations Manager (CUOM)
•VMware vCenter
•Cisco Unified Computing System Manager (UCSM)
•Data Center Network Manager (DCNM) - SAN
•Data Center Network Manager (DCNM) - LAN
HCM Service Assurance aggregates data from multiple instances of these domain managers, so that a user logging into HCM Service Assurance can view aggregated customer data in a single window. HCM Service Assurance comprises a set of Administration and Dashboard portlets and a Diagnostics portlet.
The Service Assurance portlets enable you to aggregate data from each virtualized instance of CUOM, vCenter, UCSM, DCNM-SAN, and DCNM-LAN.
The Administration portlets enable you to cross-launch to the web pages of the individual instances of CUOM, vCenter, UCSM, and DCNM-SAN for customer-centric views.
The portlets leverage the existing APIs and allow API calls to retrieve information from domain managers. HCM Service Assurance supports a VMWare-based deployment and can be installed and operated along with other portal servers or applications.
Terminology Used In HCM
The following list explains the terminology used in HCM:
•ACS—Cisco Secure Access Control Server. An access policy control platform that is used for authentication and access control.
•LDAP—Lightweight Directory Access Protocol. A protocol that is used for authentication and access control.
•CUOM—Cisco Unified Operations Manager. A product from the Cisco Unified Communications Management Suite. It provides a comprehensive and efficient solution for network management and monitoring of Cisco Unified Communications deployments.
•VMware vCenter—VMware vCenter provides centralized control and visibility at every level of virtual infrastructure and unlocks the power of vSphere through proactive management.
•UCSM—Cisco Unified Computing System Manager. UCSM provides unified, embedded management of all software and hardware components of the Cisco Unified Computing System, across multiple chassis and thousands of virtual machines.
•JBOSS_HOME—The path in which JBoss is installed. The JBOSS_HOME is HCM_Dashboard_Install_Directory/thirdparty/jboss.
•DCNM—Data Center Network Manager (DCNM) is a management solution that increases overall data center infrastructure uptime and reliability, hence improving business continuity. Cisco DCNM:
–Automates the provisioning process
–Proactively monitors the SAN and LAN by detecting performance degradation
–Secures the network
–Streamlines the diagnosis of dysfunctional network elements.
HCM Service Assurance Architecture
Figure 1-1 shows the HCM Service Assurance architecture.
Figure 1-1 HCM Service Assurance Architecture
In Figure 1-1, the portal client logs into HCM Service Assurance with the provided username and password. The username and password details are stored in Cisco Secure ACS or LDAP. Cisco Secure ACS or LDAP is used to authenticate a user. After the user is authenticated, the client can log into HCM Service Assurance.
HCM interfaces with either Cisco Secure ACS 5.1 or Lightweight Directory Access Protocol (LDAP) server for client authentication. During the process of installation, you are prompted to choose an authentication server between ACS 5.1 and LDAP. This functionality is also available for users who upgrade from HCM 1.1 to HCM 1.2.
In Cisco Secure ACS 5.1, the default authorization policy for device administration is set to Deny. You must edit the authorization policy for device administration and set it to permitAccess for the HCM server.
For detailed information, see the ACS 5.x Policy Model Chapter in User Guide for the Cisco Secure Access Control System 5.1.
HCM uses HTTP or HTTPS protocols for communication and supports a VMware-based deployment and JBoss Clustering. VMware-JBoss Clustering is used so that the server is always available to the client.
The Scheduler periodically collects data from multiple CUOM, vCenter, and UCSM instances, deployed in a virtualized environment. It does this using Web Services API and XML-based API.
The collected data is then updated in the HCM database.
Pluggable user interface (UI) components called portlets, act as an individual application that retrieves data from various domain managers and displays information.
When you cross-launch the domain managers, CUOM, UCSM, DCNM-SAN, HCM Service Assurance uses single sign-on to cross launch these applications, using the HTTPS connection. HCM Service Assurance does not support single sign-on for vCenter. When you cross-launch the vCenter web page, you must sign in by entering the vCenter username and password.
HCM Service Assurance cross-launches the domain managers that support web-based UI. For domain managers without web-based UI, the alarm or event is retrieved using API calls and it is displayed in a separate window. HCM Service Assurance communicates with the domain managers using Web Services APIs and XML-based APIs.
What's New in HCM 1.2
The following table describes the new features added in HCM release 1.2.
|
|
|
---|---|---|
Service Assurance |
||
Support to monitor additional domain managers—DCNM-SAN and DCNM-LAN. |
You can monitor the alarms generated by the two domain managers DCNM-SAN and DCNM-LAN, using a newly-added portlet called the Aggregated Data Center. You can also cross-launch to the domain manager DCNM-SAN. You can add, view, edit, and delete the domain managers DCNM-LAN and DCNM-SAN using Customer Administration Portlet. |
Understanding HCM Service Assurance User Interface Aggregated Data Center Portlet |
Indication to denote a change in the number of alarms since the last poll. |
A new icon in the alarm summary table alerts you on the changed alarm count since the last poll. This functionality applies to the following portlets: •Aggregated Alarm Summary •Alarm Summary •Phone Summary. |
|
Option to choose between LDAP and ACS 5.1 for authentication. |
When you install or upgrade to HCM 1.2, you can select either ACS 5.1 or LDAP as your authentication server. |
Installation Guide for Cisco Hosted Collaboration Mediation, 1.2 |
Ability to monitor alarms generated by UCSM Chassis. |
You can monitor the alarms generated by UCSM Chassis besides the UCSM Blade. The alarms generated on the chassis are reported by the newly-added portlet, Aggregated Data Center. |
Understanding HCM Service Assurance User Interface |
Ability to import customer and inventory data in bulk using a customized spreadsheet in limited number of steps. |
Using a customized spreadsheet that contains customer and inventory information, you can easily add data to HCM and the underlying domain managers. |
|
Availability of a new CUOM API that can invoked to update the NOC operator data. |
You can share user credentials between HCM and CUOM by invoking an API in CUOM. The new CUOM API enables you to share operator data after entering the information only once. |
|
Multi-customer support for domain manager CUOM. |
You can view customer-wise data for all alarms generated on CUOM. |
|
Ability to upgrade to HCM 1.2 from HCM 1.1 without loss of data. |
You can seamlessly migrate from HCM 1.1 to HCM 1.2 without loss of data. |
Installation Guide for Cisco Hosted Collaboration Mediation, 1.2 |
Getting Started with HCM 1.2
You can install or upgrade to HCM 1.2 using either ACS or LDAP for authentication.
Using ACS
Step 1 Log in as portaladmin.
Step 2 Create a customer. For details, see Adding a Customer
Step 3 Create user. For details, see Adding a User
Step 4 Log out and log in with the user credentials you created.
Using LDAP
Step 1 Log in as portaladmin.
Step 2 Configure LDAP in Enterprise Admin portlet. For information, see Installation Guide for Hosted Collaboration Mediation, 1.2.
Step 3 Create a customer. For details, see Adding a Customer
Step 4 Create user. For details, see Adding a User
Step 5 Log out and log in with the user credentials you created.
The following are the other tasks that you need to perform:
•Add domain managers—See Configuring Domain Managers
•Add portlets—See Administration Portlets, Service Assurance Portlets
•Adding devices—See Adding Devices to a Customer,
As a pre-requisite to view alarms in aggregated data center, make sure you add DCNM-LAN, DCNM-SAN, and UCSM.
Starting HCM Service Assurance
You can launch HCM Service Assurance from your web browser.
To launch HCM Service Assurance:
Step 1 In your web browser, enter http://Portal_Server:Port_Number
Portal_Server is the IP address or the machine name of the server on which HCM Service Assurance is installed and Port_Number is the port number used.
The HCM Service Assurance login page appears.
Step 2 Enter your login credentials in the username and password fields.
Step 3 Click Sign In to log into HCM Service Assurance.
The HCM Service Assurance page appears.
An error message is displayed if the login credentials are wrong. To clear the wrong username and password, click Clear.
HCM Service Assurance users are subject to user privileges. Depending on your user profile, you might not see certain portlets or have access to certain functions. For more information about user privileges, see Understanding HCM Service Assurance Roles.
Configuring Session Timeout Value
The default session timeout value is 60 minutes. After 55 minutes, a message alerts you, and you will be prompted to extend the session; click Extend to extend the session. The session expires if you do not click the Extend option.
You can configure the session timeout value in the web.xml file.
To configure the session timeout value:
Step 1 Go to the HCM_Root_Directory\thirdparty\jboss\server\default\deploy\ROOT.war\WEB-INF directory.
Step 2 Open the web.xml file.
Step 3 Edit the value within the <session-timeout>
and </session-timeout>
tags.
For example, after changing the user timeout value to 60 minutes, the <session-config>
element in the web.xml file should look like:
<session-config>
<session-timeout>
60</session-timeout>
</session-config>
Step 4 Restart the HCM Service Assurance server:
a. Go to the HCM_Root_Directory/bin directory.
b. Run ./stop-hcm.sh.
c. Run ./start-hcm.sh.
Modifying Database User Password in HCM Service Assurance Configuration File
You can modify the database user password by editing the configuration file. To do this:
Step 1 From the JBoss home directory, enter the following command and change the password instance with the new password:
../jdk/bin/java -cp lib/jboss-common.jar:lib/jboss-jmx.jar:server/default/lib/jbosssx.jar:server/default/lib/jboss-jca.jar org.jboss.resource.security.SecureIdentityLoginModule password
The encoded password appears.
For example, encoded password—5dfc52b51bd35553df8592078de921bc.
Step 2 Copy the encoded password that is generated.
Step 3 Go to the HCM_Root _Directory/thirdparty/jboss/server/default/conf directory.
Step 4 Open the login-config.xml file.
Step 5 Edit the value and paste the encoded password that you copied within the <module-option name="password">
and </module-option>
tags.
Note The <module-option name="password">
and </module-option>
tags appear twice in the login-config.xml file. You must edit the value at both instances.
The following is a sample of the login-config.xml file after the encoded password is modified. The <module-option name="password">
and </module-option>
tags have been highlighted.
<!-- Security domains for HCM encrypted database password jca framework -->
<application-policy name="HCMEncryptDBPassword">
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">db_username</module-option>
<module-option name="password">5dfc52b51bd35553df8592078de921bc </module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:name=HCM_PORTAL,service=LocalTxCM</module-option>
</login-module>
</authentication>
</application-policy>
<!-- Security domains for HCM encrypted database password jca framework -->
<application-policy name="HCMEncryptLocalDBPassword">
<authentication>
<login-module code="org.jboss.resource.security.SecureIdentityLoginModule" flag="required">
<module-option name="username">db_username</module-option>
<module-option name="password">5dfc52b51bd35553df8592078de921bc </module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:name=HCM_LOCAL,service=LocalTxCM</module-option>
</login-module>
</authentication>
</application-policy>
Modifying ACS Password in HCM Service Assurance Configuration File
You can modify the ACS password by editing the configuration file. To do this:
Step 1 Enter the following command and change the password instance with the new password:
../jdk/bin/java -cp server/default/lib/msdtportal.jar:server/default/lib/bcprov-jdk15-142.jar com.cisco.util.Encryptor password
The encoded password appears.
For example, encoded password—47|-112|-52|126|-82|31|-15|46|-40|32|-87|45|72|-65|18|-15.
Step 2 Copy the encoded password that is generated.
Step 3 Go to the HCM_Root_Directory//thirdparty/jboss/server/default/deploy/ROOT.war/WEB-INF directory.
Step 4 Open the acs.properties file.
Step 5 Paste the encoded password that you copied in the ACS_SECRETKEY parameter.
The following is a sample of the acs.properties file after the encoded password is modified. The ACS_SECRETKEY parameter has been highlighted.
#ip address of the ACS server
ACS_IPADDRESS=172.20.120.145
#port number of the ACS Server
ACS_PORTNUMBER=49
#Secret Key Used for ACS Communication
ACS_SECRETKEY=47|-112|-52|126|-82|31|-15|46|-40|32|-87|45|72|-65|18|-15
Performing a Manual Backup and Restore
This section explains the procedure to manually backup and restore HCM 1.2 database and configuration files. Cisco recommends that you use a third party package or a VMware backup/restore tool for the procedure.
To automatically execute nightly backup, you can schedule cron jobs that call the assurancedb-backup.sh and hcm-assurance-backup.sh scripts.
The following steps explain the procedure to backup and restore database and configuration files.
Database
•Backup
cd <HCM_ROOT>/bin
./assurancedb-backup.sh user password host port <BACKUP_DIRECTORY>
•Restore
mysql -u root -p < <BACKUP_DIRECTORY>/assurance-db-backup.sql
Configuration Files
•Backup
cd <HCM_ROOT>/bin
./hcm-assurance-backup.sh install_root <BACKUP_DIRECTORY>
Note You can ignore the error message "File Not Found" that may appear. This message appears for missing optional files.
•Restore
cd <HCM_ROOT>
./bin/hcm-assurance-restore.sh backup_configuration_file
Understanding HCM Service Assurance User Interface
HCM Service Assurance offers an intuitive UI. This section describes the key components of the HCM Service Assurance UI:
•Common UI Elements and Options
•Changing the Look and Feel of the Portlet
Common UI Elements and Options
Figure 1-2 shows the common elements and options in the HCM Service Assurance UI.
Figure 1-2 HCM Service Assurance User Interface
Table 1-2 describes the common elements and options in the HCM Service Assurance UI.
|
|
|
---|---|---|
1 |
Cisco Logo |
Click to display the official Cisco web site. |
2 |
Navigation Bar |
Displays the primary navigation tabs and the Add Portlet and Change Layout buttons. |
3 |
Portlet |
Portlet is a pluggable UI component. For detailed information about the purpose and function of each portlet, see Chapter 2 "Working with Portlets" |
4 |
Add Portlet |
Enables you to add portlets to HCM Service Assurance pages. See Adding Portlets |
5 |
Help |
Click to see the HCM User Guide. |
6 |
About |
Click to display the software version of HCM Service Assurance. |
7 |
Log Out |
Click to log out of HCM Service Assurance. |
8 |
Change Layout |
Enables you to specify the layout of the portlets. See Managing Screen Layout |
Adding Portlets
You must log in as an admin user to add portlets. The Add Portlet button in the Navigation Bar enables you to add portlets to the HCM Service Assurance pages.
To add portlets:
Step 1 Navigate to the page on which you wish to add the portlet.
Step 2 Click the Add Portlet button in the Navigation Bar.
The Add Application dialog box appears, displaying a list of portlet categories.
Step 3 Click Hosted Collaboration Mediation.
A list of portlets belonging to the Hosted Collaboration Mediation category appears.
Step 4 Click the Add button corresponding to the portlet that you want to add. Alternatively, you also drag the portlet to the content area.
The portlet that you select appears in the page that you are currently viewing.
The Add Application dialog box provides options that enable you to search for portlets.
To search for a portlet and then add it to the page:
Step 1 In the Search Applications field, enter the name of the portlet.
The search results corresponding to the criteria that you specify appear.
Step 2 Click the Add button corresponding to the portlet that you want to add. Alternatively, you also drag the portlet to the content area.
The portlet that you select, appears in the page that you are currently viewing.
Managing Screen Layout
The Change Layout button in the Navigation Bar enables you to manage the layout of portlets that appear in the content area. You can change the layout of portlets, according to a set of available layout templates.
To change the layout of the portlets that appear in the content area:
Step 1 Click the Change Layout button in the Navigation Bar.
The Layout dialog box appears, displaying a list of available layout templates. Figure 1-3 shows the Layout dialog box.
Figure 1-3 Layout Dialog Box
Step 2 Click the radio button corresponding to the layout template that you want to choose.
Step 3 Click Save.
The portlets in the content area re-align based on the layout that you selected in the Layout dialog box.
Understanding Portlets
HCM Service Assurance aggregates data from multiple virtualized instances of domain managers and displays summary information using pluggable UI components called portlets. Each portlet acts as an individual application that retrieves data from various domain managers to display information.
You can cross-launch the domain managers that support web-based UI from the portlet. In addition to displaying information, the portlets also act as entities from where the functionality of HCM Service Assurance flows. UI options that enable you to perform various workflow activities appear inside the portlets.
Figure 1-4 shows a sample portlet.
Figure 1-4 Sample Portlet
Table 1-3 describes the common UI options that appear in every portlet.
For detailed information about each portlet, see Chapter 2 "Working with Portlets".
|
|
---|---|
1 |
Portlet Title—Displays the title of the portlet. Click Portlet Title to edit it. |
2 |
Portlet Toolbar—Displays the various UI options that are available in the portlet. These options differ from portlet to portlet. |
3 |
Look and Feel—Click to change the look and feel of the portlet. See Changing the Look and Feel of the Portlet. |
4 |
Minimize—Click to minimize the portlet. |
5 |
Maximize—Click to maximize the portlet. |
6 |
Remove—Click to remove the portlet. |
7 |
Column Header Row—Displays a check box and the column header for each column in the table. |
8 |
Portlet Table—Information is displayed in tabular format in the portlet. |
Changing the Look and Feel of the Portlet
Using the Look and Feel button in the portlet, you can set or alter the display properties corresponding to each portlet.
To set or alter the display properties corresponding to a portlet:
Step 1 In any portlet, click the Look and Feel button.
The Look and Feel dialog box appears.
Step 2 Use the following UI options available in the Look and Feel dialog box to set or alter the display properties, corresponding to the portlet:
•Portlet Configuration
•Text Styles
•Background Styles
•Border Styles
•Margin and Padding
•Advanced Styling
•WAP Styling
Step 3 Click Save.
Understanding HCM Service Assurance Roles
A role is associated with a specific job function or functions and provides the necessary permissions to perform these functions. The following types of roles are available for the HCM Service Assurance component:
Admin
An admin user has all administrative privileges. An admin user can create a user with admin or operator privileges. The username and password details are maintained in the Cisco Secure ACS or LDAP and the HCM database.
The HCM database must be synchronized with the username and password details. You must configure the user in Cisco Secure ACS or LDAP and then map the user in HCM Service Assurance.
Note The default admin username is portaladmin and the default password is admin.
When you log in as an admin user with the default username and password and provision a Cisco Secure ACS or LDAP user as a SuperAdmin, the default admin user will be disabled and you will not be able to log into the HCM server.
All the portlets will be available for the admin user:
•Customer Cross Launch
•Quick Launch
•Configuration
•User Administration
•Customer Administration Launch Point
•Alarm Summary
•Phone Summary
•Diagnostics Test
•Aggregated Data Center portlet
For detailed information about portlets, see Chapter 2 "Working with Portlets"
Operator
An operator has only monitoring privileges for a customer or a set of customers. An operator cannot add or modify any portlets. The following summary portlets are available for an operator:
•Quick Launch
•Customer Cross Launch
•Alarm Summary
•Phone Summary
•Aggregated Data Center portlet
For detailed information about portlets, see Chapter 2 "Working with Portlets".