Configure regions

[This is the Context-Sensitive Help topic for the Regions tab on the Communication Configuration form.]

Configuring communication protocols for regions is optional unless you want NNMi to monitor hypervisor devices that are authorized using CA Certificates - which requires configuration shared across an entire region (NNMi Advanced).

If you provide an SNMPv1 or SNMPv2c read community string or an SNMPv3 USM Setting for a specific device, NNMi honors your choice and does not try any Region or Default settings for that device.

Use the Regions tab to fine tune communication protocol usage and settings for particular regions of your network (for example, buildings, floors within those buildings, workgroups within a particular floor, or private IP addresses). When you leave a field blank in a region definition, NNMi uses the next applicable configuration setting in the following order:

• The value for each field as defined in the first Region definition that matches, Regions are checked according to the Ordering number. The match with the lowest Ordering number applies.
• If no Region definition provides a value for an attribute, the default value is used.

NNMi enables you to set up one or more SNMP Proxy Servers when an SNMP node is otherwise unreachable (for example, when a node you want to manage is behind a firewall). To enable NNMi to use the SNMP Proxy Server, when you configure communication protocols for network regions, you must include the IP address and port number on the SNMP Proxy Server.

To configure communication protocols for a particular region of your network:

1. Navigate to the Communication Region form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select the Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To establish a region definition, click the  New icon, and continue.
      • To edit a region definition, select a row, click the  Open icon, and continue.
      • To delete a region definition, select a row and click the  Delete icon.
2. Provide the required information. Define the regions with wildcard address, wildcard device names, or literal addresses and names .
3. Click  Save and Close to return to the Communication Configuration form.
4. Click  Save and Close to apply your changes.

Communication Region form

[This is the Context-Sensitive Help topic for the Communication Region form.]

To configure communication regions:

1. Navigate to the Communication Region form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select the Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To establish a region definition, click the  New icon.
      • To edit a region definition, select a row, click the  Open icon.
2. Provide the basic communication region definition.
3. Make your configuration choices. Click here for a list of choices .
4. Click  Save and Close to return to the Communication Configuration form.
5. Click  Save and Close to apply your changes.

Regional Basic Settings

Attribute	Description
Name	A name for this region.
Ordering	A numeric value. NNMi checks for configuration settings in the order you define (lowest number first). NNMi uses the first match found for each address. No duplicate Ordering numbers are permitted. Each Communication Region ordering number must be unique. Tip Consider incrementing Ordering numbers by 10s or 100s to provide flexibility when adding new regions over time.
Description	Optional. Provide any description that would be useful for communication purposes within your team. Type a maximum of 255 characters. Alpha-numeric, spaces, and special characters (~ ! @ # $ % ^ & * ( ) _+ -) are permitted.

Regional SNMP Settings

Attribute	Description
Enable SNMP Communication	If  enabled, the Discovery Process and State Poller Service generate network traffic with SNMP protocol to discover and monitor your network devices in this region. If  disabled, NNMi does not generate any SNMP traffic on your network in this region. At least one IP Address in each node must have SNMP enabled, otherwise no SNMP data is collected from that Node. With no SNMP data, Spiral Discovery interprets each IP Address as a separate node, Causal Engine calculates Status based only on IP address State, previously discovered Interfaces show a State attribute value of "Not Polled" and a Status attribute value of "No Status" with the Interface map-symbol color set to beige, and no new Interfaces are discovered. If you use Auto-Discovery, NNMi might detect Nodes and add them to the NNMi database as non-SNMP nodes.
Enable SNMP Address Rediscovery	The NNMi administrator can over-ride this setting on a per-node basis. If  enabled, NNMi automatically identifies which management address (SNMP agent) to use for each device. If the initially configured address becomes unreachable, NNMi automatically locates another address, if possible, and changes the management address attribute value. Click here for more information. When NNMi first discovers a node, the seed address (provided by the NNMi administrator) or discovered address (for non-seeded nodes) becomes the initial address used for SNMP communication. After NNMi builds an inventory of all IP addresses associated with the node, NNMi follows a set of rules to determine which address is the best choice for each node's Management Address: (NNMi Advanced) The NNMi administrator specifies whether NNMi prefers IPv4 addresses, IPv6 addresses, or dual-stack (both) when selecting the Management Address. NNMi ignores the following addresses when determining which Management Address is most appropriate: Any address of an administratively-down interface. Any address that is virtual (for example, VRRP). Any IPv4 Anycast Rendezvous Point IP Address or IPv6 Anycast address. Any address in the reserved loopback network range. IPv4 uses 127/24 (127.*.*.*) and IPv6 uses ::1. Any IPv6 link-local address. If the NNMi Administrator chooses Enable SNMP Address Rediscovery  in Communication Configuration, NNMi prefers the last-known Management Address (if any). If the Management Address does not respond and the NNMi Administrator specifies Enable SNMP Address Rediscovery in Communication Configuration, NNMi uses the Communication Configuration settings for Management Address Selection. The NNMi Administrator chooses the order in which NNMi checks the following: Seed IP / Management IP - If the NNMi Administrator configures a Seed, NNMi uses the Seed address (either a specified IP address or the DNS address associated with a specified hostname) only during initial Discovery. NNMi then requests the current Management Address (the address from which the node's SNMP Agent responds) and uses that IP address for all communication after initial discovery. Lowest Loopback - If a node supports multiple loopback address, NNMi queries each loopback addresses, starting with the lowest number. NNMi uses the loopback address with the lowest number from which the SNMP agent responds (for example, 10.16.42.197 is a lower number than 10.16.197.42). Highest Loopback - If a node supports multiple loopback address, NNMi queries each loopback addresses, starting with the highest number. NNMi uses the loopback address with the highest number from which the SNMP agent responds. Interface Matching - The NNMi Administrator chooses which interface MIB variable NNMi queries to detect changes. NNMi can use the following MIB-II attribute values: ifIndex, ifName, ifDescr, ifAlias, or a combination of these (ifName or ifDescr, ifName or ifDescr or ifAlias). NNMi searches current database entries for information about the interface in this order: index, alias, name, and description. If multiple IP addresses are associated with the interface, NNMi starts by querying the lowest IP address and selects the first responding address in ascending order. If no response, NNMi queries any remaining IP addresses in the node's IP address inventory, starting with the lowest number. NNMi uses the address with the lowest number from which the SNMP agent responds. If no response, NNMi checks for any Mapped Address configured for one of the currently known addresses (see the Mapped Address column in the Custom IP Addresses view). The address represents a static Network Address Translation (NAT) pair's external IP address from the internal/external IP address pair. NNMi Administrators configure these pairs using the Overlapping IP Address Mapping form. NNMi uses this list of addresses starting with IPv4 from low to high, then IPv6 from low to high. If no response, NNMi might be configured to repeat the sequence using SNMPv1, SNMPv2c, or SNMPv3 in the order specified by the NNMi administrator (Communication Configurations SNMP Minimum Security Level settings). When all else fails, NNMi retains the last known Management Address (if any) and automatically changes the State of that SNMP Agent object to Critical. This process is repeated during each Spiral Discovery cycle, and the Management Address can change. For example, NNMi's inventory of addresses for the node expands, or the current Management Address does not respond to SNMP queries due to network problems or node reconfiguration. The NNMi administrator can prevent changes to the management address using the Communication Configurations Enable SNMP Address Rediscovery  (disabled) or Preferred Management Address setting. If  disabled, when the current management address (SNMP agent) becomes unreachable, NNMi does not check for other potential management addresses.
Get-Bulk Enabled	Applies only to SNMPv2 or higher. If you have devices in your network environment that have trouble responding to GetBulk commands, you can instruct NNMi to use Get or GetNext instead of GetBulk. If  enabled, NNMi uses the SNMPv2c GetBulk command to gather information from devices in this Region of your network environment. If  disabled, NNMi uses the SNMP Get or GetNext command to gather information from devices in this Region of your network environment (requesting responses for one SNMP OID at a time).
SNMP Timeout	(Seconds:Milliseconds) Maximum 1 millisecond less than a minute: 59 seconds 999 milliseconds. Time that NNMi waits for a response to an SNMP query before reissuing the request. Both the Discovery Process and the State Poller Service use this setting in this region.
SNMP Retries Count	Maximum number of retries that NNMi issues for an SNMP query before determining the query result to be "unresponsive". Zero means no retries. Both the Discovery Process and the State Poller Service use this setting in this region.
SNMP Port	Default is 161. Specifies the management server's port that NNMi uses when generating SNMP traffic. Both the Discovery Process and the State Poller Service use this setting in this region.
SNMP Proxy Address	Optional. IP address of the your SNMP Proxy Server (for example, a proxy that gathers data from non-SNMP devices and can use that data to respond to NNMi SNMP requests). To enable a proxy, you must also provide the port number of your SNMP Proxy Server. See SNMP Proxy Port (next attribute). When you configure NNMi to use a Proxy Server, you must ensure that the Proxy Server vendor supports the Object Identifiers used to handle SNMP requests and responses.
SNMP Proxy Port	Optional. Port number of the SNMP Proxy Server. To enable a proxy, you must also provide the IP address of your SNMP Proxy Server. See SNMP Proxy Address (previous attribute). When you configure NNMi to use a Proxy Server, you must ensure that the Proxy Server vendor supports the Object Identifiers used to handle SNMP requests and responses.
SNMP Minimum Security Level	This setting determines whether each NNMi Rediscovery cycle automatically detects the best SNMP choice (v1, v2, or v3) for each Node (automatically detects any upgrade to the SNMP agent on each Node), or uses only the SNMP version that you specify. For SNMPv1 or SNMPv2c, configure NNMi to use Community Strings in your network environment: Community Only (SNMPv1) NNMi tries only SNMPv1 settings. Community Only (SNMPv1 or v2c) NNMi first tries to use SNMPv2c settings, and, if that fails, NNMi tries SNMPv1 settings. Community NNMi first tries to use SNMPv2c settings, and, if that fails, NNMi tries SNMPv1 settings. If both SNMPv2c and SNMPv1 fail, NNMi tries SNMPv3 settings if any are available. For SNMPv3, configure NNMi to use the User-based Security Module (USM) level of security required in your network environment (if your environment also uses SNMPv1/SNMPv2c, select Community): No Authentication, No Privacy Authentication, No Privacy Authentication, Privacy

Regional ICMP Settings

Attribute	Description
Enable ICMP Communication	If  enabled, NNMi generates network traffic with ICMP protocol in this region. If  disabled, NNMi does not generate any ICMP traffic on your network in this region: Addresses in this Region (both previously discovered and newly discovered) have a State attribute value of "Not Polled" and a Status attribute value of "No Status" with the IP Address map-symbol color set to beige. Nodes with all IP addresses and interfaces showing a Status attribute value of "No Status" have a map-symbol background shape color set to beige. However, it is possible for a node to have IP addresses in multiple regions with multiple Status values.
ICMP Timeout	(Seconds:Milliseconds) Maximum 1 millisecond less than a minute: 59 seconds 999 milliseconds. Time that NNMi waits for a response to an ICMP query before reissuing the request in this region.
ICMP Retries Count	Maximum number of retries that NNMi issues for an ICMP query in this region before logging an error. Zero means no retries.

Configure address ranges for regions

[This is the Context-Sensitive Help topic for the Included Address Range form.]

To configure an address range for this region:

1. Navigate to the Region Included Address Range form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To establish a region definition, click the  New icon.
      • To edit a region definition, select a row, click the  Open icon.
   5. In the Communication Region form, navigate to the Included Address Regions tab.

   6. Do one of the following:

      • To establish an address range setting, click the  New icon.
      • To edit an address range setting, select a row, click the  Open icon.
      • To delete an address range setting, select a row and click the  Delete icon.

2. Provide address range definition.

   If you provide multiple IP address ranges for a region, each device must pass at least one to meet the criteria.

   If you provide both IP address ranges and hostname wildcards, each device must pass at least one in either category (not both) to meet the criteria.

3. Click  Save and Close to return to the Communication Region form.
4. Click  Save and Close to return to the Communication Configuration form.
5. Click  Save and Close to apply your changes.

Address Range Definition Attribute

Attribute

Description

IP Range

To specify a range of IP addresses for this Communications Region, use one of the following. Pick one address notation style, combinations of wildcards and CIDR notation are not permitted within one address range. You can provide multiple address range settings: IPv4 address wildcard notation. An IPv4 Address range is a modified dotted-notation where each octet is one of the following: A specific octet value between 0 and 255 A low-high range specification for the octet value (for example, "112-119") An asterisk (*) wildcard character, which is equivalent to the range expression "0-255" The following two IPv4 addresses are considered invalid: 0.0.0.0 and 127.0.0.0 Examples of valid IPv4 address wildcards include: 10.1.1.* 10.*.*.* 10.1.1.1-99 10.10.50-55.* 10.22.*.4 10.1-9.1-9.1-9 IPv4 Classless Inter-Domain Routing (CIDR) notation. The CIDR notation specifies the number of consecutive bits in the IPv4 address that must match. For example, 10.2.120.0/21 NNMi does not support CIDR subnet mask notation such as, 10.2.120.0/255.255.248.0 Example IPv4 Prefix Length Values: 28 Number of Usable IPv4 Addresses: 14 (16-2=14)* 29 Number of Usable IPv4 Addresses: 6 (8-2=6)* 30 Number of Usable IPv4 Addresses: 2 (4-2=2)* 31 Number of Usable IPv4 Addresses: 2 * Two IPv4 addresses are reserved in each subnet. The first IPv4 address is used for the network itself and the last IPv4 address is reserved for broadcast. IPv6 address wildcard notation (NNMi Advanced) Separate each 16-bit value of the IPv6 address with a colon. The 16-bit value can be any of the following: A specific hexadecimal value between 0 and FFFF (case insensitive). A low-high range specification of the hexadecimal value (for example, 1-1fe). An asterisk (*) wildcard character (equivalent to the range expression 0-ffff). The standard IPv6 short-hand notation (::) is allowed to express one or more 16-bit elements of zero (0) values. However, the mixed IPv6/IPv4 dot-notation (for example, 2001:d88::1.2.3.4) is not permitted as an IPv6 address range. Valid examples of ranges in modified IPv6 address notation include the following: 2001:D88:0:A00-AFF:*:*:*:* 2001:D88:1:*:*:*:*:* 2001:D88:2:0:a07:ffff:0a01:3200-37ff IPv6 Classless Inter-Domain Routing (CIDR) notation (NNMi Advanced) The CIDR notation specifies the number of consecutive bits in the IPv6 address that must match. 2001:d88:a00::/44 (equivalent to modified IPv6 address notation 2001:d88:a00-a0f:*:*:*:*:*) For example, valid IPv6 address ranges in CIDR notation include the following: 2001:d88:0:a00::/56 (equivalent to modified IPv6 address notation 2001:D88:0:A00-AFF:*:*:*:*) 2001:d88:1::/48 (equivalent to modified IPv6 address notation 2001:D88:1:*:*:*:*:*)

Configure hostname filters for regions

Define the Communication Region with hostname patterns.

To establish a Hostname Filter setting:

1. Navigate to the Region Hostname Filter form.

   • From the workspace navigation panel, select the  Configuration workspace.
   • Select the Communication Configuration.
   • Navigate to the Regions tab.

   • Do one of the following:

     • To create a region definition, click the  New icon.
     • To edit a region definition, select a row, click the  Open icon.
   • In the Communication Region form, access the Hostname Filters tab.

   • Do one of the following:

     • To create a hostname wildcard definition, click the  New icon.
     • To edit a hostname wildcard definition, select a row, click the  Open icon.
     • To delete a hostname wildcard setting, select a row and click the  Delete icon.

2. Type an appropriate hostname filter.

   If you provide multiple hostname wildcard expressions for a region, each device must pass at least one to meet the criteria for the Region. 

   If you provide both hostname wildcards and IP address ranges, each device must pass at least one in either category (not both) to meet the criteria for the Region.

3. Click  Save and Close to return to the Communication Region form.
4. Click  Save and Close to return to the Communication Configuration form.
5. Click  Save and Close to apply your changes.

Node Hostname Filter Definition

Attribute

Description

Hostname Filter

Enter a wildcard expression using the following characters as wildcards: ? = one character * = multiple characters Wildcard expressions are not case-sensitive. So a wildcard of ABC* would match devices with hostnames beginning with ABC*, abc*, and Abc* Caution The Hostname attribute value on the Node form of the discovered node must match (not case-sensitive) what is entered here. NNMi follows a set of rules to dynamically generate the value stored in the NNMi database for each Node's Hostname. Click here for details. If the Node supports SNMP, NNMi requests the Hostname using the IP Address of the associated SNMP agent (the Management Address attribute value on the Node form). When the NNMi administrator chooses Enable SNMP Address Rediscovery  in the Communication Configuration: If the SNMP Agent does not respond, NNMi checks for another Management Address to request the Hostname, and the Hostname could change. If the SNMP Agent associated with the node changes, the Management Address and Hostname could change. When the NNMi administrator disables Enable SNMP Address Rediscovery  in the Communication Configuration, when the current management address (SNMP agent) becomes unreachable, NNMi does not check for other potential management addresses. If the Node does not support SNMP, no Management Address is available. NNMi requests a Hostname starting with the lowest IP Address associated with the node (a Discovery Seed value or an IP address value gathered from a neighboring device). NNMi uses the first Hostname provided. The Hostname might change during a future discovery cycle. NNMi administrators can use NNMi property file settings to change the way NNMi determines Hostname values: nms-topology.properties file settings: If DNS is the source of the Node's Hostname, there are three choices. By default NNMi uses the exact Hostname from your network configuration. It is possible to change NNMi behavior to convert Hostnames to all uppercase or all lowercase. nms-disco.properties file settings: The Hostname is either requested from the Node's lowest loopback interface IP address that resolves to a Hostname or requested from the Node's designated Management Address (SNMP agent address). With either choice, when no IP address resolves to a Hostname, the IP address itself becomes the Hostname.

Configure SNMPv1/v2c community strings for regions

[This is the Context-Sensitive Help topic for the Communication Community String form.]

If more than one SNMPv1 or SNMPv2c "get" community string is used within this region, repeat this step any number of times. Order does not matter because all community strings defined for this Region are checked in parallel.

During initial discovery, NNMi tries many community strings until a match is found. After a match is identified for a Node, the information is recorded to prevent future authentication errors.

NNMi uses the SNMPv2c settings to discover the SNMPv2c information about your network. This also determines whether NNMi receives or discards incoming SNMPv2c traps. Click here for more information.

• If the incoming trap's Source Node (and sometimes Source Object, such as card or interface) has not yet been discovered by NNMi, NNMi discards the trap.
• If the Source Node was not discovered using SNMv3, NNMi discards any incoming SNMPv3 traps from that Node.
• NNMi discards traps that have no incident configuration or with an incident configuration set to Disabled. To ensure that NNMi retains all received Trap instances when your network environment includes SNMP agents using a variety of SNMPv1, SNMPv2c, and SNMPv3 protocol, you must configure two Incidents: one for the SNMPv1 version and one for the SNMPv2c/3 version of that trap.

• If either the Source Node or Source Object has Management Mode set to Not Managed or Out of Service in the NNMi database, NNMi always discards the incoming trap.

  NNMi provides the Management Mode workspace so that you can quickly view lists of all nodes, interfaces, IP addresses, chassis, cards, node sensors, or physical sensors that NNMi is not currently discovering or monitoring.

• NNMi discards most incoming traps from network objects that are not monitored. For example, you can configure NNMi to exclude specified interfaces from being monitored.

To provide a community string for this region:

1. Navigate to the Communication Region form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To establish a region definition, click the New icon.
      • To edit a region definition, select a row, click the Open icon.
2. In the Communication Region form, navigate to the SNMPv1/v2c Community Strings tab.

3. To provide a read community string, navigate to the Read Community Strings table and do one of the following:

   If you do not provide any community strings, NNMi uses the default community strings.

   • To establish a community string setting, click the  New icon, and provide the required information
   • To edit a community string setting, select a row, click the  Open icon, and provide the required information
   • To delete a community string setting, select a row and click the  Delete icon

4. To provide a write community string for this region, navigate to the Write Community String attribute.

   If you do not provide any community strings, NNMi uses the default community strings.

5. Click  Save and Close to return to the Communication Region form.
6. Click  Save and Close to return to the Communication Configuration form.
7. Click  Save and Close to apply your changes.

SNMPv1 or SNMPv2c Community String for this Region

Attribute	Description
Read Community String	Note As an NNMi administrator, you can over-ride this setting and specify the Read Community String on a per-node basis using the SNMP Agent Form. The SNMPv1 or SNMPv2c "Get" (read-only) Community String that is used for this region (case-sensitive). If no values appear in this table, the default settings are used. Many proxy vendors use the read community string for specifying remote target information. NNMi supports substitution parameters within read community strings for SNMPv1 or SNMPv2c proxy environments. Click here for more information. Copy and paste these codes at the end of your read community string to provide the values required by your proxy environment. NNMi substitutes the actual attribute values from the NNMi database at runtime: ${contextName} = Used for specifying VLAN context for switches (VLAN associated with the remote target node) ${managementAddress} = Node form, Management Address attribute value (the remote target node) ${snmpPort} = SNMP Agent form, UDP Port attribute value (SNMP agent associated with the remote target node) Type a maximum of 255 characters. Alpha-numeric, spaces, and special characters (~ ! @ # $ % ^ & * ( ) _+ -) are permitted.
Ordering	Optional. During the Discovery process, NNMi tries Read Community Strings in priority order (lowest to highest). Then, NNMi tries all unordered Read Community Strings (treated as though they had the same Ordering number). These unordered requests are sent in parallel, with NNMi using the first response.
Write Community String	Optional. For use with the nnmsnmpset.ovpl command line tool. The SNMPv1 or SNMPv2c "Set" (write) Community String that is used for the SNMP Agent for each node in this region (case-sensitive). Tip SNMP Agents are often configured with different community strings for "Set" requests than for "Get" (read) requests. SNMPv1 and SNMPv2c require that you know the SNMP agent's write community string before you can change settings on any device. The nnmsnmpset.ovpl command can use the value you provide here, rather than requiring that you type the write community string each time you invoke the command. If no value is provided here, the default settings are used. Type a maximum of 255 characters. Alpha-numeric, spaces, and special characters (~ ! @ # $ % ^ & * ( ) _+ -) are permitted. Because this is a type of password, you must enter the value twice.

Configure SNMPv3 settings for regions

NNMi can use SNMPv3 user-based security model (USM) settings to access devices.

To view the current list of SNMPv3 USM settings for a Region:

1. Navigate to the SNMPv3 Settings tab on the Communication Region form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select the Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To create a region definition, click the  New icon.
      • To edit a region definition, select a row, click the  Open icon.
   5. In the Communication Region form, access the SNMPv3 Settings tab.

2. The displayed table lists the Unique Name of each SNMPv3 USM setting for this region.

   NNMi tries to use the Specific Node SNMPv3 Settings. If none match, NNMi tries the Region SNMPv3 Settings provided here. If none match, NNMi tries the default SMNPv3 settings.

3. You can also do the following:

   • To establish a new setting, click the  New icon.

     Click  Save and Close to return to the Communication Region form.

   • To edit an existing setting, select a row, click the  Open icon.

     Click  Save and Close to return to the Communication Region form.

   • To delete a setting from the Region's list, select a row and click the  Delete icon.

     The record remains in the database for possible use elsewhere and is simply removed from this Communication Region's list.

4. Click  Save and Close to return to the Communication Configuration form.
5. Click  Save and Close to apply your changes.

Communication Region SNMPv3 Settings form

NNMi can use SNMPv3 user-based security model (USM) settings to access devices.

NNMi tries to use the current SNMPv3 Settings attribute value from Specific Node Settings. If none match, NNMi tries the Region SNMPv3 Settings provided here. If none match, NNMi tries the default SMNPv3 settings.

To configure an SNMPv3 Setting for a Region:

1. Navigate to the Communication Region SNMPv3 Settings form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select the Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To create a region definition, click the  New icon.
      • To edit a region definition, select a row, click the  Open icon.
   5. In the Communication Region form, navigate to the SNMPv3 Settings tab.

   6. Do one of the following:

      • To create an SNMPv3 Setting definition, click the  New icon.
      • To edit an SNMPv3 Setting, select a row, click the  Open icon.

      • To remove an SNMPv3 Setting from this Region, select a row, click the  Delete icon.

        The record remains in the database for possible use elsewhere and is simply removed from this Communication Region's list.

2.  Click the SNMPv3 Settings  Lookup icon and select one of the options from the drop-down menu:

   • Show Analysis to display Analysis Pane information for the currently configured (selected) SNMPv3 Setting name.
   •  Quick Find to view and select from the list of all existing SNMPv3 Settings.
   •  Open to display the details of the currently configured (selected) SNMPv3 Setting.
   •  New to create a new SNMPv3 Setting.
3. Click  Save and Close to return to the Communication Region SNMPv3 Settings form.
4. Click  Save and Close to return to the Communication Region form.
5. Click  Save and Close to return to the Communication Configuration form.
6. Click  Save and Close to apply your changes.

Configure credential settings for regions

[This is the Context-Sensitive Help topic for the Device Credentials tab on the Communications Region form (and the Region Device Credentials form).]

NNMi uses the Device Credentials settings for the following:

• Device discovery of some vendor-specific devices that require non-SNMP communication, such as Netconf over SSH. For a list of the these devices see the NNMi Device Support Matrix.

• Device Diagnostics

  Requires Network Node Manager iSPI Network Engineering Toolset Software (NNM iSPI NET) and requires installation of a Diagnostic Server.

NNMi uses the following sequence to determine Device Credentials:

• Use the node-specific device credentials. If none match, continue.
• Use the Region Device Credentials (provided here). If none match, continue.
• Use the default credential settings.

To provide credential settings for this region:

1. Navigate to the Region Device Credentials form.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To establish a region definition, click the New icon.
      • To edit a region definition, select a row, click the Open icon.
   5. In the Communication Region form, navigate to the Device Credentials tab.

   6. Do one of the following:

      • To establish a credential setting, click the  New icon, and continue.
      • To edit a credential setting, select a row, click the  Open icon, and continue.
      • To delete a credential setting, select a row and click the  Delete icon.
2. Provide the attribute values of credentials for this region.
3. Click  Save and Close to return to the Communication Region form.
4. Click  Save and Close to return to the Communication Configuration form.
5. Click  Save and Close to apply your changes.

NNM iSPI NET uses the Default Credentials setting to access devices when running Diagnostics either automatically or when the Actions > Run Diagnostics option is used. 

You can also right-click any object in a table or map view to access the items available within the Actions menu.

At each level in the sequence to determine the Device Credentials (see bullet list above), NNMi first uses Secure Shell (SSH) to establish a secure connection, and if the SSH attempt fails, NNMi tries Telnet protocol as the communication method.

Device Credential Attributes for this Region

Attribute	Description
Type	Select one of the following: Shell Use this setting to provide credentials for NNMi to use when communicating with devices using Secure Shell (SSH) or Telnet protocol. VMware Use this setting to provide credentials for NNMi to use when communicating with VMware ESXi servers using VMware VSphere® WebService.
User Name	Type the user name that you want NNMi to use for logging into devices in this Communication Region.
Password	Type the password that you want NNMi to use for logging into devices in this Communication Region. NNMi encrypts the password and displays asterisks for this attribute. If you want to change the password, first clear the asterisks displayed in the Password attribute and enter the new Password value.

Configure trusted certificate settings for regions

[This is the Context-Sensitive Help topic for the Device Credentials tab on the Communications Region form (and the Region Device Credentials form).]

(NNMi Advanced) NNMi uses certificates to securely communicate with virtual machines running on hypervisors. By using the Trusted Certificates tab, you can upload trusted certificates that help NNMi create this secure communication channel. You can use one or more CA-signed certificates for this purpose.

By default, NNMi communicates with virtual machines running on hypervisors by using the HTTPS protocol. If your hypervisors are specifically configured to support HTTP communication, you can configure NNMi to use the HTTP protocol while communicating with virtual machines, and in that case, you do not need trusted certificates.

NNMi uses the following sequence to determine which certificate to use while communicating with virtual machines:

• Use the Specific Node Trusted Certificates. If none match, continue.
• Use the Region Trusted Certificates (provided here). If none match, continue.
• Use the Default Trusted Certificate settings.

To provide Trusted Certificate settings for this region:

1. Navigate to the Trusted Certificates tab.

   1. From the workspace navigation panel, select the  Configuration workspace.
   2. Select Communication Configuration.
   3. Navigate to the Regions tab.

   4. Do one of the following:

      • To establish a region definition, click the New icon.
      • To edit a region definition, select a row, click the Open icon.
   5. In the Communication Region form, navigate to the Trusted Certificates tab.

2. Click Upload Certificate. The Open window appears.

3. Select a file to upload the certificate to the NNMi management server, and then click Open. The certificate information appears in a table in the Trusted Certificates tab. You can upload multiple certificates.

   You can use only the following certificate formats:

   • .pem

   • .crt

   • .cer

   • .der

   If you upload multiple certificates at this tab, NNMi uses one out of all uploaded certificates to establish HTTPS connection with Web Agents.

   The table in the Trusted Certificates tab shows basic attributes of all uploaded certificates.

4. Select a file and upload the certificate into the NNMi database.
5. Click  Save and Close to return to the Communication Configuration form.
6. Click  Save and Close to apply your changes.

The table in the Trusted Certificates tab shows basic attributes of all uploaded certificates. To view additional information about each certificate, click the certificate in the table in this tab.

Regional Trusted Certificate Attributes

Attribute	Description
Subject DN	The Subject Distinguished Name (Subject DN) of the certificate.
Valid From	The Valid From and Valid To values together define the validity period of the certificate.
Valid To

Related topics

• Configure specific nodes
• Discover Your Network