Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Words and Phrases
| Search for | Example | Results |
|---|---|---|
| A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
|
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Using Boolean Operators
| Search for | Operator | Example |
|---|---|---|
|
Two or more words in the same topic |
|
|
| Either word in a topic |
|
|
| Topics that do not contain a specific word or phrase |
|
|
| Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
| A combination of search types | ( ) parentheses |
|
Configure Access with Public Key Infrastructure Authentication
This topic includes the following sections:
- Task 1: Configure NNMi
- Task 2: Configure a Certificate Validation Method
- Task 3: Enable SSL
- Task 4: Enable and Disable SSLv3 Ciphers
- Task 5: Configure the NNM iSPI Performance for QA
You can configure NNMi to map the Public Key Infrastructure (PKI) certificates to NNMi user accounts. As a result, you can log on to the NNMi console without having to type in the NNMi user name and password on the Login page. However, you will be prompted to provide NNMi user name and password again when you try to launch the NNM iSPI Performance for QA Configuration form, unless you perform additional steps to reconcile the mapping with the iSPI.
When NNMi is configured to use the PKI authentication, it is mandatory for the iSPI to use the PKI authentication. Also, do not configure only the iSPI to use the PKI authentication when NNMi continues to use the credentials-based authentication.
When the NNM iSPI Performance for QA is configured in a High Availability (HA) environment, make sure that nms-auth-config.xml from the %NnmDataDir%\nmsas\qa\conf\ or /var/opt/OV/nmsas/qa/conf/ directory is replicated on to each cluster member, to use the PKI authentication.
Task 1: Configure NNMi
To configure NNMi to use the PKI authentication, follow the steps in Configure NNMi to Support Public Key Infrastructure User Authentication.
Task 2: Configure a Certificate Validation Method
When NNMi is configured to use the PKI authentication, unauthorized access using invalid certificates must be prevented. You must perform additional steps to configure NNMi to use a certificate validation method—Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).
Task 3: Enable SSL
To enable NNMi-NNM iSPI Performance for QA communication, SSL should be enabled in the NNM iSPI Performance for QA.
Modify the following parameters in the extended.properties file from the %nnmdatadir%\shared\qa\conf or /var/opt/OV/shared/qa/conf to enable SSL:
com.hp.ov.nms.spi.qa.spi.isSecure=true
com.hp.ov.nms.spi.qa.Nnm.isSecure=true
For the SSL configuration changes to take effect, restart the NNM iSPI Performance for QA processes by running the following commands:.
- ovstop -c qajboss
- ovstart -c qajboss
Task 4: Enable and Disable SSLv3 Ciphers
To configure NNM iSPI Performance for QA to enable SSLv3 ciphers:
-
Open the following file:
For Windows:
%NnmDataDir%\nmsas\qa\server.propertiesFor Linux:
$NnmDataDir/nmsas/qa/server.properties -
Uncomment the following line:
#com.hp.ov.nms.ssl.PROTOCOLS = SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
For example:
com.hp.ov.nms.ssl.PROTOCOLS = SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
You can remove any protocols contained in this line.
- Save the file.
To disable the SSLv3 ciphers after they have been enabled:
-
Open the following file:
For Windows:
%NnmDataDir%\nmsas\qa\server.propertiesFor Linux:
$NnmDataDir/nmsas/qa/server.properties -
Reinsert the comment in the following line:
com.hp.ov.nms.ssl.PROTOCOLS = SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
For example:
#com.hp.ov.nms.ssl.PROTOCOLS = SSLv2Hello,SSLv3,TLSv1,TLSv1.1,TLSv1.2
You can remove any protocols contained in this line.
- Save the file.
Task 5: Configure the NNM iSPI Performance for QA
Configuring NNM iSPI Performance for QA to use the PKI authentication essentially requires updating the nms-auth-config.xml file in the NNM iSPI Performance for QA’s configuration data directory (%NnmDataDir%\nmsas\qa\conf on Windows; /var/opt/OV/nmsas/qa/conf on Linux) to reflect the changes done in the nms-auth-config.xml file on the NNMi management server.
To configure the NNM iSPI Performance for QA to use the PKI authentication:
- Make sure that Task 1, Task 2, and Task 3 are complete.
- Log on to the NNMi management server.
-
Navigate to the following directory:
On Windows
%nnmdatadir%\nmsas\qa\confOn Linux
/var/opt/OV/nmsas/qa/conf -
Open the
nms-auth-config.xmlfile using a text editor. -
Modify the
nms-auth-config.xmlfile to match the changes done on thenms-auth-config.xmlfile in the NNMi management server (%nnmdatadir%\nmsas\NNM\conf\or/var/opt/OV/nmsas/NNM/conf/). - Save and close the file.
-
Run the following command:
On Windows:
%NnmInstallDir%\qa\bin\nmsqaauthconfigreload.ovpl
On Linux:
/opt/OV/qa/bin/nmsqaauthconfigreload.ovpl
Do not enable the Single Sign-On feature when NNMi and the NNM iSPI Performance for QA are configured to use the Public Key Infrastructure (PKI) authentication.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to network-management-doc-feedback@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: