Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
Setting up the integration
The SA administrators must perform certain tasks on SA Core servers to enable NA/SA integration.
The set up includes changing certain configuration settings in both NA and SA, running diagnostics for NA topology data, and configuring certain user permissions.
The integration does not support failover of the NA core. If the integrated NA core fails over in a different NA core, update the HPE SA twist.conf and edit the twist.nasdata.host to the new NA core for connecting to the new NA core. For more details, see Specify the NA server name in SA configuration changes.
SA Client communication with NA
Ensure that the SA Client can communicate with NA. If the SA Client cannot communicate with the NA server, see Resetting the NA host in the SA Client.
SA configuration changes
Complete the following tasks to prepare SA for NA integration:
- Specify the NA server name
NA – SA integration works only when SA twist.conf (/etc/opt/opsware/twist/twist.conf
) is configured with NA FQDN in the twist.nasdata.host=<NA Server FQDN>.
For more information about modifying this file, see the SA Administering.
If you have installed multiple Slice Component bundles, you must edit thetwist.conf
file on all slices. Then, you must restart all NA services and the Web Service Data Access Engine for each Slice component bundle. - Specify the NA Port (Windows-only) in SA
If NA is running on aWindows server, you must change the port setting parameter from
nas.port=8022
tonas.port=22
in the/etc/opt/opsware/hub/hub.conf
file.
A default Windows server installation runs the proxy SSH/Telnet servers on port 22/23 rather than the Unix default of port 8022/8023.
After you make this configuration change, you must restart the server hosting the Slice Component bundle. -
Enable the spin.cronbot.check_duplex.enabled parameter
Thespin.cronbot.check_duplex.enabled system configuration
parameter must be enabled for NA integration.To enable this system configuration parameter, perform the following steps:
- Select the Administration tab in the SA Client.
-
Select System Configuration in the navigation pane. This displays the SA components, facilities and realms that have system configuration parameters.
-
In the list of SA components, select Data Access Engine. This displays the system configuration parameters for this component.
-
Locate the parameter
spin.cronbot.check_duplex.enabled
. - In the Value column, select the new value button and set the value to 1.
-
Select the Revert button to discard your changes or the Save button to save your changes.
For more information about system configurations, see the SA 10.51
Configuring NA for integration
Note To configure NA Integration with the current SA version, you must have a compatible version of Network Automation (NA) installed. For more information, see the NASupport Matrix on SSO (https://softwaresupport.hpe.com/).
The NA administrator should perform the following tasks on your NA server.
Access permissions for NA/SA integration are based on two separate databases: a NA database and a SA database. NA uses its own database for authorization. SA uses a different security mechanism for authorization. However, for NA integration, all authentication (for both NA and SA) is processed by SA.
When NA is configured to use SA authentication, NA tries to authenticate against SA first. If NA fails to authenticate against SA, it falls back to the NA database. If there is an account in the NA database, the fallback is only allowed if that user is configured to allow fallback authentication. See the NA User Guide for more information on NA authentication.
When a new user is authenticated through SA, an account is created in NA. The account is placed in the Default User Group that was specified when SA authentication was enabled in the Administrative Settings in NA. This user group, which is configurable, controls the default permissions that the system administrator has assigned to SA users.
NA authentication configuration
To set up NA/SA integration, you must configure NA to use SA Authentication. Before beginning this configuration, you must have this information (see Server Automation Software Authentication):
- Twist Server: the IP address or Hostname of the server hosting the Web Services Data Access Engine (
twist
: part of the Slice Component bundle which is typically installed on the SA Core host but can be installed on a different host). - Twist Port Number: The port number that the Web Services Data Access Engine listens on.
- Twist Username: The Web Services Data Access Engine user name.
- Twist Password: The Web Services Data Access Engine user’s password.
- OCC Server: The IP address or hostname of the server hosting the Command Center (OCC).
- Default User Group: The default user group for new SA users.
To change the authentication settings in NA, perform the following tasks:
- Log in to NA.
- Select Admin > Administrative Settings > User Authentication to display the Administrative Settings — User Authentication page.
- In the External Authentication Type section, use the radio button to select HPE Server Automation software & TACACS+ (if used) as shown in the following figure.
External authentication type in NA - Scroll down and complete all fields in the HPE Server Automation software Authentication section shown in the following figure.
NA uses the Web Services Data Access Engine (twist
) Username and Password when it gathers layer 2 data. NA gathers server interface information by MAC address using the Twist user’s permissions. The Twist user must have read access to server information.
HPE Server Automation software authentication - Click Save to save your configuration changes.
See the NA User Guide for more information on NA configuration.
SA gateway sharing: NA can be configured to use the Master Gateway for the SA Core you are integrating with. For more information about specifying the SA Core Master Gateway in NA, see the NA Satellite Guide on SSO (https://softwaresupport.hpe.com/).
Gathering topology data
After SA-NA Integration tasks are completed, you must run the NATopology Data Gathering and NA Duplex Data Gathering diagnostics. For instructions about running these utilities, see the NA User Guide.
Troubleshooting
To test whether SA is communicating with NA, check the following conditions:
- You can log in to NA with your SA credentials. This verifies that NA can communicate with SA.
- The SA credentials specified in the NA Administrative Settings under External Authentication Type are set to SA. This ensures that NA can look up server MAC addresses.
- The NA Topology Gathering Diagnostic has run successfully. To verify this condition, search for tasks and check their results. This ensures that NA has gathered MAC addresses and tried to look them up in SA.
We welcome your comments!
To open the configured email client on this computer, open an email window.
Otherwise, copy the information below to a web mail client, and send this email to hpe_sa_docs@hpe.com.
Help Topic ID:
Product:
Topic Title:
Feedback: