SNMP Protocol

Parameter

Description

Port Number

(For SNMP versions v1, v2, and v3) The port number on which the SNMP agent listens.

Connection Timeout

Timeout( in milliseconds) after which the Probe stops trying to connect to the SNMP agent.

Retry Count

The number of times the Probe tries to connect to the SNMP agent. If the number is exceeded, the Probe stops attempting to make the connection.

Versions 1, 2

Community. Enter the authentication password you used when connecting to the SNMP service community (which you defined when configuring the SNMP service—for example, a community for read-only or read/write).

GET Request Operation Type. The type of GET operation used to execute SNMP queries; either GET-NEXT or GET-BULK. Default: GET-NEXT.

Version 3

Authentication Method: Select one of the following options for securing the access to management information:

  • noAuthNoPriv. Using this option provides no security, confidentiality, or privacy at all. It can be useful for certain applications, such as development and debugging, to turn security off. This option requires only a user name for authentication (similar to requirements for v1 and v2).

  • authNoPriv. The user logging on to the management application is authenticated by the SNMP v3 entity before the entity allows the user to access any of the values in the MIB objects on the agent. Using this option requires a user name, password, and the authentication algorithm (HMAC-MD5 or HMAC-SHA algorithms).

  • authPriv. The user logging on to the management application is authenticated by the SNMP v3 entity before the entity allows the user to access any of the values in the MIB objects on the agent. In addition, all of the requests and responses from the management application to the SNMP v3 entity are encrypted, so that all the data is completely secure. This option requires a user name, password, and an authentication algorithm (HMAC-MD5 or HMAC-SHA).

Username: The name of the user authorized to log on to the management application.

Password: The password used to log on to the management application.

Authentication Algorithm: The MD5 and SHA algorithms are supported.

Privacy Key: The secret key used to encrypt the scoped PDU portion in an SNMP v3 message.

Privacy Algorithm: The DES, 3DES, AES-128, AES-192 and AES-256 algorithms are supported.

Note  

  • This protocol supports IPv6.

  • By default, SNMP queries are executed with a timeout of 3000 milliseconds. This value is defined in the snmpGlobalRequestTimeout parameter in the globalSettings.xml configuration file.

  • Due to control restrictions for some countries, the JDK has a deliberate, built-in key size restriction. If required (for example, if SNMP agents use 256-bit AES encryption), the restriction can be removed as follows:

    1. Download the .zip file from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html.
    2. Extract local_policy.jar and US_export_policy.jar from the .zip file.
    3. Copy these files and replace the files that arrived with the probe installation in the ${PROBE_INSTALL}\bin\jre\lib\security\ folder.
    4. Restart the probe.

Note When the CyberArk integration is enabled, two radio buttons (Regular Credential and External Vault) are enabled. The existing Username and Password parameters are grouped under the Regular Credential radio button, and CyberArk integration specific parameters Type and Reference are enabled and grouped under the External Vault radio button, as described in the table below.

CyberArk-related Parameters

Parameter

Description

Regular Credential

Enabled when CyberArk integration is enabled. Select this radio button to use regular credential as before.

  • Username. See description above.
  • Password. See description above.

External Vault

Enabled when CyberArk integration is enabled. Select this radio button to use an external credential vault.

  • Type. The external vault type. Currently only CyberArk is supported.
  • Reference. Click to open the Configure dialog box.

    • Reference. Select this option to configure the Reference ID that will be used by UCMDB/UD to retrieve the passwords from the CyberArk Enterprise Password Vault when they are needed.

      Set the reference ID in the CyberArk Enterprise Password Vault in the following format: <Safe Name>\<Folder Path>\<Reference ID>.

      Where <Safe Name> is the Safe value in CyberArk, <Folder Path> is the folder where the Safe belongs to, and <Reference ID> is the name of the CyberArk account you specified or auto-generated in CyberArk.

      For example, NancySafe\Root\nancy-cyberark-testing-refid.

    • Parameter. Select this option to enable configuring a list of editable CyberArk properties as a query string for UCMDB/UD to retrieve passwords from the CyberArk Enterprise Password Vault.

      To configure a CyberArk property value, click in the Value column for the property, and specify the value in string.

      The CyberArk properties values must not contain any of the following characters: \/:*?"<>|'.;

      The out-of-the-box list of CyberArk properties displayed in the Configure dialog box is editable. You can set selected CyberArk properties as the default list using JMX method setGlobalSettingVaule. For instructions, see "How to Set a Default List of CyberArk Properties Using JMX" in the Data Flow Management section of the UCMDB Help.

      • Regex. Enables configuring CyberArk properties values in regular expressions.

        For examples of how to use regular expression syntax, see "Regular Expression Examples" in the Modeling section of the UCMDB Help.

        The CyberArk properties values in regular expression must not contain any of the following characters: : ;

Troubleshooting and Limitations

Problem. Failure to collect information from SNMP devices.

  • Solution 1: Verify that you can actually access information from your Network Management station by using a utility that can verify the connectivity with the SNMP agent. An example of such a utility is GetIf.

  • Solution 2:: Verify that the connection data to the SNMP protocol has been defined correctly.

  • Solution 3: Verify that you have the necessary access rights to retrieve data from the MIB objects on the SNMP agent.