Central SNMP integration of the SE server is administered using the SE Manager on the Management Unit. The preconfiguration is created in such a manner that you can also use SNMP to monitor the other units on the management stations provided a configuration for SNMP integration exists on the Management Unit (read access, trap receiver):
Queries regarding the Server Unit /390 are possible on the Management Unit (see the private MIBs).
Management stations can address the SNMP agent on the Server Unit x86 or HNC and query data (the SNMP agent supports the MIB-II and private MIBs for queries).
In defined error situations (e.g. status changes) the SNMP agent on the Server Unit x86 or HNC sends traps to management stations.
On Application Units, on the other hand, you must configure SNMP yourself.
The following private MIBs have to be imported on the management station in order to ease access in read mode to SE-server-specific data and to enable the SE-server-specific traps to be interpreted:
/usr/share/snmp/mibs/FUJITSU-SESERVER-MIB.txt/usr/share/snmp/mibs/FUJITSU-SU390-MIB.txt
At the Management Units and Server Units x86, ServerView RAID periodically checks hardware components. These events are reported by trap, even in good case with the weight NOTIFICATION. Text example of such a successful test: "Patrol Read started" and "Patrol Read finished". The MIB /usr/share/snmp/mibs/FSC-RAID-MIB.txt must be imported to the management station so that these traps are represented correctly.
In order for ServerView's traps an SNMP get requests to be correctly represented by the management station, the MIBs /usr/share/snmp/mibs/SRVMAGT-INVENT.TXT and /usr/share/snmp/mibs/SRVMAGT-SC2.TXT has to be imported to the management station.
In order for general hardware-related traps an SNMP get requests to be correctly represented by the management station, the MIB /usr/share/snmp/mibs/INTEL-WFM-MIB.mib has to be imported to the management station.
The traps usually contain neither the trap weight nor the message text. This information can only be read from the MIB.
Access to MIB files on the Management Unit is, for example, possible under any administrator account with scp (secure copy).
SNMP protocols:
- The SNMPv1 and SNMPv2c protocols are supported for read access.
- When configuring trap receivers - in alarm management and in the MU-specific forwarding of SNMP traps triggered by the hardware - the SNMPv3 protocol is also supported (in addition to SNMPv1 and SNMPv2c).
SNMPv3, the latest version of the SNMP protocol, provides improved security functions:
For example, it supports authentication and encryption, to ensure the integrity and confidentiality of the transmitted data.
In SEM, the specific persistent SNMP Engine ID is displayed for each individual MU. This can be used at an SNMP management station to identify the MU.
Security-relevant actions
Read access
When creating the SNMP configuration, ensure that only trusted management stations can access the Management Unit resp. the Server Units of the SE server by configuring the read community with a restriction to the management station.As far as possible use only specific read communities (not public).
Grant access only to precisely defined management stations (by specifying their host names).
- Traps
Use SNMPv3 for trap receiver configuration, if possible.