Table Of Contents
Overview of CiscoWorks Blue ISM
How Does ISM Work?
New Features in ISM V2R2
ISM Features Available from a NetView Console
ISM Functions
Router Management
Interface Monitoring
Security Management
Performance Monitoring
Overview of CiscoWorks Blue ISM
CiscoWorks Blue Internetwork Status Monitor (ISM) Version 2 is an application that runs on an MVS mainframe and is integrated with NetView, IBM's network management platform. Now you can manage Cisco routers and other related resources from the NetView console. ISM combines the world of mainframe network management with distributed-router management in LAN and WAN topologies.
This chapter provides an overview of how ISM Version 2 works and describes its features and benefits, including the following sections:
•
How Does ISM Work?
• New Features in ISM V2R2
• ISM Features Available from a NetView Console
• ISM Functions
How Does ISM Work?
Designed for large SNA and IP networks, CiscoWorks Blue ISM provides NetView operators with full visibility into a Cisco router network from NetView domain, regardless of whether the network is routing SNA traffic. With ISM, a NetView operator can monitor and manage Cisco resources and their interfaces, DSPU resources, Cisco TN3270 servers, Cisco Mainframe Channel Connections (CMCCs), and SNASw resources. ISM operates like a standard NetView application, and works in conjunction with many of NetView's components.
ISM offers you presentation methods:
•Standard NetView 3270 presentation services, for those accustomed to operation using 3270-like screens
•A Web browser interface, available with NetView 1.2 or later
ISM provides visibility of the router network through the Virtual Telecommunications Access Method (VTAM), and enables management of routers through a NetView console. To manage routers from NetView, a VTAM connection must be established for each router, and the appropriate service point must be defined in the configuration file of each router using Cisco IOS SNA interface commands. The ISM management environment is established via the service point interface integrated into Cisco routers.
ISM enables you to use SNMP to monitor resources, such as Cisco routers that do not have a service point interface. ISM accesses SNMP via TCP/IP installed on the MVS system.
You can use a remote NetView console to issue Cisco IOS router commands, which are usually entered at a local router console. ISM converts these commands to RUNCMDs for communication with the router. The router's service point interface accepts the RUNCMDs issued from a NetView console and transports responses and alerts from the router to the mainframe.
The router responds to the RUNCMDs in the form of network management vector transports (NMVTs), and ISM displays these responses to the mainframe operator in its full-screen panel interface. In addition to responses to RUNCMDS, NMVT alerts are also transported from the router to the mainframe, where ISM provides a connection to the NetView Problem Determination Application (NPDA), NetView's hardware monitor.
For more information on configuring a VTAM connection and verifying the SNA service point of a router, see Chapter 2, "Configuring the Mainframe-to-Router Link," in the CiscoWorks Blue Internetwork Status Monitor Installation Guide.
New Features in ISM V2R2
This release of ISM includes the following new features and enhancements:
SNASw Monitoring
•Router CPU and memory utilization by SNASw
•SNASw link status monitoring
•SNASw port status monitoring
Interface Monitoring Enhancements
•Option to bypass monitoring of subinterfaces
•Interface reliability logging
•Enhanced Frame-Relay support
ISM Features Available from a NetView Console
ISM V2 provides the following features from a NetView console:
•Cisco router management and performance monitoring.
•ISM Status Summary panel and Resource Status panel showing the status of all network resources being monitored. These status panels provide the following features:
–Color-coded status, where the color of the service point name of the resource indicates the status of the resource
–Similar to the NetView STATMON display panel
–Drill-down interface to other related ISM panels
–An options menu that provides easy access to the most commonly used router diagnostic commands
•An extended summary view that flags routers with performance problems. This flag indicates the source of the problem and allows you to quickly diagnose the problem.
•Security management through operator profile management. Operators are authorized on an individual basis to use both the display and configuration functions of ISM, or limited to using the display-only functions.
•Event correlation. Events sent by routers through ISM are correlated with the routers being managed by ISM so you can view the alerts that apply to a specific router.
•DSPU, TN3270, CMCC, and SNASw management assistance. Cisco IOS commands typically used to diagnose DSPU, TN3270, and CMCC problems are available via a full-screen interface, simplifying management of these devices.
•Command-line interface. NetView operators can connect to a router and issue commands they would normally issue in a Telnet session. This command-line interface does not require TCP/IP at the mainframe.
•Filters that allow exception viewing. The routers displayed on the Resource Status panels can be grouped by status or logical group criteria.
•Interface performance monitoring. Performance data is collected for routers and interfaces at user-defined monitoring intervals. This data is accessible from a variety of ISM panels.
•Router and interface statistics archiving. ISM logs router and interface statistics in virtual storage access method (VSAM) for performance analysis. Performance statistics are logged to VSAM data sets and to SMF. These statistics are available for operator viewing, and are used to analyze performance.
•SNA session and RIF data archiving. ISM collects and archives session data for routers connected to VTAM via switched SNA sessions.
•Control of all ISM rules and variables, including:
–Poll interval settings by router or router group
–Management of CPU usage, necessary for monitoring routers, by changing poll intervals by individual router (such as critical network routers)
•Terminal Access Controller Access Control System Plus (TACACS+) support, including:
–Maintaining a secure router environment when you issue commands from ISM
–Requiring a user ID and password to send privileged-mode commands to the router when implementing TACACS+ on a router
•Enhanced CMCC management, including:
–Automatic discovery of CMCCs and their status
–Performance monitoring
–Channel monitoring
–CMCC and channel connectivity diagram
•Support for the following monitor interface types:
–ASYNC
–ATM
–Channel
–Ethernet
–Fast Ethernet
–FDDI
–Gigabit Ethernet
–HSSI
–IBM CLAW
–ISDN
–Loopback
–Multiprotocol (MPC) Point-to-Point
–Serial
–Token Ring
–TUNNEL
•Ability to configure CPU and memory thresholds for an individual router (or all routers) and CMCCs.
•Monitoring of generic ISM alerts and alarms using NetView's NPDA. ISM alerts you about any of the following events:
– Router CPU threshold exceeded
– Router memory usage exceeded a threshold
– Resource unavailable
– Interface unavailable
– CMCC CPU threshold exceeded
– CMCC memory usage exceeded a threshold
– TN3270 free LU threshold exceeded
•Usability enhancements. From the NetView console you can perform the following tasks:
–Highlight changed values in statistical displays
–Filter routers by status, group name, or wildcard referencing in the router name
–Control summary and status displays with a user profile setting
•Event logging. You can monitor events tracked internally by ISM, including router status changes and operator audit trails, that record changes to ISM management definitions. Event logging provides the following capabilities:
•Search variables
•Events recorded to SMF
•Two data sets for the active and inactive log
•Router memory dump. ISM captures the usage of router memory to a VSAM data set, which you can browse using NetView.
ISM Functions
This section describes the following major ISM functions:
• Router Management
• Interface Monitoring
• Security Management
• Performance Monitoring
Router Management
The router's management function provides dynamic status information for routers that have been defined to, or discovered by, ISM. Discovery can be either by SNMP traps, or by NMVT alerts sent to MVS.
You can use ISM to perform the following tasks:
•Display a list of all the routers in your network that are being monitored by ISM
•Display a list of the interfaces by router
•Access details about the status of a Cisco router
•Access details about interfaces enabled in a router
•Set CPU and memory performance thresholds for routers
•Set monitoring intervals for routers and interfaces
•Discover routers automatically through detection of generated alerts
•Display a list of alerts generated by a router and forwarded to NetView
•Issue commands to a router
•Collect the current configuration of a router, and access a list of archived configuration files that can be used for disaster recovery
•View performance history
Interface Monitoring
ISM's interface monitoring function allows you to monitor the interfaces enabled in the routers in your network. You can configure the ISM management environment to specify the types of interface you want to monitor and the interval at which you want them monitored. Additionally, you can monitor interfaces on a per-router basis, display the details about a specific interface, and obtain interface history and performance data.
Note When ISM is monitoring interfaces, it automatically begins monitoring any new supported interfaces that it discovers.
You can monitor the following types of interfaces:
•Asynchronous
•Asynchronous Transfer Mode (ATM)
•Channel
•Ethernet
•Fast Ethernet
•Fiber Distributed Data Interface (FDDI)
•Gigabit Ethernet
•High-Speed Serial Interface (HSSI)
•Integrated Services Digital Network (ISDN)
•IP over Claw
•Loopback
•Multiprotocol (MPC) Point-to-Point
•Serial
•Token Ring
•Tunnel
See "Monitoring Interfaces," for more information on monitoring interfaces, and see Chapter 3, "Enabling the ISM Environment," for more information on configuring the ISM management environment.
Security Management
In addition to the standard security features offered by NetView and the Cisco IOS software, ISM provides the following security features:
•Operator management—ISM can define authority levels that dictate the ISM actions an operator can perform.
•Transparent support of router security--ISM passes all security required by the router to the ISM operator. If TACACS security is implemented in the router, ISM also requires a user ID and password to communicate with the router.
•Password suppression—ISM suppresses all passwords entered by operators who issue commands that require passwords.
•Command logging—ISM logs each command issued from ISM. ISM also logs the name of the operator who issued the command. The ISM event log records operator actions that result in router state changes.
•Under SNMP, ISM supports only the GET and GETNEXT commands.
Do not bypass ISM by issuing RUNCMDs directly to a router. Bypassing ISM creates the following security issues:
•If an authorized user logs in to a router in enabled mode, all operators can issue authority-level commands to the router.
•Without the ISM interface, there is no queue scheduling. This could allow any operator to receive data that is being sent in response to a command issued by another operator.
Caution ISM does not prevent you from using security features provided by your system, or by NetView. If you are concerned about operators issuing RUNCMDs directly, you can alter NetView to prevent specific operators from issuing specific RUNCMDs and ISM commands.
NetView security features used by ISM include operator registration and passwords, and command facility security.
Note For more information on NetView security features, refer to the appropriate NetView manual.
Cisco IOS software security features used by ISM include the enable password feature and TACACS+.
Performance Monitoring
You can use ISM to define router CPU and memory performance thresholds that, when exceeded, alter the status of the router on the ISM status panels. ISM provides data that you can use to evaluate the performance of the routers, interfaces, DSPU and CMCC resources in your network.
You can use the following methods to monitor the performance of these resources:
•Define CPU and memory performance thresholds for routers and CMCCs, and view the exceptions.
•View real-time collected performance data for routers, interfaces, and CMCCs.
•Log the performance of an interface or router (at user-defined intervals), and measure the results using the archived performance data.
•View the details of archived performance data.
•Log data to SMF.
