Guest post by Divesh Kumar, Test Automation Specialist, HP Software
Present day challenges for network administrators are primarily focused around maintaining the centralized management of network resources like: VLAN ids, ACL IDs, Phone numbers, License keys, Routing instance names, IP address, Firewall instance names, Load balancer instance names, Route Targets, Route Distinguishers, and HSRP/VRRP IDs, etc.
These are used for building and provisioning the network infrastructure and to help integrate with any provisioning system. The easiest (but more error-prone solution) is to maintain the resource identifiers in spreadsheets—but this technique cannot be easily integrated with any provisioning system.
HP Network Automation (NA) provides the solution for these challenges with its Resource Identity Management (RIM) feature. With the help of RIM you can easily manage your resources and integrate them with any provisioning system. RIM is more proactive; it takes the unknowns that are abandoned within the limitations of spreadsheets and makes them known with superior tracking and search.
Use case: 1
A network administrator wants to provision a switch with a few VLANs.
The RIM feature allows network administrators to acquire the available VLAN IDs from the Resource Identity Pool (Pool). Pool, a logical name with some meaningful context, allows you to maintain a list of resources (IDs) – as in this case “VLAN IDs”.
When you acquire the VLAN ID, the status of ID changes to ‘In Use’ and once it is released, the status changes to ‘Available’ for others to use that ID, provided Pool is in shared mode.
You can add Pool via the GUI (graphical user interface) or the API/CLI (application programing interface/command line interface) and IDs can also be added to Pool in bulk via csv import functionality. (Refer the HP NA user guide for more information on this process).
Figure 1 – Showing VLANs marked available
Acquire VLAN IDs:
When user acquires the ID, status changes to ‘In Use’
Figure 2 – showing VLAN ID 2 in use
Release VLAN IDs:
When user releases the ID, status changes to ‘Available’
Figure 3 – showing VLAN ID 2 has returned to available
Use case: 2
Suppose the network administrator tracks information related to ‘Available VLAN IDs’, ‘Used VLAN IDs’, ‘blocked by ’, ‘Time of blocking’ etc. in spreadsheet. It is very difficult to know who has made which changes in the spreadsheet and at what time.
But with the help of RIM it becomes easy for you to know all the information via the ‘Resource Identity search’ functionality.
You can search for the resource identity with following parameters: Status (Available, In Use), Last modified By, Last modified date, Created Date with time, Resource ID etc.
The snapshot below shows the Search criteria for Resource Identity:
Figure 4 – Resource identity search screen
Resource Identity Search Results:
Figure 5 – Resource identity search results
Use case: 3
Consider a network administrator who wants to distinguish VLANs with a few specific attributes. In this example he is looking for department name and he wants to tag allocation of some of VLAN IDs to the Accounting department and few to the HR department from the single pool.
RIM provides flexibility in maintaining the network resources with custom fields. You can create the custom field ‘Department’ with values as ‘Account’ and ‘HR’ and those values can be assigned to IDs.
Adding Custom field to Pool.
Figure 6 – Showing how to add a custom field
Associating Custom field value to ID
Figure 7 – Showing how to associate a custom field with a specific resource ID
Resource Identity Search Results with Custom Field ‘Department’ for ‘Account’
Figure 8 – Showing the results of a search for resource IDs with Department = Account
Use case: 4
Consider a scenario where the network automation tool is being used by the network administrator to manage a Management Service Provider (MSP) environment. In the MSP environment multiple customers’ networks are managed by single HP NA tool. So it is essential for the network administrator to maintain/manage the resources respective to each customer so that one customer’s resources are not be exposed to other customers.
In this scenario, RIM allows you to create a pool and associate it with the security partition which is associated with that customer. NA has built-in ‘user group’ feature to address the above requirement. A user group is tightly coupled with a security partition so while creating a Pool; you have the option to select a security partition. If you select a specific partition, then Pool will be viewed and managed with the user who belongs to that partition with required command permissions.
The user group must have ‘view partition’ permissions and the following command permissions:
Resource Identity: Acquire/Release/Edit
Resource Identity: Add/Import
Resource Identity: Delete
Resource Identity: View
Resource Identity Pool: Manage
Resource Identity Pool: View
These can be configured via the GUI or the CLI (Refer to the NA user guide for more information).
User group permission:
Figure 9 – Showing user permissions
Pool creation within a Partition:
Figure 10 – Showing a Pool with Partition set to customer1
The takeaways from this post, for managing resource identities:
Spreadsheets are bad. They are inefficient and leave holes of information.
Purpose built tools, like NA are good. With these tools, you get a comprehensive view of your information.
The whole BSM solution including Network Automation will be on display at HP Discover June 2-4 in Las Vegas. Stop by to get a demonstration at booth 836, or ask questions. Uncover the unknown.
About the author: Divesh Kumar has nine years of experience in software testing with multiple domain experience. In the network management portfolio he has worked on HP NNMi and HP Network Automation products. He is responsible for developing and maintaining the Automation Infrastructure for HP NMC portfolio.
Divesh has a Bachelor of Engineering (B.E) degree in Computer Science from SSCET Bhilai, India.
- Michael Procopio LinkedIn.com/in/Michael Procopio