Cisco Active Network Abstraction User Manual
Cisco Active Network Abstraction
Administrator’s Guide, 3.5
Corporate Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 526-4100
Text Part Number: OL-8842-01
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE
LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adapta tion of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Rege nts of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS”
WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES,
INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS
MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco Active Network Abstraction Administrator’s Gu ide, 3.5
© 1999 - 2006 Cisco Systems, Inc. All rights reserved.
Important Notice
Important Notice
Cisco ANA 3.5 is a carrier-class, multi-vendor network and service
management platform which builds a real-time virtual model of the network,
serving as a live information base for value-added tools and applications for
integration into an existing OSS environment.
Cisco ANA 3.5 is a limited release by Cisco Systems of the existing features
and functions of the Sheer DNA 4.0.1 software.
As this is a limited release, the naming of the product in the software and the
user documentation remains as Sheer DNA.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com.
Cisco also provides several ways to obtain technical assistance and other
technical resources. These sections explain how to obtain technical
information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
http://www.cisco.com
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
Cisco documentation and additional literature are available in the Product
Documentation DVD package, which may have shipped with your product.
The Product Documentation DVD is updated regularly and may be more
current than printed documentation.
Cisco Systems, Inc. Page iii
Cisco Active Network Abstraction Administrator’s Guide, 3.5
The Product Documentation DVD is a comprehensive library of technical
product documentation on portable media. The DVD enables you to access
multiple versions of hardware and software installation, configuration, and
command guides for Cisco products and to view technical documentation in
HTML. With the DVD, you have access to the same documentation that is
found on the Cisco website without being connected to the Internet. Certain
products also have .pdf versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a
subscription. Registered Cisco.com users (Cisco direct customers) can order
a Product Documentation DVD (product number DOC-DOCDVD=) from
Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Beginning June 30, 2005, registered Cisco.com users may order Cisco
documentation at the Product Documentation Store in the Cisco Marketplace
at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00
a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the
United States and Canada, or elsewhere by calling 011 408 519-5055. You
can also order documentation by e-mail at tech-doc-storemkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States
and Canada, or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by
completing the online feedback form that appears with the technical
documents on Cisco.com.
You can send comments about Cisco documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the
front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Page iv Cisco Systems, Inc.
Important Notice
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h
tml
From this site, you can perform these tasks:
• Report security vulnerabilities in Cisco products.
• Obtain assistance with security incidents that involve Cisco products.
• Register to receive security information from Cisco.
A current list of security advisories and notices for Cisco products is
available at this URL:
http://www.cisco.com/go/psirt
If you prefer to see advisories and notices as they are updated in real time,
you can access a Product Security Incident Response Team Really Simple
Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products
internally before we release them, and we strive to correct all vulnerabilities
quickly. If you think that you might have identified a vulnerability in a Cisco
product, contact PSIRT:
Emergencies — security-alert@cisco.com
An emergency is either a condition in which a system is under active attack
or a condition for which a severe and urgent security vulnerability should be
reported. All other conditions are considered nonemergencies.
Nonemergencies — psirt@cisco.com
In an emergency, you can also reach PSIRT by telephone:
1 877 228-7302
1 408 525-6532
We encourage you to use Pretty Good Privacy (PGP) or a compatible product
to encrypt any sensitive information that you send to Cisco. PSIRT can work
from encrypted information that is compatible with PGP versions 2.x through
8.x.
Cisco Systems, Inc. Page v
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Never use a revoked or an expired encryption key. The correct public key to
use in your correspondence with PSIRT is the one linked in the Contact
Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h
tml
The link on this page has the current PGP key ID in use.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical
assistance. The Cisco Technical Support & Documentation website on
Cisco.com features extensive online support resources. In addition, if you
have a valid Cisco service contract, Cisco Technical Assistance Center
(TAC) engineers provide telephone support. If you do not have a valid Cisco
service contract, contact your reseller.
Cisco Technical Support & Documentation
Website
The Cisco Technical Support & Documentation website provides online
documents and tools for troubleshooting and resolving technical issues with
Cisco products and technologies. The website is available 24 hours a day, at
this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website
requires a Cisco.com user ID and password. If you have a valid service
contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Use the Cisco Product Identification (CPI) tool to locate your product serial
number before submitting a web or phone request for service. You can access
the CPI tool from the Cisco Technical Support & Documentation website by
clicking the Tools & Resources link under Documentation & Tools. Choose
Cisco Product Identification Tool from the Alphabetical Index drop-down
list, or click the Cisco Product Identification Tool link under Alerts & RMAs.
The CPI tool offers three search options: by product ID or model name; by
tree view; or for certain products, by copying and pasting show command
output. Search results show an illustration of your product with the serial
number label location highlighted. Locate the serial number label on your
product and record the information before placing a service call.
Page vi Cisco Systems, Inc.
Important Notice
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and
S4 service requests. (S3 and S4 service requests are those in which your
network is minimally impaired or for which you require product
information.) After you describe your situation, the TAC Service Request
Tool provides recommended solutions. If your issue is not resolved using the
recommended resources, your service request is assigned to a Cisco engineer.
The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact
the Cisco TAC by telephone. (S1 or S2 service requests are those in which
your production network is down or severely degraded.) Cisco engineers are
assigned immediately to S1 and S2 service requests to help keep your
business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
• Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
• EMEA: +32 2 704 55 55
• USA: 1 800 553-2447
For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco
has established severity definitions.
• Severity 1 (S1)—Your network is “down,” or there is a critical impact to
your business operations. You and Cisco will commit all necessary
resources around the clock to resolve the situation.
• Severity 2 (S2)—Operation of an existing network is severely degraded,
or significant aspects of your business operation are negatively affected
by inadequate performance of Cisco products. You and Cisco will
commit full-time resources during normal business hours to resolve the
situation.
• Severity 3 (S3)—Operational performance of your network is impaired,
but most business operations remain functional. You and Cisco will
commit resources during normal business hours to restore service to
satisfactory levels.
• Severity 4 (S4)—You require information or assistance with Cisco
product capabilities, installation, or configuration. There is little or no
effect on your business operations.
Cisco Systems, Inc. Page vii
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Obtaining Additional Publications and
Information
Information about Cisco products, technologies, and network solutions is
available from various online and printed sources.
Cisco Marketplace provides a variety of Cisco books, reference guides,
documentation, and logo merchandise. Visit Cisco Marketplace, the company
store, at this URL:
http://www.cisco.com/go/marketplace/
Cisco Press publishes a wide range of general networking, training and
certification titles. Both new and experienced users will benefit from these
publications. For current Cisco Press titles and other information, go to Cisco
Press at this URL:
http://www.ciscopress.com
Packet magazine is the Cisco Systems technical user magazine for
maximizing Internet and networking investments. Each quarter, Packet
delivers coverage of the latest industry trends, technology breakthroughs, and
Cisco products and solutions, as well as network deployment and
troubleshooting tips, configuration examples, customer case studies,
certification and training information, and links to scores of in-depth online
resources. You can access Packet magazine at this URL:
http://www.cisco.com/packet
iQ Magazine is the quarterly publication from Cisco Systems designed to
help growing companies learn how they can use technology to increase
revenue, streamline their business, and expand services. The publication
identifies the challenges facing these companies and the technologies to help
solve them, using real-world case studies and business strategies to help
readers make sound technology investment decisions. You can access iQ
Magazine at this URL:
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
Page viii Cisco Syste ms, Inc .
Important Notice
Internet Protocol Journal is a quarterly journal published by Cisco Systems
for engineering professionals involved in designing, developing, and
operating public and private internets and intranets. You can access the
Internet Protocol Journal at this URL:
http://www.cisco.com/ipj
Networking products offered by Cisco Systems, as well as customer support
services, can be obtained at this URL:
http://www.cisco.com/en/US/products/index.html
Networking Professionals Connection is an interactive website for
networking professionals to share questions, suggestions, and information
about networking products and technologies with Cisco experts and other
networking professionals. Join a discussion at this URL:
http://www.cisco.com/discuss/networking
World-class networking training is available from Cisco. You can view
current offerings at this URL:
http://www.cisco.com/en/US/learning/index.html
Cisco Systems, Inc. Page ix
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Page x Cisco Systems, Inc.
About This Guide
About This Guide
This Administrator’s Guide describes the structure and features of the
Sheer™ Dynamic Network Abstraction (DNA) system. Sheer DNA Manage
is the GUI client application designed to simplify and facilitate Sheer DNA
administration. Sheer DNA Manage enables the System Administrator to
configure and control the DNA system. Sheer DNA Manage interacts with
the Sheer DNA Registry (“Golden Source”) to query and modify
configuration information. This guide is intended for use by trained System
Administrators.
It includes the following chapters:
Chapter 1, Introducing Sheer DNA, page 1, describes the Sheer™ DNA
platform and architecture. In addition, it provides a brief explanation of the
terms used throughout this guide.
Chapter 2, Getting Started with Sheer DNA Manage, page 13, describes
the Sheer DNA Manage working environment and how to open and operate
the Sheer DNA Manage application.
Chapter 3, Deploying Sheer DNA, page 57, describes the steps that must be
performed to deploy the Sheer DNA.
Chapter 4, General DNA Manage Tables, page 61, describes how to
perform general Sheer DNA Manage functions when working with tables.
Chapter 5, Managing Sheer DNA Units, page 69, describes how to manage
Sheer DNA Units. This includes adding and removing Sheer DNA Units.
Chapter 6, Managing AVMs and VNEs, page 79, describes how to define
and manage AVMs and VNEs.
Chapter 7,
Managing Global Settings, page 107, describes how to define
and manage the Sheer DNA Manage global settings, including client licenses,
DNA database segments, customizing a message of the day (service
disclaimer), polling groups, and protection groups.
Chapter 8,
Managing Links, page 127, describes how to add and remove a
topological link between two ports of two Network Elements in the network.
Chapter 9, Managing Workflows, page 133, briefly describes the Workflow
Engine branch in the Sheer DNA Manage application.
Cisco Systems, Inc. Page xi
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Chapter 10, Managing Sheer DNA Security, page 135, describes how
Sheer DNA implements a three-dimensional security engine combining a
role-based security mechanism with scopes that are granted to users. In
addition, it describes managing users in the Sheer DNA platform, including,
defining users and passwords.
Appendix A, Utility Scripts, page 155, describes the Sheer DNA utility
scripts including how to restart the Sheer DNA Platform.
Appendix B, Golden Source Registry, page 157, provides details of the
Golden Source Registry.
Appendix C, Ports Used by Sheer DNA, page 159, provides a list of the
ports used by the various Sheer DNA Server and Client applications.
Appendix D, Drools Rules Engine, page 161, introduces and describes
Drools.
Note: Changes to the Registry should only be carried out with the support of
Cisco Professional Services.
Page xii Cisco Systems, Inc.
Introducing Sheer DNA
Table of Contents
1 Introducing Sheer DNA ..................................................................1
1.1 The Sheer Solution...................................................................................................1
1.2 Sheer DNA Components..........................................................................................4
1.2.1 Autonomous VNE................................................................................................4
1.2.2 The Sheer DNA Servers......................................................................................4
1.2.3 Sheer DNA Clients...............................................................................................5
1.3 Sheer DNA Manage Control Functionality.............................................................6
1.4 Additional Concepts and Terms.............................................................................7
1.5 Terminology and Conventions..............................................................................11
2 Getting Started with Sheer DNA Manage.................................... 13
2.1 Starting Sheer DNA Manage..................................................................................13
2.2 The Sheer DNA Manage Window..........................................................................15
2.2.1 Sheer DNA Manage Tree Pane.........................................................................15
2.2.2 Sheer DNA Manage Window Workspace .........................................................18
2.3 Sheer DNA Manage Window, Menus and Toolbar..............................................19
2.3.1 DNA Servers Branch .........................................................................................20
2.3.2 DNA Server Entities Branch..............................................................................24
2.3.3 AVM Branch.......................................................................................................29
2.3.4 Global Settings Branch......................................................................................33
2.3.5 Scopes Branch ..................................................................................................44
2.3.6 Topology Branch................................................................................................47
2.3.7 Users Branch.....................................................................................................49
2.3.8 Workflow Engine Branch...................................................................................52
2.4 Logging Out............................................................................................................56
3 Deploying Sheer DNA................................................................... 57
3.1 System Setup Flow ................................................................................................57
3.2 User and View Setup Flow.....................................................................................60
Cisco Systems, Inc. Page xiii
Cisco Active Network Abstraction Administrator’s Guide, 3.5
4 General DNA Manage Tables....................................................... 61
4.1 Working with DNA Manage Tables.......................................................................61
4.2 Finding Text in a Table ..........................................................................................63
4.3 Filtering Information ..............................................................................................63
4.4 Setting Selection Filters ........................................................................................65
4.5 Sorting a Table .......................................................................................................67
4.6 Exporting the Table to a File.................................................................................68
5 Managing Sheer DNA Units .........................................................69
5.1 What is a DNA Unit?...............................................................................................70
5.2 Adding New Sheer DNA Units...............................................................................71
5.3 Editing Sheer DNA Unit Properties ......................................................................73
5.4 Removing a Sheer DNA Unit.................................................................................75
5.5 Finding a Unit/AVM/VNE........................................................................................76
6 Managing AVMs and VNEs ..........................................................79
6.1 Creating AVMs........................................................................................................80
6.2 AVM Status..............................................................................................................82
6.2.1 Admin and Oper Mode AVM Status ..................................................................83
6.3 Viewing and Editing an AVM’s Properties...........................................................83
6.4 Deleting an AVM.....................................................................................................84
6.5 Starting and Stopping AVMs.................................................................................85
6.6 Moving AVMs..........................................................................................................86
6.7 VNEs Overview.......................................................................................................87
6.7.1 VNE Status........................................................................................................88
6.7.2 Admin and Oper Mode VNE Status...................................................................89
6.8 Defining VNEs.........................................................................................................89
6.8.1 General Tab.......................................................................................................92
6.8.2 SNMP Tab.........................................................................................................94
6.8.3 Telnet / SSH Tab...............................................................................................96
6.8.4 ICMP Tab...........................................................................................................98
6.8.5 Polling Tab.........................................................................................................99
6.9 Viewing and Editing a VNE’s Properties............................................................101
6.10 Deleting a VNE......................................................................................................103
6.11 Changing the VNE’s State ...................................................................................104
6.12 Moving Multiple and Single VNEs ......................................................................105
Page xiv Cisco Systems, Inc.
Introducing Sheer DNA
7 Managing Global Settings.......................................................... 107
7.1 Managing Client Licenses...................................................................................107
7.1.1 Viewing Client License Properties...................................................................109
7.2 Viewing DB Segments .........................................................................................112
7.3 Customizing a Message of the Day....................................................................113
7.4 Managing Polling Groups....................................................................................114
7.4.1 Polling Groups Overview.................................................................................114
7.4.2 Customizing a Polling Group...........................................................................116
7.4.3 Modifying a Polling Group ...............................................................................118
7.4.4 Deleting a Polling Group..................................................................................119
7.4.5 Adaptive Polling...............................................................................................119
7.5 Managing Protection Groups..............................................................................121
7.5.1 Chec k in g A s si g n me n t o f Pr ot e ct i o n G r ou p s t o DN A U n it s ..................................123
7.5.2 Changing Protection Groups for DNA Units.......................................................123
7.5.3 Vi e wi n g a n d E d i t i n g Prot e ct i o n G r o u p Prop e rt i e s...............................................125
7.5.4 De le t in g a P r ot e ct i on G r ou p..............................................................................126
8 Managing Links........................................................................... 127
8.1 Creating a Static Link...........................................................................................127
8.2 Removing a Static Link........................................................................................131
9 Managing Workflows.................................................................. 133
9.1 About the Sheer Workflow Editor.......................................................................133
9.2 Workflow Engine Branch.....................................................................................134
10 Managing Sheer DNA Security..................................................135
10.1 Security Overview................................................................................................135
10.1.1 Scopes.............................................................................................................135
10.1.2 Default Permissions.........................................................................................136
10.1.3 Security Access Roles.....................................................................................136
10.2 Customizing Security Flow .................................................................................139
10.3 Creating Scopes ...................................................................................................140
10.3.1 Editing a Scope and Viewing a Scope Properties...........................................142
10.3.2 Deleting Scopes...............................................................................................142
10.4 Creating New Sheer DNA User Accounts..........................................................143
Cisco Systems, Inc. Page xv
Cisco Active Network Abstraction Administrator’s Guide, 3.5
10.5 Granting or Editing a User’s Rights ...................................................................146
10.5.1 General User’s Rights......................................................................................146
10.5.2 User’s Security Rights.....................................................................................148
10.5.3 Map User Permissions ....................................................................................151
10.6 Deleting a Sheer DNA User Account..................................................................152
10.7 Changing a User’s Password..............................................................................152
A Utility Scripts............................................................................... 155
A.1 Restarting Sheer DNA Gateway..........................................................................155
A.2 Restarting a Sheer DNA Unit...............................................................................155
A.3 Executing a Command on all Sheer DNA Units................................................156
B Golden Source Registry............................................................. 157
C Ports Used by Sheer DNA.......................................................... 159
D Drools Rules Engine................................................................... 161
D.1 Drools Rules Engine Overview...........................................................................161
D.1.1 Drools Components and Terminology.............................................................161
D.2 Drools and ANA Integration................................................................................162
D.3 Drools Definitions in ANA...................................................................................162
D.4 Upgrading Rule Files ...........................................................................................163
Page xvi Cisco Systems, Inc.
Introducing Sheer DNA
1 Introducing Sheer DNA
About this chapter:
This chapter describes the Sheer™ Dynamic Network Abstraction (DNA)
platform and architecture. In addition, it provides a brief explanation of the
terms used throughout this guide. The Sheer DNA Manage maintenance
application is part of an overall Sheer solution; therefore, in order to better
understand the Sheer DNA Manage environment, a brief overview of Sheer
DNA is required.
The Sheer Solution, page 1, provides an overview of the Sheer DNA, its
platform architecture and functional blocks.
Sheer DNA Components, page 4, describes the Sheer DNA system’s key
components.
Sheer DNA Manage Control Functionality, page 6, describes how Sheer
DNA Manage serves as a tool to manage the Sheer DNA, which enables the
addition, removal and modification of Sheer DNA information.
Additional Concepts and Terms, page 7, explains any additional terms used
within the Sheer DNA Manage application and this guide.
Terminology and Conventions, page 11, describes the conventions used in
the Sheer DNA Administrator’s Guide. In addition, it provides a guide to
related documentation.
1.1 The Sheer Solution
Sheer Dynamic Network Abstraction (DNA) is a carrier class network
management platform, designed to serve as an active mediation layer
between the operation and the network layers. Sheer DNA provides a rich set
of GUI easy to use applications as well as well-defined, APIs for Operation
Support Systems, enabling carriers and service providers to efficiently
respond to the constant market demand for new, reliable and more
sophisticated services, while hiding the complexity of large, multi-vendor,
multi-technology networks.
Cisco Systems, Inc. Page 1
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Sheer DNA provides solutions for diverse network environments and
applications. It offers an integrated network and service auto- discovery for
network modeling, intelligent fault analysis and a highly flexible network
configuration and activation engine. This enables fully correlated
management of global scale networks supporting millions of subscribers and
customers.
Sheer DNA is a network management solution that provides a fully
integrated service-oriented solution offering:
• Multi-vendor, hybrid device support
• Multi-Technology (IP, VPN, MPLS, Ethernet, ATM, DSL)
• Multi-function (Network discovery, Fault, Activation and Configuration)
• Vertical integration with multiple OSS/BSS applications
Based on a patented innovative architecture of Distributed Autonomous
VNEs, Sheer DNA was designed from day one to enable integrated
management, for hybrid network environments, while being extremely
scalable in supporting network growth and evolution.
The Sheer DNA introduces key functional highlights such as:
• Network (Horizontal) Integration: supporting NEs from multiple
vendors, across multiple technologies, forming a unified, end-to-end
synthesis of the network
• Network and Service Discovery, Real-time Inventory and Topology:
discovery of network inventory, services and multi-layer connectivity to
form an accurate, up-to-date network information model
• Network Fault Intelligence: using the auto-discovered network model
for fault correlation and root cause analysis
• Service Impact: the service impact analysis of various network faults
showing affected VPNs and sites
• Activation and Configuration: a flexible, high-performance activation
engine that supports virtually any device configuration required
• Service Verification: real-time verification of configuration health and
consistency
• Service Path Analysis: dynamic isolation and tracing of service paths,
end-to-end across technologies and network layers
• GUI Client Applications: a powerful set of user applications for
Assurance, Fulfillment and Performance management
Page 2 Cisco Systems, Inc.
Introducing Sheer DNA
• OSS/BSS (Vertical) Integration: open, flexible northbound adaptation
framework to OSS/BSS applications, in a wide variety of APIs, protocols
and information models
• Scalability: a fully distributed solution implementing parallel processing
that inherits the scaling properties of the network by creating a virtual
model of it. Adding more Autonomous VNEs and/or more DNA Units
easily supports network growth.
The Sheer™ DNA platform architectural diagram and functional blocks are
displayed below.
Figure 1: Sheer DNA Architecture
Cisco Systems, Inc. Page 3
Cisco Active Network Abstraction Administrator’s Guide, 3.5
1.2 Sheer DNA Components
The Sheer DNA system is comprised of several key components, as
described in the sections that follow.
1.2.1 Autonomous VNE
The Autonomous VNEs (Virtual Network Elements) are software entities
that run as a completely autonomous process within the Sheer DNA Units.
Each VNE is assigned to manage a single Network Element (NE) instance
using whatever southbound management interfaces the NE implements (e.g.
SNMP or Telnet). The Autonomous VNEs are the entities that maintain a live
model of each NE and of the entire network.
As the VNE loads, it starts investigating the NE and automatically builds a
live model of the NE, including its physical and logical inventory, its
configuration and its status. Following the device investigation, the VNEs
begin to negotiate with peering VNEs, which represent the peering NEs
determining the connectivity and topology at different layers. This model of
the network topology, device state and device inventory is constantly being
updated by the VNEs, which track every change that occurs in the NE or in
the network.
Messaging between VNEs is used for running different end-to-end flows, in order
to provide information for root cause and impact analysis, service path tracing and
more.
1.2.2 The Sheer DNA Servers
Sheer DNA uses two distinct server types, each performing different activities:
• Sheer DNA Gateway
• Sheer DNA Unit
Sheer DNA Gateway
The Sheer DNA Gateway serves as the gateway through which all clients,
including any OSS/BSS applications as well as the Sheer DNA clients can
access the system. The gateway is an extended Sheer DNA Unit. It enforces
access control and security for all connections and manages client sessions.
In addition it functions as a repository for storing configuration, network and
system events and alarms.
Page 4 Cisco Systems, Inc.
Introducing Sheer DNA
Another important function of the Sheer DNA Gateway is to map network
resources to the business context. This enables Sheer DNA to contain
information that is not directly contained in the network (such as VPNs and
Subscribers) and display it to northbound applications.
Sheer DNA Unit
The main purpose of the Sheer DNA Units is to host the Autonomous VNEs.
The Sheer DNA Units are interconnected to form a fabric of VNEs that can
inter-communicate with other VNEs regardless of which unit they are
running on. Each Sheer DNA Unit can host thousands of Autonomous VNE
processes (depending on the server system size). The Sheer DNA Units also
allow for optimal VNE distribution, ensuring geographic proximity between
the VNE and its managed NE.
The clustered N+m high availability mechanism within the Sheer DNA
Fabric is designed to handle the failure of a Sheer DNA Unit. Sheer DNA
Unit availability is established in the Gateway, running a Protection Manager
process, which continuously monitors all the Sheer DNA Units in the
network. Once the Protection Manager detects a Sheer DNA Unit that is
malfunctioning, it automatically signals one of the m servers in its cluster to
load the configuration of the faulty unit (from the system Registry), taking
over all its managed Network Elements. The switchover to the redundant
standby Sheer DNA Unit does not result in any loss of information in the
system, as all of the information is auto-discovered from the network, and no
persistent storage synchronization is required. When a Sheer DNA Unit is
configured it can be designated as being an active or standby unit.
For more information about high availability, refer to the Cisco Active
Network Abstraction High Availability User’s Guide.
1.2.3 Sheer DNA Clients
Sheer provides a comprehensive suite of GUI applications to manage the
network using the Sheer DNA platform.
• Sheer NetworkVision: The main GUI application of Sheer DNA, used to
visualize every management function supported by the system. For more
information, refer to the Cisco Active Network Abstraction NetworkVision
User’s Guide.
• Sheer EventVision: A tool for viewing all historical events detected by
the Sheer DNA system. For more information, refer to the Cisco Active
Network Abstraction EventVision User’s Guide.
Cisco Systems, Inc. Page 5
Cisco Active Network Abstraction Administrator’s Guide, 3.5
• Sheer DNA Manage: A system administration and configuration tool for
managing the entire Sheer DNA platform, as described below.
• Sheer Registry Editor: A tool used for viewing and configuring the
Sheer Registry.
The Sheer DNA Clients support automatic client updates from the Sheer
DNA Gateway using Web Start. When connecting with a Sheer DNA
Gateway application, the system verifies that the client version is the latest
available and if an upgrade is required, the system automatically updates the
Sheer Clients from the Sheer DNA Gateway.
1.3 Sheer DNA Manage Control Functionality
Sheer DNA includes extensive system administration functions for simple
system control. Sheer DNA Manage is the GUI tool used for performing
various system administration activities. It provides an interface to perform
the following:
• Sheer DNA Units: Adding and removing Units.
• Autonomous Virtual Machines (AVMs) and Virtual Network
Elements (VNEs): Adding and removing AVMs and VNEs for the
different Sheer DNA Units. Starting and stopping VNEs, and setting
polling information per VNE.
• Global Settings:
• Clients Licenses: Installing and managing Sheer DNA Client
licenses
• DB Segments: Viewing the storage allocated for all of the database
segments
• Messages of the Day: Generating a message of the day (service
disclaimer)
• Polling Groups: Customizing protection groups
• Protection Groups: Setting up scopes of devices and system users
• Topology: Managing static and persistent topology links.
• Workflow Engine: Enables the administrator to manage workflow
templates and running workflows in runtime.
• Scopes: Enables the administrator to group a collection of managed
Network Elements together in order to enable the user to view and/or
manage the Network Elements based on the user’s role.
• Users: Enables the administrator to define and manage user accounts.
Page 6 Cisco Systems, Inc.
Introducing Sheer DNA
1.4 Additional Concepts and Terms
The sections below include additional concepts and terms used in the Sheer
DNA Manage application and throughout this guide.
AVM
The Sheer DNA Units are divided into AVMs (Autonomous Virtual
Machines). These AVMs are Java processes that provide the necessary
distribution support platform for executing and monitoring multiple VNEs.
AVMs and VNEs should reside on a Sheer DNA Unit (as a common
configuration) but they can also reside on a Sheer DNA Gateway.
There are some types of AVMs that run on the server which do not run
VNEs. These AVMs have reserved ID numbers, namely, AVM 0-100 and these
cannot be used. In addition, there are other reserved AVM ID numbers. The
following AVMs have special roles assigned to them, namely:
• AVM 0 (the switch AVM)
• AVM 11 (the Gateway)
• AVM 66 (the workflows AVM)
• AVM 99 (the management AVM)
• AVM 100 (the trap management AVM)
Device/Network Element
A network component existing in the network, for example, the devices
displayed in Sheer DNA and in Sheer NetworkVision.
Element Management
The base configuration for the creation of the managed element. Sheer DNA
Manage enables the user to create VNEs, for example, by entering the IP
address, SNMP and polling rate information and so on. This is called
Element Management.
Cisco Systems, Inc. Page 7
Cisco Active Network Abstraction Administrator’s Guide, 3.5
License
Sheer DNA Client applications and BQL connectivity is based on installed
license files. Sheer DNA Manage enables the administrator to control and
monitor the number of Sheer DNA Client and BQL connections over a
limited or unlimited period of time based on the client licenses installed. Two
types of licenses are supported, namely, fixed (the number of installed users
are identified by user names or IP addresses or both) or floating (the number
of installed users operating concurrently).
Managed Element
After Sheer DNA Manage installs and runs the process, samples the device
and collects the data a VNE (Managed Element) is created. The VNE
includes logical inventory (tables, for example, forwarding tables) and
physical inventory (for example, modules and ports), and this Managed
Element can be accessed using Sheer NetworkVision.
Network Element Components
Component(s) of a Network Element (NE), such as port(s), blade(s),
context(s) and so on.
Permission
The user’s ability to perform certain tasks. There are two types of
permissions, namely, default and NE related.
• Default: The default permission only applies to the activities that are
related to GUI functionality, not the activities related to Network
Elements. For example, a user with the default permission Viewer can
view maps and the Device List. For more information, refer to page 136.
• Network Element: The NE related permission enables the administrator
to group a collection of managed Network Elements together (in Sheer
DNA Manage) in order to enable the user to view and/or manage the NEs
based on the user’s role or permission. After the user is allocated a scope
(list of Network Elements) and a role, the user can then perform various
activities on the Network Elements, for example, manage alarms in Sheer
NetworkVision. For more information, refer to page 135.
Polling Group
A polling group is defined as a group of polling rates that can be specified for
a device. For more information, refer to page 114.
Page 8 Cisco Systems, Inc.
Introducing Sheer DNA
Protection Group
A Protection Group is a cluster to which Units and Standby Units are related.
In case of Unit failover then the Redundant Unit will be taken from the same
Protection Group.
Redundant Unit
The Sheer DNA Unit comes with built-in redundancy for maximum up time
and automatic switching. A threshold configurable watchdog constantly
monitors the Sheer DNA Units and Sheer DNA Gateway and can make an
automatic or manual (operator approved) switch over when there is no
response from the monitored entity. The system is always up-to-date via real
time investigation of the network. The redundancy mechanism ensures
synchronization of the active and backup Sheer DNA units. Once activated,
the standby Sheer DNA node is immediately synchronized with the network.
Roles
Sheer DNA implements a security engine that combines a role-based security
mechanism that is applied on scopes of Network Elements granted per user.
The system supports user accounts creation, multiple Network Element scope
definition and a set of five pre-defined roles for security and access control to
allow different system functions:
• Administrator: Manage the system configuration and security.
• Configurator: Activate services, and configure the network.
• Operator Plus: Able to fully control alarm life cycle and create maps.
• Operator: Configure business tags and perform most day-to-day
operations.
• Viewer: Read only access to the network and to non-privileged system
functions.
Roles can be granted per scope or at an application level (default permission),
namely, all the activities that are related to GUI functionality, not the
activities related to devices. The default permission includes:
• Application login.
• Manage alarms in Sheer NetworkVision.
• Manage maps: Creating, deleting, and opening.
• Map manipulation: Arrange map, including, aggregations, adding NEs,
NEs placement in map, map background and so on.
• Business tag management.
Cisco Systems, Inc. Page 9
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Scopes
A scope is a named collection of managed Network Elements that have been
grouped together in order to allow a user to view and/or manage the Network
Elements provided a given role. Grouping can be based on geographical
location, Network Element type (such as DSLAM, router, SW, etc.), Network
Element category (such as access, core, etc.) or any other division according
to the network administrator’s requirements.
Using NetworkVision, a user that has been assigned a scope can view and/or
manage the NEs within this scope according to the role assigned to the user
as per the scope. The user cannot view any information regarding NEs that
are outside the user’s scope, including basic properties, inventory, and
alarms.
Static Link
A static link is a physical link that is not automatically discovered by the
system. The user manually creates the static link between Network Elements
by selecting the two end ports from the NE’s physical inventory.
Transport Link
A transport link is a logical link used for communication between the units
and for transferring information.
Users
In order for a user to work with Sheer DNA the following requirements must
be met:
• The user must have a valid license installed.
• The user must have a defined Sheer DNA user account.
• The user must have an assigned permission.
For more information about users, refer to Chapter 10, Managing Sheer DNA
Security.
Page 10 Cisco Systems, Inc.
Introducing Sheer DNA
Workflow
A workflow consists of several tasks grouped together and arranged in a
flowchart. All workflows are stored on the Sheer DNA Gateway. After a
workflow is deployed, it is accessible using Sheer DNA Manage in order to
view properties and status. Deployed workflow templates can be invoked via
the Sheer DNA API using BQL. In addition, the user can view a history of
the invoked workflows using Sheer EventVision. For more information, refer
to this guide and the Cisco Active Network Abstraction Workflow User’s
Guide.
1.5 Terminology and Conventions
This Sheer DNA Administrator’s Guide uses the following conventions:
Convention Description
^ or Ctrl
The ^ and Ctrl symbols represent the Control key. For
example, the key combination ^D or Ctrl-D means hold
down the Control key while pressing the D key. Keys are
indicated in capital letters but are not case sensitive.
Command syntax descriptions use the following conventions:
Convention Description
boldface
Boldface text indicates commands and keywords that the
user enters literally as shown.
italics
Italic text indicates arguments for which the user supplies
values.
[x]
Square brackets enclose an optional element (keyword or
argument).
|
A vertical line indicates a choice within an optional or
required set of keywords or arguments.
[x | y]
Square brackets enclosing keywords or arguments
separated by a vertical line indicate an optional choice.
{x | y}
Braces enclosing keywords or arguments separated by a
vertical line indicate a required choice.
Nested sets of square brackets or braces indicate optional or required choices
within optional or required elements. For example:
Convention Description
[x {y | z}]
Braces and a vertical line within square brackets indicate
a required choice within an optional element.
Cisco Systems, Inc. Page 11
Cisco Active Network Abstraction Administrator’s Guide, 3.5
Examples use the following conventions:
Convention Description
screen
Examples of information displayed on the screen are set
in Courier New font.
Boldface
screen
< >
Examples of text that the user must enter are set in
Courier New bold font.
Angle brackets enclose text that is not printed to the
screen, such as passwords.
[ ]
Square brackets enclose default responses to system
prompts.
{ }
Curly brackets group mandatory parameters together
where there are options.
Related Documentation
For more detailed information, refer to the following publications:
• Cisco Active Network Abstraction NetworkVision User’s Guide
• Cisco Active Network Abstraction EventVision User’s Guide
• Cisco Active Network Abstraction Servers Installation Guide
• Cisco Active Network Abstraction Client Installation Guide
• Cisco Active Network Abstraction High Availability User’s Guide
• Cisco Active Network Abstraction Error Messages
• Cisco Active Network Abstraction Workflow User’s Guide
Page 12 Cisco Systems, Inc.
Getting Started with Sheer DNA Manage
2 Getting Started with Sheer DNA
Manage
About this chapter:
This chapter describes the Sheer DNA Manage working environment and
how to access Sheer DNA Manage tools and commands. It also provides
instructions for launching and overviews operating the Sheer DNA Manage
application-using menu and toolbar options.
The Sheer DNA Manage window provides access to all of Sheer DNA
Manage’s functionality.
Starting Sheer DNA Manage, below, describes how to open the Sheer DNA
Manage window.
The Sheer DNA Manage Window, page 15, briefly describes the Sheer
DNA Manage window, including the Tree pane and Workspace.
Sheer DNA Manage Window, Menus and Toolbar, page 19, provides a
detailed description of the Sheer DNA information displayed in the Sheer
DNA Manage window, the menus, and toolbars.
Logging Out, page 56, describes how to log out of Sheer DNA Manage.
2.1 Starting Sheer DNA Manage
Sheer DNA Manage is password protected to ensure security, and is only
available to users with Administrator privileges. Before you start working
with Sheer DNA Manage, make sure you know the user name, password and
the Sheer DNA Gateway IP address or host name that you require.
Note: If a user does not login to the Sheer DNA Manage, NetworkVision or
EventVision applications during a specified period of time (the default is one
month) the user’s account will be locked automatically. The default period
can be changed in the Sheer DNA Registry. The period of time is measured
from the time the user last logged out of any of the Sheer DNA Client
applications. For information about unlocking a user, refer to page 147.
Cisco Systems, Inc. Page 13
Cisco Active Network Abstraction Administrator’s Guide, 3.5
To start Sheer DNA Manage
1. From the Start menu, select the Programs folder, then Sheer
DNA/Sheer DNA Manage. The Sheer DNA Manage - Login dialog box
is displayed.
Note: It is recommended that the administrator change the user name and
login password after logging in for the first time.
The last four Sheer DNA Gateways to which the user logged in
successfully are displayed in the Host dropdown list. The list is
displayed in chronological order with the most recent Sheer DNA
Gateway displayed at the top of the list.
2. Enter the required Sheer DNA Gateway’s information in the Host field,
as an IP address or host name,
or
Select a Sheer DNA Gateway from the Host dropdown list.
Note: The Sheer DNA Gateway IP address or host name that was used
when you last logged in is automatically displayed at the top of the Host
dropdown list.
Note: Make sure that you use the leading IP address (the IP on which the
Sheer DNA Gateway was configured) when logging in to the system.
3. Click OK. The Sheer DNA Manage window is displayed. The user name
and host information is displayed in the Sheer DNA Manage window
heading.
Note: Some of the Workspaces in the Sheer DNA Manage window may
appear empty when the application is opened for the first time.
Page 14 Cisco Systems, Inc.
Loading...