To meet the challenges of designing an effective network management platform for heterogeneous TCP/IP-based networks, the SNMP was defined in 1988 and approved as an Internet standard in 1990 by the Internet Activities Board (IAB). SNMP allows you to monitor and communicate status information from SNMP agents to a network management station (NMS). This lesson provides the background and conceptual material necessary to understand and implement SNMP within the context of Windows 2000.
After this lesson, you will be able to
Estimated lesson time: 35 minutes
SNMP is a network management standard widely used with Transmission Control Protocol/Internet Protocol (TCP/IP) networks and, more recently, with Internetwork Packet Exchange (IPX) networks. SNMP provides a method of managing network nodes (servers, workstations, routers, bridges, and hubs) from a centrally located NMS.
To perform its management services, SNMP uses a distributed architecture of management systems and agents, as shown in Figure 26.1. The centrally located host, which is running network management software, is referred to as an NMS, or an SNMP manager. Managed network nodes are referred to as SNMP agents.
Figure 26.1 Distributed architecture used by SNMP
The agent reports hardware status and configuration information to a database called a Management Information Base (MIB). The MIB defines the hardware and software information in the host that should be collected by the SNMP agent. The SNMP agent communicates with the NMS to provide device-monitoring functions.
Network management is critical for resource management and auditing. SNMP can be used in several ways:
The Windows 2000 implementation of the SNMP agent is a 32-bit service that supports computers running TCP/IP and IPX protocols. Windows 2000 implements SNMP versions 1 and 2C. These versions are based on industry standards that define how network management information is structured, stored, and communicated between agents and management systems for TCP/IP-based networks.
To use the information that the Windows 2000 SNMP service provides, you must have at least one NMS. The Windows 2000 SNMP service provides only the SNMP agent; it does not include SNMP management software. You can use a third-party SNMP management software application on the host to act as the management system.
A number of software manufacturers design network management systems to run on UNIX or Windows NT and Windows 2000 operating systems.
The NMS does not have to run on the same computer as the SNMP agents. The NMS can request the following information from SNMP agents:
The management system can also send a configuration request to the agent that requests the agent to change a local parameter; however, this is a rare occurrence because most client parameters have read-only access.
SNMP agents provide SNMP managers with information about activities that occur at the Internet Protocol (IP) network layer and respond to management system requests for information. Any computer running SNMP agent software, such as the Windows 2000 SNMP service, is an SNMP agent. The agent service can be configured to determine what statistics are to be tracked and what management systems are authorized to request information.
In general, agents do not originate messages; they only respond to messages. The exception is an alarm message triggered by a specific event. An alarm message is known as a trap message. A trap is an alarm-triggering event on an agent computer, such as a system reboot or illegal access. Traps and trap messages provide a rudimentary form of security by notifying the management system whenever such an event occurs.
A Management Information Base (MIB) is a container of objects. Each object represents a particular type of information. This collection of objects contains information required by a management system. For example, one MIB object can represent the number of active sessions on an agent; another can represent the amount of available hard drive space on the agent. All the information a management system might request from an agent is stored in various MIBs.
A MIB defines the following values for each object it contains:
Each object in a MIB has a unique identifier that contains the following information:
The Windows 2000 SNMP service supports the Internet MIB II; LAN Manager MIB II; Host Resources MIB; and Microsoft proprietary MIBs, such as the WINS, DHCP, and IIS MIBs.
Both agents and management systems use SNMP messages to inspect and communicate information about managed objects. SNMP messages are sent via the User Datagram Protocol (UDP). IP is used to route messages between the management system and host. By default, UDP port 161 is used to listen for SNMP messages and port 162 is used to listen for SNMP traps.
When an NMS sends requests to a network device, the agent program on the device receives the requests and retrieves the requested information from the MIBs. The agent sends the requested information back to the initiating NMS. An SNMP agent sends information when a trap event occurs or when it responds to a request for information from a management system.
The management system and agent programs use the following types of messages:
Figure 26.2 is an example of how management systems and agents communicate information.
Figure 26.2 SNMP manager and agent interaction
The following is the seqence of steps in the communication process:
You can assign groups of hosts to SNMP communities for limited security checking of agents and management systems or for administration. Communities are identified by community names that you assign. A host can belong to multiple communities at the same time, but an agent does not accept a request from a management system outside its list of acceptable community names.
You can define communities logically to take advantage of the basic authentication service provided by SNMP. Figure 26.3 shows an example of two communities, Public and Public 2:
Figure 26.3 Example of two communities: Public and Public 2
Community names are managed by configuring SNMP security properties, which are described later in this lesson.
There is no relationship between community names and domain or workgroup names. Community names represent a shared password for groups of network hosts, and they should be selected and changed as you would change any password. Deciding which hosts belong to the same community is generally determined by physical proximity.
The SNMP agent is not installed by default on Windows 2000 Server. It is installed from the Control Panel Add/Remove Windows Programs application. From the Add/Remove Programs window, choose Add/Remove Windows Components, and from the Windows Components wizard that appears, choose Management And Monitoring Tools. The Management And Monitoring Tools item contains Simple Network Management Protocol, which is the SNMP agent. This agent is listed as SNMP Service after it is installed.
Once the SNMP service is installed, you can configure the SNMP services through the Services node of the Computer Management snap-in or through the Services snap-in in the Administrative Tools program group. In the Services node, select SNMP Service from the details pane, and then select Properties from the Action menu. The SNMP Service Properties dialog box appears, as shown in Figure 26.4.
Figure 26.4 SNMP Service Properties dialog box
The SNMP Trap Service is also installed when SNMP is installed. The trap service passes traps from a local or remote computer to a trap destination, typically an NMS, running on the local computer.
You can use the General, Log On, and Recovery tabs in the SNMP Service Properties dialog box to configure how the SNMP service starts, logs on to the system, and recovers from an abnormal program termination of the service or operating system. Other services listed in the Computer Management snap-in contain these four tabs for service configuration. The General tab allows you to start or stop the service. You can also specify a display name, description, startup type, and start parameters. Another tab called the Dependencies tab provides a list of those services (if any) that depend on the SNMP service and those that the SNMP service depends on. By default, the SNMP service depends on Event Log.
The SNMP agent provides the related management system with information on activities that occur at the IP network layer. The SNMP service sends agent information in response to an SNMP request or in an SNMP trap message.
You can configure the agent properties on the Agent tab of the SNMP Service Properties dialog box. The Agent tab lists the services you can select. These services are described in Table 26.1.
Table 26.1 SNMP Agent Services
|Agent service||Conditions for selecting this service|
|Physical||The computer manages physical devices, such as a hard disk partition.|
|Applications||The computer uses any applications that send data via TCP/IP. This service should always be enabled.|
|Datalink and subnetwork||The computer manages a bridge.|
|Internet||The computer is an IP gateway (router).|
|End-to-end||The computer is an IP host. This service should always be enabled.|
The Agent tab also allows you to configure the name of the person to contact, such as the network administrator, and the location of the contact person. An NMS might require this information when communicating with the SNMP agent.
SNMP traps can be used for limited security checking. When configured for an agent, the SNMP service generates trap messages whenever specific events occur. These messages are sent to a trap destination, typically an NMS. For example, an agent can be configured to initiate an authentication trap if a request for information is sent by an unrecognized management system. Trap messages can also be generated for events such as host system startup or shutdown.
You can configure trap destinations on the Traps tab of SNMP Service Properties dialog box. Trap destinations consist of the computer name or the IP or IPX address of the management system. The trap destination must be a network-enabled host running SNMP management software. Trap destinations can be configured by a user, but the events (such as a system reboot) that generate a trap message are internally defined by the SNMP agent.
You can configure SNMP security on the Security tab of the SNMP Service Properties dialog box. The following list describes the options you can configure on the Security tab.
This section contains methods for determining the cause of SNMP-related communication problems. Run normal workloads during your testing to gain realistic feedback.
SNMP error handling has been improved in Windows 2000. Manual configuration of SNMP error-logging parameters has been replaced with improved error handling that is integrated with Event Viewer. Use Event Viewer if you suspect a problem with the SNMP service.
When querying WINS server MIBs, you might need to increase the SNMP time-out period on the SNMP management system. For example, if some WINS queries work and others time out, increase the time-out period.
If you enter an IPX address as a trap destination when installing SNMP service, you might receive an Error 3 error message when you restart your computer. This occurs when the IPX address has been entered incorrectly—by using a comma or hyphen to separate a network number from a media access control (MAC) address. For example, SNMP management software might normally accept an address like 00008022,0002C0-F7AABD. However, the Windows 2000 SNMP service does not recognize an address with a comma or hyphen between the network number and MAC address.
The address used for an IPX trap destination must follow the IETF defined 8.12 format for the network number and MAC address: xxxxxxxx.yyyyyyyyyyyy, where xxxxxxxxis the network number and yyyyyyyyyyyy is the MAC address.
Table 26.2 contains a list of the SNMP-associated files provided as part of the SNMP service. Refer to this table for troubleshooting assistance.
Table 26.2 Files associated with SNMP
|Wsnmp32.dll, Mgmtapi.dll||Windows 2000-based SNMP manager APIs. These APIs listen for manager requests and send the requests to SNMP agents and receive responses from them.|
|*.dll||Extension agent dynamic-link libraries (DLLs) such as Inetmib1.dll for IIS, and Dhcpmib.dll for Dynamic Host Configuration Protocol (DHCP). These extension agents support the proprietary MIBs for these products.|
|Mib.bin||Installed with the SNMP service and used by the Management API (Mgmtapi.dll). The file maps text-based object names to numerical OIDobject identifiers.|
|Snmp.exe||SNMP agent service; a master (proxy) agent. This program accepts manager program requests and forwards the requests to the appropriate extension-subagent DLL for processing.|
|Snmptrap.exe||A background process. The program receives SNMP traps from the SNMP agent and forwards them to the SNMP Management API on the management console. The program starts only when the SNMP manager API receives a manager request for traps.|
Figure 26.5 shows how the various SNMP files work together to communicate to and from an NMS.
Figure 26.5 Communication to and from the SNMP service
In this lesson you learned that SNMP is a network management standard that provides a method of managing network devices such as servers, workstations, routers, bridges, and hubs from a centrally located host. To perform its management services, SNMP uses a distributed architecture of management systems and agents. The SNMP management system, commonly knows as an NMS, can request the information from managed computers (SNMP agents). SNMP agents provide the NMS with information about activities that occur at the IP network layer and respond to management system requests for information. SNMP uses a MIB as a container for objects; each container represents a particular type of information. Both agents and NMS use SNMP messages to inspect and communicate information about managed objects.
You also learned that you can assign groups of hosts to SNMP communities for limited security checking of agents and NMS or for administration. Communities are identified by community names that you assign. For additional security, you can specify the IP address or host name of network management system(s) in which the SNMP agent should communicate.
The lesson ended with a discussion on configuring the SNMP service through the Services node of the Computer Management snap-in or through the Services snap-in in the Administrative Tools program group. The SNMP Service Properties dialog box allows you to configure the various properties of the SNMP service.