cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

What We're Working on for NPM (Updated June 1st, 2018)

This content has a new home!  Please visit What We're Working on for Npm (Updated December 5th, 2018)

The content below is OLD.

NPM 12.3 has shipped and we're hard at work building the next release.  Here's what we're working on, in no particularly order.

  • Cisco ACI Monitoring - See ​ and .
  • Remote Collector - New, agent based collector for distributed environments and hybrid deployments.  See .
  • Next Generation Orion Mapping - First version delivered in NPM 12.3 via Orion Platform 2018.2.  Working on the next version.  See ​, , and .
  • Centralized Upgrades - See ​, and
  • Website & Database Performance Improvements
  • Windows Device Guard Support
  • SAML Authentication Support - See .
  • Replace syslog/trap with the functionality from our new Log Manager product​ - See.
Tags (1)
Comments

andreasw​ unfortunately I know this from having experienced it firsthand. Which is weird because the NAM module (yes, that's the one) is more focused towards Cisco Prime, oddly. Although I do understand when you think about the volume of traffic applied to a 7K and potentially the amount of flows generated.

Can you please expand upon the Next Generation Orion Mapping function. I am extremely keen to hear what this is going to enable going forward?

rumour is web based!!

aaronmlyon Love your interest in 'Next Generation Orion Mapping'.  As mentioned previously, Many of our users have provided feedback regarding this topic and we still welcome more.  A number of posts have been utilized such as Network Atlas Overhaul as well as others but feel free to message or email me directly, with items that would be critical to you.  Work is absolutely underway but we don't have anything official we can share as of yet.  If you would like to participate in some of our UX sessions, we can certainly include you in our list. 

As you can imagine this is a very big endeavor.  While Network Atlas needs some updating, the amount of functionality available in that tool alone is significant.  Ensuring critical functionality is not lost, including functionality that addresses community feedback, and introducing new functionality to provide the biggest impact and value to our users is at the top of our list.  We are very excited about this project too.

Please feel free to provide further feedback if possible.  Understanding what the most critical features users need, and the problems they solve, is ideal in giving us the ammo to get it right.  Stay tuned!

I agree we need enhanced netflow nbar and medianet support for perhaps NPM/NTA.  We've recently done a bunch of comparisons of netflow analysis tools and Cisco has taken netflow to whole new level with nbar and medianet.  With some of the tools we experimented with it required turning a LOT of additional netflow traffic and in a couple places it almost broke a couple parts of our WAN due to all the flows being processed flowing around the network.

Count me in!

Are We Including Cisco ACI Monitoring in next NPM? We need this badly to support our customer

rajeshagnihotri​, ACI is definitely on my radar.  I'm interested in what specific things you'd like monitored by NPM.  Can you drop me a few of your ideas here or in a private message?

Thanks Cobrien

Below are My requirement High level for Cisco ACI.  My Customer

desperately need this . Please confirm by when we can expect the

capability

ACI Monitoring Requirements

·      auto discovery of all the elements making up Cisco ACI system

including spines, leafs, APICs, tenants, applications, EPGs, bridge

domains, contracts, etc.

·      Map ACI components onto visual topology views, applies best

practice monitoring templates, and populates out-of-the-box dashboards

·      Monitoring and providing alerts and specific views into such

things as interface traffic and packet loss.

pastedImage_1.png

pastedImage_0.png

Thanks & Regards

Rajesh Agnihotri

Thank you rajeshagnihotri​.  This data is helpful as we think about ACI.  I'm afraid I can't say when or if we will support ACI.

Like others, all six of my data centers have moved to ACI, effectively eliminating Solarwinds from being a player in their full support.  The sooner I can show the organization that SW is fully, or even mostly, compatible with ACI, the sooner I'll stop fielding requests to replace Solarwinds with something that can do the job with ACI.

Security is particularly concerned with our lack of backed-up and managed ACI configurations.  If you can get NCM working with ACI, that will be a major feather in your cap.

It would seem like getting NCM to work would be much easier than trying to interface to a completely new API.  We've been wanting EIGRP and for a long time ASA support for years... it's finally here and now we're starting to rip out ASA's and putting many Palo Alto in instead but better late than never.  Also the Nexus support is going to be huge... I have FEX all over the place here!

NCM works well with flat text files showing running or startup configs.  With ACI . . . not so much.

FWIW:  You can currently get the typical/standard NPM monitoring for Cisco ACI [hardware] using SNMP polling (I'm using v3) right now, if you're 2.2 or higher - This includes the Leafs, Spines, and APICs.

To make that work though you need to do some prep on the ACI side of things - namely enabling SNMP in a few places (yes, there's more one spot), and additionally/separately you can set ACI to send SNMP Traps as well (or Syslog) to Orion.  The documentation out there is sparse but there are one or two documents that will get you there.  Note: The SNMP portions alone will get you the Leaf & Spines, like any other Cisco switch polled by NPM, but with ACI 3.x (maybe even 2.3 or 2.2) to get the APICs you need to define an OOB Management contract to allow Orion to query the APICs - that part doesn't seem to be included in a lot of the info on the Internet and took me a bit to run across.  Basically Cisco changed the protocols allowed in by default, so you have to now explicitly allow in traffic to UDP 161 and you have to have your APICs entered in your Node Management Addresses section.

It may not get all the hardware sensors or fields, but you can monitor general health & interfaces, and have alerts on them like normal.

Hope that helps.

Cheers,

-Marek

P.S.  rschroder - You can SSH to the APICs and show the running config... which contains a CLI version of everything (all the leafs, spines, objects); so in theory NCM could get the config / text file.  In fairness though I've not had a chance to play with it much and the little I did I was met with a timeout (could login via NCM), as I suspect NCM gives up too quickly given the delay to generate such a massive config (relatively speaking), so may need to do some fiddling or see if NCM can wait longer (if that is what's going on).  HTH

FYI - Here's a quick sample of an APIC in NPM:

pastedImage_0.png

I can relate to this with the Cisco ACS and Firepower stuff... even though it appears the main interface is an https interface... there's still a command line when you ssh to the devices and most regular basic command we're used to do work and are there!  So a show run works just like we like!  I had to discover some of these the hard way while applying DISA STIGs to some of these devices... for example the firepower sensor in some ASA's... certain things can ONLY be configured through the command line like logging as an example and it too is just like in other Cisco devices:  logging xxx.xxx.xxx.xxx

Our ACS was quite problematic, occasionally locking us out of TACACS due to bugs and crashes & hangs.  TAC was never able to get it working to my satisfaction, and when they EOL'd it, many folks objected; there wasn't a TACACS replacement, so how could the product be going out of support?

We moved to ISE, went through the growing pains of versions 1 and 2, and finally got a stable TACACS environment in ISE 3.

If we could just get the last kinks worked out of ISE 3's RADIUS, we'd be set.

Network Insight for Cisco Nexus = WIN! (though ACI is the Holy Grail)

Orion Agent AIX = Almost as big a WIN!

xpowels remember that the order listed in the roadmap top to bottom is in order of priority. That means they'll try to put as much of those as they can in the next release/release(s).

If it's not on that list but they're interested, it's probably going to be the release after/later. Nobody knows timeframes for this stuff and nobody can guarantee timeframes anyway - but knowing it's coming is the beauty of having the support.

I'm in the middle of these upgrades right now!  I'm glad v3 is pretty stable.

Marek

Requesting you to share the document name or Internet link you used for Cisco ACI side configuration.

Some exact changes done in ACI may be useful.

Thanks

Rajesh

Marek --- Re: - What We're Working on for NPM (Updated December 4th, 2017) ---

From:"Marek" Date:Thu, 25 Jan 2018 01:44Subject:Re: - What We're Working on for NPM (Updated December 4th, 2017)

What We're Working on for NPM (Updated December 4th, 2017) new comment by Marek View all comments on this document

FWIW: You can currently get the typical/standard NPM monitoring for Cisco ACI using SNMP polling (I'm using v3) right now, if you're 2.2 or higher - This includes the Leafs, Spines, and APICs. To make that work though you need to do some prep on the ACI side of things - namely enabling SNMP in a few places (yes, there's more one spot), and additionally/separately you can set ACI to send SNMP Traps as well (or Syslog) to Orion. The documentation out there is sparse but there are one or two documents that will get you there. Note: The SNMP portions alone will get you the Leaf & Spines, like any other Cisco switch polled by NPM, but with ACI 3.x (maybe even 2.3 or 2.2) to get the APICs you need to define an OOB Management contract to allow Orion to query the APICs - that part doesn't seem to be included in a lot of the info on the Internet and took me a bit to run across. Basically Cisco changed the protocols allowed in by default, so you have to now explicitly allow in traffic to UDP 161 and you have to have your APICs entered in your Node Management Addresses section. It may not get all the hardware sensors or fields, but you can monitor general health & interfaces, and have alerts on them like normal. Hope that helps. Cheers,-Marek P.S. rschroder - You can SSH to the APICs and show the running config... which contains a CLI version of everything (all the leafs, spines, objects); so in theory NCM could get the config / text file. In fairness though I've not had a chance to play with it much and the little I did I was met with a timeout (could login via NCM), as I suspect NCM gives up too quickly given the delay to generate such a massive config (relatively speaking), so may need to do some fiddling or see if NCM can wait longer (if that is what's going on). HTH FYI - Here's a quick sample of an APIC in NPM: https://thwack.solarwinds.com/servlet/JiveServlet/downloadImage/105-289351-301796/pastedImage_0.png

Reply to this email to respond to Marek's comment. Following What We're Working on for NPM (Updated December 4th, 2017) in these streams: Inbox

=====

My only concern is that we had pretty bad experiences with the Storage Manager AIX agents and high cpu util. So our Unix team will be looking at the AIX agent very closely for signs of misbehavior.

Remote Collector - New, agent based collector for distributed environments and hybrid deployment <<<<< What is this going to look like?

Stay tuned. A beta is pending, so keep your eyes peeled to the NPM beta forum.

I would like to participate in the BETA if possible

I get that the page is restricted when I click on the link?

I thought I was signed up for NPM Betas, but I get unauthorized when I try to get to that page.

What happens when you click on the NPM beta link on this page? -> Network Performance Monitor

pastedImage_1.png

I get this:

pastedImage_0.png

I get this:

beta.png

aLTeReGo​ maybe DanielleH​ / wabbott​ can get this fixed?

tallyrichdesignerfxfamilyofcrowes​ The NPM beta has not launched yet. When it does, there will be an announcement from cobrien​. The link from the NPM forum to the beta will then walk you through the authentication needed. You have to re-authenticate for every beta.

Good to know, and thank you. I like helping out so I have previously signed up for several Betas. I'll keep an eye out as I enjoy being a part of SolarWinds growth and development.

I get this also..

beta.png

Weird I get...

ScreenHunter_11 Feb. 12 12.02.gif

Hmmm... Seems fine to me.  When I try the method aLTeReGo mentioned I get the id-1402 error... try NPM Beta

that works for me.

I received this error too : The social group with id = 1402 has not been set up to host a beta program.

Fails too. I suspect due to your past and maybe current involvement with Beta you have elevated access then most

grantallenby​ and avrilspirit​ The beta has not launched yet. We understand the message "The social group with id = 1402 has not been set up to host a beta program." is not a helpful message and we are actively working on correcting this. Once the beta is launched, this link will take you through the authentication and agreement process. The reason ecklerwr1​ has access is because the previous beta participants have not been purged yet. He will have to go through the same authentication and agreement once the new beta launches.

Hope this helps provide some clarity.

I think you may be right :^}

Thanks, is it a major release ? or version 12.3 ?

It's 12.3

I can't get to the NCM beta page to post my review.  However, I was able to download the NCM beta. 

Who do I talk with to get it fixed?

pastedImage_0.png

What page are you getting that on?  Shoot me a PM if the forum is not working.  We shouldn't be sharing beta content outside of the private beta forum - that's one of the things that pesky legal agreement you saw in the beta signup process said.

Could upgrades to Network Atlas (an already powerful tool, I agree) add the ability to represent an aggregate cable such as a 144 strand fiber-optic cable?  So in this picture each of the long sections of each colored line would represent the bundle and each of the little stubs that are attached to traffic lights in the picture would represent a pair of fiber strands. Is this a possibility?

pastedImage_0.png

If this isn't feasible to do natively within Solarwinds products, you might use Google Earth or Google Maps to create that map and use it as a background for Solarwinds maps, placing your nodes on the Google map as desired.

Would like to know if the following will be supported in the near future.

Orion on RDS - Support for Amazon RDS as the repository for the Orion database

Whats weird is I’ve tested solarwinds I think NPM 12.0 or .1 successfully on RDS like mid last year, so I’m not sure what the deal is with this new “feature”

I would encourage you to participate in the NPM 12.3 beta and join the NPM Beta forum where this is discussed.

When do we expect Beta 2 ? 

While it was possible to utilize Amazon RDS with previous releases of NPM, it was not supported. This is because many features of the product did not function properly when using Amazon RDS, whether those people utilizing RDS realized it or not. This is because previous releases of Orion were dependent upon MSDTC, which is a feature of MSSQL that is not supported by Amazon RDS. Rather than these features that were dependent upon MSDTC functioning as expected, you would instead see very strange behaviors in the web UI and/or simply not function at all.

Version history
Revision #:
1 of 1
Last update:
‎03-30-2015 03:55 PM