This OBE describes how to use the system monitoring plug-in for Juniper Netscreen Firewall in Oracle Enterprise Manager 10g Grid Control Release 2.
Approximately 20 minutes
This OBE covers the following topics:
Place the cursor over this icon to load and view all
the screenshots for this tutorial. (Caution: Because this action loads all screenshots
simultaneously, response time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.
The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in the Oracle Enterprise Manager 10g Grid Control console.
The Enterprise Manager 10g Grid Control System Monitoring Plug-in for Juniper Netscreen Firewall delivers comprehensive availability, performance and configuration information for Juniper Netscreen Firewalls. By combining Juniper Netscreen Firewall monitoring with the richest and most comprehensive management of Oracle systems, Enterprise Manager significantly reduces the cost and complexity of managing applications that rely on Juniper Netscreen Firewall and Oracle technologies. Application administrators can now consolidate all of the monitoring information in the Enterprise Manager Console, model and view the complete topology of their applications, and perform comprehensive root cause analysis. Network administrators can perform proactive monitoring and detailed configuration analysis for Juniper Netscreen Firewalls, assess the impact of firewall performance problems on end-user services, and better align their efforts with business needs.
Before performing the tasks mentioned in the OBE, you should first download the Juniper Netscreen Firewall Plug-in from OTN. Then import the plug-in into the management repository, deploy the plug-in to the agents, and then discover the Juniper Netscreen Firewall target from Grid Control.
Administrators need a consistent and consolidated solution for managing the targets within their datacenter. Learning different interfaces or following different procedures for tasks across monitored targets is not a productive use of an administrator's time. Enterprise Manager addresses this problem by providing a consistent look-and-feel across all monitored targets - via target Home pages. Each of these Home pages provides an at-a-glance view of the health and performance of the corresponding target, enabling the administrator to truly manage by exception. Perform the following steps to view the home page for Juniper Netscreen Firewall and to get an overview of the basic functionality:
| 1. |
Open the browser and enter the following URL: http://<management service hostname>.<domain>:<port>/em/ The default port value on a clean machine is 7777. However, if there are other instances running on the machine, then the port may be different. The login page will be displayed. Enter the User Name and Password, and then click the Login button.
|
| 2. |
Click the Targets tab.
|
| 3. |
Click the All Targets subtab.
|
| 4. |
Select Juniper Netscreen Firewall in the Search dropdown, and click the Go button.
|
| 5. |
Click the link for Juniper Netscreen Firewall target.
|
| 6. |
The Juniper Netscreen Firewall home page provides you with the health of Juniper Netscreen Firewall at the right grain and density, and complements your corporate strategy of operational excellence. It provides an at-a-glance view of the health and performance of the firewall. From this page, you obtain the target's status, availability over time, outstanding alerts, and access to additional details via various drilldowns.
|
This portion of the lab will illustrate how the System Monitoring Plug-in for Juniper Netscreen Firewall offers immediate value by automatically monitoring the availability and performance of the firewall targets. More than 70 out-of-box performance metrics are monitored for Juniper Netscreen Firewall. In addition to such real-time monitoring of performance metrics, Enterprise Manager also stores the monitoring information in the management repository, thereby enabling you to analyze performance through various historical views and facilitating strategic tasks such as trend analysis and reporting. Perform the following steps to monitor the availability and performance of Juniper Netscreen Firewall:
| 1. |
To get an idea of the depth of performance monitoring Enterprise Manager offers for Juniper Netscreen Firewall, let's drilldown into All Metrics from the home page. Click the All Metrics link under the Related Links section.
|
| 2. |
You can see the various metric categories that Enterprise Manager monitors. Some of the key metrics collected include: Juniper Netscreen Firewall Status, Network Interface Status, CPU and Memory Utilization, Session Statistics, Firewall Traffic (including specific information about incoming / outgoing/ accepted/rejected traffic). Let's expand one of these categories, and look at one of the metrics in more detail. Click the plus sign next to Firewall Memory Utilization to expand it.
|
| 3. |
Click the Firewall Memory Utilization(%) metric link.
|
| 4. |
From the metric details page that appears, you can see various statistics concerning this metric as well as a graphical view of its values in real-time, historical, or your own customized timeframe and how the values compare with defined thresholds. Alert history is also provided to track past problems and comments/details about them.
|
To aid administrators with critical tasks such as problem diagnosis, trend analysis and capacity planning, the System Monitoring Plug-in for Juniper Netscreen Firewall includes twelve out-of-box reports, summarizing key information about Juniper Netscreen Firewall availability, performance, traffic and configuration. These reports are easily accessible from the firewall Home page in the Enterprise Manager Console and from the Information Publisher (Enterprise Manager's powerful reporting framework), enabling administrators to schedule, share, and customize reports to fit their operations needs. Perform the following steps to publish Juniper Netscreen Firewall Reports:
| 1. |
Navigate to the Juniper Netscreen Firewall home page by clicking the Juniper Netscreen Firewall locator link.
|
| 2. |
Click the Reports subtab.
|
| 3. |
Here you see the Juniper Netscreen Firewall System Configuration report, which details firewall configuration information, such as: firewall summary, virtual system configuration, security zones configuration, and virtual router and interface configuration. Click the View Report dropdown list. Here you see a list of reports that are provided out-of-box. They summarize key performance, usage, and configuration information. Select Juniper Netscreen Firewall Inbound Traffic Statistics.
|
| 4. |
This report presents inbound traffic statistics for the firewall. Click
the Home subtab.
|
| 5. |
In addition to being available on the Juniper Netscreen Firewall home page, these reports are also available from the Reports tab. You can take advantage of Enterprise Manager's powerful reporting capabilities, to customizing out-of-box reports to fit your operational needs, share reports with all types of business users, and schedule report generation. Click the Reports link under the Related Links section.
|
| 6. |
Here you see all the reports for Juniper Netscreen Firewall. In addition, you can take advantage of monitoring reports (such as Availability History (Target) or Outstanding Alerts and Policy Violations (Target)), to report on availability and health of the Juniper Netscreen firewall environments. Click the Availability History (Target) report from the list.
|
| 7. |
Click the Continue button.
|
| 8. |
You get to see the availability summary, chart and details for the Juniper Netscreen Firewall.
|
Tracking configurations is one of the most time-consuming and difficult tasks administrators face on a daily basis. Being able to quickly view a detailed configuration snapshot, analyze historical changes and enforce standardization between systems is key to diagnostics, auditing, compliance, and making solid business decisions.
System Monitoring Plug-in for Juniper Netscreen Firewall simplifies these tasks by automatically collecting detailed configuration information about Juniper Netscreen including: virtual router configuration, security zones setup, DHCP/DNS/ SMTP/ SNMP configuration, attack configuration for each zone, interface and service configuration. This information is collected daily and stored in the management repository. In addition, Enterprise Manager automatically tracks all changes to the firewall configuration, helping administrators answer key questions about what changed and when the change was made. System Monitoring Plug-in for Juniper Netscreen Firewall also enables enterprise-wide configuration comparisons of the firewall instances, allowing administrators to quickly and easily pinpoint potential differences. This helps to keep systems synchronized and to reduce "configuration drift". In addition, it simplifies investigations into why systems that are presumed to be identical, are behaving differently. Perform the following steps to see how you can manage Juniper Netscreen Firewall configuration using Enterprise Manager :
| 1. |
Return to the Juniper Netscreen Firewall Home page. To get there, click the Targets tab.
|
| 2. |
Click the All Targets subtab.
|
| 3. |
Select Juniper Netscreen Firewall
in the Search dropdown, and click the Go button.
|
| 4. |
Click the link for Juniper Netscreen Firewall target.
|
| 5. |
Click the View Configuration link..
|
| 6. |
Enterprise Manager automatically collects configuration information for the firewall, virtual router configuration, security zones setup, DHCP/DNS/ SMTP/ SNMP configuration, attack configuration for each zone, interface and service configuration. By default, this information is collected every 24 hours, but the user can force the collection of new data by clicking the Refresh button on this page. You can view configuration history, compare configurations between firewall instances, and take a snapshot of the current configuration. Click the History button.
|
| 7. |
This page shows all of the configuration changes that occurred on the Juniper Netscreen instance since Enterprise Manager started monitoring it. You can further drill down to see the details for each change.
|
Juniper Netscreen Firewall administrators need a powerful monitoring solution that will proactively notify them of availability and performance problems, automate routine tasks, enable standardization and reduce the cost and complexity associated with managing sets of systems. Enterprise Manager provides a comprehensive monitoring solution for Juniper Netscreen. You can take advantage of the following key features:
Perform the following steps to monitor your Juniper Netscreen Firewall target:
| 1. |
Let's see how the group functionality is extended to Juniper Netscreen Firewall. Click the Targets tab.
|
| 2. |
Click the Groups subtab.
|
| 3. |
Click the Plug-ins group, to go to its home page.
|
| 4. |
This group contains a number of different plug-ins, including Juniper Netscreen Firewall. The group home page presents administrators with a summary of the status, alerts and policy violations across all of the members of the group. Click the Charts subtab.
|
| 5. |
When defining groups, administrators have the ability to include summary charts, which allow them to analyze collective performance of the group members. Here we can see different charts, displaying highest average/ lowest average/or statistical information across targets in the group. As you can see, metrics presented here are from different target types, such as Juniper Netscreen firewall and BEA WebLogic. Click the Launch Dashboard button.
|
| 6. |
System Monitoring Dashboard provides administrators with a near real-time view of open alerts against members of the group. The color-coded interface highlights problems using universal colors of alarm - red for critical issues, yellow for warning alerts, and green for normal conditions. The System Monitoring Dashboard significantly reduces the complexity of monitoring groups or systems. As you can see, Juniper Netscreen Firewall automatically appears on the System Dashboard. This allows administrators managing Oracle and Juniper technologies to have a single view of all of the alerts on their environment.
Here you looked at how Groups functionality can be applied to Juniper Netscreen Firewall, just like to any other Enterprise Manager managed target. Similarly, you can use familiar monitoring features, such as alerts, notifications, blackouts, and templates for Juniper Netscreen Firewall monitoring.
|
Enterprise Manager's Service Level Management functionality provides a comprehensive monitoring solution that helps IT organizations achieve high availability, performance, and optimized service levels for their business services. Administrators can monitor services from the end-users' perspective using service tests or synthetic transactions, model relationships between services and underlying IT components, diagnose root cause of service failure, and report on achieved service levels. The System Monitoring Plug-in for Juniper Netscreen Firewall enables IT organizations running applications on top of Oracle and Juniper Netscreen to derive greater value from Enterprise Manager's Service Level Management features in a number of ways:
Perform the following steps to perform
Root Cause Analysis on Juniper Netscreen Firewall:
| 1. |
Click the Group: Plug-ins link on the dashboard.
|
| 2. |
Click the Service subtab.
|
| 3. |
Here you see a list of Services managed by Enterprise Manager. Let's
look more closely at the Loan Application Service, which is down. Click
the Loan Application Service link.
|
| 4. |
On the home page, you can immediately see the Root Cause of service failure. The service is down because one of the service tests is down. Now let's look at the topology of this service. Click the Topology subtab on the service home page.
|
| 5. |
As you can see, Loan Application Service is an aggregate service, consisting of multiple subservices. Here we also see all of the infrastructure components that individual subservices are relying on. In red, we see visual indication of the root cause of service failure. In the "Overview" section, use the zoom functionality and move the view selector to the left sub-service, to see it more clearly.
|
| 6. |
The different components of the service are more clear. As you can see, plug-ins (such as SQL Server and Juniper Firewall) appear as part of the topology of the service.
By bringing plug-ins into Enterprise Manager, you can now perform comprehensive service modeling and view the entire service topology. In addition, you can identify or exclude plug-ins as a cause of service failure. In this case, Juniper Netscreen Firewall is not the cause of service failure.
|
In this lesson, you learned how to:
|
View the Home Page | |
|
Monitor Availability and Performance | |
|
View Juniper Netscreen Firewall Reports | |
|
Perform Configuration Management | |
|
Use Enterprise Manager's monitoring features for Juniper Netscreen Firewall monitoring | |
|
Perform Root Cause Analysis (RCA) | |
|
To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum. |
Place the cursor over this icon to hide all screenshots.