Configuration and Discovery

Download this manual as a PDF file

The following sections describe how to configure and discover Cisco Application Centric Infrastructure (ACI) component devices for monitoring by SL1 using the Cisco: ACI PowerPack:

Prerequisites for Monitoring Cisco ACI

To configure the SL1 system to monitor a Cisco ACI system using the Cisco: ACI PowerPack, you must first:

  • Know the credentials (username and password) for a user account that has access to the API for the Cisco ACI system. The user account must have read-all access.
  • Ensure that the APIC in your ACI system supports TLS 1.1 or TLS 1.2. SL1 does not support TLS 1.0.

Be advised, "read-all" access is no longer sufficient for use with the "Cisco: ACI Faults" Dynamic Application due to permissions updates from past Cisco: ACI versions. For more information, please refer to Cisco: ACI's documentation.

If the credentials for your account have been changed, the PowerPack will not recognize the new credentials. To recognize new credentials, you must manually delete the existing session from your Cisco ACI system. To do this, log in to your ACI system and go to System > Active Sessions. There are typically two sessions created by the Data Collector for each monitored APIC. Right-click on the existing sessions and select Delete. When the confirmation dialog box appears, confirm that you want to delete the session. Once all of the sessions are deleted, a new session is automatically established the next time your ACI Dynamic Applications run and your new credential will be recognized.

Recommended System Values

ScienceLogic recommends that you set the following values on your Cisco ACI system:

  • ACI HTTPS Throttle. 5 requests per second.
  • Web Session Timeout. 600 seconds or greater.
  • Web Session Idle Timeout. 600 seconds (default).

Configuring a Credential for a Cisco ACI System

To use the Dynamic Applications in the Cisco: ACI PowerPack, you must first define a SOAP/XML credential in SL1. This credential allows SL1 to collect data from your ACI system.

NOTE: You will need to create a separate credential for each APIC that you want to discover.

NOTE: If you are using an SL1 system prior to version 11.1.0, the new user interface does not include the Duplicate option for sample credential(s). ScienceLogic recommends that you use the classic user interface and the Save As button to create new credentials from sample credentials. This will prevent you from overwriting the sample credential(s).

To configure a SOAP/XML credential for Cisco ACI, perform the following steps:

  1. Go to the Credentials page (Manage > Credentials).
  2. Locate the "Cisco: ACI Example" sample credential, click its Actions icon () and select Duplicate. A copy of the credential appears.
  3. Click the Actions icon () for the "Cisco: ACI Example copy" credential copy and select Edit. The Edit Credential modal page appears.

  1. Enter values in the following fields:
  • Name. Type a new name for the credential.
  • All Organizations. Toggle on (blue) to align the credential to all organizations, or toggle off (gray) and then select one or more specific organizations from the Select the organizations the credential belongs to drop-down field to align the credential with those specific organizations.
  • Timeout. It is recommended that you set this value to 5 seconds or lower.
  • URL. Type "https://%D". You can type the IP address of the cluster where the APIC resides, but this is not recommended.
  • HTTP Auth User. Type the username for a user account that has read-all access to the APIC API.
  • HTTP Auth Password. Type the password for the username you entered in the HTTP Auth User field.

If the credentials for your account have been changed, the PowerPack will not recognize the new credentials. To recognize new credentials, you must manually delete the existing session from your Cisco ACI system. To do this, log in to your ACI system and go to System > Active Sessions. There are typically two sessions created by the Data Collector for each monitored APIC. Right-click on the existing sessions and select Delete. When the confirmation dialog box appears, confirm that you want to delete the session. Once all of the sessions are deleted, a new session is automatically established the next time your ACI Dynamic Applications run and your new credential will be recognized.

  • Embed Value [%1]. Type one or more IP addresses of the APICs from which SL1 should not collect data. This field supports up to 64 characters, so you can provide only four IP addresses if they are under the 64-character limit. This field is required and cannot be left blank.
  • Embed Value [%3]. If you want to specify the APIC precedence order, type the IP addresses of the APICs in your desired precedence order. When you do so, if the primary APIC being monitored becomes unavailable, SL1 will use this order to determine the next APIC it should monitor instead. This field supports up to 64 characters, so you can provide only four IP addresses if they are under the 64-character limit. This field is required and cannot be left blank.

NOTE: When entering IP addresses in the Embed Value [%1] or Embed Value [%3] fields, each IP address should be surrounded by quotation marks and include a comma and space between IP addresses. Additionally, the list of IP addresses should be surrounded by brackets. For example: ["198.18.133.200", "198.18.133.201", "198.18.133.202"]

NOTE: When creating the discovery session, the first entry in the Embed Value [%3] field must be entered in the IP Address Discovery List field in the Discovery Session Editor.

  1. Click Save & Close.
  2. In the confirmation message, click OK.

Configuring a Credential for a Cisco ACI System in the SL1 Classic User Interface

To use the Dynamic Applications in the Cisco: ACI PowerPack, you must first define a SOAP/XML credential in SL1. This credential allows SL1 to collect data from your ACI system.

NOTE: You will need to create a separate credential for each APIC that you want to discover.

To configure a SOAP/XML credential for Cisco ACI, perform the following steps:

  1. Go to the Credential Management page (System > Manage > Credentials).
  1. Locate the Cisco: ACI Example Priority credential and then click its wrench icon (). The Edit SOAP/XML Credential modal page appears:

  1. Enter values in the following fields:

Basic Settings

  • Profile Name. Type a new name for the credential.
  • URL. Type "%D". You can type the IP address of the cluster where the APIC resides, but this is not recommended.
  • HTTP Auth User. Type the username for a user account that has read-all access to the APIC API.
  • HTTP Auth Password. Type the password for the username you entered in the HTTP Auth User field.
  • Timeout. It is recommended that you set this value to 5 seconds or lower.

If the credentials for your account have been changed, the PowerPack will not recognize the new credentials. To recognize new credentials, you must manually delete the existing session from your Cisco ACI system. To do this, log in to your ACI system and go to System > Active Sessions. There are typically two sessions created by the Data Collector for each monitored APIC. Right-click on the existing sessions and select Delete. When the confirmation dialog box appears, confirm that you want to delete the session. Once all of the sessions are deleted, a new session is automatically established the next time your ACI Dynamic Applications run and your new credential will be recognized.

SOAP Options

  • Embed Value [%1]. Type one or more IP addresses of the APICs from which SL1 should not collect data. This field supports up to 64 characters, so you can provide only four IP addresses if they are under the 64-character limit. This field is required and cannot be left blank.
  • Embed Value [%3]. If you want to specify the APIC precedence order, type the IP addresses of the APICs in your desired precedence order. When you do so, if the primary APIC being monitored becomes unavailable, SL1 will use this order to determine the next APIC it should monitor instead. This field supports up to 64 characters, so you can provide only four IP addresses if they are under the 64-character limit. This field is required and cannot be left blank.

NOTE: When entering IP addresses in the Embed Value [%1] or Embed Value [%3] fields, each IP address should be surrounded by quotation marks and include a comma and space between IP addresses. Additionally, the list of IP addresses should be surrounded by brackets. For example: ["198.18.133.200", "198.18.133.201", "198.18.133.202"]

NOTE: When creating the discovery session, the first entry in the Embed Value [%3] field must be entered in the IP Address Discovery List field in the Discovery Session Editor.

  1. Click Save As.
  2. In the confirmation message, click OK.

Discovering a Cisco ACI System

To discover a Cisco ACI system, perform the following steps:

  1. On the Devices page () or the Discovery Sessions page (Devices > Discovery Sessions), click the Add Devices button. The Select page appears:

Image of the Add Devices wizard, page 1

  1. Click the Unguided Network Discovery button. Additional information about the requirements for discovery appears in the General Information pane to the right.
  1. Click Select. The Add Devices page appears.
  2. Complete the following fields:
  • Name. Type a unique name for this discovery session. This name is displayed in the list of discovery sessions on the Discovery Sessions tab.
  • Description. Optional. Type a short description of the discovery session. You can use the text in this description to search for the discovery session on the Discovery Sessions tab.
  • Select the organization to add discovered devices to. Select the name of the organization to which you want to add the discovered devices.
  1. Click Next. The Credentials page of the Add Devices wizard appears:

Image of the Add Devices wizard, page 2

  1. On the Credentials page, locate and select the credential you created for the Cisco ACI system.
  1. Click Next. The Discovery Session Details page of the Add Devices wizard appears:

Image of the Add Devices wizard, page 2

  1. Complete the following fields:
  • List of IPs/Hostnames. Type the IP address of the first controller listed in the Embed Value [%3] field of the SOAP/XML credential.
  • Which collector will monitor these devices?. Required. Select an existing collector to monitor the discovered devices.
  • Run after save. Select this option to run this discovery session as soon as you save the session.

In the Advanced options section, click the down arrow icon () to complete the following fields:

  • Discover Non-SNMP. Enable this setting.
  1. Click Save and Run if you enabled the Run after save setting, or Save and Close to save the discovery session. The Discovery Sessions page (Devices > Discovery Sessions) displays the new discovery session.
  2. If you selected the Run after save option on this page, the discovery session runs, and the Discovery Logs page displays any relevant log messages. If the discovery session locates and adds any devices, the Discovery Logs page includes a link to the Device Investigator page for the discovered device.

NOTE: In version 109 and later, the tenant's IP address will match the APIC used for the API calls. If failover occurs, the ACI root IP stays the same, but the tenants will get new IP addresses.

NOTE: If failover occurs during discovery of an ACI system, it will fail over to the next IP address in the Embed Value [%3] field.

NOTE: If your discovery session causes an HTTP 403 error, edit the credential so that the Hostname/IP field contains only a single IP address and then re-try discovery.

The initial discovery of a Cisco ACI system will align most Dynamic Applications; however, you will need to manually align the "Cisco: ACI IC UpTime" Dynamic Application for the internal collections data to be displayed on the Device Properties page (Registry > Devices > wrench icon).

To manually align the "Cisco: ACI IC UpTime" Dynamic Application:

  • After the discovery session has completed, find the Cisco ACI device in the Devices page and click on it.
  • From the Device Investigator page for the Cisco ACI device, click the Collections tab.
  • Click Edit and then click Align Dynamic App. The Align Dynamic Application window appears.
  • Click Choose Dynamic Application. The Choose Dynamic Application window appears.
  • Select the "Cisco: ACI IC UpTime" Dynamic Application and click Select. The name of the selected Dynamic Application appears in the Align Dynamic Application window.
  • If a default credential is listed below the Dynamic Application and it is the credential you created, skip ahead to step 9. Otherwise, uncheck the box next to the credential name.
  • Click Choose Credential. The Choose Credential window appears.
  • Select the credential you created for your Cisco ACI device for the Dynamic Application and click the Select button. The name of the selected credential appears in the Align Dynamic Application window.
  • Click the Align Dynamic App button. When the Dynamic Application is successfully aligned, it is added to the Collections tab, and a confirmation message appears at the bottom of the tab.

It can take several minutes after the discovery session has completed for Dynamic Applications to appear on the Dynamic Application Collections page.

The "Cisco: Cisco: ACI IC Interface Inventory" and "Cisco: ACI IC Interface Performance" Dynamic Applications perform internal collections for interfaces and are a heavy load on the APIC. ScienceLogic does not recommend enabling these Dynamic Applications unless these collections are vital and physical discovery and merging of the components is not viable.

Discovering a Cisco ACI System in the SL1 Classic User Interface

To discover a Cisco ACI system, perform the following steps:

  • Go to the Discovery Control Panel page (System > Manage > Classic Discovery).

  • Click the Create button. The Discovery Session Editor page appears:

  • Supply values in the following fields:
  • IP Address Discovery List. Type the IP address of the first controller listed in the Embed Value [%3] field of the SOAP/XML credential.
  • Other Credentials. Select the credential you created for the Cisco ACI system.
  • Discover Non-SNMP. Select this checkbox.

  • Optionally, supply values in the other fields in this page. For a description of the fields in this page, see the Discovery and Credentials section.
  • Click the Save button.
  • The Discovery Control Panel page will refresh. Click the lightning bolt icon () for the discovery session you just created.
  • In the pop-up window that appears, click the OK button. The page displays the progress of the discovery session.

NOTE: In version 109 and later, the tenant's IP address will match the APIC used for the API calls. If failover occurs, the ACI root IP stays the same, but the tenants will get new IP addresses.

NOTE: If failover occurs during discovery of an ACI system, it will fail over to the next IP address in the Embed Value [%3] field.

NOTE: If your discovery session causes an HTTP 403 error, edit the credential so that the Hostname/IP field contains only a single IP address and then re-try discovery.

The initial discovery of a Cisco ACI system will align most Dynamic Applications; however, you will need to manually align the "Cisco: ACI IC UpTime" Dynamic Application for the internal collections data to be displayed on the Device Properties page (Registry > Devices > wrench icon).

To manually align the "Cisco: ACI IC UpTime" Dynamic Application:

  1. From the Device Properties page for the Cisco ACI system, click the Collections tab. The Dynamic Application Collections page appears.
  2. In the Dynamic Application Collections page, click the Action button and then select Add Dynamic Application from the menu. The Dynamic Application Alignment page appears.
  3. In the Dynamic Applications field, select Cisco: ACI IC UpTime.

  1. In the Credentials field, select the credential you created for the Cisco ACI system.
  2. Click the Save button.
  3. After aligning the Dynamic Application, click the Reset button and then click the plus icon (+) for the Dynamic Application. If collection for the Dynamic Application was successful, the graph icons () for the Dynamic Application are enabled.

The "Cisco: Cisco: ACI IC Interface Inventory" and "Cisco: ACI IC Interface Performance" Dynamic Applications perform internal collections for interfaces and are a heavy load on the APIC. ScienceLogic does not recommend enabling these Dynamic Applications unless these collections are vital and physical discovery and merging of the components is not viable.

Performing a Manual Failover

If you want to change the APIC being used by the PowerPack, you can perform a manual failover by editing your SOAP/XML credential. To do this:

  1. Go to the Credentials page (Manage > Credentials).
  1. Locate the SOAP/XML credential you created and then click on its name to open the Edit Credential page.

  1. There are two ways to failover manually:
  • Type the IP address of the APIC that you no longer want to use in the Embed Value Embed Value [%1] field.

  • Edit the Embed Value [3%] field to change the order of the APIC IP addresses, making the first IP address in the list the APIC that you want to failover to.

  1. Click Save & Close. The next time the "Cisco: ACI APIC Communications Manager" Dynamic Application runs, the PowerPack will use the new APIC IP address specified.

Viewing Information About the ACI System

When SL1 performs collection for the ACI cluster, SL1 will create component devices for the components associated with the ACI system and align other Dynamic Applications to those component devices. Some of the Dynamic Applications aligned to the component devices will also be used to create additional component devices.

NOTE: If you delete a Tenant in a monitored device, that component device will still appear in SL1 but the Dynamic Applications aligned to it will stop collecting data, and a message indicating "Failed Availability" will appear in the device log of its child component devices.

You can view all the devices, virtual devices, and component devices in the Cisco ACI system in the following places in the user interface:

  • The Device Investigator Map page (click Map in the Device Investigator page) displays a map of a particular device and all of the devices with which it has parent-child relationships. Double-clicking any of the listed devices reloads the page to make the selected device the primary device.

  • The Device Components page (Devices > Device Components) displays a list of all root devices and component devices discovered by SL1. The Device Components page displays all root devices and component devices in an indented view, so you can easily view the hierarchy and relationships between child devices, parent devices, and root devices. To view the component devices associated with a Cisco ACI system, find the Cisco ACI root device and click its plus icon (+).

  • The Component Map page (Classic Maps > Device Maps > Components) allows you to view devices by root node and view the relationships between root nodes, parent components, and child components in a map. This makes it easy to visualize and manage root nodes and their components. SL1 automatically updates the Component Map as new component devices are discovered. The platform also updates each map with the latest status and event information. To view the map for a Cisco ACI device, go to the Component Map page and select the map from the list in the left NavBar. To learn more about the Component Map page, see the section on Maps.