Configuration and Credentials

Download this manual as a PDF file

The following sections describe how to configure a Cisco Unified Communications Manager (CM) system for monitoring by SL1 using the Cisco: CUCM Unified Communications Manager PowerPack:

Prerequisites for Monitoring CUCM

During the discovery process, SL1 automatically aligns the IP addresses and hostnames for each node in a Cisco Unified CM cluster via DNS.

If you do not have access to DNS for the Cisco Unified CM systems that you want to monitor with SL1, ensure that you know or have access to the following information about each node:

  • IP address
  • Hostname

Configuring the ScienceLogic Platform to Monitor CUCM

You can choose from several different possible configurations when using SL1 to monitor Cisco Unified CM:

  • You can have the ScienceLogic Data Collector either in front of a firewall or behind a firewall.
  • You can define the CallManager nodes either by hostname or by IP address in the Cisco Unified CM database.
  • In some scenarios, you can also use network address translation (NAT) when defining the CallManagers.

These various methods are described in this section.

Method 1

In the first scenario, the Data Collector sits in front of the firewall and you define the CallManagers by hostname:

In this scenario, you must have the following ports open for the firewall:

Direction Port Protocol
ScienceLogic Database Server to the Data Collector 7707 TCP
PhoneHome Collector to the Database Server 7705 TCP

Method 2

In the second scenario, the Data Collector sits in front of the firewall and you define the CallManagers by IP address. This method requires you to create a host file that includes the CallManager hostname and IP address:

In this scenario, you must have the following ports open for the firewall:

Direction Port Protocol
ScienceLogic Database Server to the Data Collector 7707 TCP
PhoneHome Collector to the Database Server 7705 TCP

Method 3

In the third scenario, the Data Collector sits behind the firewall and you define the CallManagers by hostname:

In this scenario, you must have the following ports open for the firewall:

Direction Credential Port Protocol
ScienceLogic Data Collector to the Cisco Unified CM Cluster and CallManagers SNMP 161 UDP
Cisco Unified CM user 8443 TCP

Method 4

In the fourth scenario, the Data Collector sits behind the firewall and you define the CallManagers by hostname, with NAT. This method requires you to create a host file that includes the CallManager hostname and the IP address the Data Collector can use to access the device:

In this scenario, you must have the following ports open for the firewall:

Direction Credential Port Protocol
ScienceLogic Data Collector to the Cisco Unified CM Cluster and CallManagers SNMP 161 UDP
Cisco Unified CM user 8443 TCP

Method 5

In the final scenario, the Data Collector sits behind the firewall and you define the CallManagers by IP address, with NAT. This method requires you to create a host file that includes the CallManager host name and IP address the Data Collector can use to access the device:

This method is not supported by versions of theCisco: CUCM Unified Communications Manager PowerPack prior to version 109.

In this scenario, you must have the following ports open for the firewall:

Direction Credential Port Protocol
ScienceLogic Data Collector to the Cisco Unified CM Cluster and CallManagers SNMP 161 UDP
Cisco Unified CM user 8443 TCP

Configuring CUCM for NAT 

If you are using Network Address Translation (NAT) in your environment, you will need to adjust a threshold in the "Cisco: CUCM Cluster Information" Dynamic Application to enable NAT support.

To configure the threshold object:

  1. Go to the Dynamic Applications Manager page (System > Manage > Dynamic Applications).
  2. Locate the "Cisco: CUCM Cluster Information" Dynamic Application and click its wrench icon ().
  3. In the Dynamic Applications Properties Editor, click the Thresholds tab.
  4. Click the wrench icon () for the "Use Server Hostname for NAT" threshold object.
  5. Ensure that the Override Threshold Value field is set to Enabled.
  6. In the Threshold Value field, type "1".

NOTE: The Threshold Value will be reset when you upgrade the PowerPack if you have not enabled the Enable Selective PowerPack Field Protection setting. To do this, go to the Behavior Settings page (System > Settings > Behavior) and click the Enable Selective PowerPack Field Protection checkbox.

  1. Click Save.

Enabling the CUCM AXL Web Service

SL1 can monitor a Cisco Unified CM system by requesting detailed information about the system from the Cisco Unified CM AXL Web Service.

The Cisco Unified CM AXL web service is disabled by default. To enable the AXL web service, perform the following steps:

  1. In a browser window, navigate to the following address:
  2. https://ip-address-of-CM-system:8443/ccmadmin/showHome.do

  1. Log in to the Cisco Unified CM Administration site as an administrator.

  1. In the Navigation drop-down list at the top-right corner of the page, select Cisco Unified Serviceability, and then click the Go button. The Cisco Unified Serviceability page appears.

  1. In the navigation bar at the top-left of the page, hover over Tools, then select Service Activation. The Service Activation page appears.

  1. In the Server drop-down list, select the Cisco Unified CM server for which you want to enable the AXL web service, and then click the Go button.
  2. In the list of services, locate the Database and Admin Services section. If the Activation Status of the Cisco AXL Web Service is "Activated", the AXL web service is already enabled.
  3. If the Activation Status of the Cisco AXL Web Service is not "Activated", select the checkbox for the Cisco AXL Web Service.
  4. Click the Save button at the bottom of the page to save your changes, and then click the OK button in the pop-up window that appears.

Configuring a CUCM User Account

ScienceLogic recommends that you create a Cisco Unified CM user account that will be used only by SL1 to access the AXL web service. To create a user account in Cisco Unified CM that can access only the AXL web service, perform these two steps:

  • Create a user account.
  • Create a user group that includes the user account and has permission to access only the AXL web service.

To create a new Cisco Unified CM user group and user account, perform the following steps:

  1. In a browser window, navigate to the following address:

https://ip-address-of-CM-system:8443/ccmadmin/showHome.do

  1. Log in to the Cisco Unified CM Administration site as an administrator.

  1. In the navigation bar at the top-left of the page, hover over User Management, then select Application User. The Find and List Users page appears.

  1. Click the + Add New button. The Application User Configuration page appears.

  1. Supply values in the following fields:
  • User ID. Type a username for the new user.
  • Password. Type a password for the new user.
  • Confirm Password. Type the password for the new user again.

  1. Click the Save button.

  1. In the navigation bar at the top-left of the page, hover over User Management, then select User Group. The Find and List User Groups page appears.

  1. Click the + Add New button. The User Group Configuration page appears.

  1. In the Name field, type a name for the user group. For example, you could call the user group "AXL Access".
  2. Click the Save button.

  1. Click the Add App Users to Group button. The Find and List Application Users window appears.

  1. Click the Find button. In the list of users, select the checkbox for the user account that you created, then click the Add Selected button at the bottom of the page.

  1. The Find and List Application Users window closes. In the User Group Configuration page, the user account is included in the list of users

  1. In the Related Links drop-down list at the top-right hand corner of the page, select Assign Role to User Group, and then click the Go button. The User Group Configuration page appears.

  1. Click the Assign Role to Group button. The Find and List Roles window appears.

  1. Click the Find button. A list of roles appears.

  1. Select the checkboxes for the following roles:
  • Standard AXL API Access
  • Standard CCM Admin Users
  • Standard SERVICEABILITY Read Only

  1. Click the Add Selected button at the bottom of the page.

  1. The Find and List Roles window closes. In the User Group Configuration page, the Roles field includes the Standard AXL API Access role.

  1. Click the Save button.

Configuring Prime License Manager

If you want to monitor Cisco Unified CM license information from Cisco Prime License Manager (PLM), you must create an administrator user account that SL1 can use to access PLM.

To create an administrator user in PLM:

  1. In a browser window, navigate to the following address:

https://ip-address-of-plm-server/elm-admin/

  1. Log in to the Cisco PLM site as an administrator.
  2. In the Administration drop-down menu, select Administrator Accounts.

  1. Click the Add Administrator button.

  1. In the Add Administrator Account modal page, make entries in the following fields.
  • Name/Description. Type a name or description for the account.
  • Username. Type the account username.
  • Password. Type the account password.
  • Re-enter Password. Type the account password again.
  1. Click OK.

Creating a CUCM Credential

  • Timeout (ms). Type the timeout value of each request, in milliseconds. The default value is "30000".

To use the Dynamic Applications in the Cisco: CUCM Unified Communications Manager PowerPack, you must first define a Basic/Snippet Cisco Unified CM credential in SL1. This credential allows SL1 to communicate with the Cisco Unified CM cluster. The Cisco: CUCM Unified Communications Manager PowerPack includes a template you can use to create this Basic/Snippet credential.

To modify the Cisco Unified CM Basic/Snippet Credential template for use with your Cisco Unified CM cluster:

  1. Go to the Credential Management page (System > Manage > Credentials).

  1. Click the wrench icon () for the Cisco CUCM Example credential. The Credential Editor modal window appears.

  1. Supply values in the following fields:
  • Credential Name. Type a new name for the credential.

  • Hostname/IP. Type the hostname or IP address, or you can type the variable "%D".
  • Port. Type the port number.

The example credential included in older versions of the Cisco: CUCM Unified Communications Manager PowerPack used "80" as the default Port number. If your Cisco Unified CM credential specifies port 80, SL1 will automatically override that value and use port 8443 instead. If your Cisco Unified CM credential specifies any port other than 80, SL1 will use that specified port.

  • Timeout (ms). Type the timeout value of each request, in milliseconds. The default value is "30000".
  • Username. Type the username for the Cisco Unified CM user account that you created to access the AXL web service. For details, see the Configuring a Cisco Unified CM User Account section.
  • Password. Type the password for the username you entered in the Username field.
  1. Click the Save As button.

If you are monitoring Cisco Unified CM license information with the Cisco Prime License Manager (PLM) and your PLM administrator username and password are the same as the user account you created to access the AXL web service, then you can use the same credential to access PLM. However, if your PLM administrator user information is different, then repeat these steps to create a credential to access PLM.

If SNMP is enabled on the Cisco Unified CM cluster, then you can also create an optional SNMP credential that will be used only during discovery to classify the cluster device class. If SNMP is not available on the Cisco Unified CM cluster, then you do not need an SNMP credential. For more information on SNMP credentials, see the section on Defining an SNMP Credential.

Testing the CUCM Credential

SL1 includes a Credential Test for Cisco Unified CM. Credential Tests define a series of steps that SL1 can execute on demand to validate whether a credential works as expected.

The CUCM Credential Test can be used to test a Basic/Snippet credential for monitoring Cisco Unified CM using the Dynamic Applications in the Cisco: CUCM Unified Communications Manager PowerPack. The CUCM Credential Test performs the following steps:

  • Test Reachability. Performs an ICMP ping request to see if the device is reachable.
  • Test Name Resolution. Checks to see if nslookup can resolve the IP address or hostname.
  • Test Port Availability. Performs an NMAP request to see if the appropriate port is open.
  • Test Accessibility to Publisher. Checks to see if the common API service URLs on the publisher device can be queried.
  • Test Accessibility to Subscribers via Publisher. Checks to see if data on a CUCM subscriber can be queried via the publisher.
  • Test Accessibility to All Subscribers. Checks to see if the status of services on a CUCM subscriber can be queried.

To test the CUCM credential:

  1. Go to the Credential Test Management page (System > Customize > Credential Tests).

  1. Locate the CUCM Credential Test and click its lightning bolt icon (). The Credential Tester modal page appears.

  1. Supply values in the following fields:
  • Test Type. This field is pre-populated with the credential test you selected.

  • Credential. Select the credential to test. This drop-down list includes only credentials that you have access to that can be tested using the selected credential test.
  • Hostname/IP. Enter the IP address or hostname for the device.

NOTE: The credential being tested cannot include more than 32 characters in the Hostname/IP field.

  • Collector. Select the All-In-One Appliance or Data Collector that will run the test.

  1. Click the Run Test button to run the credential test. The Test Credential window appears.

The Test Credential window displays a log entry for each step in the credential test. The steps performed are different for each credential test. The log entry for each step includes the following information:

  • Step. The name of the step.

  • Description. A description of the action performed during the step.
  • Log Message. The result of the step for this credential test.
  • Status. Whether the result of this step indicates the credential or the network environment is configured correctly (Passed) or incorrectly (Failed).
  • Step Tip. Mouse over the question mark icon () to display the tip text. The tip text recommends what to do to change the credential or the network environment if the step has a status of "Failed".

Manually Creating Host File Entries for CUCM Nodes

During the discovery process, SL1 automatically aligns the IP addresses and hostnames for each CallManager server (node) in a Cisco Unified CM cluster via DNS.

If you do not have access to DNS for the Cisco Unified CM system you want to monitor, you must manually create host file entries in SL1 for each node in the Cisco Unified CM cluster. Each host file entry must contain the IP address and hostname of a node in the Cisco Unified CM cluster.

If you have access to DNS for the Cisco Unified CM system you want to monitor with SL1, you do not need to perform the steps to manually configure host file entries. Continue to the section on Discovering a Cisco Unified CM Cluster.

Repeat the following steps for each node in the Cisco Unified CM cluster.

To create a host file entry:

  1. Go to the Host File Entry Manager page (System > Customize > Host Files).
  2. Click the Action menu and choose Create New Entry. The Create New Host File Entry modal page appears.
  3. In the Create New Host File Entry modal page, supply values in the following fields:
  • IP Address. The IP address to resolve with the hostname.

Server hostnames should be aligned to external IP addresses when supporting Network Address Translation (NAT) environments.

  • Hostnames and Aliases. The hostname to align with the specified IP address. You can also include a space-delimited list of aliases for the host name.
  • Description. Description of the host entry. This field is not written to the host file. This field is for administrators to use when managing host file entries.
  • Organization. Organization associated with the host. You can select from a list of all existing organizations. This field is not written to the host file. This field is for administrators to use when managing host file entries. For example, a service provider could assign each customer its own organization and then use this field to manage host file entries for each customer.
  1. Click the Save button to save the new host entry.

Dynamic Applications Disabled by Default

The following Dynamic Applications are disabled by default to optimize the performance of your SL1 system, as well as the Call Manager servers you are polling. If you wish to enable any of the cache-consuming Dynamic Applications below, you must enable the Dynamic Application that is listed, as well as the cache-producing Dynamic Application at the top level in the list:

  • Cisco: CUCM Gatekeeper Cache:
    • Cisco: CUCM Gatekeeper Configuration
    • Cisco: CUCM Gatekeeper Container Discovery
    • Cisco: CUCM Gatekeeper Instances Discovery
    • Cisco: CUCM Gatekeeper Performance
  • Cisco: CUCM Media Resource Big Cache:
    • Cisco: CUCM ANN
    • Cisco: CUCM ANN Discovery
    • Cisco: CUCM ANN Performance
    • Cisco: CUCM Discovery - Media Resources
    • Cisco: CUCM HW Conference
    • Cisco: CUCM HW Conf Instance Creation
    • Cisco: CUCM HW Conf Performance
    • Cisco: CUCM Media Resource Configuration
    • Cisco: CUCM Media Resource Summary
    • Cisco: CUCM MOH
    • Cisco: CUCM MOH Instance Creation
    • Cisco: CUCM MOH Performance
    • Cisco: CUCM MTP
    • Cisco: CUCM MTP Discovery
    • Cisco: CUCM MTP Performance
    • Cisco: CUCM SW Conf Bridge
    • Cisco: CUCM SW Conf Bridge Discovery
    • Cisco: CUCM SW Conf Bridge Performance
    • Cisco: CUCM Telepresence MCU Conf Bridge Container Discovery
    • Cisco: CUCM Telepresence MCU Conf Bridge Instances Discovery
    • Cisco: CUCM Telepresence MCU Conf Bridge Performance
    • Cisco: CUCM Video Conference Bridge Container Discovery
    • Cisco: CUCM Video Conference Bridge Instances Discovery
    • Cisco: CUCM Video Conference Bridge Performance
    • Cisco: CUCM XCODE
    • Cisco: CUCM XCODE Instance Creation
    • Cisco: CUCM XCODE Performance
  • Cisco: CUCM MGCP Gateway Cache:
    • Cisco: CUCM BRI Gateway Cont. -Discovery
    • Cisco: CUCM BRI Gateway-Discovery
    • Cisco: CUCM BRI Gateway Configuration
    • Cisco: CUCM BRI Performance
    • Cisco: CUCM FXO Gateway Cont.-Discovery
    • Cisco: CUCM FXO Gateway Instance Creation
    • Cisco: CUCM FXO Gateway Configuration
    • Cisco: CUCM FXO Gateway Performance
    • Cisco: CUCM FXS Gateway Cont.-Discovery
    • Cisco: CUCM FXS Gateway Discovery
    • Cisco: CUCM FXS Gateway Performance
    • Cisco: CUCM FXS Gateway Configuration
    • Cisco: CUCM Gateway Summary
    • Cisco: CUCM MGCP Gateway
    • Cisco: CUCM MGCP T1CAS Container Discovery
    • Cisco: CUCM MGCP T1CAS Instances Discovery
    • Cisco: CUCM MGCP T1CAS Configuration
    • Cisco: CUCM MGCP T1CAS Performance
    • Cisco: CUCM PRI Gateway Cont.-Discovery
    • Cisco: CUCM PRI Gateway-Discovery
    • Cisco: CUCM PRI Performance
    • Cisco: CUCM PRI Gateway Configuration
  • Cisco: CUCM Phone Inventory

Enabling a Dynamic Application

If you want to align to any of the Dynamic Applications listed above, you must enable them from the Dynamic Applications Manager first.

To enable a Dynamic Application:

  1. Go to the Dynamic Applications Manager page. (System > Manage > Applications)
  2. Click the wrench icon () for the Dynamic Application you would like to enable.
  3. Select [Enabled] from the Operational State drop-down menu.
  4. Click the Save button and close the window.