- Overview to Prime Performance Manager
- Managing Gateways and Units Using the CLI
- Managing the Web Interface
- Importing Devices From Other Cisco Prime Applications
- Discovering Devices With Prime Performance Manager
- Managing Users and Security
- Managing Reports, Dashboards, and Views
- Setting Up Reports for Specialized Technologies
- Managing Devices
- Managing Network Alarms and Events
- Creating and Managing Thresholds
- Displaying System Properties, Statuses, Messages, and Logs
- Managing Gateways and Units
- Managing High Availability
- Configuring Prime Performance Manager for Firewalls
- Managing Multi-Tenant Services
- Pushing Prime Performance Manager Data to Other Applications
- Backing Up and Restoring Prime Performance Manager
- Prime Performance Manager and IPv6
- Prime Performance Manager Commands
- Predefined Thresholds
- Compliance
- Overview to Multi-Tenancy in Prime Performance Manager
- Creating Tenants in Prime Performance Manager
- Adding Tenants Through OpenStack Integration
- Adding OpenStack Tenant Message Brokers
- Adding Users to Tenants
- Setting Up OpenStack Ceilometer Reports
- Displaying Tenant Reports
- Displaying Alarms and Events by Tenant
- Adding Tenants to Thresholds
- Tenant Views
Managing Multi-Tenant Services
Multi-tenancy is a principle of software architecture where a single instance of the software runs on a server serving multiple client organizations, or tenants. Tenants are logically isolated, but physically integrated.
In Prime Performance Manager you can create tenants directly or import tenants by integrating with OpenStack servers. You can then filter reports, alarms, and thresholds by one or more tenants. Procedures for managing tenants in Prime Performance Manager data are provided in the following topics:
Overview to Multi-Tenancy in Prime Performance Manager
Multi-tenant actions you can perform in Prime Performance Manager include:
- Adding tenants directly.
- Creating tenant groups.
- Importing and synchronizing tenants through integration with an OpenStack server.
- Filtering reports, thresholds, and alarms by tenant scope.
- Displaying alarms filtered by tenant scope.
- Associating Prime Performance Manager users to tenants.
Figure 16-1 provides an overview to the Prime Performance Manager tenant and user data access:
- User A is a member of Tenant A, User A can only access data defined for Tenant A.
- User B is a member of both Tenant A and Tenant B, User B can access data defined for both Tenant A and Tenant B.
- User C is a member of Tenant B, User C can only access data defined for Tenant B.
- The Admin user is the administrator, and can access all Prime Performance Manager data.
Figure 16-1 Multi-Tenancy Support in Prime Performance Manager
Creating Tenants in Prime Performance Manager
You can create tenants in Prime Performance Manager using one of the following methods:
- Create tenants through the Tenant window, then create the report filtering for the tenant.
- Create a tenant group then assign the data source and algorithms to filter the data objects and reports for the tenant group.
In general, creating tenants through the Tenants window is quicker and simpler, but does not provide the filtering capabilities tenant groups provide.
Following tenant creation, you must modify the definition file.
Instructions are provided in the following topics:
- Adding Tenants to Prime Performance Manager From the Tenants Window
- Adding Tenants to Prime Performance Manager Through Tenant Groups
- Adding Tenants Through OpenStack Integration
Adding Tenants to Prime Performance Manager From the Tenants Window
To add tenants Prime Performance Manager through the Tenants window:
Step 1 Log into Prime Performance Manager GUI as a System Administrator user.
Step 2 If user access is not enabled, enable it following the Enabling Secure User Access.
Step 3 From the Administration menu, choose Users/Tenants/Security.
Step 4 On the Users window, click the Tenants tab.
Step 5 On the Tenants window, click Add.
Step 6 In the Add Tenant dialog box, enter:
Step 8 On the Tenants window, choose the tenant you created and on the toolbar click Filter Reports.
Step 9 On the Tenant Reports window, check or uncheck the reports you want available to the tenant.
Step 10 To display or hide report data columns:
a. Navigate to the report and click the Tenant Report Condition icon next to the report title.
The Tenant Filter Condition: [ report category:report title ] dialog box is displayed.
b. In the Column Name field choose the report column for which you want to set conditions.
The column display name and data type are displayed in the Display Name and Column Type fields.
c. In the Filter Value field, enter the value that you want the report data column to equal before it is displayed to tenant members. (Equal is the only available operator.)
e. If you want to add or append additional conditions, repeat Step c and click Add to add a new condition, or click Append to append the condition to the existing one.
Step 11 On the Tenant Reports window, click Save to save the tenant filter.
Adding Tenants to Prime Performance Manager Through Tenant Groups
To add tenants to Prime Performance Manager by creating tenant groups:
Step 1 Log into Prime Performance Manager GUI as a System Administrator user.
Step 2 If user access is not enabled, enable it following the Enabling Secure User Access.
Step 3 From the Administration menu, choose Group Editor.
Step 4 Click the Create New Group tool.
Step 5 In the Create Group dialog box, enter the group name.
The new group is added to the System Groups table.
Step 7 Click the new group link.
Step 8 In the Group Details tab Type/Tag field, enter ppm_tenant.
This tag identifies the group as a tenant and will cause it to appear on the Tenants window.
Step 9 In the Data Source area, click Change.
Step 10 In the Edit Group Data Source dialog box, choose the data sources you want for the tenant and click Add to move them to the Assigned Data Sources group.
Step 11 When finished, click Save.
Step 12 To create an algorithm to run against the selected data source(s), click Launch Algorithm Editor (Beta).
Step 13 Create the algorithm by dragging blank operator equations to the area on the right, then dragging the variables on the top to fill in the blank elements of the operator equation.
Step 14 When finished, click Save and Quit.
Step 15 On the Group Details tab, click Validate to validate the data source and algorithm.
Adding Tenants Through OpenStack Integration
OpenStack is an open-source cloud computing platform generally deployed in infrastructure as a service (IaaS) solutions. OpenStack controls data center processing pools, storage, networking resources, and many other IaaS functions.
Tenants are primary organizational elements within the OpenStack Compute service. (The OpenStack Compute service provides virtual servers upon demand.) OpenStack tenants include a separate VLAN, volumes, instances, images, keys, and users.
You can import OpenStack tenant data into Prime Performance Manager by connecting to the OpenStack server and running the tenant integration function. After the OpenStack tenants are added, you can set up report filtering to restrict report data to that which is appropriate for the tenant.
To add OpenStack tenant data to Prime Performance Manager:
Step 1 Log into the Prime Performance Manager GUI as the administrator user.
Step 2 From the Administration menu, choose OpenStack Tenant Integration.
The Administration Tenants window displays.
Step 4 On the OpenStack Tenants toolbar, click Add New Tenant.
In the Add Tenant Integration dialog, enter the integration parameter:
- Host Name or IP Address—Enter the OpenStack server host name or IP address. For multi-node OpenStack deployments, this is the server where the OpenStack Keystone API service is installed.
- Protocol—Choose the protocol used to access the server, either HTTP or HTTPs.
- Port—Enter the OpenStack Identify service administrative endpoint. The default is 35357.
- Tenant Name\User Name (Admin Role)—Enter the OpenStack project name and user in the format: [ ProjectName ]\[ UserName ]. For example, if the username is admin and the project name to which the admin user belongs is openstack, you would enter openstack\admin.
- Password—Enter the user password.
- Version—The Keystone Web API version. Currently only Version 2.0 is supported.
- Sync Interval—Choose the tenant data synchronization interval: 30 minutes, 1 hour, or 6 hours.
Note The synchronization interval must be longer than the life of the OpenStack authenticate token.
Note Save & Import will not activate if fields are blank or have invalid entries.
The tenant import After successful integration, the tenant is added to the Administration Tenant Integration table with the parameters entered in the previous step as well as the following:
Step 6 At any later time, you can:
– Synchronize Tenant Data —Synchronizes the tenant data and updates the last import date and time.
– Disable Tenant Data Synchronization —Stops ongoing tenant data synchronization.
– Enable Tenant Data Synchronization —Starts ongoing tenant data synchronization.
– Delete Tenant —Removes the tenant entry and all associated tenant data.
Adding OpenStack Tenant Message Brokers
After you create an OpenStack tenant and import its data to Prime Performance Manager, you can set up message brokers that listen for OpenStack tenant changes and update the Prime Performance Manager tenant data when they occur. The message brokers supplement the ongoing tenant data synchronization set up at 30-minute, one-hour, or six-hour intervals when you add the tenant entry to Prime Performance Manager. Message brokers have two requirements:
- OpenStack must use the RabbitMq message broker. Qpid and ZeroMQ are not supported.
- At least one OpenStack tenant must be added to Prime Performance Manager. See Adding Tenants Through OpenStack Integration.
To add an OpenStack tenant message broker:
Step 1 Log into the Prime Performance Manager GUI as the administrator user.
Step 2 From the Administration menu, choose OpenStack Tenant Integration.
Step 3 Click the Message Broker tab.
Step 4 On the OpenStack Message Broker Configuration toolbar, click Add New Message Broker Entry.
Step 5 In the Add New Message Broker Entry dialog box, enter the following properties:
- Name—Enter unique name for the message broker entry.
- Broker IP Address—Enter the IP address of the RabbitMq message broker.
- Broker Listener Port—Enter the port used by the message broker to listen for messages. The default port is 5672.
- Broker Virtual Host—Enter the virtual host configured on message broker. The default is /.
- User Name—Enter the username needed to connect to the message broker.
- Password—Enter the username password.
- Enabled—Check if you want to enable the message broker after it is created.
- IP Address of OpenStack—Choose the OpenStack IP address from the list, which is populated from the OpenStack tenants that appear in the OpenStack tab.
The message broker entry is added to the Message Broker table.
Step 7 At any later time, you can:
– Enable/Disable Message —Check the box to enable the message broker; uncheck the box to disable it.
– Delete —Removes the message broker entry.
Note If the tenant that the message broker is monitoring is disabled, the status changes to Unknown. Some brokers should not be added.
Adding Users to Tenants
After you create or add tenants to Prime Performance Manager, you can add users to them. User creation and editing procedures are provided in the following topics:
When you create or edit a user, in the Tenant Name field check the tenants to which you add the user. After you save the user or user information updates, you can display the tenants to which the user belongs by clicking the Tenants box.
Setting Up OpenStack Ceilometer Reports
OpenStack ceilometers provide a point of contact for billing systems to acquire measurements for customer billing across all current OpenStack core components. Ceilometer reports are located in the Compute > OpenStack report category.
By default, ceilometer collects metrics every 10 minutes. Prime Performance Manager allows you to configure other intervals. If the interval is lower than the ceilometer interval, Prime Performance Manager fills the data automatically by using most recent data. Therefore, the polling interval must always be larger then the ceilometer interval.
When configuring Prime Performance Manager to monitor OpenStack, review the default OpenStack Ceilometer poll interval. By default this is 10 minutes. Disable OpenStack reports that are less than the Ceilometer poll interval, otherwise Prime Performance Manager will poll OpenStack more frequently than OpenStack is updated. For example, if the OpenStack Ceilometer poll interval is the 10-minute default, disable OpenStack 1 and 5 minute reports. See Customizing Individual Report Settings.
Displaying Tenant Reports
If OpenStack tenant integration is enabled, hypervisor and OpenStack Ceilometer report data are filtered automatically.
Note For OpenStack tenant integration, Prime Performance Manager must import Ceilometer as the monitored device for data filtering. Hypervisors are optional.
For tenants added to Prime Performance Manager directly, filtering is set up at the time you create the tenant. See the following topics:
- Adding Tenants to Prime Performance Manager From the Tenants Window,
- Adding Tenants to Prime Performance Manager Through Tenant Groups
To display report data by tenant:
Step 1 Log into the Prime Performance Manager GUI as the administrator user.
Step 2 On the Prime Performance Manager toolbar, click User Preferences.
Step 3 In the User Preferences window, click General Display Settings.
Step 4 In the right column, modify the following tenant report properties:
– All—Displays all reports, not just tenant reports.
– All Tenants—Displays all tenant reports.
– SELECTED—Allows you to select and display reports for individual tenants.
For example, if you set Tenant Scope to All Tenants and Tenant Display to Display Name, then navigate to Reports > Compute > OpenStack > [Ceilometer], you will notice a new Tenant column is displayed with the data for all Tenants.
Displaying Alarms and Events by Tenant
Alarms and events have a Tenant attribute that you can use to sort alarms and events by tenant. The Tenant attribute is not displayed by default. To display it, see Adding and Removing Properties from Property Views.
Adding Tenants to Thresholds
Prime Performance Manager thresholds allow you define performance criteria for displaying threshold crossing alert alarms and events. For complete information about Prime Performance Manager thresholds, see Chapter11, “Creating and Managing Thresholds” When you create thresholds, you can apply one, multiple, or all tenants to it.
To add tenants to threshold crossing alerts:
Step 1 Complete the Creating Thresholds.
Step 2 Complete the following tenancy fields:
– ALL—(default) Choose this option if you do not want to assign tenants to the threshold.
– ALL_TENANTS—Includes all tenants in the threshold.
– SELECTED—Allows you to choose the tenants added to the threshold
To add tenants, click Change then chose the tenants you want in the Select Tenants dialog box using the Add, Add All, Remove, Remove All buttons.
Tenant Views
After you integrate Prime Performance Manager with OpenStack tenants, you view information about them in the Data Center > Tenants view. Each tenant view includes the following subviews retrieved from the OpenStack server:
- Network—Displays information about the tenant VLAN.
- Compute—Displays the tenant virtual machines. In OpenStack Horizon, these are called instances.
- Storage—Displays information about tenant storage volumes.
To display tenant details, click the tenant in the View tree. The following tenant details are displayed:
- Name—The tenant name.
- Status—The tenant status, either enabled or disabled.
- Description—A description of the tenant, if added.
- Tenant Source—The source of the tenant. Currently, this will be OpenStack.
- Ongoing Tenant Synchronization—Indicates whether regular synchronization occurs between Prime Performance Manager and the OpenStack server, either Yes or No.
- Last import of tenant—Indicates the data and time of the last tenant information synchronization.