Managing Users, Roles, and SNMP Profiles

CA Performance Center centralizes the management of user accounts, permissions, SNMP profiles, and groups among all CA data sources. Centralized management tasks make it easy for IT teams to share user access permissions for different CA Performance Center data sources.
cucm41
HID_ManageRoles_Profiles
CA Performance Center centralizes the management of user accounts, permissions, SNMP profiles, and groups among all CA data sources. Centralized management tasks make it easy for IT teams to share user access permissions for different CA Performance Center data sources.
To take advantage of the centralized management feature, register
Unified Communications Monitor
 as a CA Performance Center data source. Registration lets CA Performance Center assume certain management tasks for
Unified Communications Monitor
 and makes those tasks accessible to users with the appropriate administrative product privileges.
  • Before
    Unified Communications Monitor
     is registered as a data source:
     
    The administrator uses the management console to view, add, edit, and delete user accounts, roles, and SNMP profiles.
  • After
    Unified Communications Monitor
     is registered as a data source:
     
    The administrator uses the CA Performance Center interface for all administrative tasks that are associated with users, roles, permissions, and groups. All defined users and roles, including users and roles from other CA Performance Center data sources, are displayed on the
    Unified Communications Monitor
     
    Administration
    pages. However, you manage users and roles from the CA Performance Center console.
Contents
Users
The administrator creates user accounts for the operators who access reports and functions, and assigns them roles and product privileges. The main access levels that you can change involve role-based permissions to view reports and initiate a Call Watch or traceroute investigation.
Unified Communications Monitor
 provides two predefined users with different roles and product privileges. Before you register
Unified Communications Monitor
 with CA Performance Center, the
User List
displays only the predefined users. After registration, the
User List
displays the predefined users and users for other data sources that are registered with CA Performance Center.
The
User List
provides the following information.
  • User Name
    . A name to identify this user account. The user account defines the credentials of a person who is authorized to operate
    Unified Communications Monitor
     and to perform certain tasks. Each user definition contains a user name and an associated email address, role, and product permission level. Two user names are predefined:
    • admin (the administrator)
    • user (the default product user). If you assign users to the predefined user accounts, change the default passwords.
    Note
    : Previous versions of
    Unified Communications Monitor
     had different predefined user names: nqadmin and nquser. If you upgraded from a previous version, your
    User List
    still contains the old user names.
  • Role
    . The role that is assigned to the user: IT Manager, IT Operator, or a custom role.
  • Privilege
    . A defined level of access to product functionality and configuration: Administrator or User.
    • The
      Administrator
      performs all functions, including all administrative tasks: creating and editing Locations, media devices, thresholds, Call Watch definitions, incident responses, roles, and user accounts.
    • The
      User
      views the pages and performs basic functions as assigned by an administrator. The User permission level does not provide access to administrative functions.
  • Description
    . A description of the user account, such as the user name and office location.
  • Status
    .
     
    The status of the user: Enabled, Disabled, or Built-In (for the predefined user accounts).
Create, Change, or Delete User Accounts
Before you register
Unified Communications Monitor
 as a CA Performance Center data source, use the management console to create, change, and delete user accounts. Verify that user accounts are not shared. Results are unpredictable when more than one user is logged in with the same user account. Page and view settings can interfere with each other when
Unified Communications Monitor
 is accessed simultaneously on different computers.
After you register
Unified Communications Monitor
 with CA Performance Center, use CA Performance Center to manage users, product permissions, and roles.
Follow these steps:
  1. Click
    Administration
    ,
    Security
    ,
    Users
    in the navigation bar.
  2. To create or change a user account
    , perform the following steps:
    1. Click
      New
      to create a user account, or select the user that you want to change and click
      Edit
      .
    2. Complete the following fields:
      • Name
        : A name to identify this user account.
      • Description
        : (
        Optional
        ) A description of the user account, such as the user name and office location.
      • Email Address
        : The email address of the user. Used as the “Reply to” address in emails that the user schedules.
      • Password
        : A password for the user account. A password is not required, but is recommended for security purposes. Blank passwords are accepted.
      • Confirm Password
        : Retype the password that you entered in the Password field.
      • Time Zone
        : The time zone where the user works and views reports, relative to Greenwich Mean Time (GMT). The default time zone is UTC (coordinated universal time), which is the same as GMT. For more information, see How to Select a Time Zone.
      • Role
        : The role that is assigned to the user: IT Manager, IT Operator, or a custom role. For more information, see Roles.
      • Product Privilege
        : A defined level of access to product functionality and configuration: Administrator or User. For more information, see Users.
      • Enabled
        : The user account is active, and can be used to access the features of the role and permission level.
    3. Save the user account. The user is added to the
      User List
      .
  3. To delete a user account
    , perform the following steps. You cannot delete the predefined user accounts (admin and user).
    1. Select the user that you want to delete.
    2. Click
      Delete
      .
    3. Click
      Delete
      . The user account is deleted from the
      User List
      .
How to Select a Time Zone
The administrator can select a time zone so that users can view report data with time values that correspond to their physical locations.
Most time zone options are arranged into geographically related groups, such as Africa, America, Asia, Atlantic, Europe, and Pacific. Multiple options for “America” are available, including America/Cancun, America/Jamaica, America/New_York. You can assign a time zone that is based on a user's proximity to a well-known city or country.
A group named Etc/ contains time zones that are not geographical, but that instead indicate a position relative to the “zero hour.” For example, the group includes Etc/UTC, Etc/GMT, Etc/GMT-1, Etc/GMT+1. Use these options in the following situations:
  • when you do not know which city or country the user is closest to
  • when your enterprise uses standard (POSIX) time zones
The Etc/ options adhere to the POSIX standard, which uses positive values west of Greenwich, England. Many users expect to see positive time values east of Greenwich. For example, the Etc/GMT+4 option is four hours behind UTC (west of Greenwich) rather than four hours ahead of UTC (east of Greenwich).
Various well-known and common time zone designations are available:
  • EST5EDT: Eastern Standard Time/Eastern Daylight Time, or five hours behind GMT
  • MST7MDT: Mountain Standard Time/Mountain Daylight Time, or seven hours behind GMT
  • CET: Central European Time
Roles
Roles define the permissions that are allocated to a user, as a means of protecting sensitive information. For example, you can use roles to limit the number of operators who can view a specific report.
  • Before
    Unified Communications Monitor
     is registered as a data source with CA Performance Center: 
    The Role List displays only the predefined roles, which you can use or modify.
  • After
    Unified Communications Monitor
     is registered as a data source with CA Performance Center:
    The Role List displays the predefined roles and roles for other data sources that are registered with CA Performance Center.
The
Role List
provides the following information for each defined role.
  • Role Name
    :
     
    A custom role or one of the following predefined roles:
    • IT Manager
      : This role can install and configure
      Unified Communications Monitor
      , view all reports, and set up and launch Call Watch and traceroute investigations. The role is assigned to one user, such as a VoIP System Administrator. However, a backup user can be assigned for emergency situations to avoid configuration errors and duplication of effort.
    • IT Operator
      : This role can view Performance reports, incidents, and Call Watch reports. This role cannot perform the following tasks:
      • Set up a Call Watch.
      • Launch a Call Watch.
      • Change
        Unified Communications Monitor
         configuration settings.
    Note
    : Previous versions of
    Unified Communications Monitor
     had different predefined roles: Network Operator and Network Manager. If you upgraded from a previous version, your Role List still contains the old role names. The old roles can have fewer permissions in CA Performance Center.
  • Description
    : A description of the role, such as the duties that are associated with the role.
  • Status
    : The status of the role: Enabled or Disabled.
  • Users
    :
     
    The number of user accounts to which the role is assigned.
Create, Change, or Delete Roles
You can create roles to customize the product areas that an operator can view. For example, you can modify a role to assign permissions for different areas of access. Before you register
Unified Communications Monitor
 as a data source for CA Performance Center, you can create, change, and delete roles from the management console.
After you register
Unified Communications Monitor
 with CA Performance Center, use CA Performance Center to manage users, product permissions, and roles.
Follow these steps:
  1. Click
    Administration
    ,
    Security
    ,
    Roles
    in the navigation bar. The
    Role List
    opens.
  2. To create or change a role
    , perform the following steps:
    1. Click
      New
      to create a role, or select the role that you want to change and click
      Edit
      .
    2. Complete the following fields:
      • Name
        : A name for the role.
      • Description
        : (
        Optional
        ) A description of the role, such as the duties that are associated with the role.
      • Enable Role
        : This role is enabled and can be assigned to a user account.
      • Area Access
        : The product features to which users with this role have access. Select one or more areas.
        The areas in the list correspond to reports that can be viewed and product functionality that can be accessed. For example, the Call Watch option allows a user to view the Call Watch Real-Time report. The Call Watch Setup option enables a user to configure and launch a Call Watch.
        Note
        : When you upgrade from a previous version of
        Unified Communications Monitor
        , new options and areas often become available. These options are not enabled for roles that you created with a previous version of the product. You can, however, manually enable the options for these custom roles.
    3. Save the definition. The
      Role List
      displays the new role or your changes.
  3. To delete a role
    , perform the following steps. You cannot delete a role that is assigned to a user account.
    1. Review the Users column and verify that the role is not assigned to a user. If it is, assign a different role to that user before deleting the role. For more information, see Create, Change, or Delete User Accounts.
    2. Select the role that you want to delete.
    3. Click
      Delete
      .
    4. Click
      Delete
      . The role is deleted from the
      Role List
      .
  4. (
    Optional
    ) Assign an enabled role to a user account. For more information, see Create, Change, or Delete User Accounts.
SNMP Profiles
Unified Communications Monitor
 uses SNMP to query MIBs for performance information for the following devices:
  • Cisco voice gateways
  • Avaya call servers
  • Cisco Unified Border Elements (CUBEs)
SNMP profiles contain the information necessary to enable secure queries of device MIBs using SNMP. The profiles provide SNMP parameters to
Unified Communications Monitor
 while ensuring data security.
When you register
Unified Communications Monitor
 with CA Performance Center, profiles that were created in the data source are added to CA Performance Center. The reverse also occurs. Profiles that were created in CA Performance Center are shared among all registered data sources. Any naming conflicts are resolved. Changes to a profile are propagated to all registered data sources when they synchronize with CA Performance Center.
After you register
Unified Communications Monitor
 with CA Performance Center, you can use CA Performance Center to manage the SNMP profiles for all data sources.
The SNMP Profile List provides the following information for every SNMP profile you create.
  • SNMP Profile
    :
     
    The name that is assigned to this profile.
  • SNMP Version
    :
     
    The version of SNMP associated with this profile: SNMPv1/SNMPv2C or SNMPv3.
  • Authentication
    :
     
    The authentication protocol for contacting the devices that are associated with this profile.
    • None (do not attempt authentication)
    • MD5 (Message-Digest Algorithm 5)
    • SHA (Secure Hash Algorithm)
  • Privacy
    :
     
    The encryption protocol that is used for data flows sent to devices that are associated with this profile.
    • None (do not encrypt communications). This option is assigned when no authentication is enabled for the profile.
    • AES (128-bit encryption)
    • DES (Data Encryption Standard)
    • Triple DES
  • Use as Default
    :
     
    Indicates whether the collector uses this profile first when attempting an SNMP poll in the following situations:
    • When the collector discovers a new device.
    • For all devices that support polling but are not associated with an SNMP profile.
Create, Change, or Delete SNMP Profiles
SNMP profiles supply information that the collector needs when it uses SNMP queries to contact devices. Create an SNMP profile for each SNMP community or each SNMPv3 secure device MIB.
Unified Communications Monitor
 provides one default profile (public) for SNMPv1 and SNMPv2C.
Note
: Do not create SNMP profiles for monitoring a Microsoft-only environment.
Follow these steps:
  1. Click
    Administration
    ,
    Security
    ,
    SNMP Profiles
    in the navigation bar.
  2. To create an SNMP profile
    , perform the following steps:
    1. Click
      New
      .
    2. Complete the following fields, which vary by SNMP version.
      • Profile Name
        : Provide a name that identifies this SNMP profile. Profile names must be unique, cannot be duplicated across SNMP versions, and are not case-sensitive.
      • SNMP Version
        : Select the version of SNMP for the profile: SNMPv1, SNMPv2C, or SNMPv3. This field is available only for creating a profile.
      • Port
        : Identify the port for making SNMP connections to devices associated with this profile. The default is Port 161.
      • Use as Default
        : Select this check box use this profile first when the collector discovers a new Avaya Communication Manager or voice gateway. The collector also uses this profile to contact devices that support SNMP polling but do not have an associated SNMP profile. A default profile is required. The only way to remove the default designation from one SNMP profile is to designate another profile as the default. Only one profile can have the default designation at a time.
      • Community Name
        : (
        SNMPv1/SNMP/v2
        ) Type the secure SNMP community string that lets the collector query the MIB of this gateway device. The community name must provide read-only access to the device MIB. In the default SNMP profile, the community name is public. Type the community string again in the
        Verify Community Name
        field.
      • User Name
        : (
        SNMPv3
        ) Type the user name that enables secure access to the media devices or servers that are associated with this profile.
      • Context Name
        : (
        SNMPv3
        ,
        Optional
        ) Type the context name for the SNMP session. The SNMP agent on the associated device uses the context to control which MIBs or MIB content (rows) are exposed for the SNMP session.
      • Authentication Protocol
        : (
        SNMPv3
        ) Select the authentication protocol to use to contact devices that are associated with this profile.
      • Authentication Password
        : (
        SNMPv3
        ) Provide the authentication password for SNMPv3 and the selected authentication protocol. Provide the password again in the
        Verify Authentication Password
        field.
      • Privacy Password
        : (
        SNMPv3
        ) Provide the password to use when exchanging encryption keys. Provide the password again in the
        Verify Privacy Password
        field.
    3. Click
      OK
      . The profile appears on the SNMP Profile List.
  3. To change a profile
    , perform the following steps:
    1. Select the profile that you want to change, and then click
      Edit
      . The
      SNMP Profile Properties
      page opens.
    2. Complete the fields as described in step 2b, as necessary.
    3. Click
      OK
      .
  4. To delete a profile
    , perform the following steps:
    1. Verify that the profile is not assigned to a voice gateway. If it is, reassign the device to a different profile.
    2. Verify that the profile is not designated as
      Use as Default
      . If it is, designate a different profile as the default.
    3. Select the profile that you want to delete, and then click
      Delete
      .
    4. Click
      OK
      to confirm the delete. The profile is removed from the
      SNMP Profile List
      .
  5. Reload the collector to synchronize with the settings on the management console.
  6. (
    Cisco only
    ). Assign a new profile to the associated voice gateway. 
    Note
    : Do not assign a profile to Avaya call servers. The collector tries each profile in turn, beginning with the default profile, until it contacts the Communication Manager.