USER GUIDE

Entuity® SurePath 2.5

SurePath User Guide

Entuity was founded to develop intelligent network management solutions.

Entuity SurePath allows you to quickly and accurately determine the actual path
that traffic is taking across a network between two devices. SurePath can then
monitor the status of the components that make up that path and alert you to any
subsequent problems or changes.

North America Headquarters EMEA Headquarters

4 Mount Royal Avenue 9a Devonshire Square
Suite 340 London,
Marlborough, MA 01752 EC2M 4YN
Tel: +1 508 357 6344 Tel: +44 (0)20 7444 4800
Fax: +1 508 357 6358 Fax: +44 (0)20 7444 4808

www.entuity.com 0000-0155-PD013_surepath.rev1.fm
Entuity

Entuity

The Entuity product and its related documentation are protected by copyright and distributed under licenses restricting
use, copying, distribution and decompilation. Unless you have negotiated with Entuity specific terms and conditions
for using its product and associated documentation, such use shall be governed by Entuity's standard licence terms, a
copy of which is distributed with the product.

Entuity may make improvements and/or changes to the product(s) and/or program(s) described in this publication at
any time. These changes will be incorporated into new editions of the relevant publication.

Entuity®, SurePath®, Eye of the Storm®, InSight Center®, Green IT Perspective™, Network Delivery Perspective™ and Service
Delivery Perspective™ are registered trademarks of Entuity. All other trademarks are the property of their respective
owners.

License terms and conditions of use for Entuity and included third party software can be found on the Entuity server at
entuity_home/licenseTerms/. A listing of these third party trademarks, references and software included with Entuity
is available through its web UI.
Contents

1 Entuity SurePath
SurePath and Service Delivery ..................................................................11
SurePath Technology ...........................................................................12
Benefits of SurePath .............................................................................12
Set Path Discovery ...............................................................................12
Example IP SLA Reporting ...................................................................13
SurePath Implementations ........................................................................13
SurePath Standalone Install .................................................................14
Best Practice Recommendations .........................................................15
One Entuity Server to One SurePath Server Install .............................15
Best Practice Recommendations .........................................................16
Multiple SurePath Server Install ...........................................................17
Best Practice Recommendations .........................................................18
SurePath Server and Multiple Entuity Servers Install ..........................19
Best Practice Recommendations .........................................................20
SurePath System Requirements ................................................................21
SurePath Server Linux System Requirements .....................................21
SurePath Server Windows System Requirements ...............................22
SurePath Web UI System Requirements .............................................22
Virtual Machines Certified to Host SurePath ........................................23
SurePath Security and User Authentication ..............................................23

2 Monitor Network Path Performance

Path Summary Dashboard ........................................................................24
SurePath Path, Link and Device States ...............................................25
Troubleshoot Path Discovery ....................................................................25
Changes from the Reference Path .......................................................26
Checking Path Discovery .....................................................................26
Potential Capacity Bottleneck ..............................................................28
Overlay Status and Utilization ..............................................................29
Check Remote Server Availability ........................................................30
Information, Warning and Error Messages ..........................................31
Checking Path Stability ..............................................................................32
Locate Asymmetric Routing .................................................................34
SurePath Incident and Events ...................................................................34

SurePath User Guide 3

Entuity

3 Manage Network Paths

Path Administration ....................................................................................38
Network Path Discovery ............................................................................38
Setting up a Path on a SurePath Server ..............................................39
Set Topology Override Rules .....................................................................41
Comparison of Physical and Logical connections ..............................42
Layer 3 Route Rules .............................................................................42
Egress Interface Rules .........................................................................46
Physical Connections ...........................................................................47
Logical Connections .............................................................................49

4 Prepare for SurePath Install and Configure

Preparing for SurePath ..............................................................................52
Install and Configure Login Privilege Requirements .................................53
Supported SNMP Versions ........................................................................54
SNMPv3 Engine Identifier ..........................................................................54
SSL Requirements .....................................................................................54
Operating System Environment Specific Considerations .........................55
Linux Packages Required for SurePath ...............................................56
Linux Maximum Number of Processes per Non-Root User .................58
Linux Name Service Cache Daemon ...................................................58
Linux Server Time Zones ......................................................................59
Linux Arena Allocation Configuration ...................................................59
Windows Maximum Port Usage Requirements ...................................59
Windows Firewall Requires Port Registration ......................................60

5 Install the SurePath Server

Overview of SurePath Installation ..............................................................61
Installing SurePath Using the Install Wizard ..............................................62
Installing SurePath from the Command Line ............................................65

6 Configure the SurePath Server

Overview of the SurePath Server Configuration ........................................68
Configuring SurePath Using the Configure Wizard ...................................69
Configuring SurePath from the Command Line ........................................77

7 Device Management
Overview of Device Management ..............................................................81
Device Management Levels .................................................................82
Certified Device Management ..............................................................82

SurePath User Guide 4

Entuity

Device Type Management ...................................................................83

IPv4 and IPv6 Device Management .....................................................83
Inventory Management Permissions ....................................................83
SurePath Device Connection Attributes ....................................................83
Attributes SurePath Uses to Manage Devices .....................................83
Attributes SurePath Uses to Manage VM Platforms ............................85
Inventory Administration ............................................................................85
Best Practice 86
Viewing Devices Under SurePath Management ..................................86
Modify Attributes SurePath uses to Manage a Device ........................88
Adding Devices Using Auto Discovery ......................................................89
Viewing Candidate Devices ..................................................................91
Modifying Attributes of Discovered Devices ........................................92
Adding Candidate Devices to SurePath ..............................................93
Importing Devices Using a Device File ......................................................94
Defining A Device File ..........................................................................95
Adding a Single Device .............................................................................97
Adding Oracle VM Managers to SurePath ................................................97

8 Startup and Shutdown SurePath

Start SurePath ............................................................................................99
Starting the Server for the First time ....................................................99
Shut Down SurePath .................................................................................99

9 SurePath Security
Multi-Server and Access Management ....................................................101
User Profiles and User Groups ................................................................102
Manage SurePath User Profiles .........................................................102
Viewing User Account Details ............................................................102
Setting User Group Membership .......................................................103

10 SurePath Licensing
Check the SurePath License ...................................................................105
Identifying when a License Expires ....................................................105
Renew the SurePath License ...................................................................106

11 SurePath Preferences
General Preferences ................................................................................107
Servers and Views Preferences ...............................................................108
Events and Incidents ...............................................................................108

SurePath User Guide 5

Entuity

12 Back Up the SurePath Data

Backing Up Data ......................................................................................110

13 SurePath Maintenance Patches

Patch Install Overview ..............................................................................111
Checking the Patch Level of SurePath ....................................................112
Downloading Maintenance Patches ........................................................112
Installing Maintenance Patches ...............................................................112
installPatch Warning and Error Messages ..............................................113
SurePath installation not stopped ......................................................113
Patch already installed .......................................................................113
Patch out of sequence .......................................................................113
Later patches already installed ..........................................................114
Patch is for a different architecture ....................................................114

14 Uninstall SurePath
Uninstalling from Windows ......................................................................115
Uninstalling from Linux Systems .............................................................115

A Entuity SurePath Checklist

B Entuity SurePath Install and Packages

C Entuity SurePath Overview

D Entuity SurePath Server Sizing

E SurePath System Files

bin.vendor ................................................................................................128
Device File (Seed File) .............................................................................128
entuity.cfg .................................................................................................131
entuity.cfg Sections ............................................................................131
eventEngine.bat .......................................................................................151
event-engine-cfg-template.properties .....................................................151
eventProject.xml ......................................................................................153
eyepoller_overrides.cfg ............................................................................154
eyepoller_overrides_system.cfg ..............................................................155
httpd_eye.conf .........................................................................................156
license.dat (license file) ...........................................................................156
mib.txt .......................................................................................................156

SurePath User Guide 6

Entuity

newbin.vendor .........................................................................................157
provost.conf .............................................................................................157
serverid.xml ..............................................................................................157
snmpV3.cfg ..............................................................................................159
startup_o/s.cfg .........................................................................................159
startup_o/s_site_specific.cfg ....................................................................161
sw.cfg .......................................................................................................162
sw_cm_transforms.cfg .............................................................................162
sw_iptosysname.cfg ................................................................................163
sw_ph.cfg .................................................................................................164
sw_site_specific.cfg .................................................................................165
systemcontrol.log ....................................................................................165
system_menus.xml ..................................................................................166
user_menus.xml .......................................................................................166

Index .............................................................................................................169

SurePath User Guide 7

Figures

Figure 1 Standalone SurePath Server .........................................................15

Figure 2 One Entuity Server to One SurePath Server .................................16
Figure 3 Multiple SurePath Servers .............................................................18
Figure 4 SurePath and Entuity Servers ........................................................20
Figure 5 Path Summary Dashboard ............................................................25
Figure 6 Changed Path ................................................................................26
Figure 7 Path Details ....................................................................................27
Figure 8 Changed Path ................................................................................28
Figure 9 Link Spare Capacity when Devices Managed by Entuity Servers 29
Figure 10 Utilization Values for Devices Managed by Entuity Servers ..........29
Figure 11 Entuity Server Utilization Overlay ...................................................30
Figure 12 Remote Server Down .....................................................................30
Figure 13 Information, Warning and Error Messages ....................................31
Figure 14 Path History ....................................................................................33
Figure 15 Network Path Incidents .................................................................35
Figure 16 Path Administration ........................................................................38
Figure 17 Create a Path .................................................................................40
Figure 18 Reference Path ...............................................................................41
Figure 19 Layer 3 Routing ..............................................................................43
Figure 20 Layer 3 Route .................................................................................43
Figure 21 Device Browser ..............................................................................45
Figure 22 Node Selection ..............................................................................45
Figure 23 Layer 3 Routing ..............................................................................46
Figure 24 Egress Interface .............................................................................46
Figure 25 Physical Connections ....................................................................48
Figure 26 View Physical Connection .............................................................48
Figure 27 Logical Connections ......................................................................50
Figure 28 Add Logical Connection ................................................................50
Figure 29 Duplicate SNMPv3 Engine Identifiers ............................................54
Figure 30 Check Maximum Number of User Processes ...............................58
Figure 31 SurePath Install Process ................................................................61
Figure 32 SurePath Install Welcome Screen .................................................62
Figure 33 SurePath License Agreement ........................................................63
Figure 34 Set the SurePath Install Folder ......................................................64
Figure 35 Install Completion Including Host Identifier ..................................65
Figure 36 SurePath Configure Process .........................................................69
Figure 37 Automatic Registry Change ...........................................................70
Figure 38 Specify Database and Log Directories ..........................................71
Figure 39 SurePath License File Location .....................................................72
Figure 40 Configure SurePath for SSL ..........................................................74

SurePath User Guide 8

Entuity

Figure 41 Specify Port Numbers ....................................................................75

Figure 42 Final Configuration Check .............................................................76
Figure 43 Configuring SurePath ....................................................................77
Figure 44 SurePath Inventory ........................................................................87
Figure 45 Modify Device Attributes ................................................................88
Figure 46 Using Auto Discovery ....................................................................89
Figure 47 Modify Device Type .......................................................................93
Figure 48 Modify VM Platform Attributes .......................................................93
Figure 49 Adding Discovered Devices to SurePath ......................................94
Figure 50 Importing Devices Using a Seed File ............................................94
Figure 51 Accepting VM Oracle Certificates ..................................................98
Figure 52 SurePath User Account Management ...........................................103
Figure 53 Modifying the Members of an User Group ....................................104
Figure 54 General Preferences ......................................................................107
Figure 55 Servers Preferences .......................................................................108
Figure 56 Events and Incidents Preferences .................................................109
Figure 57 SurePath Server Specification Categories ....................................124

SurePath User Guide 9

Entuity

Tables
Table 1 System Requirements for SurePath installed to Linux ................... 22
Table 2 System Requirements for SurePath installed to Windows............. 22
Table 3 System Requirements for the SurePath Web UI ............................ 22
Table 4 Color Coded Severity States .......................................................... 25
Table 5 Information Messages .................................................................... 31
Table 6 Warning Messages ......................................................................... 32
Table 7 Error Messages............................................................................... 32
Table 8 Path History..................................................................................... 33
Table 9 SurePath Incidents and Events ...................................................... 36
Table 10 Path Attributes................................................................................. 39
Table 11 Layer 3 Route .................................................................................. 43
Table 12 Egress Interface .............................................................................. 47
Table 13 Physical Connections ..................................................................... 48
Table 14 Logical Connections ....................................................................... 50
Table 15 Default Port Settings ....................................................................... 53
Table 16 Additional Packages Required for SurePatht ................................. 56
Table 17 SurePath Ports Requiring Windows Firewall Registration ............. 60
Table 18 Install and Configure Wizard Buttons ............................................. 69
Table 19 Database and Log Directories ........................................................ 71
Table 20 Server Configuration ....................................................................... 72
Table 21 SurePath Ports ................................................................................ 75
Table 22 SurePath Ports ................................................................................ 80
Table 23 Device Management Levels............................................................ 82
Table 24 Attributes for Device Discovery....................................................... 84
Table 25 Attributes for VM Platform Discovery .............................................. 85
Table 26 Inventory Management Details ....................................................... 87
Table 27 Auto Discovery Parameters ............................................................ 90
Table 28 Candidate Device Details................................................................ 91
Table 29 User Account Summary.................................................................. 103
Table 30 SurePath ISO Image and Patches.................................................. 111
Table 31 SurePath Version and Release Numbers ....................................... 113
Table 32 SurePath Configuration Checklist .................................................. 116
Table 33 Get Started with SurePath .............................................................. 119
Table 34 Minimum Server Specifications ...................................................... 125
Table 35 Different Sort Orders of the Interface Description Formats............ 146

SurePath User Guide 10

1 Entuity SurePath

SurePath® is the advanced path monitoring and analysis software solution from Entuity that
can be used to identify, monitor and troubleshoot network paths. SurePath allows you to
quickly and accurately determine the actual path that traffic is taking across a network
between two devices. SurePath uses a combination of layer 2 and layer 3 technologies,
together with topology overrides to deliver the path.
SurePath monitors the status of the components that make up a path, color coding objects
to visually identify their state. SurePath can raise incidents and events against monitored
paths as well as managed ports and devices. You can therefore for example identify:
 Which network devices and ports are critical to the performance of an application, even
as the path changes over time.
 Which network components you should focus on if the network is causing an application
to run slowly.
 Which applications will be impacted by network device failure, maintenance or packet
loss on specific ports.
 Where network traffic traversing between the source and destination devices associated
with the application last traversed before a network path’s failure.

With SurePath you can focus on ensuring the high performance of business-critical
applications and therefore end user satisfaction.
You can implement SurePath as:
 A standalone server where SurePath would both manage devices and determine paths
between devices.
 A server that utilizes the device inventory of one or more Entuity servers, and would not
directly manage devices, when determining paths between devices.
 One of a group of SurePath servers.

SurePath and Service Delivery

Monitoring of application service delivery is typically split between two approaches:
 Application Performance Management Software details application and server availability,
performance and health. This approach is focused on the service provider with little or no
insight into the performance of the network.
 Network Management Software details topology, device and port availability, network
performance and health. This approach is focused on the health of the network.

This two facet approach is problematic and does not always answer the most pressing
questions:
 When a network application is running slowly, is it the network or the application that is
performing poorly?

SurePath User Guide 11

Entuity SurePath and Service Delivery

 If devices on the network fail or are taken down for maintenance, what applications are
impacted?
 Has end-to-end connectivity failed? What was the last successful path?

SurePath allows you to identify the server and client devices involved in application delivery.
It can then discover the path or paths between these source and destination devices. There
are usually many possible paths across a network between a service provider and service
consumer. The path, or paths, used now may not be the same as that used one hour ago or
in one hour’s time. This is especially true in virtualized environments.

SurePath Technology
SurePath discovers the true path, or paths, between any two specified endpoints that are
under its management. SurePath’s patented technology delivers path discovery that:
 Works in real-time. Its end-to-end discovery is fast and can be scheduled; if a path
changes SurePath discovers that change.
 Discovers paths by querying managed devices on the network. It therefore reports actual
network behavior, it is not a simulation or a best guess.
 Takes a light touch approach in its querying of devices and so has a minimal impact on
the network load.
 Operates at both the layer 3 and layer 2 network levels aiming to provide a full and
complete dependency map for any given pair of devices.
 Is agentless and independent of routing and switching protocols. It currently supports
IPv4.

Benefits of SurePath
SurePath:
 Identifies the pathways through the network. For example, before undertaking
maintenance on your network it is important to know the impact of taking down part of
the network.
 Identifies multiple concurrent paths, useful for example when load balancing the network.
(See Example IP SLA Reporting.)
 Locates asymmetric routing which may indicate routing problems or routing
misconfiguration.
 Identifies path flapping. Frequent path changes may indicate network faults or problems
with routing convergence, loop prevention.

Set Path Discovery

Setting up a network path requires knowledge of your network. SurePath will often fully
discover a path from the source to its destination. However, it is also possible that part of the
paths may not be discoverable, for example:
 The starting device does not have knowledge of the destination device. For example, a
layer 2 switch is unlikely to have the route to a destination that is a couple of hops away

SurePath User Guide 12

Entuity SurePath Implementations

(there is a small possibility the route maybe in the ARP tables of the switch, however it is
unlikely to be persistent).
 The next hop on the discovered path may not be managed by SurePath or one of its
remote servers. If it is not managed, it cannot be included to the path.
 The technology of the device, for example an MPLS device, may not be available to
SurePath.
 When using multiple Entuity servers to manage networks, a path may include connected
devices managed by separate servers, and SurePath cannot automatically make the
connection between those devices.

When you know the network you can set up connections to:
 Handle unmanaged areas of the network by manually entering layer 3 routing, egress
interfaces and physical connections or logical connections.
 Resolve the missing connections between devices managed by different remote servers.
You can define a logical connection on the SurePath server to connect the two devices
from the two remote server inventories.

Example IP SLA Reporting

Consider the case where a user is reporting poor service delivery. When you have a
combination of Entuity and SurePath managing your network you can:
1) Set up IP SLA operations between the user and the server. Entuity includes a Cisco IOS IP
SLA module.
2) From Entuity check the IP SLA operation confirms problems in service delivery.
3) From SurePath create a path with the source as the application server and the destination
device that of the end user. SurePath can then discover the path or paths between the
user and the application.
4) Use the path information to set additional jitter IP SLA operations to locate the problem
area on your network.

SurePath Implementations
SurePath can act as a standalone server, it can work with other SurePath servers and with
Entuity servers. You can setup a SurePath server so that it:
 Directly manages and polls the devices it can then include to its network paths. SurePath
can automatically discover your network, can use a device file that specifies the network
and devices to manage and you can also individually add devices to SurePath. SurePath
then discovers information necessary to identify devices.
 Acts as a central server, with management and polling of devices performed by its
associated remote Entuity and SurePath servers.

From SurePath you can specify pairs of source and destination devices for path analysis.
SurePath can then interrogate devices from the source to the destination device, as this

SurePath User Guide 13

Entuity SurePath Implementations

implies it is a unidirectional link. This polling is performed by the SurePath or Entuity server
managing the device.
SurePath considers a path as all devices and interfaces between the source and destination
devices through which traffic flows; for a pair of devices there maybe multiple paths. You can
edit the topology to complete the path if SurePath cannot fully discover a path, for example if
all devices on the path are not managed or all devices are managed but by different
SurePath or Entuity servers.
Administrators of SurePath can set up paths for users, for example network administrators
may set up paths for administrators of applications. Application administrators could then
access SurePath to check on the network when users are reporting problems with their
applications.
Entuity Support recommend these four installation configurations:
 SurePath Standalone Install.
 One Entuity Server to One SurePath Server Install.
 Multiple SurePath Server Install.
 SurePath Server and Multiple Entuity Servers Install.

SurePath Standalone Install

As a standalone server SurePath both manages devices on the network and discovers and
manages network paths.
When using SurePath as a standalone installation you can take devices under management
using autodiscovery, from a device file, through scripts or manually. SurePath retrieves
information to identify the devices and can also raise incidents and events against them and
their ports, for example to reflect changes in their state and availability.
When you specify a path source and destination SurePath polls the devices in the path and
identifies the devices and interfaces used to transmit data between the two endpoints.

SurePath User Guide 14

Entuity SurePath Implementations

Figure 1 Standalone SurePath Server

Best Practice Recommendations

 Assign users to the:
 Administrators group if they are required to perform administration tasks, for
example setup and manage network paths, user accounts and groups. These users
also have access to all network paths.
 All users group if they are only required to view and use network paths. Users will
have access to all network paths on the server.
 Setup network paths with meaningful names. For example when setting up paths for a
particular set of users, e.g. administrator of a particular application, include the
application name in the path name.

One Entuity Server to One SurePath Server Install

Where you have one Entuity server and one SurePath server you can use the Entuity server
to manage devices and the SurePath server to discover paths. SurePath does not manage
devices or poll devices when discovering paths instead it instructs the remote Entuity server
to do so. When accessing paths you should do so through the Entuity server, you can place
paths into views, view utilization data.
This behavior is enabled through the multi-server setup:
 The Entuity server acts as the central server to the remote SurePath server which allows
users to access SurePath network paths, for example to include them to views or add
them to services. Users with access to these views and services can then access network
path information, although if they do not have access to any devices within the path then
identifying information is hidden but not the device state.
 The SurePath server acts as the central server to the remote Entuity server which allows it
to use the Entuity server’s inventory and polling setup when discovering network paths.

SurePath User Guide 15

Entuity SurePath Implementations

Users and System administrators would access SurePath data and functions through the
Entuity server:
 System administrators can access all SurePath functionality through the Entuity server.
 Users that are not members of the Administrators group would only have access to
network paths available through the views to which they have access.

Figure 2 One Entuity Server to One SurePath Server

Best Practice Recommendations

 Use Entuity to manage devices, do not split device management between SurePath and
Entuity or manage the same device on both servers.
When the Entuity server manages the device it also performs network path discovery
although the discovered network path is held on the SurePath server.
 Use Entuity to access the SurePath data and functionality. From the Entuity server you
can:
 Use views to control the network paths that are available to different groups of users.
In contrast if you permit users to log on to a SurePath server they have access to all of
the network paths on that server.
 View utilization data for devices and links in addition to state data (when those
devices are managed by the Entuity server).
 From a map identify devices in a selected network path, these are devices in the last
discovered (actual) path.
 Add network paths to Entuity services.
 Use Integrated Flow Analyzer Premium to create paths from Top Talker conversations.
 Benefit from the user account security setup in Entuity.

SurePath User Guide 16

Entuity SurePath Implementations

 Assign users to the Administrators group if they are required to perform administration
tasks, for example setup and manage network paths, user accounts and groups. These
users also have access to all network paths.
 Setup network paths with meaningful names. For example when setting up paths for a
particular set of users, e.g. administrator of a particular application, include the
application name in the path name.

Multiple SurePath Server Install

In large network environments you might have multiple SurePath servers and:
 Designate one SurePath server as the central server. It can also manage devices but also
uses the inventory of its remote SurePath servers when discovering paths. The number of
supported remote servers is determined by your license. Users would access SurePath
data only through the central server.
 Assign management of devices across the remaining SurePath servers.

A central SurePath server can access the complete inventory and topology of your network
by remotely connecting to the managing SurePath servers. You can then discover paths that
traverse the full network and where devices on the same path are managed by different
servers use logical connections to complete the path.

SurePath User Guide 17

Entuity SurePath Implementations

Figure 3 Multiple SurePath Servers

Best Practice Recommendations

Designate one server as a central server:
 On which you manage paths and grant non-administrator users access. You can also use
this server to manage devices.
 Which can then use the inventory and polling capability of its remote servers to discover
network paths. The discovered network paths are stored on the central server.
Setup network paths with meaningful names. For example when setting up paths for a
particular set of users, e.g. administrator of a particular application, include the
application name in the path name.
 And assign users to the:
 Administrators group if they are required to perform administration tasks, for
example setup and manage network paths, user accounts and groups.
 All users group on the central SurePath server if they are only required to view and
use network paths. Users will have access to all network paths on the server.
All users can view all network paths on the SurePath server.

SurePath User Guide 18

Entuity SurePath Implementations

Use the remaining SurePath servers to manage devices. Do not manage the same device on
more than one server.

SurePath Server and Multiple Entuity Servers Install

Entuity delivers a complete network management software solution, including inventory
discovery and management. SurePath can connect to remote Entuity servers and access
their inventory data and use their polling capability.
In large network environments where you have multiple Entuity servers you can:
 Designate one Entuity server as the central consolidation server. It does not manage
devices but has access to the inventory of its remote Entuity servers and the network
paths of its remote SurePath server.
This is the primary server for users accessing Entuity and SurePath data. System
administrators can control access to network paths in the same way as they control
access to devices, for example by assigning paths to views, by controlling user profile
permissions. In contrast users logging directly on to SurePath have access to all network
paths on that server.
 Install one SurePath server. This server acts as a central server and it has the same
remote Entuity servers as the Entuity consolidation server. It does not manage devices
but uses the inventory and polling capability of its remote servers when discovering
paths. The number of supported remote servers is determined by your license.
 Assign management of devices across the remaining Entuity servers. SurePath can
access the complete inventory and topology by remotely connecting to the managing
servers. You can then create paths that traverse the full network.

When SurePath is generating a path between two devices it can instruct its remote Entuity
servers to poll those devices, and the intermediate devices discovered when building a path.
In this way SurePath can act as a central server with the processing load largely farmed out
to the remote Entuity servers.
When all of the devices within a path are managed by the same Entuity server SurePath can
fully discover a path between the source and destination devices. When the path includes
neighboring devices managed by different Entuity servers then on the SurePath server you
should define logical connections between the two neighboring devices. Logical connections
bridge the gap between the two separate Entuity inventories, i.e. the actual links, potentially
multiple) links, between devices that are managed by different Entuity servers.
h

 You should take care when configuring connections between Entuity and the SurePath
server. Incorrect configuration can, for example, result in gaps in the inventory required to
make paths or in determining the state of services that include paths.

SurePath User Guide 19

Entuity SurePath Implementations

Figure 4 SurePath and Entuity Servers

Best Practice Recommendations

 Use Entuity to manage devices, do not split device management between SurePath and
Entuity or manage the same device on both servers.
When the Entuity server manages the device it also performs network path discovery
although the discovered network path is held on the SurePath server.
 Use Entuity to access the SurePath data and functionality. From the Entuity server you
can:
 Use views to control the network paths that are available to different groups of users.
When you permit users to log on to a SurePath server they have access to all of the
network paths on that server.
 View utilization data for devices and links in addition to state data (when those
devices are managed by the Entuity server).
 Use SurePath data in maps.
 Add network paths to Entuity services.

SurePath User Guide 20

Entuity SurePath System Requirements

 Use Integrated Flow Analyzer Premium to create paths from Top Talker conversations.
 Benefit from the user account security setup in Entuity.
 Assign users to the Administrators group if they are required to perform administration
tasks, for example setup and manage network paths, user accounts and groups. These
users also have access to all network paths.
 Setup network paths with meaningful names. For example when setting up paths for a
particular set of users, e.g. administrator of a particular application, include the
application name in the path name.

SurePath System Requirements

The particular system requirements will vary depending upon the characteristics of the
monitored infrastructure, for example the speed of the network and how you implement
SurePath. You can set up SurePath:
 In installations with Entuity servers to use the inventory and polling capability of those
Entuity servers. The load on this type of central SurePath server is minimized and the
lowest recommended specification is suitable.
 In standalone installations to directly manage and poll devices. The number, type and mix
of managed objects, e.g. devices and ports, will then determine system requirements.

Entuity Support recommend that you install the SurePath server to a dedicated machine. It
must not be installed to the same machine as any other Entuity or SurePath server. You can
consult with Entuity Professional Services on your specific system requirements.
The following sections indicate recommended specifications for running a standalone
SurePath server managing 600 devices and 50000 ports (the limit of the evaluation license).
Specifications are provided for servers installed to Windows, Linux and virtual machine
environments. There is also specifications for end users accessing SurePath through its web
interface. (For more details on SurePath server system requirements see Appendix D - Entuity
SurePath Server Sizing.)
h

 If you have previously read through the install and configure instructions and only require a
quick reminder of the steps involved refer to Entuity SurePath Overview.

Entuity accepts no liability in the event of the instructions in the documentation not being
! followed when the product is installed and configured.

SurePath Server Linux System Requirements

The SurePath server is certified for operation on the English versions of the 64-bit variant of
the Red Hat Enterprise Linux ES 6 and Oracle Linux 6.
The following table lists the higher recommended system requirements for SurePath
managing 600 devices and 50000 ports in a Linux® environment.

SurePath User Guide 21

Entuity SurePath System Requirements

Attribute Value Attribute Value

CPU Clock Speed 2.5GHz Disk Capacity 120GB
No. CPUs 1 Disk Interface: Data Rate SAS 3Gbps
Cores/CPU 12 Disk Rotational Speed 15K rpm
Intel Processor Family Xeon E5 Family Memory 32GB
(or equivalent)

Table 1 System Requirements for SurePath installed to Linux

SurePath Server Windows System Requirements

The SurePath server is certified for operation on the English versions of the Windows Server
2012, Windows Server 2008 R2 and Windows Server 2008 SP2 64-bit platforms.
The following table lists the higher recommended system requirements for SurePath
managing 600 devices and 50000 ports in a Windows® environment.

Attribute Value Attribute Value

CPU Clock Speed 2.5GHz Memory 24GB
No. CPUs 1 Disk Capacity 120GB
Cores/CPU 12 Disk Interface: Data Rate SAS 3Gbps
CPU 64-bit Disk Rotational Speed 15K rpm
Intel Processor Family Xeon E5 Family
(or equivalent)

Table 2 System Requirements for SurePath installed to Windows

SurePath Web UI System Requirements

The SurePath web UI is certified for use with Internet Explorer 10.0 or later, Firefox 24 ESR
(Extended Support Release) or later and Google Chrome 35 or later releases. Your web
browser must be enabled for both JavaScript, for example to allow the working of the
SurePath menu structure, and cookies, for example to maintain your login status.

Attribute Value
Compatible browser Internet Explorer 10.0 or later (32-bit and 64 bit)
Google Chrome 35 or later.
Firefox 24 ESR or later (32-bit).
JavaScript Enabled to allow the working of the SurePath menu structure.
Cookies Enabled to maintain your login status.

Table 3 System Requirements for the SurePath Web UI

SurePath User Guide 22

Entuity SurePath Security and User Authentication

Virtual Machines Certified to Host SurePath

Entuity Support recommend running SurePath only on the certified virtual machines. Other
virtual machines, or versions of the virtual machines specified here, are not supported.
SurePath is certified to run in these virtual machine environments, on both Windows and
Linux operating systems:
 Citrix XenCenter 5.1, 6.0
 Microsoft HyperV 6.1
 Oracle VirtualBox 4.3
 Oracle VM Server 2.2, 3.x
 VMware ESX 3.0
 VMware ESXi 4.x
 VMware ESXi 5.x
 VMware Workstation 7.x, 8.x, 9.x.

Sizing of Virtual Machines

When allocating resources to a VM on which it is planned to run SurePath, it is essential that
CPU, memory and disk space allocations reflect the Entuity recommendations for an
equivalent dedicated server. Any reduction of these resources below the recommended
minimum specification can make the system liable to performance problems, and such
configurations will not be supported by Entuity.

Configuration of Virtual Machines on the Host Server

When configuring a VM for SurePath, it is important to remember that SurePath is a real-time
system which must operate continuously to be effective. It is therefore essential that sufficient
resources are dedicated to each VM in which SurePath is to run. Failure to do so may result
in data loss, thereby compromising the integrity of SurePath's real-time alerting system and
its historical database.

SurePath Security and User Authentication

SurePath’s high levels of security and authentication ensure that all sensitive asset
information is safe. This is achieved through:
 Implementation of Secure Socket Layer (SSL).
 Explicit log files for web login attempts.

The flexible nature of the SurePath architecture enables the interface and access privileges to
be deployed at a very granular level. SurePath User Authentication currently supports:
 Internal user authentication.
 User preference storage.
 Assignment of users to SurePath user groups through which SurePath sets user
permissions.

SurePath User Guide 23

2 Monitor Network Path Performance

A SurePath network path is the discovered path between the specified source device and the
destination device. The path is unidirectional - one way. A path reports on the state of
devices and links, it can identify potential capacity bottlenecks and changes from the saved
reference path and the last discovered actual path.
All users who can access a SurePath server can monitor the performance of the network
paths defined on that server. The Path Summary dashboard provides a high level view of the
current state of all paths. You can then drill-down and view a more detailed breakdown of
path discovery. SurePath identifies devices using their IPv4 network address.
If users are accessing SurePath data through an Entuity server you can control which
network paths they can access and also display device and link utilization in place of state
data. Users can only access network paths assigned to views to which they have access. If a
path includes devices to which the user does not have the permission to view SurePath does
not identify the device but simply includes its object state.

Path Summary Dashboard

Path Summary dashboard provides an overview of the network paths defined on the current
SurePath server. For each network path SurePath displays:
 The path name.
 The IPv4 addresses of the source and destination devices.
 Its current state through a color coded circle:
 Green indicates the actual path is the same as the reference path and there are no
reported problems.
 Orange indicates a potential problem, for example a difference between the actual
and reference path, an unavailable device.
 Grey indicates SurePath cannot determine a state, for example a remote server has
gone down after a path is first discovered but before its state is calculated.
 Any difference between the reference path and the most recently discovered path using
the path divergence icon. If you position the pointer over the icon, SurePath displays a
rollover message explaining the divergence, for example:
The actual path being taken is different to the reference path
One or more interfaces are changed between actual and reference path
One or more hops are changed between actual and reference path

SurePath User Guide 24

Entuity Troubleshoot Path Discovery

Figure 5 Path Summary Dashboard

SurePath Path, Link and Device States

When SurePath servers manage devices they return the current state of the device as
determined by the SurePath algorithm. When an Entuity server is managing a device that is
included in a path then the device state reflects the state of the device as identified in Entuity.

Severity Color Description

Unknown/Invalid Grey Device or link status is not available. For example the remote
server managing the device may not be contactable.
Normal Green Device or link is up.
Limited Information Blue The device is under management as a Ping Only device or ICMP
and SNMP management is currently disabled. There is therefore
a limited amount of state information available on the device.
Degraded Orange Device or link is down.

Table 4 Color Coded Severity States

Troubleshoot Path Discovery

When SurePath attempts to discover a network path, it may fail because:
 There is no traffic between the source and destination devices at the time discovery runs.
 SurePath or its remote servers do not have all of the devices and interfaces under
management.
 SurePath and its remote servers have the devices under management but the servers are
not configured to handle paths that include devices managed by different SurePath or
Entuity servers.
 The path includes an unsupported technology, for example MPLS.
 Remote servers are not available. For example, they have been taken down for
maintenance, and thus information on the devices they manage is not available.

SurePath reports how and where path discovery encountered problems by placing an
exclamation icon on a link. You can click on it to view additional details about the link.

SurePath User Guide 25

Entuity Troubleshoot Path Discovery

Changes from the Reference Path

After each discovery SurePath compares the reference path with the actual path. When the
path changes SurePath identifies the change by:
 Raising a Network Path Changed from Reference incident and event which identify the
changed path.
 Placing an exclamation icon where the changes occurred in the network path.

Figure 6 Changed Path

Checking Path Discovery

When SurePath discovers a path it indicates the health of that path by color coding device
states and links and placing exclamation mark icons where there are potential problems. You
can click on:
 An exclamation icon to view Path Discovery status. The Path Discovery dialog includes
warnings and errors for that link.
 Device to view device details.
 Link to view link details.

SurePath User Guide 26

Entuity Troubleshoot Path Discovery

Figure 7 Path Details

You can also view the whole discovered network path as a text breakdown:
1) From the path click As Text in the:
 Actual Path pane to view the last discovered path.
 Reference pane to view the path taken by the reference path.

SurePath User Guide 27

Entuity Troubleshoot Path Discovery

Figure 8 Changed Path

Potential Capacity Bottleneck

When the devices in SurePath network paths are managed by Entuity servers, SurePath can
use the additional information collected by Entuity to determine spare capacity on links within
a path. SurePath adds a capacity alert icon to identify the link with the lowest spare capacity.
When you click on a link SurePath displays potentially two values:
 Spare Capacity is the spare capacity of the link. If it is an aggregated link SurePath
displays spare capacity for each sub-link.
 Overall spare capacity is the overall spare capacity for the link. If it is an aggregated link
SurePath first attempts to derive the value from the device and if that fails derives it from
the spare capacity of the sub-links.

SurePath User Guide 28

Entuity Troubleshoot Path Discovery

Figure 9 Link Spare Capacity when Devices Managed by Entuity Servers

By default SurePath displays status details and when the devices are managed by an Entuity
server capacity information on its paths. However, when accessing SurePath paths through
an Entuity server you can choose whether to display Status or Utilization data. SurePath
reports on percentage utilization of devices and links in a path and the states of devices and
links reflect the utilization level.

Figure 10 Utilization Values for Devices Managed by Entuity Servers

Overlay Status and Utilization

When the devices in SurePath network paths are managed by Entuity servers, SurePath can
use the additional information collected by Entuity to determine device and link utilization.

SurePath User Guide 29

Entuity Troubleshoot Path Discovery

This utilization data is then available when viewing SurePath network paths through an
Entuity server, it is not available when viewing those same paths through a SurePath server.
From the Entuity server you can change the path overlay between status and utilization data,
when set to:
 Status Entuity displays the spare capacity of a selected link.
 Utilization Entuity displays utilization data for devices and links.

Figure 11 Entuity Server Utilization Overlay

Check Remote Server Availability

If, when using remote SurePath and Entuity servers to manage your network, these servers
become unavailable then SurePath:
 Amends the Page Updated status to report the remote server is down.

Figure 12 Remote Server Down

 Amends the state of paths that use devices managed by that server and the devices
themselves:
 On the Path Summary dashboard SurePath assigns paths an orange circle indicating
attention required.

SurePath User Guide 30

Entuity Troubleshoot Path Discovery

 Within paths SurePath assigns devices the grey question mark icon within a square
box.

Information, Warning and Error Messages

When SurePath places an exclamation icon on a link you can click on it to view additional
details about the link. SurePath uses three message types:
 Information to indicate rule overrides so the user can identify links which are manually
configured.
 Warning indicates a potential problem with the link but one that has not prevented the
path continuing. For example the egress interface is missing:
No egress interface
Skipping to next layer 3 hop
You may define an egress interface rule.
 Error indicates a failure in path discovery, for example not identifying a layer 2
connection:
No layer 2 connection to continue
SurePath may also present a warning message if it has made a fall-back attempt to
continue with the next hop in the path.

Figure 13 Information, Warning and Error Messages

Information level messages indicate that the link is not discovered. Instead SurePath uses a
user defined override to define the link in the path.

Information Messages Description

User override for Layer 3 SurePath is using a user defined layer 3 override
because a discovered link is not available.
User override for egress interface SurePath is using a user defined egress interface
override because a discovered link is not available.
User override connection SurePath is using a user defined physical connections
override because a discovered link is not available.

Table 5 Information Messages

SurePath User Guide 31

Entuity Checking Path Stability

Information Messages Description

Using default override for Layer 3 SurePath is using a user defined layer 3 override in
preference to any discovered link.
Using default override for egress interface SurePath is using a user defined egress interface
override in preference to any discovered link.
Using default override connection SurePath is using a user defined physical connections
override in preference to any discovered link.

Table 5 Information Messages

Warning level messages indicate SurePath path discovery encountered problems that may
indicate the discovered path is not complete.

Warning Messages Description

Skipping to next Layer 3 hop Indicates layer 2 devices may be missed from the path
as SurePath instead discovers the next layer 3 device.
Next hop Layer 3 error SurePath cannot identify the next layer 3 hop.
Next hop Layer 3 device access error SurePath cannot access the next layer 3 device.
MAC from device error SurePath cannot identify the MAC address on the
device.
No egress interface SurePath cannot identify the egress interface.
No egress interface from device SurePath cannot identify the egress interface on the
device.

Table 6 Warning Messages

Error level messages indicate path discovery failed and why it failed.

Error Messages Description

No MAC information available SurePath cannot retrieve MAC addresses from the
device.
No Layer 3 hop to continue SurePath cannot identify the next layer 3 hop.
No Layer 2 connection to continue SurePath cannot identify the next layer 2 hop.
Remote communication error SurePath cannot communicate with the remote
SurePath or Entuity servers managing devices on the
path.

Table 7 Error Messages

Checking Path Stability

A frequently changing network path may signify network faults or problems with routing
convergence or loop prevention. You can view the history of a path to check on path stability
and identify path flapping.

SurePath User Guide 32

Entuity Checking Path Stability

To check path stability:

1) Click Dashboards > Path Dashboards.
2) Click the path you want to view.
3) Click View History.

When reviewing the path history:

 A high number of changes over a short period may indicate a problem in path definition.
 Different path Depth and Hop Count values indicate load balancing though aggregated
ports. SurePath identifies links using aggregated ports by displaying on the link the
number of ports involved with a forward slash, for example 3/.

Figure 14 Path History

Column Description
Timestamp Date and time SurePath ran discovery on the path.
Source Path source.
Destination Path destination.
Duration (sec) Duration of the discovery process.

Table 8 Path History

SurePath User Guide 33

Entuity SurePath Incident and Events

Column Description
Depth Maximum number of hops between the source and destination devices for
the path. For example if a link between two devices in a path includes three
aggregated ports SurePath counts this as one hop when calculating path
Depth.
Hop Count Total number of discovered hops between the source and destination
devices. For example if a link between two devices includes three aggregated
ports SurePath counts this as three hops when calculating Hop Count.
Server Count Number of SurePath servers managing devices on the path. If the number of
servers varies, this indicates changes in the availability of the servers involved
in the path.

Table 8 Path History

Locate Asymmetric Routing

Asymmetric routing can indicate routing misconfiguration and routing problems. With
SurePath you can define two paths for discovery using the same two devices but reversing
their direction, for example:
 Path one is from the Dual NIC server to the aldgate router.
 Path two is from the aldgate router to the Dual NIC server.

You can then view the resultant paths and check that they are as expected, as sometimes
asymmetric routing is what has been configured.

SurePath Incident and Events

Incidents and events have separate but related roles in managing your network. The primary
difference is in their life cycle:
 An event is raised against an object and later a second event may be raised to indicate
the problem is resolved. Later still, the problem may return so another separate opening
event is raised. Each event indicates the state of the managed object at the time the event
was raised. Although all three events relate to the same source and to the same problem
they are separate entities.
 An incident may be raised by an event, which indicates a problem on an object. It may be
closed when SurePath identifies the issue as resolved through a closing event, the
incident ages out or it is manually closed. If the issue on the object recurs and SurePath
raises another opening event within the set expiry period SurePath also re-opens the
original incident.

SurePath User Guide 34

Entuity SurePath Incident and Events

Figure 15 Network Path Incidents

SurePath raises an event to warn that a specific condition is currently present, whereas
incidents can indicate that this is an ongoing problem. Event Viewer, by default, displays
incidents as they provide a better summary of items of concern on the network. For example
SurePath may raise an SNMP Agent Not Responding event every time the device fails to
respond, when you set Event Viewer Showing to:
 Incidents, you view one incident, no matter how many events are raised.
 Events, you may have hundreds, even thousands of the events from the same source.

The relationship between events and incidents can be of varying levels of complexity:
 Where one event raises an incident and a second event closes the incident.
For example the Device Low Disk Space incident is raised by the Device Low Disk Space
event and closed by the Device Low Disk Space Cleared event.
 Where more than one type of event can raise an incident and more than one type of event
can close the incident.
For example the Device Reachability Problems incident is raised by either the Device
Unreachable or Device Reachability Degraded events and is closed by the Device
Unreachable Cleared events.
 Where an incident may be raised and closed by particular event types, and an additional
event type updates the state of that incident.
For example the Device Not Responding to SNMP incident is raised by the SNMP Agent
Not Responding event and its state is updated by the Device Cold Reboot, Device Warm
Reboot and Device Reboot Detected events.
h

 Events and incidents are not configurable from SurePath. When integrated with Entuity you
can customize events and incidents.

SurePath User Guide 35

Entuity SurePath Incident and Events

Incidents Associated Events

Device Low Disk Space Device Low Disk Space
Device Low Disk Space Cleared
Device Name Resolution Failure Device Name Resolution Failure
Device Name Resolution Failure Cleared
Device Not Responding to SNMP SNMP Agent Not Responding
Device Cold Reboot
Device Warm Reboot
Device Reboot Detected
SNMP Agent Responding
Device Reachability Problems Device Unreachable
Device Reachability Degraded
Device Unreachable Cleared
Device Reboot Device Cold Reboot
Device Warm Reboot
Device Reboot Detected
Entuity License Problem Entuity License Expired and This Server is No
Longer Operational
Entuity License Not Updated by License Server
and Will Expire
Entuity License Successfully Updated by License
Server
Entuity License on Remote Server Problem Entuity License on Remote Server Could Not be
Updated
Entuity License on Remote Server Expired
Entuity License on Remote Server Successfully
Updated
Entuity Server Automated Shutdown Entuity Server Automated Shutdown
Entuity Server Component Problem Entuity Server Critical Component Restarting
After Failure
Entuity Server Component Restarting After
Failure
Entuity Server Permanent Component Failure
Entuity Server Started
Entuity Server Database Backup Failure Entuity Server Database Backup Failure
Entuity Server Disk Space Alert Entuity Server Disk Space Alert
Entuity Server Explicit Shutdown Initiated Entuity Server Explicit Shutdown Initiated
Entuity Server Internal Event Entuity Server Internal Event
Entuity Server License Alert Entuity Server License Alert
Entuity Server Shutdown Forced By Critical Entuity Server Shutdown Forced By Critical
Failure To Restart Failure To Restart
Network Outage Network Outage
Network Outage Cleared

Table 9 SurePath Incidents and Events

SurePath User Guide 36

Entuity SurePath Incident and Events

Incidents Associated Events

Network Path Changed from Reference Network Path Changed from Reference
Network Path Reference Change Cleared
- Network Path Changed from Previous
Port Link Down Port Link Down
Port Link Up
Port Operationally Down Port Operationally Down
Port Operationally Down Cleared
Port Status Problem Port Down
Port Flapping
Port Up
SNMP Agent Restart Detected SNMP Agent Restart Detected
SNMP Authentication Failure SNMP Authentication Failure
SNMP Response Time High SNMP Response Time High
SNMP Response Time High Cleared
SNMP v3 Duplicate Engine ID SNMP v3 Duplicate Engine ID
SSL Certificate Problem SSL Certificate Expiring
SSL Certificate Expired
SSL Proxy Service Administrative Unavailable to SSL Proxy Service Administrative Unavailable to
SNMP Poll SNMP Poll
SSL Proxy Service Administrative Available to
SNMP Poll
SSL Proxy Service Operational Unavailable to SSL Proxy Service Operational Unavailable to
SNMP Poll SNMP Poll
SSL Proxy Service Operational Available to
SNMP Poll
Virtualization Connection Failed Virtualization Connection Failed
Virtualization Connection Success

Table 9 SurePath Incidents and Events

SurePath User Guide 37

3 Manage Network Paths

When you are a member of the Administrators group you can set up and manage network
paths including, when necessary, configuring topology overrides.

Path Administration
Through the Path Administration page you can:
 View the paths defined on the server. SurePath includes the identifying details of the path
and also its discovery schedule and discovery status.
 Add, edit and delete paths.
 Check the current license credit used and available. Each path costs one license credit.
 Highlight a path and then click View.
 Run Discovery. SurePath initiates a discovery as soon as a path is created but through
this page you can run discovery on demand.
 View the history of a path. SurePath retains the history for eight days.

Figure 16 Path Administration

Network Path Discovery

When you are a member of the Administrators group you can configure SurePath to identify
the network path between any two devices under SurePath management or under the
management of remote SurePath or Entuity servers.
Before creating a path you should:
 Know the IPv4 addresses of the source and destination devices or interfaces.
 Know the path you expect SurePath to discover as SurePath, or its remote servers, must
manage all of the devices on the path between the path source and destination. A
knowledge of the devices on the path also allows you to confirm SurePath is discovering
the expected path.

SurePath User Guide 38

Entuity Network Path Discovery

 Ensure the source device has a route to the destination device. Layer 3 switches,
managed hosts and routers are the likely network components to contain this
information.
A layer 2 switch, for example, is unlikely to have the route to the destination. It may
fleetingly hold the path in its ARP table.
 Consider that SurePath discovers the actual paths traffic takes between the specified
source and destination devices and/or interfaces. If there is no traffic between the source
and destination, there is no path to discover.
 Consider whether there is more than one path between the devices that you want to
monitor. You can create separate reference paths for each projected path between the
source and destination devices.
 Understand that SurePath collects data from devices it manages and sometimes data
that has default factory, or incorrectly configured, settings. SurePath still collects and
uses that data regardless.

Attribute Description
Name Name of the path which is displayed on the Path Dashboard, for example you
could enter the resolved name of the source and destination devices.
Description Purpose of the path.
Source IPv4 address of the source device.
Destination IPv4 address of the destination device.
Discovery How often SurePath discovers a path. You can select from Every 5 minutes,
Schedule Hourly, Every 6 hours, Every 12 hours and Daily. SurePath then schedules
discovery using the time discovery first ran. SurePath always runs discovery
immediately after you define a path.
When you first define a path SurePath automatically attempts to discover the
path. You can also manually trigger discovery from the Path Administration
page.

Table 10 Path Attributes

Setting up a Path on a SurePath Server

Paths are always hosted on a SurePath server. You can set up a path by logging on to a
SurePath server or in multi-server environments remotely from a central SurePath or Entuity
server. The process is the same:
 Enter the path definition, including the IPv4 addresses of the source and destination
devices.
 Discover the path.
 Review the discovered path against what you expected the path to be. When the path
taken is the expected path, save it as the reference path. All subsequent discovered
paths for this path definition will be compared to it and SurePath identifies any differences
to it. You can subsequently update the reference path to the current actual path.

To set up a path between two managed devices:

SurePath User Guide 39

Entuity Network Path Discovery

1) Click Administration > SurePath > Path Administration.

2) Click Add and specify the path.

Figure 17 Create a Path

3) Click OK.
SurePath immediately attempts to discover the path between the two devices. It may take
a few seconds to display the path.
The first time SurePath discovers a path it is both the:
 Actual path, the last discovered path.
 Reference path, the path subsequent discovered actual paths are compared to. By
default SurePath hides the reference path.

4) Review the path.
5) You can update the reference path to use the actual path by clicking Set As Reference.

SurePath User Guide 40

Entuity Set Topology Override Rules

Figure 18 Reference Path

Set Topology Override Rules

SurePath monitors paths between devices under its management or under the management
of its remote servers; SurePath can only monitor what it can see. When SurePath path
discovery returns a broken path it may determine the next hop, for example across a cloud,
or you can define a rule that creates a link to bridge the broken path.
You can supplement and override SurePath hops within a discovered path using:
 Layer 3 Route Rules
 Egress Interface Rules
 Logical Connections
 Physical Connections.

Each of the topology rules has its own management page through which you can:
 Use the Configure Columns function to control which columns are displayed.
 Click Add to open the rule editor through which you can then define a topology rule.
 Amend rules defined on the local SurePath server by highlighting a rule and then clicking
Edit to open the rule editor.
 View rules defined on remote SurePath servers, but to edit them you must login to that
server.

SurePath User Guide 41

Entuity Set Topology Override Rules

 Delete rules defined on the local SurePath server by highlighting a rule and then clicking
Delete.
You can enable and disable topology overrides and control how and when they apply.

Comparison of Physical and Logical connections

The physical and logical connection rules allow you to specify a direct link between
interfaces on two devices, for example to represent a cable connection. However these are
unidirectional links as you are specifying source and destination devices. You must specify
two connections and reverse the source and destination roles of the devices to represent
bidirectional links.
There are important differences between these two user defined connection types:
 Logical connections:
 The definition always resides on a SurePath server.
 Are intended only for assisting in path discovery. These connections are not available
to Entuity maps.
 Can make connections between devices managed by different servers.
An important use for logical connections is in multi-server environments to allow paths
that use devices managed by different servers. For example, if you have multiple Entuity
servers managing your network, then on the SurePath central server you must define
logical connections between connected devices that are under management of different
Entuity servers if they are to appear in the same path.
 Physical connections:
 The definition resides within the topology database of the server managing the source
and destination devices.
 Can assist in path discovery but is also available to Entuity maps.
 Can only make connections between devices managed by the same server.

Layer 3 Route Rules

You can amend discovered paths to reflect the known path of forwarded packets. You
manage layer 3 route rules by logging into the SurePath server on which they are defined
and then accessing the Layer 3 Routing page.

To access the Layer 3 Routing page click:

1) Administration > SurePath > Layer 3 Routing.

SurePath User Guide 42

Entuity Set Topology Override Rules

Figure 19 Layer 3 Routing

Figure 20 Layer 3 Route

Column Description
Name Display name of the layer 3 route.
Description Full description of the route, for example to describe its purpose.
Enabled Select to activate the override rule.
Priority The higher the number, the higher the priority. If you have defined two
override routes that are returning results, SurePath would use the override
with the higher priority.

Table 11 Layer 3 Route

SurePath User Guide 43

Entuity Set Topology Override Rules

Column Description
Usage When you select:
 Only use this rule if no route is provided by the device this route only
applies if SurePath cannot identify a forwarding path.
 Use this rule to override the route provided by the device SurePath
uses this path in preference to that discovered from the device. Select
this option when the discovered path is known to be incorrect.
Defined for the Applies the layer 3 route override to the selected device.
following devices
Applied for the Sets the context of when to apply the override. When set the override only
following path applies when the selected path has this device source.
sources
Applied for the Sets the context of when to apply the override. When set the override only
following path applies when the selected path has this device destination. You must specify
destinations at least one destination.
Next Hop IP Address Sets the next hop IP address.
Use destination IP Uses the destination IP address of the path as the next hop.
Address as the next
hop
Next Hop MAC Sets the next hop by the device’s MAC address. You only need to enter a
Address MAC address when transmission is over a layer 2 technology that uses MAC
addresses.
Output Interface Sets the outgoing interface.

Table 11 Layer 3 Route

To set a layer 3 route:

1) Click Administration > SurePath > Layer 3 Route.
2) Click Enable and enter the route name and description. You can also amend the route
priority and its usage.
3) Specify the device. Click Add and then you can:
 Enter the IPv4 management address of the device.
 Click Pick to Search for the device.

SurePath User Guide 44

Entuity Set Topology Override Rules

Figure 21 Device Browser

4) Select the node for the route. You can specify the node by selecting the:
 Particular managed device. If you have more than one SurePath or Entuity server
managing a device and you want to use a particular server, use this option.
 Device name which is the name used to manage the device.
 IP address of the device. When a device has more than one IP address select the one
you want to use.
 Network IP address. When a device has more than one IP address select the one you
want to use.

Figure 22 Node Selection

5) You can specify whether the route is:

 Associated with a particular path by specifying the path source and destination.
 Associated with potentially a less specific set of paths by only specifying a path
source or destination on which to match.
 Available for the selected device regardless of the path by not entering a path source
or destination.
6) Click OK.

SurePath User Guide 45

Entuity Set Topology Override Rules

Egress Interface Rules

You can set the outbound interface of the selected device with the destination address on the
remote device. You manage egress interface rules by logging into the SurePath server on
which they are defined, or a central server with access to that server, and then accessing the
Egress Interface page.

To access the Egress Interface page click:

1) Administration > SurePath > Egress Interfaces.

Figure 23 Layer 3 Routing

Figure 24 Egress Interface

SurePath User Guide 46

Entuity Set Topology Override Rules

Column Description
Name Display name of the rule, for example you could enter the egress interface
and its destination.
Description Full description of the rule, for example to describe its purpose.
Enabled Select to activate the override rule.
Priority The higher the number, the higher the priority. If you have defined two
override rules that are returning results, SurePath would use the rule with the
higher priority.
Usage When you select:
 Only use this rule if no egress interface is found on the device this
route only applies if SurePath cannot identify an outbound interface on
the device.
 Use this rule to override the egress interface found on the device
SurePath uses the interface defined within this rule in preference to that
discovered from the device.
Defined for the Applies the egress interface override to the selected device.
following devices
Applied for the Sets the context of when to apply the override. When set the override only
following path applies with paths with this device source.
sources
Applied for the Sets the context of when to apply the override. When set the override only
following path applies when the selected path has this device destination.
destinations
Next Hop IP Address Sets the next hop IP address.
Next Hop MAC Sets the next hop by the device’s MAC address. You only need to enter a
Address MAC address when transmission is over a layer 2 technology that uses MAC
addresses.
Output Interface Sets the outbound interface used with the rule.

Table 12 Egress Interface

Physical Connections
If SurePath does not discover all connections between devices, for example a cable
connection between devices, you can define a physical connection. Physical connections
are restricted to source and destination devices managed by the same server, you cannot
define physical connections between devices manged by different servers.
System administrators can create, edit and delete physical connections. All users can view
the physical connection within a map if they have permission to view the source and
destination devices.
You can manage connections through the Physical Connections page accessed by clicking
Administration > Inventory / Topology > Physical Connections. From this page you can:
 View existing connections, their definitions and whether they are enabled.
 Add new connections.

SurePath User Guide 47

Entuity Set Topology Override Rules

 Edit connections, for example change their enabled status.

 Delete connections.
h

 The source and destination device of a physical connection must be managed by the same
server. Also as the terms source and destination implies these are unidirectional links.

You can specify a direct link between interfaces on two devices for example to represent a
cable connection.

To define a physical connection:

1) Click Administration > Inventory / Topology > Physical Connections.

Figure 25 Physical Connections

2) Click Add.

Figure 26 View Physical Connection

Column Description
Name Display name of the rule, for example you could enter the names of the two
connected devices.
Description Full description of the rule, for example to describe its purpose.
Enabled Select to activate the rule.

Table 13 Physical Connections

SurePath User Guide 48

Entuity Set Topology Override Rules

Column Description
Priority The higher the number, the higher the priority. If you have defined two
override rules that are returning results, SurePath would use the rule with the
higher priority.
Usage When you select:
 Only use this rule if no connection is found in the database this rule
only applies if SurePath cannot identify a connection between the
interfaces.
 Use this rule to override the connection in the database SurePath
uses the defined connection within this rule in preference to that
discovered from the device.
From Device The source device of the path. Source device is managed by the same server
as the destination device.
From Interface The interface on the source device to which you want to associate the
physical connection.
To Device The destination device of the path. Destination device is managed by the
same server as the source device.
To Interface The interface on the destination device to which you want to associate the
physical connection.
Server Server to which the connection is saved. This is the same server as the
source and destination devices.

Table 13 Physical Connections

Logical Connections
You can specify a direct link between interfaces on two devices, for example to connect
devices managed by different Entuity or SurePath servers. However this is a unidirectional
link as you are specifying source and destination devices. You must specify two connections
and reverse the source and destination roles of the devices to represent a bidirectional link.
Logical connections are a SurePath only feature with their definitions always saved to a
SurePath server. Their main purpose is to allow you to manually define connections between
devices under management of different SurePath or Entuity servers. They are intended only
for assisting in path discovery, for example they are not available to Entuity maps.

To define a logical connection:

1) Click Administration > SurePath > Logical Connections.

SurePath User Guide 49

Entuity Set Topology Override Rules

Figure 27 Logical Connections

2) Click Add.

Figure 28 Add Logical Connection

Column Description
Name Display name of the rule, for example you could enter the names of the two
connected devices.
Description Full description of the rule, for example to describe its purpose.
Enabled Select to activate the rule.
Priority The higher the number, the higher the priority. If you have defined two
override rules that are returning results, SurePath would use the rule with the
higher priority.

Table 14 Logical Connections

SurePath User Guide 50

Entuity Set Topology Override Rules

Column Description
Usage When you select:
 Only use this rule if no connection is found in the database this rule
only applies if SurePath cannot identify a connection between the
interfaces.
 Use this rule to override the connection in the database SurePath
uses the defined connection within this rule in preference to that
discovered from the device.
From Device The source device.
From Interface The interface on the source device to which you want to associate the
physical connection.
To Device The destination device.
To Interface The interface on the destination device to which you want to associate the
physical connection.
Server SurePath server to which the connection is saved.

Table 14 Logical Connections

SurePath User Guide 51

4 Prepare for SurePath Install and Configure

To successfully run SurePath:

1) Prepare by following the guidance in this chapter.
2) Obtain a SurePath license. You can use the evaluation license shipped with the product
for 30 days. (See Chapter 10 - SurePath Licensing.)
You must provide to your SurePath supplier the host identifier of the machine to which
you want to install SurePath.
3) Prepare the ISO image:
 Download the compressed software and decompress it to an empty folder.
 Use third party software to handle the ISO image.
4) Install SurePath.
5) Configure SurePath.
6) Start SurePath.
7) Log into SurePath.
SurePath displays the Inventory page through which you can add devices to SurePath.

Preparing for SurePath

Installing and configuring SurePath is a straightforward process, that you can make easier
through careful preparation. The following actions are advised:
 Understand how you want SurePath to manage your network. Where you are installing
more than one SurePath server, or installing SurePath together with Entuity servers, you
may want to assign servers different roles, e.g. central server, device manager.
 Ensure that the machine you are installing to meets your requirements. These may vary
according to the server’s role. (See Appendix D - Entuity SurePath Server Sizing.)
 Install SurePath to its own machine. Sharing a machine with other resource intensive
software may lead to performance issues. Similarly you should disable:
 Automatic upgrades that could interfere with server performance and availability, e.g.
Windows Automatic Update can cause a PC reboot.
 Anti-virus software from scanning the database directories. Anti-virus software can
disrupt the performance of the database, potentially resulting in its corruption.
 Check the firewall on the machine permits running of the ICMP ping application. For
example in Windows firewalls you may have to enable the Echo Request inbound rules.
 Install SurePath to a machine with a static IP address.
 Ensure that you have the appropriate tools, e.g. compression and ISO image software,
and disk space for downloading and installing from an electronic distribution. (See
Preparing to Install SurePath.)

SurePath User Guide 52

Entuity Install and Configure Login Privilege Requirements

 Obtain from your supplier of SurePath a valid license file. The shipped evaluation license
is only valid for thirty days. In Windows and Linux environments you must provide the
machine’s host identifier. (See Chapter 10 - SurePath Licensing.)
 Complete the configuration worksheet which will help you answer the prompts during
configuration. (See Appendix A - Entuity SurePath Checklist.)
 Ensure that the SurePath server is on any required firewall access list. For example, if
SurePath is managing devices it requires firewalls configured to allow it SNMP and ICMP
polling access to your network.
 Ensure that any security modules have the correct policies for the SurePath server. For
example, not configuring SELinux to permit SurePath to use SSL port 443 could result in
the shutdown of the SurePath web server were SurePath to be configured to use SSL.
 Check that the default TCP ports SurePath uses do not conflict with your current
environment. You can amend these defaults during the SurePath configuration but it is
recommended that the default settings are retained, when possible.

Port Purpose
80 Web server port for access to SurePath.
You must specify a different web server port if you already have another web
server on port 80.
443 Web server port for access to SurePath when using SSL.
You must specify a different web server port if you already have another web
server on port 443.
3306 Port number on which the database server listens.
19193 Event Request Listener IP port on which you want the event management process
to listen for incoming requests for events.
19194 Event Receiver IP port on which you want the event management process to listen
for incoming requests for events.
8080 Tomcat Server Port.
8005 Tomcat Server Administration Port.

Table 15 Default Port Settings

Install and Configure Login Privilege Requirements

SurePath install and configure require privileged (e.g. root, administrator) access. You
should therefore log in appropriately before running SurePath install and configure.
The installation and configuration processes can then create the required directories, set up
ownerships for processes that need special privileges and, in Windows, configure Windows
Services. For example the webserver, if left on the default TCP port 80, and the trap daemon
require UDP port 162, on which only root processes can listen.
Following installation, privileged access is not necessary to run SurePath because processes
requiring such access will have been accorded the required permissions during installation.

SurePath User Guide 53

Entuity Supported SNMP Versions

Supported SNMP Versions

Entuity Support recommend SurePath manages devices that have enabled an SNMPv3
agent, an SNMPv2c agent or both SNMPv1 and SNMPv2c (SNMPv1/v2c) agents. SurePath
can manage devices that are only enabled for SNMPv1.

SNMPv3 Engine Identifier

SNMPv3 devices have an engine identifier which is used when polling the device and for
determining the source of a trap. SurePath checks that the SNMPv3 agent of all of the
devices it takes under management have unique engine identifiers.
SurePath does not add a device with the same engine identifier if one is already under its
management. From the Inventory page the tooltip of the Managed Status icon identifies the
cause of the failure and the already managed device with the same engine identifiers.
proliferate also writes an error message to proliferate.log.

Figure 29 Duplicate SNMPv3 Engine Identifiers

If SurePath manages an SNMPv3 device that is reconfigured with an engine identifier already
used by another device also managed by that server SurePath raises an SNMP v3 Duplicate
Engine ID event. The event indicates that two or more devices under management now have
the same SNMPv3 engine identifier. You should reconfigure one of the devices with a new
unique engine identifier.

SSL Requirements
When using SSL you must decide who will authorize your SSL certificates. Many companies
specialize in this and they will guide you through the certificate generation process. There
are also utilities, not supplied with SurePath, that allow you to generate your own SSL files.
However the files are created, you first generate a Certificate Signing Request (CSR) using
Apache Mod_SSL/OpenSSL (consult the Apache documentation for details). This process
creates the:

SurePath User Guide 54

Entuity Operating System Environment Specific Considerations

 SSL Private Key that you must keep safe.

 CSR that must be authorized. There are two approaches to authorization:
 Through a Certificating Authority. This is a recognized authority which provides you
with a CA certificate. The more established authorities are trusted by internet
browsers, Apache server, Apache Tomcat. You can then generate SSL certificates
which are authenticated as they reference the CA certificate.
 You become your own certificating authority. The first time a user accesses SurePath
through a browser they are warned that the authority is unknown. Users can add the
certificate to their list of trusted certificates.
The authority generates from the CSR the SSL certificate.
Once the SSL file creation process is complete you can include these files during SurePath
configuration:
 SSL Certificate.
 SSL Private Key.
 SSL CA Certificate is only required when you are using a Certificating Authority to
authenticate your SSL certificates. Do not use this option when using self certified
certificates as it may prevent SurePath from running.
The CA certificate is issued by certificating authorities, the larger authorities are
recognized by your browser. CA certificates act as the root certificate, from which you can
generate SSL Certificates.
When a browser connects to SurePath and it recognizes the certificating authority, the
user can access SurePath. When the authority is not recognized SurePath checks the
validity of the CA certificate for:
 A valid certificate. SurePath prompts you to add the certificate to the browser’s list of
trusted root certificates.
 An invalid certificate. SurePath server runs but httpd does not.
Entuity recommends the SSL Certificate, SSL Private Key and SSL CA Certificate files are
installed to entuity_home\etc.
h

 When the SurePath server starts it checks the SSL files are of the expected format. If they are,
for example, corrupt or if there is a CA certificate from an unrecognized authority SurePath
will not start.

Operating System Environment Specific Considerations

SurePath is certified to run in Windows and Linux environments. The following sections
identify operating system configurations either required for SurePath to run, or
recommended to improve its performance:
 Linux Packages Required for SurePath
 Linux Maximum Number of Processes per Non-Root User
 Linux Name Service Cache Daemon

SurePath User Guide 55

Entuity Operating System Environment Specific Considerations

 Linux Server Time Zones

 Linux Arena Allocation Configuration
 Windows Maximum Port Usage Requirements
 Windows Firewall Requires Port Registration.

Linux Packages Required for SurePath

When installing SurePath to Red Hat Linux 6 or Oracle Linux 6 it requires that a particular set
of 64-bit packages are already installed, see Table 16 Additional Packages Required for
SurePatht.

Linux Packages
alsa-lib.x86_64 glibc.x86_64 libaio.x86_64 libgcc.x86_64
libgcrypt.x86_64 libgpg-error.x86_64 libICE.x86_64 libSM.x86_64
libstdc++.x86_64 libuuid.x86_64 libX11.x86_64 libXau.x86_64
libxcb.x86_64 libXext.x86_64 libXi.x86_64 libxml2.x86_64
libxslt.x86_64 libXtst.x86_64 libXt.x86_64 ncurses-libs.x86_64
nss-softokn-freebl.x86_64 rpcbind.x86_64 zlib.x86_64

Table 16 Additional Packages Required for SurePatht

Check for Required Packages

To check if a package is installed, from the server command line you can use the RPM
Package Manager (RPM). For example, port mapper must be installed and running for
SurePath to use unassigned ports for its internal communication, e.g. with its licensing
functions.
To check if the rpcbind.x86_64 package is installed, from the server command line enter:
rpm –q rpcbind.x86_64
When the package is:
 Not installed RPM returns:
rpcbind.x86_64 is not installed
 Installed RPM returns full details of the package, for example:
rpcbind-0.2.0-9.el6.x86_64

You can also check all of the packages through one instruction. The following example:
 Does not include the packages required for the BMC integrations.
 Can be copied and pasted to the command line as it includes the multi-line indicator \ .

for i in alsa-lib.x86_64 glibc.x86_64 libaio.x86_64 libgcc.x86_64 \

libgcrypt.x86_64 libgpg-error.x86_64 libICE.x86_64 libSM.x86_64 \
libstdc++.x86_64 libuuid.x86_64 libX11.x86_64 libXau.x86_64 \
libxcb.x86_64 libXext.x86_64 libXi.x86_64 libxml2.x86_64 \
libxslt.x86_64 libXtst.x86_64 libXt.x86_64 ncurses-libs.x86_64 \

SurePath User Guide 56

Entuity Operating System Environment Specific Considerations

nss-softokn-freebl.x86_64 rpcbind.x86_64 zlib.x86_64; \

do rpm –q $i ;done

Install Missing Required Packages

h

 You should consult the Linux documentation before installing the missing required
packages.

You must install any missing packages to the server before installing SurePath:
 Red Hat Linux users must register their system with Red Hat Network to receive updates.
 Oracle Linux users can obtain the required packages from Oracle Public Yum Server.
You can use the command line package utility Yellowdog Updater, Modified (YUM) to install
missing packages. You can install all packages through one instruction. The following
example:
 Does not include the packages required for the BMC integrations.
 Can be copied and pasted to the command line as it includes the multi-line indicator \ .

yum install alsa-lib.x86_64 glibc.x86_64 libaio.x86_64 libgcc.x86_64 \

libgcrypt.x86_64 libgpg-error.x86_64 libICE.x86_64 libSM.x86_64 \
libstdc++.x86_64 libuuid.x86_64 libX11.x86_64 libXau.x86_64 \
libxcb.x86_64 libXext.x86_64 libXi.x86_64 libxml2.x86_64 \
libxslt.x86_64 libXtst.x86_64 libXt.x86_64 ncurses-libs.x86_64 \
nss-softokn-freebl.x86_64 rpcbind.x86_64 zlib.x86_64

rpcbind Service
The rpcbind package is the Linux RPC port mapper. SurePath uses the portmap
(rpc.portmap, portmap or rpcbind) service to obtain unused ports for its internal
communications. For example, if the port mapper is not installed and running the licensing
functions cannot run without access to available ports and therefore SurePath cannot run.
After confirming the presence of, or installing the rpcbind package, you should check that
the rpcbind service is running. By default rpcbind only starts when the server boots up.

To check if rpcbind is running enter:

service rpcbind status

 When the service is not running Linux returns:

rpcbind is stopped

 When the service is running Linux returns:

rpcbind (pid nnn) is running ...

To start rpcbind enter:

service rpcbind start

You should also ensure it is started every time the server starts:

SurePath User Guide 57

Entuity Operating System Environment Specific Considerations

chkconfig rpcbind on

Linux Maximum Number of Processes per Non-Root User

You can run SurePath using a non-root user account, however Red Hat Linux 6 and Oracle
Linux 6 default the maximum number of processes per non-root user to 1024. SurePath
requires a higher limit; a recommended value of 4096.
From the server command line you can run ulimit to check the current value of max user
processes:
ulimit -a

To set the maximum number of processes per non-root user:

1) From /etc/security/limits.d/90-nproc.conf amend the soft nproc value to
4096 :
* soft nproc 4096

2) After you amend the parameter restart the Linux server to apply the change.
3) From the server command line you can run ulimit to check the value of max user
processes is now set to 4096.

Figure 30 Check Maximum Number of User Processes

Linux Name Service Cache Daemon

Entuity Support recommend nscd (Name Service Cache Daemon) is running on the
SurePath server. nscd maintains caches for passwd, group and, most importantly for
SurePath performance, host lookups.
In Linux Red Hat and Oracle Linux you may have to install and configure the nscd service.
To check if the package nscd.x86_64 is installed, from the server command line enter:
rpm –q nscd.x86_64

SurePath User Guide 58

Entuity Operating System Environment Specific Considerations

You can use YUM to install the package:

yum install nscd.x86_64

Once installed, edit /etc/sysconfig/nscd.conf to enable cache hosting:

enable-cache hosts yes

Once it is installed start the service:

service nscd start

You should also ensure it is started every time the server starts:
chkconfig nscd on

Linux Server Time Zones

When the TZ environment variable is not set on Linux servers, the servers use the default
time zone, GMT. When GMT is not the server’s time zone this causes data synchronization
problems in certain reports. For example running a report in EST to show port utilization of
switches from 07:00-19:00 the report would actually cover from 10:00-22:00.

Linux Arena Allocation Configuration

By default SurePath limits the total number of arenas its threads can use on its server to 16.
On servers with many cores this prevents SurePath, from an administrator’s perspective,
allocating itself an unexpectedly large memory resource. Linux arenas are allocated memory
in 64mb chunks, as a minimum.
When you have available memory, you can improve SurePath performance by allocating
more memory resource. The limit on the number of arenas associated with SurePath is set in
entuity.cfg, through mallocArenaMax. For example to double the number of arenas
specify:
mallocArenaMax=32
h

 You should consult with your Linux administrator when calculating the number of arenas to
permit to SurePath.

Windows Maximum Port Usage Requirements

The SurePath server continually uses and releases sockets, for example when running
prole. These sockets once released only become free again after a time-out period. When
running the SurePath server in a Windows environment and monitoring large networks the
default maximum number of ports maybe reached. Without available sockets SurePath
performance is severely impacted. For example the creation of new prole processes is
prevented and so data collection becomes unreliable.
In Windows, Entuity recommend the registry key value MaxUserPort is set to 0x0000FFFE
(65534). SurePath configure checks the current value of MaxUserPort, and when it is not

SurePath User Guide 59

Entuity Operating System Environment Specific Considerations

set to the maximum value, prompts you to authorize configure to amend it. Alternatively
you can ignore the prompt and manually edit MaxUserPort value, setting:
 Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
 Type: REG_DWORD
 Value: 0x000fffe (65534).
h

 Care should always be taken when changing your system registry.

Windows Firewall Requires Port Registration

The Windows Firewall identifies listening ports on the SurePath server as possible security
risks. This impacts SurePath in two ways:
 During SurePath configuration the firewall displays a warning message about the Java
process. Clicking on the Unblock option allows SurePath configuration to safely continue.
 Before starting the SurePath server you must register the ports that the server uses to
communicate with the network devices.
You should also configure a firewall custom rule, to allow through all inbound ICMP traffic
to the SurePath server; inbound ICMP traffic is used by autoDiscovery processes.
Registration is completed by opening from the Control Panel the Windows Firewall
function and then viewing the Exceptions tab. Register each port as an exception.

Port Name Default Value

Web SSL TCP 443
Web TCP 80

Table 17 SurePath Ports Requiring Windows Firewall Registration

SurePath User Guide 60

5 Install the SurePath Server

Installing the SurePath server to a Windows environment is performed through a Java based
installer. The Java installation is included with the software and does not overwrite any
previous Java installation on your system. A series of screens guide you through the
installation, online help is available by clicking on Help. You can also use Back and Next to
move backwards and forwards through the installation process.
Installing the SurePath server to a Linux environment is from the command line, this option is
also available in Windows environments. (See Installing SurePath from the Command Line.)
Once you have successfully installed the server you must configure it before it can run.

Overview of SurePath Installation

Before installing SurePath ensure you have read and understood the requirements detailed
in Chapter 4 - Prepare for SurePath Install and Configure and checked that all other
applications are shut down, including any previous installations of SurePath.
Through install you can:
 Specify the folders SurePath uses to build the database and locate the log files.
 Review the Summary page before starting the SurePath installation.

Figure 31 SurePath Install Process

SurePath User Guide 61

Entuity Installing SurePath Using the Install Wizard

Installing SurePath Using the Install Wizard

Through the installation wizards the buttons present standard functionality. Click:
 Next to display the next window.
 Back to display the previous window.
 Help to display context sensitive help.
 Cancel to cancel the install.
 Browse to open a dialog to browse through the directory structure.
h

 SurePath is distributed as a compressed DVD ISO image. You must mount or burn the ISO
image before SurePath can be installed. (See Preparing to Install SurePath.)

To install SurePath:
1) Run install from a Windows server, e.g. click Start > Run..., from the Run dialog
browse for the image root and select install. install starts the SurePath Server
Install wizard, displaying the Welcome page.
Read the Installation Welcome screen and then click Next.

Figure 32 SurePath Install Welcome Screen

2) install displays the SurePath license agreement. Read the license agreement.
Click Agree and Next to install SurePath.

SurePath User Guide 62

Entuity Installing SurePath Using the Install Wizard

Figure 33 SurePath License Agreement

3) install displays the Installation Location page.

By default, SurePath is installed to C:\Entuity. You can install to an alternative location
but the directory structure must not include spaces.
Once you have defined the destination, click on Next. If the folder:
 Exists, install warns you the software is already installed and prompts you to
confirm that you want to overwrite (Yes) the previous installation, or not (No). When
you confirm it can be overwritten, install then prompts you to preserve the existing
data (Yes), or delete the existing data (No) although backups are preserved.
 Does not exist, install prompts you to confirm the creation of the install folder.

SurePath User Guide 63

Entuity Installing SurePath Using the Install Wizard

Figure 34 Set the SurePath Install Folder

4) install displays an installation progress screen and finally whether the installation has
successfully completed. If the installation:
 Failed check the displayed messages. You can find the install log file in
c:\Documents and Settings\UserName\Local
Settings\temp\EYEInstall.log.
 Succeeded SurePath displays the host identifier of the server machine. When you
want to purchase a license you must provide this identifier to your SurePath supplier.
However, you can configure and then run SurePath using the thirty day evaluation
license shipped with SurePath.
h

 When install and then configure successfully complete, configure copies their log
files, EYEInstall.log and EYEConfigure.log, to the SurePath log folder.

SurePath User Guide 64

Entuity Installing SurePath from the Command Line

Figure 35 Install Completion Including Host Identifier

Installing SurePath from the Command Line

SurePath is installed on Linux systems from the command line. In Windows environments by
default install runs through a wizard, however you can also run install from the
command line.
A series of prompts guide you through the installation. Press <Return> to enter each
command, default values are displayed in the prompt, within brackets, e.g.:
Proceed [no]>
To exit the install enter q and press <Return>.
To install SurePath you must be logged in as root or as a user with administrator
permissions:
1) Run install from the command line. install is available at the root of the SurePath
software:
 In Linux environments enter:
./install
 In Windows environments enter:
install text
install displays the welcome and copyright messages.

2) install prompts for you to accept the license terms and proceed:

SurePath User Guide 65

Entuity Installing SurePath from the Command Line

Proceed? [no]>
Enter Y to proceed.

3) install prompts you for the Destination directory, by default /Entuity. It is the
directory to which SurePath is installed, referred to in the documentation as entuity_home.
You can enter a different destination, including one that does not exist as install
should be run with a user account with permissions to create folders. The destination
location name must not include spaces.
If the specified directory:
 Exists and does not contain a previous SurePath installation then, provided that the
name is valid, install continues from step 6).
 Exists and SurePath was previously installed to it, install prompts you to confirm
that you want to proceed. If you answer n, you are returned to step 3). If you answer y
install continues from step 4).
 Does not exist, install prompts you to confirm that you want to create the named
directory. If you answer n, you are returned to step 3). If you answer y, install
creates the directory and install continues from step 4).

4) install prompts you to confirm that you want to proceed:

The software is already installed
Do you want to continue? [no]
If you answer:
 n install raises a log file, displays its location and quits the installation.
 y install continues from step 5).

5) Install checks whether you want to keep the existing database:

Do you want to preserve the existing data?
If you answer NO the existing working data will be completely removed.
Note that the database backup directory will be preserved.
Preserve existing data? [yes]

6) install copies the SurePath server software components to the destination directory. It
updates the display to report the progress of the copy.
Do you want to preserve the existing data?
If you answer NO the existing working data will be completely removed.

7) Once installation is complete install displays the host identifier of the server machine.
When you want to purchase a license you must provide this identifier to your SurePath
supplier. However, you can configure and then run SurePath using the evaluation license
shipped with SurePath.

SurePath User Guide 66

Entuity Installing SurePath from the Command Line

If the install fails you can find the install log file in /tmp/EYEInstall.log.
h

 When install and then configure successfully complete, configure copies their log
files, EYEInstall.log and EYEConfigure.log, to the SurePath log folder.

8) You now have the option to launch configure.

SurePath User Guide 67

6 Configure the SurePath Server

You can only configure SurePath after install has successfully completed. Configuring the
SurePath server in a Windows environment is through a Java wizard or from the command
line. In Linux environments only the command line option is available.
Following the initial configuration of SurePath, you can run the configuration procedure as
often as is required to customize your system.

Overview of the SurePath Server Configuration

Before you run SurePath configure:
 Ensure SurePath install completed successfully.
 Confirm the license meets your requirements.
You can use the evaluation license for thirty days. For a full license contact your SurePath
representative. You must then copy it to your license file location, by default
entuity_home\etc\license.dat. (See Chapter 10 - SurePath Licensing.)
 Ensure you are aware of SurePath server firewall port registration requirements.
 When using SSL copy the SSL files to entuity_home\etc. (See SSL Requirements.)
h

When reconfiguring SurePath always shutdown SurePath server before starting configure.
! (See Chapter 8 - Startup and Shutdown SurePath.)

The SurePath configuration process, configure:

 Configures the SurePath software, for example:
 MariaDB database settings.
 Security settings.
 Sets the ports that SurePath uses, e.g. for its event viewer, database.
 Sets up necessary services.
 Allows you to select the license file.

SurePath User Guide 68

Entuity Configuring SurePath Using the Configure Wizard

Figure 36 SurePath Configure Process

Configuring SurePath Using the Configure Wizard

The SurePath configuration wizard is only available in Windows environments. It has the
same interface as the installation wizard.

Button Description
Next Displays the next window.
Back Displays the previous window.
Help Displays context sensitive help.
Cancel Cancels the configuration.

Table 18 Install and Configure Wizard Buttons

SurePath User Guide 69

Entuity Configuring SurePath Using the Configure Wizard

Button Description
Browse Opens a dialog to browse through the directory structure.
Restore Redisplays the original default.
Help Displays the context sensitive help.

Table 18 Install and Configure Wizard Buttons

To configure SurePath:
1) From entuity_home\install double-click on configure. configure checks that
SurePath is not running, and would display a warning message if it were, otherwise
configure opens the SurePath Server Configuration wizard.
2) When the registry key value MaxUserPort is not set to 0x0000FFFE (65534) this risks
causing problems in SurePath performance. You can manually set the key, or when you
run configure use the Window Registry page to set this value (the default setting).
Permit or deny configure to amend MaxUserPort and click Next.

Figure 37 Automatic Registry Change

3) In the Choose Configuration Folders page specify the database and log file directories.
When you have specified the folders click Next.

SurePath User Guide 70

Entuity Configuring SurePath Using the Configure Wizard

Directory Description
Database installation The folder for the SurePath database. The default is
entuity_home\database\data.
Database Backup The folder for the database backup. The default is
entuity_home\database\backup.
Log The folder to where SurePath writes all of its associated log files. The default
is entuity_home\log.

Table 19 Database and Log Directories

Figure 38 Specify Database and Log Directories

4) When running configure on an existing SurePath server configure prompts you to

retain or delete the existing database. By default SurePath selects to retain the database.
Choose whether you want to delete or retain the existing database and then click Next.
5) configure:
 Displays the host identifier of the SurePath server, which your SurePath contact
requires to generate a valid license.
 Prompts you to confirm or amend the name and location of the license file. The
evaluation license is valid for thirty days from installation, by default
entuity_home\etc\license.30day.eval.dat.
When you have specified the SurePath license file click Next.

SurePath User Guide 71

Entuity Configuring SurePath Using the Configure Wizard

Configure validates the license file, validation may take thirty seconds. Configure
raises an error if the license does not exist or is invalid. You cannot complete SurePath
configuration without a valid SurePath license.

Figure 39 SurePath License File Location

6) configure displays the Server configuration page.

Click Next.

Attribute Description
Hostname SurePath by default includes the hostname of the SurePath server. This is a
mandatory field.
Use SSL Select to activate SSL for sessions between your SurePath server and
Communication browsers. This is not mandatory and is only normally required in environments
requiring a highly secure environment. Specify your SSL certificate and key
files:
 SSL Certificate File
 SSL Private Key
 SSL CA Certificate (optional).
Entuity recommend these files are installed to entuity_home/etc.
Redirect HTTP to Select for the SurePath web server to automatically redirect wrongly entered
HTTPS HTTP URLs to HTTPS.

Table 20 Server Configuration

SurePath User Guide 72

Entuity Configuring SurePath Using the Configure Wizard

Attribute Description
Change Database Select to enter a new root password. You would normally only change the
Root Password database root password when mandated by a security team/department. It is
important to record the setting as it might be needed by the SurePath Support
team.
Check and Repair Database Validation is not run when you first install SurePath (there is no
Database database that requires validation). However when configure is re-run you
may want to initiate a database check. Select this option and then:
 Quick Check, which is the default when there is an existing database but
no mysql.error.log (which is usually the case when running an
Entuity upgrade). configure runs dbcheck -F to run a fast check for
tables that were not properly closed.
 Full Check Private Key. configure runs dbcheck -E, dbcheck runs a
full key lookup for all keys for each row which ensures that the table is
100% consistent. This is an extended database check and, depending on
the size of the database, may take a significant length of time to complete.
If the SurePath database fails the validation check configure stops.

Table 20 Server Configuration

h

 You must source your own SSL certificate and decide who will authorize it. There are
specialist companies you can use, alternatively there are utilities, not supplied with SurePath,
that allow you to generate your own SSL files.
However you create the SSL files you first generate a Certificate Signing Request (CSR)
using Apache Mod_SSL/OpenSSL (consult the Apache documentation for details). This
process creates the SSL Private Key that you must keep safe and CSR that must be
authorized. Authorization is through an outside, recognized authority or there are utilities that
allow you to become your own certification authority. The authority generates from the CSR
the SSL certificate.

SurePath User Guide 73

Entuity Configuring SurePath Using the Configure Wizard

Figure 40 Configure SurePath for SSL

7) configure displays the Ports Configuration page through which you can select:
 Use preselected port numbers, that is the default setting which assigns to SurePath
and its processes the default ports.
 Modify port numbers. configure subsequently displays additional pages through
which you can amend the default TCP port numbers of SurePath processes. You
should only amend the default TCP port settings with good reason.
When you have specified the ports configuration settings click Next.

SurePath User Guide 74

Entuity Configuring SurePath Using the Configure Wizard

Figure 41 Specify Port Numbers

8) Only when you have selected to modify the default port settings, or SurePath has
identified a port conflict, does configure display the current list of ports. Port numbers
that have a green background are valid, ports with a red background indicate a port
conflict that requires attention.
You can enter new port numbers directly into the text field, and use Test to verify the port
is available. Alternatively use Suggest and configure identifies the next available port
number.
Excluding Web Port, port numbers must be in the range 1025 to 65535. The defaults are
reasonable choices. You have another chance to change your selections when the
summary is displayed at the end of the wizard.

When you have specified the port settings click Next.

Attribute Description
Database Port The IP port on which you want the database server mysqld to listen. The
default is port 3306.
Web Port The IP port on which you want the web server httpd to listen. The defaults
are port 80 for non-secure access and port 443 for SSL.
Event Request IP port on which you want the event management process to listen for
Listener Port incoming requests for events, for example from the event viewer, from
subscribed third party integrations. The default is port 19193.
Event Receiver Port Event Receiver IP port on which you want the event management process to
listen for incoming requests for events, for example system events, trap-
based events, syslog events. The default is port 19194.
Tomcat Port The port used by the application server Tomcat. The default is port 8080.
Tomcat Admin Port The port used to access and managed the application server Tomcat. The
default is port 8005.

Table 21 SurePath Ports

9) configure prompts for the user account which is to have the privileges required to start,

SurePath User Guide 75

Entuity Configuring SurePath Using the Configure Wizard

stop and reconfigure SurePath, by default root.

When required enter a different username (that must already exist), alternatively accept
the currently set username.
Click Next.
10) configure displays a summary of your configuration settings. This is the final
opportunity to amend, or cancel, your SurePath configuration selections.
Click:
 Cancel to abandon the configuration.
 Back to move back through the configuration wizard pages and adjust your settings.
 Configure to start SurePath configuration.

Figure 42 Final Configuration Check

11) configure displays a configuration progress page. This may take some time, with the
running of the StormWorks configuration on its own taking a couple of minutes.

SurePath User Guide 76

Entuity Configuring SurePath from the Command Line

Figure 43 Configuring SurePath

12) configure displays whether the configuration has successfully completed. If

configuration:
 Failed check the Java command window to see at which stage it halted. You may
need to provide your Support contact with these log files, EYEConfigure.log and
dsKernelStatic.log, from your SurePath log file folder.
 Succeeded take an initial backup of the system. (See Chapter 12 - Back Up the
SurePath Data.)

13) Start SurePath. (See Chapter 8 - Startup and Shutdown SurePath.)

Configuring SurePath from the Command Line

SurePath is configured on Linux systems from the command line. In Windows environments
by default configure runs through a wizard, however you can also run configure from
the command line. configure is installed to entuity_home\install. configure is called
by install but you can also run it separately, for example when you want to apply a
change in the configured setup.

To configure SurePath:
1) From entuity_home run configure:

SurePath User Guide 77

Entuity Configuring SurePath from the Command Line

 in Linux environments enter:

./install/configure

 in Windows environments enter:

\install\configure text

configure starts and displays the operating system and the host identifier.
2) configure prompts for the location of the SurePath database:
Database Directory [/Entuity/database/data]>
Either press <Return> to accept the default, or enter an alternative destination, without
spaces, and press <Return>. If the path does not exist, then you are prompted to
confirm that you want to create a new directory.
3) When performing a reconfiguration configure prompts you to delete the existing
database or create a new one:
Would you like to delete the existing database and create a new one?
[no]>
Either press <Return> to accept the existing database, or to create a new database
enter Yes, and press <Return>.
4) configure prompts for the location of the backup folder of the SurePath database:
Database Backup Directory [/Entuity/database/backup]>
Either press <Return> to accept the default, or enter an alternative destination, without
spaces, and press <Return>. If the path does not exist, then you are prompted to
confirm that you want to create a new directory.
5) configure prompts for the location of the log directory:
Log Directory [/Entuity/log]>
Either press <Return> to accept the default, or enter an alternative destination, without
spaces, and press <Return>. If the path does not exist, then you are prompted to
confirm that you want to create a new directory.

6) configure prompts you to create the log directory:

Do you want to create the log Directory [no]>
Enter y to create the directory.

7) configure prompts for the location of the license file:

License File [/Entuity/etc/license.dat]>
Either press <Return> to accept the default, or enter an alternative destination, without
spaces, and press <Return>. If the path does not exist, then you are prompted to
confirm that you want to create a new directory.

SurePath User Guide 78

Entuity Configuring SurePath from the Command Line

If the license file is empty configure prompts you to create it. If you answer n followed by
<Return>, you are returned to step 7). If you answer y followed by <Return>, then a
text editor is opened to allow you to save text into it.
configure validates the license file, raising an error if the file does not exist or is invalid.
You cannot complete SurePath configuration without a valid SurePath license.

8) In Hostname SurePath by default includes the hostname of the SurePath server. This is a
mandatory field.
9) By default SSL is not activated. Enter Y to the Use SSL Communication prompt, and
enter the full name and path details of your SSL key and certificate files:
Use SSL Communication? [no]> y
SSL Certificate File []> C:\Entuity\etc\ssl-server.cer
SSL Private Key File []> C:\Entuity\etc\ssl-server.key
SSL CA Certificate File (optional) []> C:\Entuity\etc\root-cacert.cer

10) configure prompts for a change to the default database password:

Change Database Root Password?
11) configure prompts you to run a database validation and possible repair.
Database Validation is not run when you first install Entuity (there is no database that
requires validation). However when configure is re-run you may want to initiate a
database check. Select this option and then:
 Quick Check, which is the default when there is an existing database but no
mysql.error.log (which is usually the case when running an upgrade).
configure runs dbcheck -F to run a fast check for tables that were not properly
closed.
 Full Check. configure runs dbcheck -E, dbcheck runs a full key lookup for all
keys for each row which ensures that the table is 100% consistent. This is an
extended database check and, depending on the size of the database, may take a
significant length of time to complete.
If the Entuity database fails the validation check configure stops.
12) configure prompts you to accept or modify the default ports used by SurePath:
Use pre-selected port numbers [Yes]>
When you enter n, configure prompts you for each port number. Ports should be in the
range 1025 to 65535 (except for the web port, which can be 80):
Database Port [3306]>
Web Port [80]>
Event Request Listener Port [19193]>
Event Receiver Port [19194]>
Tomcat Port [8080]

SurePath User Guide 79

Entuity Configuring SurePath from the Command Line

Tomcat Admin Port [8005]

Attribute Description
Database Port The IP port on which you want the database server mysqld to listen. The
default is port 3306.
Web Port The IP port on which you want the web server httpd to listen. The defaults
are port 80 for non-secure access and port 443 for SSL.
Event Request IP port on which you want the event management process to listen for
Listener Port incoming requests for events, for example from the event viewer, from
subscribed third party integrations. The default is port 19193.
Event Receiver Port Event Receiver IP port on which you want the event management process to
listen for incoming requests for events, for example system events, trap-
based events, syslog events. The default is port 19194
Tomcat Port The port used by the application server Tomcat. The default is port 8080.
Tomcat Admin Port The port used to access and managed the application server Tomcat. The
default is port 8005.

Table 22 SurePath Ports

13) configure prompts for the user account name of the user who is to have the privileges
required to start, stop and reconfigure SurePath:
User [root]>
Either press <Return> to accept the default root, or enter a valid user ID and press
<Return>.

14) configure displays the parameter settings and prompts you to continue the
configuration:
Do you want to continue? [no]>
Either press <Return> to halt the configuration, or enter y and press <Return> to
implement it.
15) When configuration is complete configure displays:
Configure completed successfully
Press <Return> to return to the entuity_home directory.

16) The first time you complete SurePath configuration you should take an initial backup of
the system. (See Chapter 12 - Back Up the SurePath Data.)
17) Start SurePath. (See Chapter 8 - Startup and Shutdown SurePath.)

SurePath User Guide 80

7 Device Management

In many installations SurePath will not manage any devices instead it will act as a central
server and use the inventories of its remote servers when managing paths. Remote servers
may be other SurePath servers or Entuity servers.
h

 If the SurePath central server is not to be used to directly manage devices then you are not
required to read the Device Management chapter.

Overview of Device Management

Precise, reliable inventory is the cornerstone of network management. An Entuity SurePath
server provides auto discovery capabilities that automatically find and capture device
information on the network. Continual refreshes keep inventory data up-to-date.
For SurePath to manage a device its management interface must be available for ICMP ping.
For SurePath to collect SNMP data a device’s SNMP agent must be correctly configured,
allowing SurePath to collect appropriate data using read-only access permission.
Out of the box SurePath offers a wide range of managed device data models, these device
support datasets are delivered through vendor files. Device support datasets define the
attributes of each managed element, its device type, its possible dependencies in relation to
other elements of the network, and the specific details to retrieve for each element. This
comprehensive library streamlines modeling and ultimately shows exactly what you own,
where it is deployed and how it is connected.
You can place devices under SurePath management using:
 Auto Discovery, where you specify the parameters autoDiscovery uses when finding
devices on your network. (See Adding Devices Using Auto Discovery.)
 Import, to import devices specified in the selected device file. (See Importing Devices
Using a Device File.)
 Add, to specify individual devices. (See Adding a Single Device.)

With Import and Auto Discovery you have the option of reviewing the discovered devices
before adding them to SurePath. You can therefore select which candidate devices to add,
you can also amend the management level of a device.
After adding devices to SurePath you still can subsequently add, amend and delete
managed objects from the SurePath inventory.
Every device under SurePath management is managed according to its management level,
which is set when the device is added to SurePath. A device’s default management level is
partly determined by its device type. SurePath recognizes a device type through its sysOID,
using it to associate the device with a device support dataset definition. These device
support dataset definitions are defined in vendor files.
Each managed device has a licensing cost. (See Chapter 10 - SurePath Licensing.)

SurePath User Guide 81

Entuity Overview of Device Management

Device Management Levels

SurePath manages devices using one of five management levels. The management interface
of all devices under SurePath management must be available to ICMP Ping. SurePath uses
ping information to calculate reachability for the device. When the management interface has
ping disabled SurePath reports latency and reachability as Unknown.

Level Description
Full SurePath fully manages the device and all of its interfaces.
Full (Mgmt Port SurePath fully manages the device but only manages the management
Only) interface.
Full Management SurePath fully manages the device but does not maintain any port level
(No Ports) information.
Basic SurePath collects only basic system information and the full IP address table
via SNMP. This management level is used when SurePath does not have the
appropriate vendor file, cannot generate an appropriate file or you only want
the device placed under basic management.
Ping Only SurePath does not collect SNMP data for these devices, it only reports
whether these devices respond to ICMP ping.

Table 23 Device Management Levels

 When you use autoDiscovery to find VMs and their hypervisors which have SNMP
installed SurePath assigns them a device type of Managed Host and management level of
Full. Before adding the candidate device to SurePath you should amend the management
level to Ping Only. This allows you, after adding the device to SurePath, to modify the device
type to VM Platform and specify its connection details.

Management level is set when adding the device and cannot currently be modified except by
deleting and re-adding the device, and in doing so you also delete the device history from
SurePath.

Certified Device Management

Fully managed devices can have a certified status of:
 Certified, where the device has an associated device support dataset created by Entuity
Support usually in the bin.vendor file. A certified device support dataset ensures the
device MIB is appropriately interrogated by SurePath, and that the device is assigned the
appropriate SurePath device type.
 Uncertified, where proliferate has automatically created in the device’s vendor file its
own device support dataset. When the device is similar to a device for which SurePath
has a certified device support dataset file, the new vendor file may be a very good fit. An
uncertified vendor file would not assign the device type, you would have to manually
assign it. (See Modifying Attributes of Discovered Devices.)

SurePath User Guide 82

Entuity SurePath Device Connection Attributes

An uncertified vendor is an interim solution, you should request a certified vendor file
from your Entuity SurePath representative to whom you should provide an SNMP walk of
the device using the lib\tools\snmpdump utility.
You can view the certified status of a device through the Inventory Administration page.

Device Type Management

For those managed devices that SurePath cannot identify as a known device type, SurePath
sets their device type to Unclassified. Basic and Ping Only devices are always considered
Unclassified.
SurePath also sets uncertified fully managed devices to device type Unclassified.
You can view the device type of a device through the Inventory page. You can manually
assign these devices an appropriate device type when adding them to SurePath or by
modifying their attributes.

IPv4 and IPv6 Device Management

IPv4 is the most widely deployed internet protocol. It is available on the majority of devices
SurePath manages and when available SurePath Support recommend you manage those
devices through their IPv4 management address. Entuity SurePath does not currently
support IPv6 management addresses.

Inventory Management Permissions

Administrators have full access to SurePath inventory management tools.

SurePath Device Connection Attributes

SurePath has two forms of connect definitions it can call on when connecting to managed
devices. SurePath manages:
 The majority of its devices through SNMP using a standard set of attributes. (See
Attributes SurePath Uses to Manage Devices.)
 Virtual machines through their VM platform SDK, and this results in additional connection
specifications. (See Attributes SurePath Uses to Manage VM Platforms.)
h

 When you add a device to SurePath using one connect definition you cannot subsequently
modify the device to use the other, unless it was added to SurePath with a Ping Only
management level.

Attributes SurePath Uses to Manage Devices

SurePath manages the majority of its devices through SNMP using a standard set of
attributes. Devices managed through Ping Only only use a subset of these attributes, i.e. IP
Protocol, Device Type, Management Level.

SurePath User Guide 83

Entuity SurePath Device Connection Attributes

Name Description
Management Level The default level of device management, i.e. Full, Full (Mgmt Port Only),
Full Management (No Ports), Basic, Ping Only.
Device Type The particular device type or Auto for Auto Discovery to determine the
device type.
SNMP Version SNMP version used to manage the device, i.e. SNMP v1/v2c, SNMP v2c,
SNMP v3.
IP Protocol IP version of the device, i.e. IPv4 (default) or IPv6.
Polled Name/IP The device name (which must be resolvable on the SurePath server) or IP
address address SurePath uses to poll the device.
Display Name Device name SurePath displays within the product, which is separate from
the identifier SurePath uses to poll the device. You can select from:
 Polled Name/IP address SurePath displays the identifier it uses to
poll the device, for example as set in Polled Name/IP address.
 System Name, the administrator assigned name of the device.
 IP Address, the management IP address of the device.
 ResolvableName, the fully qualified resolved name of the device.
 ResolvableNameFQ) the fully qualified resolved name of the device.
 Custom to manually enter a device display name.
Read Community SNMP community string, by default Public.
SNMP Timeout (sec) SNMP timeout time in seconds.
SNMP Retry Number of SNMP retries.
Max SNMP Packet To allow greater control over the maximum SNMP packet size Entuity uses
Size (bytes) when polling devices.The maximum size of SNMP PDUs can be limited on
a per-device basis to accommodate SNMP agents with abnormally low
PDU size limitations.
By default the maximum SNMP PDU size is 1408bytes, configurable
through entuity.cfg. For some devices this is too large and causes
polling to fail. Entuity includes a configuration file,
snmpMaxPDUOverrides.cfg, which contains a list of sysOids each with
their own PDU size. These settings are automatically applied to all
matching devices. You can amend and extend the shipped settings
through a site specific file.
Individual devices can have their maximum SNMP PDU size limit set via
the web UI.
Control over the maximum SNMP packet size is particularly relevant when
managing Cisco ASA devices.
Allow Duplicate IP Select to permit the addition of a newly discovered device with an IP
Addresses address that matches an IP address associated with any device already
under management

Table 24 Attributes for Device Discovery

SurePath User Guide 84

Entuity Inventory Administration

Attributes SurePath Uses to Manage VM Platforms

Through the VM Platform device type SurePath currently manages Oracle VM, Microsoft
Hyper-V and VMware ESXi VM Platforms. The management of these virtual machines is
through their VM platform SDK and this results in additional connection specifications.
SurePath can still discover these devices using autoDiscovery, marking them as Ping
Only devices, but to take them under full management you must modify their discovered
attributes (see Modifying Attributes of Discovered Devices).
There are product specific requirements:
 SurePath manages Microsoft Hyper-V servers by remote Windows Management
Instrumentation (WMI), therefore only SurePath servers installed to Windows can manage
Microsoft Hyper-V servers.
 For Oracle VMs you have to specify security credentials. (See Adding Oracle VM
Managers to SurePath.)

After discovering VM platforms, SurePath can discover their hypervisors and virtual
machines. To allow this discovery you must ensure SurePath can communicate with the
platform. For example, with Microsoft Hyper-V configure its firewall to allow remote Windows
Management Instrumentation (WMI) from the SurePath server.

Name Description
Device Type Assigned device type in SurePath, VM Platform.
IP Protocol Version of the IP SurePath uses when managing the device, i.e. IPv4, IPv6.
Device Name IP address or resolved device name.
Connection User Valid username of the account SurePath uses to connect to the VM
platform.
Connection Passwd Valid password for connection user account.
Connection URL URL SurePath uses when connecting to the VM’s web API to manage the
device. Ensure your URL does specify the VM platform’s SDK, e.g. https://
blade/sdk .
VM Platform VM Platform of the device, i.e. VMware ESXi, Oracle VM Manager,
Microsoft Hyper-V.

Table 25 Attributes for VM Platform Discovery

Inventory Administration
The inventory administration options allow you to maintain the correspondence between the
devices on your network, the device details held in the SurePath database and their
presentation through SurePath views. You can:
 View, add and delete devices in the SurePath database.
 Modify device attributes.
 Refresh view membership.

SurePath User Guide 85

Entuity Inventory Administration

You must be logged on as a user who is a member of the Administrators group to add,
amend and delete devices and refresh views.

Best Practice
When possible you should manage devices through their management IP address. Devices
managed through their IP address:
 Are not reliant on accurate DNS forward and reverse databases to manage devices.
 Are not reliant on a correctly configured DNS client.
 Are not reliant on Entuity being configured with the correct device hostnames.
 Allow specific selection of a loopback, using DNS may not offer as much control.
 Are not affected by DNS look up latency.
 Are not affected if DNS based load balancing or High Availability is in use.

Also during a network upgrade if you replace a device and retain the same hostname, but
with a different IP address, SurePath can distinguish between the 2 devices.
You can separately set the Display Name used within Entuity, for example to a device
resolvable name, as it is separate from the identifier Entuity uses to poll the device. (See
Attributes SurePath Uses to Manage Devices.)

Viewing Devices Under SurePath Management

From the Inventory area of the web interface you can view device details:
1) Click Administration > Inventory / Topology > Inventory Administration.
SurePath lists the devices, you can amend the sort order by clicking on the column
headings.

SurePath User Guide 86

Entuity Inventory Administration

Figure 44 SurePath Inventory

Attribute Description
Device IP address or resolved device name.
Description Manufacturers device description.This is only available with SNMP discovered
devices.
Location Description of the physical location of the device that is contained on the device, e.g.
Development Cabinet. This is only available with SNMP discovered devices.
Capabilities Indicates the device capabilities, i.e. None, Unknown, Routing, Routing and
Switching
Type Device type, e.g. Router, Switch, Unclassified (Full), VM Platform.
Level SurePath allows you to manage devices using one of these levels, i.e. Full, Full
(Mgmt Port Only), Full Management (No Ports), Basic, Ping Only.
IP IP address SurePath uses to manage the device.
SNMP Version of SNMP used to manage the device.

Table 26 Inventory Management Details

SurePath User Guide 87

Entuity Inventory Administration

Attribute Description
Certified Fully managed devices can be:
 certified, have an associated vendor file created by Entuity Support. A certified
vendor file ensures the device MIB is appropriately interrogated by SurePath,
and that the device has the appropriate device type.
 uncertified, proliferate has automatically created a vendor file. When the
device is similar to a device for which SurePath has a certified vendor file, the
new vendor file may be a very good fit. An uncertified vendor file would not
assign the device type, you would have to manually assign it. (See Modifying
Attributes of Discovered Devices.)
An uncertified vendor is an interim solution, you should request a certified
vendor file from your SurePath representative to whom you should provide an
SNMP walk of the device.
Reachable Indicates whether the last attempt to ping the device was successful.
Managed Indicates whether the device is under SurePath management.

Table 26 Inventory Management Details

Modify Attributes SurePath uses to Manage a Device

You can modify the attributes SurePath uses to manage a device. You may have to modify
these attributes, for example, when:
 The read community string on a device has changed.
 SNMP polling is intermittently failing you may extend SNMP timeout and retry values.
 An incorrect device type is associated with a device.

To modify device attributes:

1) Click Administration > Inventory > Inventory Administration.
2) Highlight the required device and click Modify.
3) Amend the device attributes.

Figure 45 Modify Device Attributes

SurePath User Guide 88

Entuity Adding Devices Using Auto Discovery

Adding Devices Using Auto Discovery

You can use auto discovery to discover devices using IPv4 management addresses within
user defined parameters, for example within IP address ranges, excluding defined sysOIDs.
By default discovered devices are not immediately placed under management but are
available through the Inventory Candidates page where you can then select them for
SurePath management.
h

 Entuity recommend you only use SurePath to manage devices with statically assigned IP
addresses. Although SurePath can manage devices that have dynamically assigned IP
addresses, e.g. using DHCP, if the device’s IP address changes SurePath does not
recognize the change until protean runs.

You can both schedule and manually run Auto Discovery. To run auto discovery:
1) Click Administration > Inventory.
2) From the Inventory page click Auto Discovery.

Figure 46 Using Auto Discovery

3) Specify the discovery parameters.

4) Click Start. SurePath runs Auto Discovery and you can track its progress by clicking:
 Show Progress Details.
 Close, to close the Auto Discovery dialog. SurePath displays the current progress of
discovery as a hyperlink in the page banner. You can click on the hyperlink to re-open
the dialog.
5) When Auto Discovery completes select View Results to view the devices discovered.
SurePath displays the Inventory Candidates dialog.

SurePath User Guide 89

Entuity Adding Devices Using Auto Discovery

These candidate devices are not managed by SurePath until you select their checkboxes
and add them to SurePath. (See Viewing Candidate Devices.)
6) Click Add to inventory. SurePath closes the Inventory Candidates page, displays the
Inventory page and starts adding the selected devices.
From the Inventory page you can view the devices under SurePath management.
h

 After running Auto Discovery, and not adding any devices to the inventory, SurePath warns
that devices were not added. From the Inventory page you can subsequently add devices by
selecting Auto Discovery, View Results and then Add to inventory.

Attribute Description
Included Addresses Specify the device, range of IP addresses and/or IP subnets for Auto
Discovery to use when identifying devices for Entuity to take under
management. You can include multiple rows of addresses, and on each
row you have the option of entering:
 A range of IP addresses, specifying the From and To values, for
example 10.0.0.1 and 10.0.0.215 .
 An IP address or device name.
 IP subnet, specifying the Prefix and Netmask for example 10.0.0.1 and
255.255.255.0 which Entuity displays in From as 10.0.0.1/24 .
Excluded Addresses Specify the device, range of IP addresses and/or IP subnets for Auto
Discovery to use when excluding devices for Entuity to take under
management. You can include multiple rows of addresses, and on each
row you have the option of entering:
 a range of IP addresses, specifying the From and To values, for
example 10.0.0.1 and 10.0.0.215
 an IP address or device name
 IP subnet, specifying the Prefix and Netmask for example 10.0.0.1 and
255.255.255.0 which Entuity displays in From as 10.0.0.1/24.
Authentication Details Authentication details Entuity requires to manage the device.
For SNMPv1/v2 you should enter the device’s SNMP community string, by
default Public. SurePath expects devices to support both SNMPv1 and
SNMPv2.
For SNMPv3 there are three levels of increasing security:
 noauth, authenticates a packet by a string match of User Name.
 auth, requires that you also complete Authentication Type and
Authentication Password, i.e. respectively MD5 or SHA, and a
password.
 priv, requires that you also complete Encryption Type and Encryption
Password, i.e. respectively DES or AES, and a password.
Excluded sysOIDs System object identifiers of devices that Entuity should not manage.

Table 27 Auto Discovery Parameters

SurePath User Guide 90

Entuity Adding Devices Using Auto Discovery

Attribute Description
Resolve IP to Select for Entuity to resolve device IP addresses to device hostnames.
hostname Through discovery.HostNameFormat in entuity.cfg you can amend the
device name format used by SurePath. By default SurePath attempts to
use the qualified DNS device name, then an unqualified DNS device name
and only then the device IP address.
Review results before When:
adding  checked (default), Entuity presents the list of discovered devices
which you can then add, or not, to Entuity management
 unchecked, Entuity automatically takes discovered devices under
management.
Ping Timeout Time in seconds auto discovery waits for a response from a ping before it
times-out the ping.
Default Management Default level of device management, i.e. Full, Basic, Ping Only.
Level
Auto run Configure the scheduling of auto discovery. You can select:
 Never, the default, so auto discovery is only run manually.
 Every day, to schedule auto discovery to run daily.
 A particular day.
at Time for scheduled auto discovery to run.
Show Progress Details Select to view the progress of Auto Discovery.

Table 27 Auto Discovery Parameters

Viewing Candidate Devices

Although you can configure Auto Discovery to automatically add devices to SurePath
management, by default after Auto Discovery completes you can view the discovered
devices through the Inventory Candidates page. This page comprises of three tabs, each
displaying a different category of results:
 SNMP tab displays all discovered devices that support SNMP.
 Non-SNMP tab displays discovered devices that only respond to ping and do not support
SNMP.
 Not Responding tab displays for example devices imported through autodisc.cfg but
have gone down or are now unreachable.

Attribute Description
Device Name Resolved name of the device or IP address.
IP IP address SurePath uses to manage the device.
Description Manufacturers device description.This is only available with SNMP
discovered devices.

Table 28 Candidate Device Details

SurePath User Guide 91

Entuity Adding Devices Using Auto Discovery

Attribute Description
Location Description of the physical location of the device that is contained on the
device, e.g. Development Cabinet. This is only available with SNMP
discovered devices.
Management Level SurePath allows you to manage devices using one of these levels, i.e. Full,
Full (Mgmt Port Only), Full Management (No Ports), Basic, Ping Only.
Inf Reports warnings received when polling the device, DNS failure, device
already in inventory.

Table 28 Candidate Device Details

Modifying Attributes of Discovered Devices

By default autoDiscovery does not automatically add devices to the SurePath server,
instead through the Inventory Candidates panel you can:
 Review and select/de-select the devices to add to SurePath.
 Modify the device Management Level.
You can also configure the Import device file function to allow inventory candidate review.
A candidate inventory review is important when taking VM Platforms and their hypervisors
under management. When you have specified a device as a VM through a device file and
entered its connection details then SurePath can readily assign to it the VM Platform device
type. However, where SurePath has automatically determined the device type you must
review the discovered device and may have to amend its management level to Ping Only.
For example, when SNMP is installed on the VM platform, discovery assigns a device type,
e.g. Managed Host and management level, e.g. Full which implies a device type using the
standard set of connection attributes. If you add the device to SurePath with this
management level the VM Platform device type would not be available. Ping Only ensures
SurePath creates a record for the device that does not contain any SNMP connection
attributes. SurePath communicates with VMs through their SDK and requires a different set of
connection attributes to other device types. (See Attributes SurePath Uses to Manage VM
Platforms.)
After adding a device to SurePath you can further modify the attributes SurePath uses to
manage the device including Device Type, Connection User.

Example: Modifying Device Management Level

To amend attributes of discovered devices, for example a VM platform:
1) From the Inventory Candidates panel select the check box of the device.
2) From Management Level select Ping Only.
3) Click Add to inventory. SurePath adds the device to the add to inventory queue and
displays its details and status on the Inventory page.
The device has a Type of Unclassified and a management level of Ping Only.
4) From the Inventory page select the check box of the device.

SurePath User Guide 92

Entuity Adding Devices Using Auto Discovery

5) Click Modify. SurePath displays the Modify Devices dialog.

Figure 47 Modify Device Type

6) From Device Type select VM Platform.

Figure 48 Modify VM Platform Attributes

7) Enter the VM Platform specific attributes and click OK.

Adding Candidate Devices to SurePath

By default autoDiscovery does not automatically add devices to the SurePath server instead
you can review them through the Inventory Candidates page. You can also configure the
Import from device file function to have the same behavior.
To add candidate devices to SurePath:
1) Click Administration > Inventory > Inventory Administration.
2) Click Auto Discovery.
3) Select Results. SurePath opens the Inventory Candidates page and displays the results
of the last run of Auto Discovery.
4) Select the required tab, e.g. SNMP. By default all of the devices are selected, as indicated
by a tick in the check box at the start of each row. You can deselect all devices by
selecting the check box in the title row, and then check the check boxes of the devices
you want to add to SurePath.
You can also modify some attributes before adding the device to SurePath. (See
Modifying Attributes of Discovered Devices.)

SurePath User Guide 93

Entuity Importing Devices Using a Device File

5) Select Add to Inventory. From the Inventory page you can view the state of the devices
as SurePath attempts to take them under management. Press F5 to preempt the page’s
own automatic progress update.

Figure 49 Adding Discovered Devices to SurePath

Importing Devices Using a Device File

A device file allows you to compile a list of objects, by IP address or resolved name to add to
SurePath. By default devices SurePath discovers using this seed file are automatically added
to its inventory, although from the Import dialog you do have the option of amending the
default so you can review the devices through the Inventory Candidates page.
h

 Before adding Oracle VMs to SurePath you should ensure you have already imported to
SurePath the appropriate security certificates. (See Adding Oracle VM Managers to
SurePath.)

To add devices to SurePath using a device file:

1) Click Administration > Inventory > Inventory Administration.
2) From the Inventory page select Import. SurePath displays the Import Devices dialog.

Figure 50 Importing Devices Using a Seed File

3) In Upload device file, use browse to locate the device file on the client system that is
hosting the browser.

SurePath User Guide 94

Entuity Importing Devices Using a Device File

4) Select Review Results before Adding, to review the devices in the Inventory Candidate
page before they are added to SurePath.
5) Click Import. SurePath reads the file and compiles a candidate list of devices, displaying
them in the Inventory Candidate dialog.
h

 SurePath writes the new device file to entuity_home\etc\deviceFiles.

6) By default SurePath adds the devices in the seed file to its inventory. However when you
selected to review the devices before adding them SurePath displays discovered devices
in the Inventory Candidates page. Devices are displayed in one of three tabs:
 SNMP for devices discovered through SNMP
 Non-SNMP for devices discovered through Non-SNMP polling
 Not Responding for devices not responding to polling.
From each tab you can add devices to SurePath management; by default all discovered
devices are selected and ready for addition.
Click Add to inventory, to add the devices on the current tab to SurePath management.
7) From the Inventory page you can view the devices under SurePath management.

Defining A Device File

Before using the device file check that each of the devices responds to ICMP (Internet
Control Message Protocol) Echo requests. For devices you want to manage at the Full or
Basic management levels they must allow SNMP requests from the server with the provided
community string. Ensure that there is no IP address or port management access list in
operation for the devices that would prevent SNMP or ICMP replies from the devices to the
SurePath server.
For virtual machines the connection attributes differ from the standard set and this requires a
different structure to the standard format.

SNMPv1/v2 Device File Format

It is necessary that all of the devices to be managed by SurePath are listed in the device file.
For SNMPv1/2 devices the format is:
<deviceIdentifier>[tab]<community string> <#optional comment>

You can also specify a SNMPv1/2 device using the alternative format:
-d <deviceIdentifier>[tab]-c <community string> <#optional comment>

where:
 deviceIdentifier is the IP address or hostname that resolves to the IP address of the
management interface on switches, and a single interface on a router.
You should be able to resolve each of the device names into an IP address on the
SurePath server using one of the following methods:

SurePath User Guide 95

Entuity Importing Devices Using a Device File

 Static hosts file (e.g. \etc\hosts)

 NIS (Network Information System) or NIS+
 DNS (Domain Name System).
This resolution is not required if the device identifier is itself the IP address of the device.
The choice of identifier is important as it is the primary method of identifying devices in
SurePath.
 Community String is the read-only SNMP (Simple Network Management Protocol)
community string required to read the MIB-II (Management Information Base-II) system
group for the device, e.g. public, during autoDiscovery. SurePath uses other MIBs
when managing devices and the community string must permit access to them all.
 Optional Comment is a non-mandatory text string to help describe the device.

SNMPv3 Device File Format

For SNMPv3 devices the format is:
-d <deviceIdentifier> -u <UserName> -a MD5 -A <Auth passwd> -x DES -X
<Privacy passwd>
where:
 -d, indicates the following value is the device name.
 deviceIdentifier is the management interface on hubs and switches, and a single interface
on a router. You should be able to resolve each of the device names into an IP address on
the SurePath server using one of the following methods:
 Static hosts file (e.g. \etc\hosts)
 NIS (Network Information System) or NIS+
 DNS (Domain Name System).
This resolution is not required if the device identifier is itself the IP address of the device.
The choice of identifier is important as it is the primary method of identifying devices in
SurePath.
 -u <UserName>, requires a valid user name to access the device.
 -a MD5, sets the authentication protocol, valid values are MD5 (Message-Digest algorithm
5), SHA (Secure Hash Algorithm).
 -A <Auth passwd>, sets the authentication password, valid values must be between
eight and thirty-two characters long. If the password contains spaces double quotes must
be placed around the password.
 -x DES, sets the privacy protocol, valid values are DES (Data Encryption Standard), AES.
 -X <Privacy passwd>, sets the privacy password, valid values must be between eight
and thirty-two characters long. If the password contains spaces double quotes must be
placed around the password.

VM Platform Device File Format

SurePath manages VM platforms through their SDK which necessitates a different set of
connection attributes to other device types. To specify a VM platform the format is:

SurePath User Guide 96

Entuity Adding a Single Device

-d IpAddress -l manLevel -w type,url,user,password -T deviceType

where:
 -d IpAddress, identifies the device name or IP address.
 -l manLevel, must be set to the management level web. This is a temporary management
level which is only used when adding VMs to SurePath.
 -w sets the web connection details, which must be comma delimited and entered in this
order:
 type, enter 2 for a VMware ESXi or 3 for an Oracle VM platform
 url, the url to the VM platform’s SDK
 user, user account SurePath uses to access the SDK
 password, user account password.
 -T, sets the device to the internal SurePath identifier for a VM platform, i.e. 1144.

For example to add the VM platform blade to SurePath you can enter:
-d blade -l web -w 2,https://blade/sdk,devuser,232neree -T 1144

Adding a Single Device

When adding a device to SurePath, or modifying the attributes SurePath uses to manage a
device already under its management, there are two forms of device definition, one for:
 VM Platforms, as these devices require non-standard connection details as
communication is through the VM platform SDK. (See Attributes SurePath Uses to
Manage VM Platforms.)
For Oracle VMs you must also include security certificates. (See Adding Oracle VM
Managers to SurePath.)
 All other device types. (See Attributes SurePath Uses to Manage Devices.)

To add a device to SurePath:

1) Click Administration > Inventory > Inventory Administration.
2) Click Add.
3) Specify the device attributes SurePath uses to discover and manage the device.
4) Click:
 Add, to queue the device for adding to SurePath. The dialog remains open so you
can add more devices.
 Close, to close the dialog and return to the Inventory page.
5) From the Inventory page you can view the devices under SurePath management.

Adding Oracle VM Managers to SurePath

Before adding an Oracle VM Manager to SurePath ensure you:

SurePath User Guide 97

Entuity Adding Oracle VM Managers to SurePath

 Have the security certificate for the VM.

 Can communicate with the VM from SurePath.
 Have the appropriate connection details.

To add an Oracle VM Manager to SurePath:

1) From the command line on the SurePath server navigate to entuity_home/lib/virtualization.
2) Apply the VM certificate by entering on the command line:
\entuity_home\install\JRE\bin\java -cp ovmCert.jar InstallCert <params>
where <params> is the hostname of the machine and the port, e.g. oraclvm:4443.
3) When the SurePath server successfully communicates with the VM, it displays the
certificate on the screen.
Press enter to accept the certificate, which is then written to the SurePath server’s
certificate folder, jssecacerts. This folder is created the first time you add a certificate,
and is used for all certificates in the same directory.

Figure 51 Accepting VM Oracle Certificates

4) From the Inventory page of the web UI you can now add the Oracle VM Manager. (See
Adding a Single Device.)

SurePath User Guide 98

8 Startup and Shutdown SurePath

This chapter details the procedures for starting and shutting down SurePath, and for
checking the statuses of system processes.

Start SurePath
To start SurePath when you are running it under:
 Windows, the installation default is for SurePath to automatically start when Windows
starts. It does this through the services:
 Entuity which is the main SurePath service. It starts and stops the other SurePath
services and controls all SurePath functions, apart from the web server and the
database processes.
 Entuity Webserver which controls the SurePath web service.
 Entuity Database which controls the database processes.
h

 Entuity Support recommend configuring SurePath to also automatically start under Linux
environments.

 Windows and Linux from the command line run entuity_home\bin\starteye. For
example, in Linux enter:
./starteye
Each time SurePath starts it runs dbcheck which checks that the database was previously
correctly closed down, for example a power failure may leave some tables open. dbcheck
runs before the database starts and if it identifies problems that require repairing calls
myisamchk.
The time taken to run a full check and repair of the database varies according to the size of
the managed network. A slow SurePath startup may indicate an automatic repair of the
database has taken place.

Starting the Server for the First time

A SurePath server’s license can set the object and device credits available to the server. As
soon as you start SurePath it is ready to be used.

Shut Down SurePath

The SurePath system processes should only be stopped when you want to:
 Perform a server reboot.
 Upgrade, or during the current session have already upgraded, the SurePath software,
database, or license.

SurePath User Guide 99

Entuity Shut Down SurePath

There are a number of ways to stop SurePath. When you are running SurePath under:
 Windows, the installation default is for SurePath to automatically stop when Windows
stops. Entuity Support recommend you explicitly stop SurePath and do not rely on
Windows to close SurePath down.
 Windows, use the Service function, available from the Control Panel, to start and stop
SurePath while Windows is running.
 all operating systems, from the command line run entuity_home\bin\stopeye. For
example, in Linux enter:
./stopeye
h

 Only kill processes as a last resort and only use the TERM signal, if processes are taking a
long time to stop. Do not use any other command. On systems with large databases or slow
disks the data server processes can take a few minutes to terminate.

SurePath User Guide 100

9 SurePath Security

Management of the network infrastructure requires access and knowledge which if not
carefully controlled can lead to failures in the security of the network. An often conflicting
requirement to maintaining high security is ease of management; security too complicated to
maintain becomes no security.
SurePath security can be implemented to the depth that your management practices and
your SurePath implementation requires. The key components of security are:
 User authentication, which you can configure internally by defining user accounts on the
SurePath server. SurePath compares user sign on details with the details held for that
account in the SurePath server’s local security database. On successful authentication
SurePath assigns user permissions derived from the user groups the user’s account is
associated with.
 User groups. SurePath includes two user groups, All Users and Administrators.
 In multiple SurePath server installations configuring trust between those servers.
 When linking with Entuity servers configuring trust between SurePath and the Entuity
servers.

Multi-Server and Access Management

You can configure SurePath to work with other SurePath servers and also Entuity servers.
The trust between a central SurePath server and a remote server is through a user account
that exists on both servers. All users who login to a central SurePath server then have access
to the remote server but not through their own account but through account used to setup
the trust. Therefore all users who login to a SurePath server potentially have access to the
same paths and the same devices and ports within those paths.
When the remote server is an Entuity server it is likely that the server has been configured
with views and different users have access to different views. Entuity can manage large,
extensive networks and views allow you to compartmentalize the network, making the
network both easier to manage and easier to match to your business model.
SurePath does not directly use views, you cannot view, create or modify views in SurePath.
However when accessing remote Entuity servers the devices and ports SurePath can access
is determined by the access to views of the user account you are using to establish trust
between those servers and not the permissions of the individual user currently logged in to
SurePath. All users who have access to a SurePath server have access to the same path
dashboard on that server, can drill-down to view those paths and the devices and ports
within them.
You can configure trust between SurePath servers and between SurePath and Entuity
servers. Within a multi-server environment a server can act as both a central server and as a
remote server. A central server has access to other remote servers.
Once established an administrator on one server has access and control over objects
managed on remote servers.

SurePath User Guide 101

Entuity User Profiles and User Groups

User Profiles and User Groups

SurePath includes:
 Two predefined user groups, Administrators and All Users. In SurePath you cannot add
to or remove those groups.
 Two predefined user profiles, admin is a member of the Administrators group, user is a
member of All Users. Entuity Support recommend you create your own user accounts
and remove the predefined user accounts.

The Administrators group allows members full access to SurePath’s functionality, for
example:
 Read, write and delete permissions over paths.
 Create, modify and delete control over user account profiles.
 Full access to SurePath’s web interface, for example access to all administrator tools.

You cannot delete the Administrators group from SurePath and it must always have at least
one member, initially admin. All user profiles belong to the All Users group and members of
the group have Read Only rights to the paths and limited access to other functionality.

Manage SurePath User Profiles

Only members of the Administrators group have access to the full functionality of Account
Manager, non-members can only reset their user password. Through the Account Manager
you can:
 Control user group membership.
 Create new users and assign them to user groups.
 Amend the passwords of individual users without knowing their previous passwords.
 Set user account security levels, e.g. force password changes, disable an account after a
set number of failed logon attempts, create temporary accounts.
 Set SurePath session security, enabling automatic session logout.
 Amend your own password (provided that you know your current password).
 Remove user profiles from SurePath.

When you are connected to more than one SurePath or Entuity server then from Account
Manager you can select the server to which you want to make your changes.

Viewing User Account Details

You can view, create and modify user groups and user accounts for both the current
SurePath server and any remote server. When you access account management, SurePath
structures the information by:
 Servers. When the current server has one or more remote servers, you can select from a
drop down list which server’s user account details to manage.

SurePath User Guide 102

Entuity User Profiles and User Groups

 Users. For the selected server SurePath displays its user accounts with summary details
and access to management functions.

To check the status of a user account, for example to check user group membership:
1) Click Administration > Account Management.
In the Users section locate the row of the user profile. You can check its status and user
group membership.

Figure 52 SurePath User Account Management

Attribute Description
Name The account profile login name. This username is case insensitive.
Status The current status of the account:
 OK, the account is running normally.
 Expired, the account password has a time limit within which it must be
changed. This period has elapsed, the password has expired and the user
must enter a new password the next time they attempt to login.
 Locked, the account is locked. When the user attempts to login they are
requested to contact their administrator to unlock the account and reset the
password.
Groups List of user groups to which the user belongs.

Table 29 User Account Summary

Setting User Group Membership

Users that are members of the Administrators user group have full access to all the SurePath
tools and all of its managed objects. To change user group membership ensure that you log
on to SurePath using an account that is a member of the Administrators Group.
To manage user group assignment:
1) Click Administration > Account Management.

SurePath User Guide 103

Entuity User Profiles and User Groups

2) In multi-server environments select the server for which you want to create user groups.
3) Highlight the required user and click Edit Groups.

Figure 53 Modifying the Members of an User Group

4) You can use select groups and then use the arrow keys to either make the user a
member of a group or remove membership of the group.
5) Click OK to save the amended user membership.

SurePath User Guide 104

10 SurePath Licensing

A SurePath license identifies the particular machine it can run on, the number of paths it can
support, the number of remote server connections it permits and its expiry date.
SurePath is shipped with an evaluation license, license.30day.eval.dat, which is valid
from the date of its installation for a maximum of 30 days. When using the evaluation license
SurePath displays in its banner the days and hours remaining until the license expires.
The default name and install location of the full license is entuity_home\etc\license.dat.
SurePath licensing server compares the SurePath license file with the configured installation,
specifically:
 The version of SurePath, i.e. if you install a major new release of SurePath you will require
a new license.
 The license expiry date. SurePath raises license expiry events when the license is close to
expiry (by default from 30 days before the license expiry date).
 Number of object and device credits available, with the evaluation license specifying 600
devices and 50000 objects. A credit is required for each managed object, e.g. port.
 Number of permitted paths, with the evaluation license limited to 50 active paths.
 Number of permitted remote connections to SurePath and Entuity servers. The evaluation
license permits six remote servers.
 Whether the SurePath server machine is the expected machine.
Typically, this license information remains unchanged, although you may need to increase
the number of path or remote server credits if your network expands.

Check the SurePath License

You can check the status of your license:
 The Path Administration page displays the number of used and available path license
credits.
 The Inventory Administration page displays the number of used and available device and
object credits.
 The Multi-Server Administration page displays the number of used and available remote
server license credits.

Identifying when a License Expires

SurePath monitors the state of the current license, checking for license expiry on its
licensable components or shortage of available license credits. By default, for the thirty days
before a license expires:
 SurePath displays a countdown to that expiry in its web UI banner. If this is an evaluation
license that is also clearly identified, e.g.:
Evaluation: 4 days remaining

SurePath User Guide 105

Entuity Renew the SurePath License

 SurePath raises Entuity Server License Alert events when:

 Its license is approaching its expiry date.
 One of more of its licensable components, e.g. number of remote servers, number of
network paths, has reached its set limit of managed objects.
The event description details the licensable component(s) and the number of free credits.

Renew the SurePath License

The SurePath license requires updating when:
 Installing a new release of SurePath.
 Moving SurePath to a new server.
 Changing the path or remote server credit allocations.
 The current license is about to expire.

You can obtain from your SurePath representative a full license. You must provide the host
identifier of that machine as the license file restricts installation of SurePath to the server for
which you provided a host identifier. The host identifier associates the SurePath license with
the physical footprint of the machine.
You can discover the host identifier by running hostIdent:
 Before installation, by obtaining a copy of hostIdent from your SurePath contact.
 As part of install, install displays the host identifier.
 As part of configure, configure displays the host identifier.
 After installation from entuity_home\bin on the server command line running:
hostIdent

The full license, by default license.dat, should be copied to entuity_home\etc directory.

You must then run configure and select this new license.
To update the license file:
1) Contact your SurePath representative and obtain a new license.
2) Make a backup of your current license.dat file in entuity_home/etc/, giving the backup a
new name (e.g. license.dat.orig).

3) Overwrite entuity_home/etc/license.dat with the new license file.

4) Shut down and restart SurePath. (See Chapter 8 - Startup and Shutdown SurePath.)
5) Check the new license is active through the SurePath web interface. (See Check the
SurePath License.)

SurePath User Guide 106

11 SurePath Preferences

SurePath Preferences allows you to view and modify the SurePath web interface. Settings
apply at the user level and are maintained across user sessions, i.e. they are saved in the
database.
To personalize the SurePath interface:
1) Click Administration > Preferences.

General Preferences
Through the General Preferences tab you can set the SurePath home page and page auto
refresh state:
 From Entuity Home Page, select the page SurePath displays after logging in. You can
select from:
 Inventory, the factory default for members of the Administrators access group.
 Events.
 Path Summary dashboard.
 Custom, which when can enter a custom URL. This should be a fully qualified URL.
 When Enable Auto-Refresh is:
 Selected, pages within the web interface refresh every five minutes.
 Not selected, pages only refresh when the SurePath server sends fresh data or the
user initiates a refresh.

Figure 54 General Preferences

SurePath User Guide 107

Entuity Servers and Views Preferences

Servers and Views Preferences

The Entuity Servers section includes:
 Configuration of which remote SurePath and Entuity servers, and therefore devices and
events, are displayed in Inventory Administration and Event Viewer, select:
 Show All Entuity Servers, SurePath displays data from all remote servers for which
their Show setting is enabled.
 Show Selected Entuity Servers, SurePath allows you to select from the list of remote
servers those that you want to view in the web interface. Only remote SurePath and
Entuity servers for which their Show setting is also enabled are displayed.
You can view, and amend, the server’s show setting through the Remote Server
administration page.

Figure 55 Servers Preferences

Events and Incidents

The Events and Incidents section allows you to enable the color event feature, when it is:
 Enabled the row of each incident and event in Event Viewer has the background color of
that event’s severity level.
 Not enabled (default) the background color of all incident and event rows is white.

SurePath User Guide 108

Entuity Events and Incidents

Figure 56 Events and Incidents Preferences

SurePath User Guide 109

12 Back Up the SurePath Data

Before running SurePath for the first time, re-installing SurePath or re-configuring SurePath
you are strongly advised to make a system backup of the installed software and data. This
will ensure that you are up and running more quickly in the event of a file system corruption,
or when upgrading SurePath and inadvertently deleting data.
Back up everything included within entuity_home. If during configuration you installed the
database directory somewhere other than entuity_home, then ensure that you back it up.

Backing Up Data
When re-installing or re-configuring SurePath you should backup your data.
SurePath backup backs up the database, generating zipped backup files in directories
under the database backup directory. If during install or configure you decide to
rebuild the database then all files under entuity_home\database\data are deleted.
h

 When backing-up the SurePath database files but not using the SurePath backup utility, e.g.
using standard copy and paste commands, then you should stop all services including the
database. Conversely, to use SurePath backup the database must be running.

SurePath User Guide 110

13 SurePath Maintenance Patches

Entuity Customer Support issue Release Notification and Patch Notification technical
bulletins informing customers of new releases, maintenance patches and their content.
These notifications are usually the trigger for updating your software.
The process to use when applying a new patch is different to that used when installing a new
GA version of SurePath. A patch only includes changes that are applied to an existing
installation, SurePath GA is a new ISO image.
This chapter details how to install maintenance patches. To download and install the
SurePath GA ISO image see Preparing to Install SurePath.

Name Description
GA The first release of a new version of SurePath, e.g. SurePath 1.0, is the General
Acceptance (GA) release. It is delivered as a compressed ISO image.
Patches A patch may deliver fixes to issues raised by customers, improved performance
and new features. You should always apply the patches in the order they are
issued, e.g. one patch may depend upon a change delivered in a previous patch.

Table 30 SurePath ISO Image and Patches

Patch Install Overview

Follow these steps when installing patches:
1) Check the current SurePath version, including patch level, through the About SurePath
dialog.
See Checking the Patch Level of SurePath.
2) From the Entuity customer support site download the patch file to a temporary location.
See Downloading Maintenance Patches.
3) Stop the SurePath server and take a backup.
4) Apply the patch using the patch installer, entuity_home\install\installPatch, for
example:
installPatch c:\temp\surepath_1_0.P01.WinNT.patch
See Installing Maintenance Patches.
5) After installing the patch run configure. The patch is only applied once configure
successfully completes.
6) Restart the SurePath server.

SurePath User Guide 111

Entuity Checking the Patch Level of SurePath

Checking the Patch Level of SurePath

You must always install SurePath patches in the correct sequence. You should also never
miss a patch, a subsequent patch may depend on a change in an earlier patch.
installPatch does check that the patch is sequential with the current patch level of the
server.
You can check the patch level of a SurePath server from the Help About dialog:
1) Click Help > About SurePath.
SurePath displays its internal version number, for SurePath 2.0 and then, if a patch has
been applied, in brackets the number of the patch, for example for patch one it would be
(P01).

Downloading Maintenance Patches

Entuity Customer Support issue Patch Notifications informing customers through these
technical bulletins of new maintenance patches, their content and confirmation of from where
you can download them.
To download patches:
1) Login to the Entuity Customer Support site ( http://www.support.entuity.com/login.php) to
view patch details, or login to the Entuity FTP site to download the patch (ftp.entuity.com).
When you do not have an account, or have lost your account details contact Entuity
Customer Support.
2) Navigate to the required patch.
Patches are stored by SurePath Release.
3) Download to a temporary folder the required patch, associated readme and checksum
files.
4) Compare the checksum of the patch against the expected hash value in
checksums.txt.
Linux operating systems include checksum utilities. In Windows environments you
require a third party tool that supports SHA-1 or SHA-2 checksum calculation.

Installing Maintenance Patches

You can install patches to SurePath from the command line using the installPatch utility.
installPatch checks the patch is appropriate to the server, e.g. it’s the correct SurePath
version, operating system, SurePath is not running, and would raise an error if a check is
failed (see installPatch Warning and Error Messages).
As installPatch applies a patch it displays its progress on screen, and reports the
success or failure of its operation.
To install the downloaded maintenance patch:
1) Stop the SurePath server and take a backup.

SurePath User Guide 112

Entuity installPatch Warning and Error Messages

2) From the command line on the SurePath server run

entuity_home\install\installPatch on the downloaded patch. For example with a
Windows patch downloaded to the temporary folder c:\temp, enter:
installPatch c:\temp\surepath_1_.P01.WinNT.patch
Where you have more than one patch to install, you can use installPatch in multiple
file mode. Enter the patches in sequence, using their full path with only a space between
each, for example:
installPatch c:\temp\surepath_1_0.P01.WinNT.patch
c:\temp\surepath_1_0.P02.WinNT.patch
c:\temp\surepath_1_0.P03.WinNT.patch
c:\temp\surepath_1_0.P04.WinNT.patch
3) After installing the patch run configure. The patch is only applied once configure
completes.
4) Restart the SurePath server.

installPatch Warning and Error Messages

installPatch error and warning messages are displayed to the command line. When
checking SurePath version, installPatch uses SurePath’s internal version number.

Release Number Internal Version Number

SurePath 2.0 2.0

Table 31 SurePath Version and Release Numbers

SurePath installation not stopped

installPatch checks that the SurePath server is not running before installing the patch. If
the SurePath installation has not been stopped installPatch displays an error message
for example:
Port(s) 3306,19192,80,20202,8080,8005,12321 are in use
ERROR: The Entuity installation must be stopped before installing this
patch

Patch already installed

If the patch has already been installed on the target SurePath server then you will be asked if
you wish to re-install the patch:
This patch is already installed, do you wish to re-install it [yes/
no]?

Patch out of sequence

If the preceding patch has not been installed on the target SurePath server then you will see
an error message like this:

SurePath User Guide 113

Entuity installPatch Warning and Error Messages

ERROR: You must install all patches up to patch number 4 before

installing this patch

Later patches already installed

If patches later than the patch being installed have already been installed on the target then
you will see an error message like this:
ERROR: This installation is already patched to level 2

Patch is for a different architecture

If the patch being installed is for a different architecture to the installation then you will see an
error message like this:
ERROR: Incompatible patch architecture, this patch is for Linux

SurePath User Guide 114

14 Uninstall SurePath

The SurePath server is easily uninstalled from Windows and Linux systems.

Uninstalling from Windows

1) Stop SurePath using stopeye, or by stopping the Entuity service from the Windows
Services dialog.
2) Remove details of the services from your registry, using the inst_service program (found
in entuity_home\bin). From the command line enter:
inst_service remove "EOTS"
inst_service remove "EOTS Database"
inst_service remove "EOTSWebserver"
h

 inst_service uses the service names which all start with EOTS and not the service display
names that all start with Entuity.

3) Delete the root folder of the SurePath installation. If the database directory was not
installed under entuity_home then you will have to separately delete that folder.

If you have called SurePath from any external scripts then you may have files external to
these to amend.

Uninstalling from Linux Systems

To uninstall the SurePath servers installed to Linux environments:
1) Stop SurePath by running from entuity_home/bin:
./stopeye

2) Delete the root folder of the SurePath installation. If the database directory was not
installed under entuity_home then you will have to separately delete that folder.

If you have called SurePath from any external scripts then you may have files external to
these to amend.

SurePath User Guide 115

Appendix A Entuity SurePath Checklist

Use this checklist before running install and configure. For each item the checklist
includes a description and any default value. Enter your site values as it will assist you during
SurePath installation and configuration. You should also:
 Update any firewall and security module control lists to allow SurePath appropriate
access to your network.
 Disable anti-virus software from scanning the database directories. Anti-virus software
can disrupt the performance of the database, potentially resulting in its corruption.

Item Description Default Site Value

O/S Specific
MaxUserPort Registry key value that limits the Reset to Entuity
number of sockets SurePath server recommendation:
can use (Windows only). 0x0000FFFE (65534)
SurePath Directories
Database Backup SurePath database backup directory. \database\backup
Directory
Database Directory SurePath Database directory. \database
Log Directory SurePath log files directory. \log
Network Discovery
device file Only required when providing a list of \etc\dev.txt
devices for SurePath to add.
Licensing
License file Contains SurePath license details, \etc\license.dat
including SurePath server version,
licensed modules. You can
temporarily use the evaluation
license.
SSL Settings
Certificate file SSL certificate location and name. -
Key File SSL Key location and name. -
CA Certificate File CA certificate location and name -
(optional).
Ports

Table 32 SurePath Configuration Checklist

SurePath User Guide 116

Entuity

Item Description Default Site Value

Event Request Event Request Listener IP port on 19193
Listener Port which you want the event
management process to listen for
incoming requests for events, for
example from the event viewer, from
subscribed third party integrations.
Event Receiver Port Event Receiver IP port on which you 19194
want the event management process
to listen for incoming requests for
events, for example system events,
trap-based events, syslog events.
Database Port Port on which database server 3306
listens.
Web Server Port Port on which web server listens. 80
SSL Web Server Port on which SSL web server listens. 443
Port
Tomcat Port Port used by the Tomcat application 8080
server.
Tomcat Admin Port Port used to access and manage the 8005
Tomcat application server.
Upgrade Configuration Files
entuity.cfg Files that MAY have site specific Particular changes,
... settings, and which may not be and files, vary from
maintained during an upgrade. site to site.

Table 32 SurePath Configuration Checklist

h

 By default all files and folders are installed below entuity_home, the SurePath installation
folder.

 Reverse the slashes if you are a Linux user.

SurePath User Guide 117

Appendix B Entuity SurePath Install and Packages

SurePath install installs to folders under entuity_home (where entuity_home is the

SurePath install location):
 SurePath server and client software and documentation.
 Apache webserver 2.2.22.
 Apache Tomcat 6.0.39.
 Database, MariaDB 10.0.10. The SurePath database is a set of MariaDB databases, each
with their own folder (by default under entuity_home\database\data):
 DSALPHA, DSPSTREAM, EOSdb and EOStrend contain network management
information collected and processed by SurePath.
 secdb contains details of SurePath user accounts, and is referenced when
authenticating user logon.
 mysql is the database users table.
 Databases deprecated or not used in the current version of SurePath, e.g.
ecommerce,.flowdb, greenit, JasperReports, jasperserver and ReportsData,
Virtualization, XMLAPIDB.
Alongside the other database folders is a temp folder used for holding temporary tables.
 license file, you can use the evaluation license shipped with the product for a maximum of
30 days, i.e. license.30day.eval.dat.
You can apply for a complete license from your SurePath representative. This is the only
license you require for SurePath.
Details of third party software licenses and license terms are installed to
entuity_home\licenseTerms.

SurePath User Guide 118

Appendix C Entuity SurePath Overview

This appendix provides an overview of the install, configure and device management
procedures to follow when getting started with SurePath. When setting up SurePath for the
first time consult the full document for greater detail. You should use the resources in the
following table before starting your SurePath installation.

Tasks Actions
Prepare to Install
Download SurePath See Preparing to Install SurePath.
Review the installation Release Notes are available from the root of the temporary installation,
documentation and once installed the web UI Help.
Read Chapter 4 - Prepare for SurePath Install and Configure.
Check SurePath server Check you are installing to an appropriate machine. In multi-server
system requirements environments consider the role of each server, e.g. poller, central server.
See SurePath System Requirements, p21.
Complete your Complete the checklist, update any firewall and security module control
configuration checklist lists to allow SurePath appropriate access to your network. Also disable
anti-virus software from scanning the database directories. See
Appendix Appendix A - Entuity SurePath Checklist.
Obtain your SurePath SurePath is supplied with a thirty day evaluation license. For a
license permanent license contact your SurePath supplier, providing them with
the host identifier of the machine to which you want to install the
software. In multi-server environments consider the licensing model that
you want to implement. Chapter 10 - SurePath Licensing.
Install SurePath
Install SurePath Install using the install wizard or from the command line.
See Install Help and Chapter 5 - Install the SurePath Server.
Check for Patches Maintenance patches are issued at regular intervals. See Chapter 13 -
SurePath Maintenance Patches.
Configure SurePath Configure SurePath using the wizard or from the command line.
See Configure Help and Chapter 6 - Configure the SurePath Server.
After You Install
Backup SurePath Backup SurePath to provide a clear backup point.
Chapter 12 - Back Up the SurePath Data.
Start SurePath Starting SurePath. See Start SurePath, p99.
Set up user accounts Amend the default user accounts. Set up new user accounts and
groups. See Help available from the web UI.
Add Inventory to Choose method for discovering devices.
SurePath Add discovered devices to SurePath.
See Chapter 7 - Device Management.

Table 33 Get Started with SurePath

SurePath User Guide 119

Entuity

Preparing to Install SurePath

SurePath is available as a compressed DVD ISO image. To download and prepare the
software for installation you require FTP, data decompression, checksum and ISO image file
tools. Entuity do not recommend specific third party tools, although market leaders are easily
found through the internet, e.g. search for ’mount iso images’ to find ISO image file tools.
To prepare SurePath for installation:
1) From the download site provided by your SurePath supplier download:
 And read the associated readme file.
 checksums.txt which includes SHA-1, SHA-2 derived checksums for the image.
 The compressed ISO file.

2) Unzip the compressed ISO file to a temporary, empty location that is on the SurePath
server machine, is near the root of the drive and the path does not include spaces.
Do not, for example in a Windows environment, unzip the file to a shared location on
another machine. The unzipped install program does not properly complete across share
mappings. Also in Windows use the wizard to extract files, other mechanisms, e.g. copy
and paste are not reliable.
3) Compare the checksum of the image against the expected hash value in
checksums.txt.
Linux operating systems include checksum utilities. In Windows environments you
require a third party tool that supports SHA-1 or SHA-2 checksum calculation.
4) Mount or burn the installation DVD ISO image.
The SurePath ISO file contains the complete image of an SurePath DVD disc. With the
appropriate third party tool(s) you can:
 Burn the image to a DVD.
 Mount the image to a virtual drive.

With either the mounted image or newly burnt DVD, you are now ready to install SurePath.
h

 SurePath (GA) is supplied as a compressed ISO image. SurePath maintenance patches are
configured for use with installPatch, and require a different install process. (See Chapter
13 - SurePath Maintenance Patches.)

Installing SurePath
When you have prepared the downloaded SurePath ISO image file (see Preparing to Install
SurePath), you can use the install program to start the installation.

SurePath User Guide 120

Entuity

 When installing SurePath you should use the full install instructions in Chapter 5 - Install the
SurePath Server, which also includes how to install from the command line, the only option
when installing SurePath to Linux environments.

You should use a user account with administrator access rights and then:
1) Run install from the server, e.g. click Start > Run, from the Run dialog browse for the
image root and select install.
install displays Installation Welcome screen. Click Next.
2) install displays the SurePath license agreement. Read the license agreement.
Click Agree and Next to install SurePath.
3) install displays the Installation Location page. By default, SurePath is installed to
C:\Entuity (referred to as entuity_home). Accept, or amend the install location.
Click Next. install prompts you to confirm the creation of the install folder.
4) install displays an installation progress screen.
SurePath displays the host ID of the server machine. When you want to purchase a
license you must provide this identifier to your SurePath supplier. However, you can
configure and then run SurePath using the 30 day evaluation license shipped with
SurePath.
When using SurePath as a Central License Server you are only required to provide details
of the licensing server, the license for the remote SurePath servers is linked to the central
license.
5) You can now check for, and install, SurePath maintenance patches. (See Chapter 13 -
SurePath Maintenance Patches.)

Configuring SurePath
The options available with configure vary according to the selected capabilities of the
SurePath server, i.e. Standard Server or All-in-one.
h

 When configuring SurePath you should use the full instructions in Chapter 5 - Install the
SurePath Server, which also includes how to configure SurePath from the command line, the
only option when installing SurePath to Linux environments.

To configure SurePath:
1) From entuity_home\install double-click on configure. configure checks that
SurePath is not running, and would display a warning message if it were.
2) In Windows environments when the registry key value MaxUserPort is not set to
0x0000FFFE (65534), then it should be amended. You can do this manually, or permit
configure to amend MaxUserPort. Click Next.

SurePath User Guide 121

Entuity

3) In the Choose Configuration Folders page specify the database installation, database
backup and log file folders.
Specify the folders and click Next.
4) configure displays the host identifier of the SurePath server, which your SurePath
contact requires to generate a valid license.
Enter the SurePath license file location and name and then click Next.
5) configure displays the Security configuration page.
Select Use SSL Communication to activate SSL for sessions between your SurePath
server and browsers. You must provide your own SSL certificates.
Select Change Database Root Password when you want to enter a new root password.
Specify your SSL certificate and key files and click Next.
6) configure displays the Ports Configuration page. Select:
 Use pre-selected port numbers, to accept the default port settings.
 Modify port numbers, to display the Modify Ports page.
Click Next.
7) When you selected Modify port numbers, configure displays the current list of ports.
Port numbers that have a green background are valid, ports with a red background
indicate a port conflict that requires attention.
Amend port settings and click Next.
8) configure displays a summary of your configuration settings. This is the final
opportunity to amend, or cancel, your SurePath configuration selections.
Click Configure to start SurePath configuration.
9) configure displays a progress page and indicates when configure completes.

You can:
 Take an initial backup of the system. (See Chapter 12 - Back Up the SurePath Data.)
 Start SurePath. (See Chapter 8 - Startup and Shutdown SurePath.)
 When using SurePath Central License Server assign device and object credits to its
remote SurePath servers. (See Chapter 10 - SurePath Licensing.)
 Discover your network. (See Chapter 7 - Device Management.)

Adding Devices to SurePath

When running SurePath as a central server you do not have to use that server to manage
devices, you can use remote Entuity and Entuity SurePath servers and their inventory to
discover paths. However for servers you want to use to manage devices, after starting
SurePath for the first time:
1) Log into SurePath using user account admin and password admin .

SurePath User Guide 122

Entuity

The SurePath server URL has the format http://Entuityhost:port/, or where SSL is enabled
https://Entuityhost:port/, where:
 Entuityhost is the IP address or resolvable name of the SurePath server.
 :port is only required when not using the default port, 80 and 443 respectively.

2) SurePath displays the default Inventory page, also accessed through Administration >
Inventory.
3) From the Inventory page you can:
 Use Auto Discovery to automatically discover devices within set parameters.
 Add individual devices.
 Use a seed file to add devices defined within it.
Discovered devices are returned as candidates ready for you to add to SurePath.
4) From the inventory candidates list, click Add to Inventory. SurePath manages the
devices.
5) From the Inventory page you can view the devices under SurePath management.
h

 Virtual machines should be added to SurePath using the VM Platform device type, which has
a distinct set of connection parameters to all other device types. (See Chapter 7 - Device
Management.)

SurePath User Guide 123

Appendix D Entuity SurePath Server Sizing

Sizing of Entuity SurePath servers is dependent on different aspects of the monitored

network environment. Device interface density, SNMP agent response times, network latency
and other external factors will affect the maximum number of devices a server can support. It
is always recommended that you seek advice from an Entuity technical representative when
specifying your server configuration.
By default SurePath retains path change history data for eight days. This is configurable,
although each sample can be quite large and increasing the history can very quickly impact
the usability of the Path History page (for more details contact SurePath Support).
The following chart and tables indicate reasonable server specifications.

Server Sizing
You can install SurePath to both physical and virtual machines, the hardware requirements
are the same for both. (For a list of supported virtual machines see Virtual Machines Certified
to Host SurePath.)

2400

2000

1600

Devices
Intersection of 600 devices and
1200 50000 ports is on the boundary of the
intermediate and high specification categories

800 High

600
Intermediate

400

Low

50000
40000 80000 120000
Ports

Figure 57 SurePath Server Specification Categories

The number of devices and the number of ports (i.e. physical and virtual interfaces) are the
two key loading factors. They are inversely related; the maximum number of devices that can
be managed without effecting performance characteristics is inversely proportional to the

SurePath User Guide 124

Entuity

total number of objects. You can use the chart to plot your device-port combination and the
intersection identifies which sizing category banding is best for your server requirements,
Low, Intermediate or High.
To size your server:
1) Choose an Operating System. SurePath supports:
 Microsoft ® Windows 2008 SP2 (64 bit only)
 Microsoft ® Windows 2008 R2 (64 bit only)
 Microsoft ® Windows Server 2012 (64 bit only)
 Microsoft ® Windows Server 2012 R2 (64 bit only)
 Red Hat Enterprise Linux Server release 6.x (64 bit only)
 Oracle Enterprise Linux Server release 6.x.

2) Choose the role of the server, for example a server acting as a:

 Central Server and not managing devices would have a low category server
specification. In a multi-server environment users can log on to a central server to
access information gathered and stored by multiple polling Servers and use those
servers to discover paths.
 Polling Server faces the most significant loading factors as the number of devices and
the number of ports. You can use the chart to identify the most suitable server
configuration based on managed device and port numbers.
3) Estimate how many devices and ports you want the server to manage.
You should only include to your estimate devices which you intend to SNMP poll, Ping
Only devices have a limited impact on server resources (SurePath uses ICMP to only poll
their management IP addresses).
4) Apply these figures to the sizing chart. The intersection determines within which
device-port banding the server falls, low, intermediate or high.
5) Table 34 Minimum Server Specifications provides a by component breakdown of the
minimum requirements for each of the device-port management bands.

Server Component Low Intermediate High

Minimum CPU Clock Speed 2.5 GHz 2.5 GHz 2.5 GHz
Intel Processor Family (or Xeon E3 Family Xeon 5000 Sequence Xeon E5 Family
equivalent)
Minimum No Cores 4 6 12
Windows Minimum Physical 6 GB 12 GB 24 GB
Memory
Linux Minimum Physical 8 GB 16 GB 32 GB
Memory
Disk Capacity 60 GB 90 GB 120 GB

Table 34 Minimum Server Specifications

SurePath User Guide 125

Entuity

Server Configuration Components

Table 34 Minimum Server Specifications details 3 minimum server configurations for
installations where the combination of devices and ports under SurePath management is
considered low, intermediate and high respectively. The relationship between SurePath
server performance and the different components of the machine on which it is installed is
critical when developing a machine specification. Key components are:
 CPU Clock Speed. The time to process certain functions, for example to display a web
page, generate reports, are governed by the speed of single threaded operations. The
faster the clock speed the faster single threaded operations are processed. Therefore
server clock speed will most noticeably affect the responsiveness of the user interface.
Entuity Support recommend that the servers have a minimum clock speed of 2.5 GHz
and ideally have speeds nearer 3.0 GHz.
 Number of CPU Cores. The number of CPU cores governs how many multi-threaded
operations can take place simultaneously. SurePath's polling engine has a multi-threaded
architecture and therefore its polling capacity and data throughput increases with the
number of available CPU cores. The relationship between polling capacity and cores is
not linear; more cores have greater contention for shared system and application
resources.
Entuity Support have determined that there are only small gains to be made by
increasing beyond 12 cores.
 Memory. It is important that the memory requirements of SurePath’s running processes
can be accommodated in physical memory. System performance is severely impacted
when physical memory is exhausted and process memory allocations are paged to the
disk. In addition there are benefits to be gained by having extra spare memory, since this
will be used by the operating system to cache disk information which can improve
database performance.
 Disk Capacity. Minimum disk space requirements cover SurePath’s installed software, its
embedded database
Entuity Support recommend a SCSI Ultra 320 or SAS disk sub system for physical
servers, preferably with separation of disk I/O generated by memory swapping from
database traffic. Therefore the operating system and swap partition should be located on
one physical disk with SurePath including its database on another.
RAID 5 is not recommended as physical disk synchronization issues seem to cause high
latency. RAID 1 (mirroring) is acceptable but must be a hardware implementation.
 Disk Performance: SurePath’s database relies on fast throughput of data to the storage
system. We recommend that systems are configured with the fastest storage system
options available.
 As a guide we suggest that disk rotational speeds should be no slower than 15Krpm, and
Input/Output Operations Per Second (IOPS) is rated at 150 or above.

SurePath User Guide 126

Entuity

Amend Server Configuration Components

You can amend the default configuration of a SurePath server through
entuity_home\etc\entuity.cfg. After amending entuity.cfg you must run
configure.
h

Before amending the configuration you should first consult the documentation on
! entuity.cfg; changing a setting, for example Database.key_buffer, without the
appropriate hardware components can seriously impact server performance.

When a server resource requirements are within the:

 Low category you should not have to amend default configuration settings.
 Intermediate category you could amend:
[Database]
key_buffer=1024M

[MibServ]
workers=40

[eosserver]
javaMemory=1024M

 High category you could amend:

 For Linux installs:
[Database]
key_buffer=3072M
table_cache=3072

 For Windows installs:

[Database]
key_buffer=1024M

 For all operating systems:

[DataStream]
NumStreamInstTables=4
NumSampleCaches=8!
CacheStreams=100000

[MibServ]
workers=60

[eyepoller]
workers=50

SurePath User Guide 127

Appendix E SurePath System Files

This section describes the main system files used in the SurePath environment. These files
should not be moved, deleted or modified unless otherwise stated.
h

 Directory names are given in Linux/Unix format. The names still apply if you are a Windows
user, reverse the slashes to enter them in DOS format.

bin.vendor
Location
entuity_home/etc

Format
Internal use only.

Description
Contains MIB-related information for each networking vendor supported by the SurePath
environment. The file is used by various SNMP polling processes, including prole.
This MIB information is also detailed in individual device type vendor files, installed by default
to entuity_home/etc/vanilla. Additional device type definitions, not detailed in
bin.vendor are held in entuity_home/etc/exotica. Device definitions held in these
folders are only used by SurePath, when you copy them to entuity_home/etc. Also
proliferate can generate new device types, called Unclassified, and these are held in
entuity_home\etc\uncertified.
Status
Read-only.

Device File (Seed File)

Location
User defined location and name. Historically this import device file was known as dev.txt
and was expected in entuity_home\etc.

Format
Text file containing lines in two possible formats. The older format which only applies when
adding SNMPv1 and SNMPv2 devices is:
# comment line
device-name community-string #optional comment

The recommended format supports SNMP1v1/v2 and SNMPv3 devices, for example:

SurePath User Guide 128

Entuity

 SNMP1v1/v2:
-d jupiter -D jupiter -l full -c public
 SNMPv3:
-d 10.44.2.44 -u paul -a MD5 -A xyy1232h -x DES -X fgdgg34g

Description
The device file is also known as the seed file, it contains instructions used by proliferate
when adding devices to SurePath, e.g. device identifiers, authentication details, SNMP
version.
A device file can be created by:
 System Administrators who specify in it the list of devices they want to import to SurePath
through the Inventory Administration Import Devices function.
Historically this import device file was known as dev.txt and was expected in
entuity_home\etc, however both name and location are user definable.
 SurePath, specifically as part of autoDiscovery. It is then used by proliferate to
add devices to the SurePath database, i.e. it contains the same list of devices and options
as displayed through the Inventory Administration Inventory Candidates page.
This file is called autodisc.txt and is located in entuity_home/etc/deviceFiles .

Devices can either be referred to by an IP address or a host name. Host names should either
be added to the local /etc/hosts file, or be present within the DNS (Domain Name
System). Once a device is added to the SurePath management environment, it continues to
be referenced by the name specified in the device file.This is an example extract from a
device file using the new format for an SNMPv1c/v2 device:
-d 10.44.1.40 -c public # sysoid ".1.3.6.1.4.1.9.1.716" sysDescr
"Cisco IOS Software, C2960 Software (C2960-LANBASE-M), Version
12.2(25)FX, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2005 by Cisco
Systems, Inc. Compiled Wed 12-Oct-05 22:05 by yenanh".

where:
 #, indicates the subsequent text on that line is a comment. Comments can inform you:
 That the device is already managed by SurePath using another interface.
 Of the current device’s IP address, sysoid and system description.
 Of a device that could not be managed.
 -d, indicates the following value is the device name.
 -c, indicates the following value is the device community string.

This is an example extract from a device file, using the new format for an SNMPv3 device:
-d 10.44.2.44 -u paul -a MD5 -A xyy1232h -x DES -X fgdgg34g

For SNMPv3 devices the format is:

SurePath User Guide 129

Entuity

-d <deviceIdentifier> -u <UserName> -a MD5 -A <Auth passwd> -x DES -X

<Privacy passwd>
where:
 -d, indicates the following value is the device name.
 deviceIdentifier is the management interface on hubs and switches, and a single interface
on a router.
You should be able to resolve each of the device names into an IP address on the
SurePath server using one of the following methods:
 Static hosts file (e.g. \etc\hosts).
 NIS (Network Information System) or NIS+ .
 DNS (Domain Name System).
This resolution is not required if the device identifier is itself the IP address of the device.
The choice of identifier is important as it is the primary method of identifying devices in
SurePath.
 -u <UserName>, requires a valid user name to access the device.
 -a MD5, sets the authentication protocol, valid values are MD5 (Message-Digest algorithm
5), SHA (Secure Hash Algorithm).
 -A <Auth passwd>, sets the authentication password, valid values must be between
eight and thirty-two characters long. If the password contains spaces double quotes must
be placed around the password.
 -x DES, sets the privacy protocol, valid values are DES (Data Encryption Standard), AES.
 -X <Privacy passwd>, sets the privacy password, valid values must be between eight
and thirty-two characters long. If the password contains spaces double quotes must be
placed around the password.
It is proliferate that adds devices to SurePath and so the switches used within the device
file configure proliferate.

Adding VM Platforms
SurePath manages VM platforms through their SDK which necessitates a different set of
connection attributes to other device types. To specify a VM platform the format is:
-d IpAddress -l manLevel -w type,url,user,password -T deviceType
where:
 -d IpAddress, identifies the device name or IP address.
 -l manLevel, must be set to the management level web.
 -w sets the web connection details, which must be comma delimited and entered in this
order:
 type, enter 2 for a VMware ESXi or 3 for an Oracle VM platform.
 url, the url to the VM platform’s SDK.
 user, user account SurePath uses to access the SDK.

SurePath User Guide 130

Entuity

 password, user account password.

 -T, sets the device to the internal SurePath identifier for a VM platform, i.e. 1144.

For example to add the VM platform blade to SurePath you can enter:
-d blade -l web -w 2,https://blade/sdk,devuser,232neree -T 1144

Status
Created and maintained by the System Administrator, name and location are user definable.
Also created each time autoDiscovery runs, being saved to entuity_home/etc/
deviceFiles as autodisc.txt.

entuity.cfg
Location
entuity_home/etc

Format
Text file containing lines in the format: systemVariable=value, under headings denoted by
square brackets [].
h

 entuity.cfg is white space sensitive, therefore do not, for example, enter spaces at the
start of a line or before or after the equals sign.

Description
This file holds the key information about the SurePath configuration.
h

Do not directly modify the parameters in entuity.cfg, Entuity cannot be held responsible
! for the consequences. If you want to further amend these settings contact your Entuity
Support representative.

Status
Maintained by the System Administrator.

entuity.cfg Sections
Within entuity.cfg related parameters are grouped together within sections, for example:
[autodiscovery]
config=${ENTUITY_HOME}${FPS}etc${FPS}autodisc.cfg
automatic=1

where:

SurePath User Guide 131

Entuity

 [autodiscovery] is the section header for autoDiscovery, identified as it is placed between

square brackets.
 config and automatic are autoDiscovery parameters.

Parameters must follow the correct section headings to have the required effect. Therefore
variable names must only be unique within a section, e.g. config is used in a number of
different sections.
Following is a list of some of the sections and parameters available within entuity.cfg. If
you require changes to the default settings please contact your Entuity representative.

[]
Most parameters are held within sections that relate to particular SurePath functionality.
These parameters are of a more general application and are in the first section of
entuity.cfg (it has the square brackets that denote a section, but no section name):
 activeuser is the user login used to start SurePath.
 alternatelicensefile is the location and name of alternate SurePath license files. You can
specify a comma delimited list of license files.
 auditLogKeepTime is the keep time for audit log entries, by default set to 60 days.
 configured, indicates whether SurePath is configured, 1, or not 0.
 dbconfigured indicates whether the SurePath database is configured, 1, or not 0.
 dbdir is the directory containing the database (typically, entuity_home/database).
 dbportnum is the port number used by the database server (typically, 3306).
 destination is the directory into which the software was copied (i.e. entuity_home).
 devicefile is the master device file used by SurePath, by default dev.txt.
 eosretrysnmp is the number of times SurePath attempts to make an SNMP connection, by
default 5. Each retry timeout value is the same, derived from eostimeoutsnmp.
 eostimeoutsnmp is the time in milliseconds SurePath waits for a response from a device
before considering it a timeout, by default 1500.
 etcdir is the location of the directory which contains the active configuration files, by
default entuity_home\etc.
 fps holds the correct slash, (forward or backward) for your operating system and is
placed into default file paths given entuity.cfg.
 hostname must be the valid hostname of the SurePath server. If wrongly set then enter the
correct value here, or if appropriate reset the value in the server host file.
 installed, indicates whether SurePath install successfully completed, 1, or not, 0.
 installtime, time the SurePath server was installed.
 installid, the unique SurePath server identifier. In multi Entuity and SurePath server
environments it is used to distinguish one server from another.
 Licensefile is the location of the SurePath license file.
 logdir is the directory containing the log files (typically, /log).

SurePath User Guide 132

Entuity

 macttl is the time to live of a MAC address discovered by the provost scheduled
macman. By default set to 7, i.e. seven days after last polled on the device SurePath
removes it.
 mallocArenaMax is a Linux specific configuration setting. It sets the maximum number of
arenas available for allocation to SurePath threads. By default SurePath limits the number
of arenas to 16:
mallocArenaMax=16
In multi-core environments with appropriate memory resources you can increase the
number of arenas and improve SurePath performance. Linux arenas are allocated
memory in, as a minimum, 64mb chunks.
 snmpMaxPduSize limits the length of SNMP request packets, by default PDU length is set
to 1408:
snmpMaxPduSize=1408
You can configure SurePath so it does not limit PDU size, however some devices may
report over length packets as too big or silently ignore them. To set PDU size to
unrestricted set:
snmpMaxPduSize=0
 snmpMaxPduSizeOverridesfile sets the name of the file, by default
snmpMaxPduOverrides.cfg, containing sysoids with the maximum PDU size for
devices with that sysoid.
You can amend the name of the PDU override configuration file, useful when a customer
wants to add their own override values and preserve them during upgrades:
snmpMaxPduSizeOverridesfile=snmpMaxPDUoveride.cfg
 snmpVlanContextPrefix is for use with SNMPv3 devices configured to provide VLAN
information using an SNMPv3 context. When you have configured these devices
SurePath can convert any characters in the SNMP v1/v2c community string into SNMPv3
context by comparing the community string provided in the SNMP request with the stored
community string. Any difference, excluding a leading @, is appended to a string, by
default vlan-. You can change the vlan- prefix by setting
snmpVlanContextPrefix=cVLAN-

 source is the directory from which the software was copied (i.e. the CD-ROM directory).
 StartupProperties=-Djava.rmi.dummy=dummy
 trapportnum is the port used for receiving SNMP traps, by default port 162.
 trendconfigured=0
 version is the SurePath software version number.
 webportnum is the port number used by the web server (typically, 80).

[AuthLog]
Parameters in this section are applicable to the login authorization log file. The default is:
[AuthLog]

SurePath User Guide 133

Entuity

FailureOnly=0
where:
 FailureOnly is set to:
 0, all login events are recorded in auth.log.
 1, only when login fails are events recorded in auth.log.

[autodiscovery]
Parameters in this section are applicable to autoDiscovery:
 automatic when set to:
 0, autoDiscovery is not automatically started. When it is already running manually
then this value is ignored. When it is already running automatically then autoDiscovery
is stopped.
 1, autoDiscovery runs each Sunday at 01:00 hours. autoDiscovery uses the specified
configuration file. Where the file does not exist, autoDiscovery searches for devices on
the network(s) to which the current host is attached.
h

 During the configuration of SurePath if you created your device file using autoDiscovery
automatic is set to 1, otherwise it is set to 0.

 config holds the path and name of the default autoDiscovery configuration file,
entuity_home/etc/autodisc.cfg.
 duplicateIpCheck when set to:
 1, autoDiscovery checks that discovered devices do not have the same IP address as
devices already under management. SurePath hides devices with duplicate IP
addresses from the list of candidate devices, you can view them by selecting show
devices already in inventory.
 0 (default), autoDiscovery displays in the Inventory Candidates page devices with
duplicate IP addresses to those already under management. When you attempt to
add them to SurePath, SurePath reports them as already under management and
does not add then again.
 suppressNotRecognized, controls how autoDiscovery handles unrecognized device
types. When suppressNotRecognized is set to:
 0 (default), autoDiscovery adds unrecognized device types to SurePath as non-
classified devices.
 1, autoDiscovery does not add unrecognized device types to SurePath.

[database]
Parameters in this section are used when configuring SurePath’s database. This is the
default setting:
[database]
key_buffer=192M

SurePath User Guide 134

Entuity

Where:
 key_buffer defines the size of the buffer that holds details of recently used keys. On large
sites, and where the SurePath server machine has available resources, performance can
be improved by increasing the size of the key buffer.

[datastream]
Parameters in this section are used when configuring StormWorks. These are the default
settings and must not be amended:
[datastream]
connection=HOST=127.0.0.1;UID=root;PWD=;DB=DSALPHA; PORT=${dbportnum}

Where:
 connection defines the link to the StormWorks database and
 HOST is the IP address of the machine holding the database.
 UID is the database login.
 PWD is the database password.
 DB is the database.
 PORT is the default database port, usually 3306.

[devdefunct]
devDefunct removes devices from SurePath that have aged out. devDefunct is
configured through:
 ageout, the number of days after which a device is deemed to be defunct and can be
removed via the daily run devDefunct. When a value is not entered devDefunct does
not delete any devices. This is the default state.

[discovery]
By default the details of newly added devices and ports are given priority in the discovery
queue. When you do not want to interrupt SurePath’s normal discovery cycle, you can turn
off the priority setting through:
[discovery]
noPrioritiseNewInProliferate=1
noPrioritiseNewInGUI=1
noRefreshViewMapInProliferate=0
HostNameFormat=Qualified
where:
 noPrioritiseNewInProliferate when set to 1 does not move devices and ports newly added
using autodiscovery, to the top of the discovery queue.
 noPrioritiseNewInGUI when set to 1 does not move devices and ports newly added
through the web interface, to the top of the discovery queue.

SurePath User Guide 135

Entuity

 noRefreshViewMapInProliferate when set to:

 0 (default), changes made from the web UI to the devices SurePath manages trigger a
refresh of the underlying object map used by SurePath web interface.
 1, changes made from the web UI to the devices SurePath manages do not trigger a
refresh of the underlying object map used by the SurePath web interface. The
changes are only visible after the next refresh.
h

 The length of time it takes to refresh the object map partly depends upon the size of the
managed network. As there is a overhead to regenerating the map, proliferate only
allows a queue of two refresh requests.

 HostNameFormat determines the device name used by SurePath when adding a device
through auto discovery. When it is set to:
 Mixed (default), discovery uses the qualified DNS name when possible. When the
name is too long, over 59 characters, then SurePath uses the unqualified name and
when that is not available SurePath uses the device IP address.
 Qualified, discovery uses the qualified DNS name when possible. When the name is
too long, over 59 characters, then SurePath uses the unqualified name and if that is
not available SurePath uses the device IP address.
 Unqualified, discovery uses the unqualified DNS name and when that is not available
the device IP address.
 IpAddress, SurePath uses the device IP address.
h

 When adding devices using a seed file, SurePath uses the device name as it appears in the
file.

[diskmonitor]
Parameters in this section configure diskMonitor which monitors the available disk space
on the SurePath server. This is an example section:
[diskmonitor]
sample_period=60
message_period=600
message_threshold=200
shutdown_threshold=100

where:
 sample_period is the period in seconds between monitoring of the disk space. The
default is 60, i.e. disk space is measured every minute.
 message_period is the interval, in seconds, between diskMonitor generating disk
space low warning events that appear on Event Viewer. The default is 600, i.e. an event is
generated every ten minutes when disk space reaches the messagethreshold.

SurePath User Guide 136

Entuity

 message_threshold is compared to the available disk space. When that value falls below
the messagethreshold diskMonitor generates a disk space warning event. The default
value, is 200Mb, setting it to 0 turns off this feature.
 shutdown_threshold is compared to the available disk space. When that value falls below
the shutdownthreshold diskMonitor initiates SurePath shutdown. The default value is
100Mb, setting it to 0 turns off this feature.
h

 On UNIX systems the disk space value is unreliable for NFS partitions. When SurePath and
its database are on different machines disabling diskMonitor is recommended.

[dns]
The parameter in this section configures frequency of hostname resolution.
[dns]
positivestaletime=86400

where:
 positivestaletime, determines how long SurePath retains resolved IP address and
hostname information in both memory and the database, by default 86400 seconds
(twenty-four hours). It therefore also determines how quickly SurePath identifies a change
in hostname resolution.

[Events]
Parameters in this section extend SurePath functionality.
[Events]
portEventsForDevices=false
excludeGiants=1
enableDeviceUnreachableEvents=1
SnmpTimeoutFilterByReachability=1
jmxserver_port=12122
jmxFile=eventEngineJmxUrl.jmx
licenseLowWarningThreshold=100
# RPC timeout for calls into DsKernel
swRpcTimeout=60
# Maximum number of threads executing external processes
processExecutorMaxCount=4
# Number of threads processing events in parallel
workerMaxCount=10
# Number of times event can be derived or forwarded between event
engines
maxEventProcessingDepth=10

SurePath User Guide 137

Entuity

# Number of seconds between e-mails to the same address

emailThrottlingPeriodSec=300
# For how long to store events
dbKeepDays=14
dbPartitionDurationHours=24
# Receiver settings
receiverPort=19194
receiverHostname=localhost
receiverBacklog=10
receiverThreads=10
receiverTimeout=60
# Request listener settings
requestListenerPort=19193
requestListenerHostname=localhost
requestListenerBacklog=10
requestListenerThreads=10
requestListenerTimeout=60
requestListenerEventsInBatch=100
Where:
 portEventsForDevices when set to:
 true, events raised against a port contribute to the event status of its device.
 false (default), events raised against a port do not contribute to the event status of its
device.
 excludeGiants when set to:
 1 (default) excludes giants from error calculations, therefore Packet Corruption events
cannot be raised by giants. When excluded SurePath writes to prodigy.log
Excluding Giants, (prodigy calculates packet corruption errors).
 0, giants are included as part of error calculations.
 enableDeviceUnreachableEvents controls when SurePath raises the Device Reachability
Degraded, Device Unreachable and Device Unreachable Cleared events and the Device
Reachability incident. The Network Outage event is independent of this parameter.
When set to:
 1 SurePath raises the Device Reachability Degraded event when the device is the root
cause of the network outage, and Device Unreachable when the device is unavailable
but not the root cause.
 0 (default) the device unreachable events and incident are not configured.

SurePath User Guide 138

Entuity

 licenseLowWarningThreshold sets the threshold for the number Entuity Server License
Alert event. By default when there are fewer than 100 device or object credits available
Entuity raises the event.
 SnmpTimeoutFilterByReachability, controls how SurePath manages SNMP Agent Not
Responding events. When set to:
 1 (default), SNMP Agent Not Responding events are only generated when the device
is reachable.
 0, SNMP Agent Not Responding events are generated regardless of whether
SurePath can reach the device. With this setting SurePath does not generate the
clearing SNMP Agent Responding events.
 mix, allows generation of SNMP Agent Not Responding events regardless of whether
the device is reachable by SurePath. It also raises the clearing SNMP Agent
Responding events. This setting is for test purposes only.

[eyepoller]
These parameters control configuration of eyepoller. Misconfiguration of some eyepoller
parameters can result in poor SurePath performance, including missing polling of data.
Always consult with Entuity Support before amending the eyepoller configuration.
h

 Changes to the polling frequency must always be multiples of five minutes for the polled data
to meaningfully integrate with the SurePath roll-up processes.

[eyepoller]
pollerEventsEnable=1
workers=25
backlog=2
timeSkewTolPercent=2.0
timeSkewTolAbsSecs=5.0
wrapDetectionMarginSecsCrit=2.0
wrapDetectionMarginSecsWarn=5
disableEventGrouping=0
fetchUpdatesRetryLimit=5
fetchUpdatesItemsPerReq=100
Where:
 pollerEventsEnable, controls whether these events which report on the efficacy of
eyepoller, are enabled or disabled:
 Device Port(s) Utilization Accuracy Lost
 Device Port(s) Utilization Accuracy At Risk
 Device Clock Inconsistency
 Device Port(s) Utilization Missed Due to Slow Response.

SurePath User Guide 139

Entuity

When set to:

 1, (default), SurePath can raise events that indicate problems with eyepoller.
 0, SurePath cannot raise events that indicate problems with eyepoller. The only
indication of problems with eyepoller would be when data is missing from the
managed object’s history.
 workers, the maximum number of working threads eyepoller can use. Too few threads
and eyepoller may not have enough time to complete all of its polling, too many and
resources on the server may not be sufficient.
By default workers is set to 25, valid values range from 1 to 500.
Do not amend this setting unless specifically advised to do so by your Entuity Support
contact.
 backlog, influences creation of additional eyepoller work threads. By default set to 2,
while valid values range from 1 to 5.
Do not amend this setting unless specifically advised to do so by your Entuity Support
contact.
 timeSkewTolPercent, the proportional setting for the tolerated difference between the poll
interval as measured by device sysUpTime and poll interval as measured by the SurePath
server system clock. When the clocks differ by a proportion greater than
timeSkewTolPercent plus timeSkewTolAbsSecs SurePath raises a Device Clock
Inconsistency (when it is enabled) and discards the polled sample.
By default timeSkewTolPercent is set to 2.0, while valid values range from 0.0 to 20.0.
 timeSkewTolAbsSecs, the fixed value, in seconds, for the tolerated difference between the
poll interval as measured by device sysUpTime and poll interval as measured by the
SurePath server system clock. When the clocks differ by a proportion greater than
timeSkewTolPercent plus timeSkewTolAbsSecs SurePath raises a Device Clock
Inconsistency (when it is enabled) and discards the polled sample.
A lower tolerance level implies more sensitive checking, which could also lead to a
greater number of Device Clock Inconsistency events (when enabled).
By default timeSkewTolAbsSecs is set to 5.0, while valid values range from 0.0 to 30.0.
 wrapDetectionMarginSecsCrit, sets the margin, in seconds, for SurePath to identify
potential undetected 32 bit counter wraps as the interval between pollings is too great.
When the margin threshold is crossed SurePath:
 Discards the polled data, resulting in a gap in the history data for the managed object
 Raises a Device Port(s) Utilization Accuracy Lost event (when it is enabled).

By default wrapDetectionMarginSecsCrit is set to 2.0, while valid values range from 0.0 to
10.0. A larger margin implies more sensitive checking, and potentially more discarded
samples and more Device Port(s) Utilization Accuracy Lost events (when enabled).
 wrapDetectionMarginSecsWarn, sets the margin, in seconds, for SurePath to identify
potential undetected 32 bit counter wraps as the interval between pollings is too great.

SurePath User Guide 140

Entuity

 disableEventGrouping, controls whether polling problem events are raised against the
device or the port. When set to:
 0 (default), events associated with eyepoller are raised against the device
 1, polling problem events are raised at the port level. Only use this setting under
guidance from Entuity Support as the consequences are likely to be a great increase
in events.
 fetchUpdatesRetryLimit, controls the number of attempts eyepoller makes to obtain
polling duty updates from dskernel, before abandoning the attempt.
By default fetchUpdatesRetryLimit is set to 5, while valid values range from 0 to 20.
Do not amend this setting unless specifically advised to do so by your Entuity Support
contact.
 fetchUpdatesItemsPerReq, determines the maximum amount of data per response when
eyepoller is requesting polling duty updates from dskernel. By default
fetchUpdatesItemsPerReq is set to 100, while valid values range from 10 to 1000.

[install]
Parameters in this section are installation settings for SurePath, for example:
[install]
dir=${ENTUITY_HOME}${FPS}install
java=${INSTALL.DIR}${FPS}JRE${FPS}bin${FPS}java
jre=${INSTALL.DIR}${FPS}JRE${FPS}bin${FPS}jre
platformfile=${ENTUITY_HOME}${FPS}etc${FPS}install.cfg

where:
 dir is the SurePath installation directory.
 java is the Java Runtime Environment.
 jre is the Java Runtime Environment used for the server installation.
h

 In this example the java and jre paths are built using dir (i.e. INSTALL.DIR), where INSTALL
refers to the section and DIR the variable name.

 platformfile is the installation configuration file for the current installation.

[macman]
Parameters in this section are applicable to macman, for example:
[macman]
excludedMacs=00:00:0D:89:8D:AC-00:00:0D:89:8D:GG:FF,08:00:69:02:01:FC
trunkdevicecount=5
recallqueuetime=300
machistorylimit=50

SurePath User Guide 141

Entuity

queuemaxitems=128
queuemaxthreads=1

Where:
 excludedMacs, defines MAC addresses for ipman and macman to ignore, in addition to
the default range of 00:00:0C:07:AC:00 to 00:00:0C:07:AC:FF, which are reserved for
ethernet and FFDI HSRP group virtual mac addresses.
 trunkdevicecount is the threshold level of MAC addresses associated with a port, above
which SurePath considers it a trunk port. When absent, or set to 0, the default value 10 is
used.
When trunk ports do not have encapsulation, or it has not been detected in the MIB, the
MAC address count could become very large. This could lead to the database running
slowly or memory exceptions. Limiting the MAC count using trunkdevicecount prevents
this.
 recallqueuetime, the interval between the reading of requests to run macman against
devices. By default it is set to 300 seconds, with a maximum value of 3600 seconds. After
this delay, macScheduler may run all pending requests.
 machistorylimit, sets the limit on the retained history of MAC addresses. SurePath
maintains two histories, for each:
 port SurePath retains, by default, the last fifty MAC addresses discovered on that port,
when this threshold is passed SurePath discards the oldest MAC address.
 MAC address SurePath retains, by default, the last fifty ports discovered for the MAC
address. When this threshold is passed SurePath discards the oldest port.
You should take care when amending machistorylimit:
 setting very large values increases the amount of data stored and can impact
database performance.
 the MAC Address New event is triggered when a MAC address is not listed in the
retained history of MAC addresses for that port. Amending this variable changes when
the event is triggered.
 the MAC Address Port Change event is raised when a port is not listed in the history of
that MAC address..
 queuemaxitems, maximum number of items in the macScheduler queue. By default the
queue size is 64, with a maximum of 512.
 queuemaxthreads determines the maximum number of macman’s that macScheduler
can run at any one time. For example when set to 1, only one macman can run. By default
set to 1, with a maximum of 16. macman run by provost is not included in these
restrictions.

[MibServ]
Parameters in this section are applicable to StormWorks SNMP collection.

SurePath User Guide 142

Entuity

The setting of MibServ parameters requires an understanding of the SurePath SNMP request
! architecture, therefore you should only amend the default settings with the guidance of
Entuity Support. Incorrect configuration of these parameters can seriously impact SurePath
performance.

 backlog controls how readily StormWorks increases the number of concurrent SNMP
operations (but the concurrency will never go beyond the level set by workers). The
higher the value the longer StormWorks will delay before increasing the concurrency
level.
The default value is 2, minimum value 0, maximum value 100.
h

It can be very hard to predict long term effects of changes here. Effects may only come to
! light long after the value was last changed.

 SNMPagentPort is the default port used by StormWorks for SNMP access to devices.
The default is 161.
 SNMPbadGraceCount is the number of consecutive failures to communicate with a given
device which StormWorks will tolerate before marking the device in question as bad. (A
failed operation is counted once only, regardless of the number of retries involved.) While
a device is marked as bad, all further requests to that device will be treated as though
they had failed, without even attempting communication with the device. A device
remains marked as bad for SNMPbadHoldSecs(qv), after which time StormWorks will try
to resume normal communication with the device.
 SNMPbadGraceCount=0 means StormWorks will consider a device to be bad after
first error
 SNMPbadGraceCount=1 means StormWorks will consider a device to be bad after
two consecutive errors
The default value is 1, minimum 0, maximum 10. It is a single setting applied to all devices
accessed via StormWorks.
h

 Adjusting this value may degrade performance, but effects may only come to light long after
the value was last changed.

 SNMPbadHoldSecs is the time StormWorks keeps a device marked as bad. During this
period all requests to that device will be treated as though they had failed, without even
attempting communication with the device. At the end of that period StormWorks will try
to resume normal communication with the device.
The default value is 30, minimum 5, maximum 120. It is a single setting affecting all
devices accessed via StormWorks.
h

 Adjusting this value may degrade performance, but effects may only come to light long after
the value was last changed.

SurePath User Guide 143

Entuity

 SNMPgatherMaxMsecs as described for SNMPgatherMinMsecs, if fresh requests for the

same target keep arriving, the hold back time may accumulate. The value here serves as
an upper bound on worst case cumulative hold back time for any request. Single setting
affecting all devices accessed via StormWorks.
The default value is 5000, minimum SNMPgatherMinMsecs, maximum 15000.
h

 Adjusting this value may degrade performance, but effects may only come to light long after
the value was last changed.

 SNMPgatherMinMsecs
StormWorks normally holds back SNMP requests for a short time to take advantage of
the efficiency benefit from combining them with other requests to the same device. If a
request is held back and a further request on the same device arrives within the time
specified here, those requests will continue to be held. If no further requests for some
device arrive within the time specified here, all held back requests for that device will then
be actioned. Single setting affecting all devices accessed via StormWorks.
The default value is 500, minimum 100, maximum 5000.
h

 Adjusting this value may degrade performance, but effects may only come to light long after
the value was last changed.

 SNMPoidsPerPdu is the maximum number of oids which to be passed in a single pdu.

The default value is 30, minimum 0, maximum 50. It is a single setting affecting all devices
accessed via StormWorks.
h

StormWorks recognizes device responses caused by oversize pdus, and transparently

! re-issues the pdu with successively smaller numbers of oids until it succeeds. This
mechanism is independent of the value set in SNMPretryLimit.

 SNMPreadCommunity is the default community string. The default value is public. It is a

single setting affecting all devices accessed via StormWorks.
 SNMPredAlertSecs
If an StormWorks SNMP operation remains internally queued for longer than this time, a
red alert error message will be logged in DsKernelStatic.log, and the operation will
be treated as though it failed. The default value is 120, minimum SNMPyellowAlertSecs,
maximum 3600. It is a single setting affecting all devices accessed via StormWorks.
h

Red alert messages indicate serious problems internal to StormWorks which may need
! involvement from Entuity Support. The solution will involve adjustments elsewhere, changing
the value here could make it harder to solve any resulting problems.

 SNMPretryLimit is the number of retries if an initial attempt fails. It is a single setting

affecting all devices accessed via StormWorks.

SurePath User Guide 144

Entuity

SNMPretryLimit=0 means that if initial attempt fails, StormWorks will not retry. The
default value is 3, minimum 0, maximum 20.
h

 Increasing this value may degrade performance, but effects may only come to light long after
the value was last changed.

 SNMPretryMillisecs is the time allowed before attempting to retry. Values must allow for
worst case round trip times, with particular attention to any devices accessed via slow or
high-latency links.
The default value is 3000, minimum 0, maximum 30000. It is a single setting affecting all
devices accessed via StormWorks.
h

 Increasing this value may degrade performance, but effects may only come to light long after
the value was last changed.

 SNMPversion is the default SNMP version.

This does not impact functionality implemented via the StormWorks language, as this
always requires a parameter explicitly specifying the SNMP version for each operation.
The default is V1, alternative V2c.
 SNMPyellowAlertSecs
If an StormWorks SNMP operation remains internally queued for longer than this time, a
yellow alert warning message will be logged in DsKernelStatic.log but without any
other effect.
The default value is 30, minimum 10, maximum 3600. It is a single setting affecting all
devices accessed via StormWorks.
h

Yellow alert messages indicate problems internal to StormWorks which may need
! involvement from Entuity Support.

 workers is the maximum number of SNMP operations that can be concurrently active.
When the limit is reached operations are queued until a worker is available. The default
value is 15, minimum 1, maximum 500.
h

 Excessive values can cause serious performance degradation, but effects may only come to
light long after the value was last changed.

[prole]
SurePath constructs port descriptions by placing within square brackets the port’s index
value, using either its enterprise MIB index (entIndex) when available, or interface index
(ifIndex). The index value is followed by the port description. Parameters in this section allow
you to control exactly how SurePath constructs the displayed interface descriptions.

SurePath User Guide 145

Entuity

There will be a delay between activating these settings and the changes becoming apparent
in SurePath. One cause of delay is prole, or on a large site a number of instances of prole,
only running every twenty minutes. Another is the SurePath UI refresh rate. There may also
be occasions when some ports show the description in the old format, and some in the new
format, this is because prole cannot read all ports at exactly the same time.
You can configure interface descriptions through this section:
[prole]
PollIfName=1
ifDescrUseAlias=true
ifDescrAppendAlias=false
ifDescrSortableIndex=false
ifDescrLabelIfIndex=false
Where:
 PollIfName, controls the port description square bracket population. When set to:
 1 (default), SurePath populates the interface name from the ifName mib variable
 0, SurePath derives the interface name entIndex or ifIndex.
 ifDescrUseAlias, sets the port description used by SurePath when set to:
 true (default) SurePath uses the port’s interface alias
 false SurePath uses the port’s MIB2 description.
 ifDescrAppendAlias, customises the port description used by SurePath when set to:
 true SurePath appends to the ifDescr the port’s alias within round brackets, e.g.
ATM0/IMA0 (*** IMU to Chandler via ATT ***). This setting can only be used when
ifDescrUseAlias is set to true.
 false (default) SurePath replaces the port’s ifDescr with its alias, when an alias is set.
 ifDescrSortableIndex, sets the format of the port index within square brackets, when set
to:
 true presents a ports index in a format suitable for an alphanumeric sort. For example
using these formats [ 99/999 ], [ 99/999/999 ] and [ 9999 ] for two part entIndex, 3 part
entIndex and If Index respectively.
 false (default) SurePath displays port indices as discovered without adding leading
zeroes to improve the sort order. For example [ #9/##9 ], [ #9/##9/##9 ] and [
###9 ] for two part entIndex, 3 part entIndex and If Index respectively, where #
indicates low values will not be right side zero filled, e.g. [1] rather than the zero filled
[0001].

ifDescrSortableIndex= true ifDescrSortableIndex=false

[0001] [1]
[0002] [108]
[0108] [109]

Table 35 Different Sort Orders of the Interface Description Formats

SurePath User Guide 146

Entuity

ifDescrSortableIndex= true ifDescrSortableIndex=false

[0109] [110]
[0110] [2]
[02/001] [2/1]
[02/010] [2/10]
[02/020] [2/1]

Table 35 Different Sort Orders of the Interface Description Formats

 ifDescrLabelIfIndex, prefixes the interface description with if:, to indicate the value is an
interface index (and so should only be used when port data is accessed using its
interface index). When set to:
 true SurePath applies the if: prefix, e.g. [if:0001]
 false (default) SurePath does not apply the if: prefix, e.g. [0001].

[proliferate]
Parameters in this section are used with proliferate:
[proliferate]
maxpolltime=300
Where:
 maxpolltime, sets the maximum time, in seconds, for a device to respond to an SNMP poll
after which SurePath considers it a slow device.

[Server]
Parameters in this section are set during configure and relate to the SurePath server:
proxy_timeout=300
ssl_enabled=false
map_server_port=10981
single_socket_enabled=true
single_socket_port=12321
id=9c3d450f-a80e-42cc-864a-b9dec8b49549
Where:
 proxy_timeout, overrides the ProxyTimeout directive set in httpd_eye.conf. This directive
allows you to set a timeout on proxy requests, which is useful when you have a slow
server response. By default set to 300 seconds.
 ssl_enabled, when set to true the server uses SSL, when set to false it doe not.
 map_server_port, the port on which the SurePath server listens to its clients.
 single_socket_enabled, when set to true the server uses single channel communication,
when set to false it does not.

SurePath User Guide 147

Entuity

 single_socket_port, the port on which single channel communication between the

SurePath server and its clients is conducted. The default port is 12321.
 id, is the SurePath server host identifier required for the generation of a valid SurePath
license in Linux and Windows environments.

[Sla]
Parameters in this section configure slalogger and the roll up of its data. This example
uses the default values:
[sla]
Rollup=192@1h;100@1d;13@1w;24@1m;5@1y
startdayofweek=0
Where:
 Rollup specifies how the data collected by Availability Monitor is retained. This has the
format:
<no of retained samples>@<interval length><unit of time>
where:
 <no of retained samples> is how many samples to keep
 <interval length> is how the original data should be rolled up.
 <unit of time> is the original sample interval, i.e. h for hour, d for day, w for week, m
for month and y for year.
h

 Hourly samples start on the hour, daily at midnight, weekly start time is set through
startdayofweek, monthly at midnight on the first day of the month and yearly samples start at
midnight on the first of January.

For example:
Rollup=192@1h;100@1d;13@1w;24@1m;5@1y

This example uses the default values and means:

 Polled hourly data is kept for one hundred and ninety-two hours, equivalent to eight
days.
 Rolled-up daily data is kept for one hundred days.
 Rolled-up weekly data is kept for thirteen weeks.
 Rolled-up monthly data is kept for twenty-four months.
 Rolled-up yearly data is kept for 5 years.

If you amend these defaults you must ensure you enter valid values, i.e. do not define
strings that request too little data. For example:
RollUp=12@1h;31@1d

SurePath User Guide 148

Entuity

This requests twelve one hour data samples, which is less than the twenty four one hour
samples required to make one day. Therefore, SurePath overrides the entered value and
takes twenty four one hour samples.
h

If you amend Rollup you must stop and then restart the SurePath server for the changes to
! take effect.

 startdayofweek is used in SLA reports to specify the first day of the reporting week. 0 =
Sunday, 1 = Monday, through to 6 = Saturday. The default is 0.

[SNMPserv]
The parameters within this section are used by the SNMP Server:
 checkWalkOrder is used when determining whether SurePath performs lexicographic
checking on data returned by a MIB agent.
This is useful when an agent returns data out of sequence as part of a SNMP GetNext
request. For example, with many lower end Cisco devices (e.g. 1900, 2820 and 2900XL’s)
the section that contains mac address information is unordered. Without the
lexicographic checking this data can cause the GetNext request to form a recursive loop,
with checking this can be avoided.
When checkWalkOrder is set to:
 0, SurePath does not check that the returned data is in the correct order. This is the
default state.
 1, SurePath performs lexicographic checking. If returned data fails the checking
SurePath writes an error message to the calling process’ log file and discards the
data. For example, if macman is run and the data fails the checking, error messages
are written to macman.log and in the Component Viewer you would notice mac
addresses are missing.
h

 If a process inexplicably locks up, e.g. macman, prole, it may be due to a GetNext request
loop and setting checkWalkOrder to 1 may solve the problem.

 SNMP operations controlled through StormWorks are separate from SNMP Server.
Lexicographic setting is always enabled.

[system_control]
Parameters in this section define SurePath system control. This example section starts
SurePath in maintenance mode:
[system_control]
defaultState=maint

Available parameters are:

SurePath User Guide 149

Entuity

 config holds the path and name of the SurePath startup file, entuity_home/etc/
startup_O/S.cfg, where O/S is an abbreviation that identifies the operating system.
 defaultState sets the type functionality when SurePath is started. The default is normal.
This starts every module in SurePath that has normal associated with it in the startup
configuration file (see startup_o/s.cfg).
 delay sets the time between each failed start attempt. The default is 5 seconds.
 retry sets the number of attempts at starting SurePath. The default is 3.
h

Entuity recommend you do not adjust the default system control settings.
!
[tomcat]
Parameters in this section configure Apache Tomcat application server:
 adminport, is the Tomcat administration port, by default 8005.
 port, is the Tomcat port, by default 8080.
 javaMemory, is the amount of memory assigned to the tomcat java process, by default
512M.

[webUI]
Parameters in this section configure Event Viewer. This is an example configuration:
[webUI]
EventViewerMaxEvents=1000
EventViewer.BatchSize=1000
EventViewerShowServerColumn=1
EventViewerSeveritySound=info:chimes.wav, minor:chord.wav,
major:ding.wav, severe:notify.wav, critical:ringin.wav
customDashboardMaxCount=20
where:
 EventViewerMaxEvents, sets the maximum number of events that can be held by Event
Viewer, by default 1000.
 EventViewer.BatchSize, sets the maximum number of events that can be displayed by
Event Viewer, by default 1000.
 EventViewerShowServerColumn, when set to:
 0 (default) the server column is hidden in Event Viewer
 1, Event Viewer displays the server column which identifies the SurePath server that
raised the event, which you may require in multi SurePath server environments.
Changes to this setting are only applied after a restart of tomcat. The setting is only
retrieved from the server you are logged into. Setting this option on a remote server has
no effect unless you directly login to the remote server.

SurePath User Guide 150

Entuity

 EventViewerSeveritySound, allows you to set a sound for each event severity level. You
must install your own sound files (WAV or MIDI) to entuity_home/lib/TomCat/webapps/
webUI/sounds. For changes to this setting to be applied you must restart Apache Tomcat.

eventEngine.bat
Location
entuity_home/bin

Format
Maintained by Entuity.

Description
A Windows batch file (Linux shell script is eventEngine) which when run configures the
eventEngine according to settings in event-engine-cfg.properties. The eventEngine
does not require restarting for the configuration changes to be applied, for example when run
from the entuity_home/etc directory enter:
bin/eventEngine.bat -reloadCfg

Status
Read-only.

event-engine-cfg-template.properties
Location
entuity_home/etc

Format
Maintained by Entuity.
Description
This is a template file and may be overridden. To make persistent changes copy this file to
the event-engine-cfg.properties file and edit it. You can apply changes by running
the batch file eventEngine.bat (in Linux the shell script eventEngine).
You should contact your Entuity representative before amending these configurations.
# Indicates if tracing is switched on for every incoming event: useful
for debugging rules
traceAllEvents = false
# Queue sizes for the events originating from external systems:
# - initial: the initial size of the queue per worker
# - max: the maximum size of the queue per worker
# - total: total size of queues across all workers

SurePath User Guide 151

Entuity

initialRawEventQueueSize = 100
maxRawEventQueueSize = 10000
totalMaxRawEventQueue = 50000
# Queue sizes for the events originating from the event engine itself
initialDerivedEventQueueSize = 10
maxDerivedEventQueueSize = 1000
totalMaxDerivedEventQueue = 5000
# Maximum number of states available to rules
maxRuleStates = 50000
# The duration since the last update to the NofM rule state after
which the state can be discarded
nmRuleStateTimeoutSec = 172800
# Number of events stored in the event cache
maxEventCacheSize = 20000
# The time period for flushing events from the event cache to the
database
eventFlusherFlushPeriodMs = 1000
# The time between archive cleanup jobs
archiveClenupPeriodSec = 1700
# The number of records to delete in a single batch
archiveDeleteBatchSize = 20000
# The number of events which can be stored in the archive per
situation
archiveMaxSituationEvents = 100
# Maximum number of incidents: including open, closed and expired
maxSituationCount = 50000
# The maximum number of events returned per incident
maxReturnedEventsPerSituation = 100
# The duration for which expired incidents should be kept
situationEvictionPeriodSec = 604800
# The duration for which deleted incidents should remain in memory
situationExtraEvictionPeriodSec = 600
# The name for the default incident
defaultSituationName = Unclassified
# Age out for the default incident
defaultSituationAgeOutSec = 3600
# Expiry window for the default incident

SurePath User Guide 152

Entuity

defaultSituationReopenWindowSec = 10800
# Opening window for the default incident
defaultSituationOpeningWindowSec = 300
# Indicates if incident needs to be created for the event with
severity = info
informationalEventCausesDefaultSituation = false
# The minimum duration, which may pass before system event's cache can
be reloaded
minSystemEventReloadPeriodSec = 300
# The View event/incident filter reload period
viewEFilterRefreshPeriodSec = 300
# Positive and negative caching durations for compId to swId
keepTimeForCompIdToSwIdSec = 7200
keepTimeForCompIdToSwIdNegSec = 5
# Positive and negative caching durations for swId to object
description
keepTimeForSwIdToObjectDescriptorSec = 300
keepTimeForSwIdToObjectDescriptorNegSec = 5
# Positive and negative caching durations for swId to object details
keepTimeForSwIdToObjectDetailsSec = 20
keepTimeForSwIdToObjectDetailsNegSec = 20
# Positive and negative caching durations for swId reference to swId[]
keepTimeForSwIdRefToObjectIdsSec = 20
keepTimeForSwIdRefToObjectIdsNegSec = 20
# Positive and negative caching durations for serverId to deviceId
keepTimeForServerIdToDeviceIdSec = 3600
keepTimeForServerIdToDeviceIdNegSec = 5

Status
Read-only.
Changes to

eventProject.xml
Location
entuity_home/etc

Format
Maintained by Entuity.

SurePath User Guide 153

Entuity

Description
This file configures the event system, for example its incidents, rules, actions. SurePath is
shipped with a default project file. When you save and deploy a project SurePath updates the
XML file.
Status
Read-only.

eyepoller_overrides.cfg
Location
entuity_home/etc

Format
Text file.

Description
SurePath’s default behavior is to poll a device using a port with MIB2 support. When a device
does not include a port with MIB2 support and uses its own enterprise MIB to collect device
data SurePath’s default behavior would not return data. Through
eyepoller_overrides.cfg you can configure SurePath to poll the enterprise MIB. The
polling definitions are held in separate configuration files which would be developed by
Entuity Professional Services.
On SurePath startup eyepoller checks for eyepoller_overrides.cfg and when it is
available reads its configuration. eyepoller only checks eyepoller_overrides.cfg
when it starts, it does not reread the file again until it is restarted.
eyepoller configuration has the format:
sysoid> status <admin-status-oid:indexing> <oper-status-oid:indexing>
<time-of-last-change-oid:indexing> {<sysuptime-oid>}
<sysoid> util64 <in-octets-64:indexing> <out-octets-64:indexing>
where:
 Indexing should be either M2 or ES to indicate use of ifIndex or entIndex respectively.
 SNMPv1 polling is used for status.
 SNMPv2 for util64, SNMPv3 for SNMPv3 devices.
 Status sysuptime-oid is optional, and if not present the default of 1.3.6.1.2.1.1.3 is used.

If there is an error in the formatting of any line, the line’s instructions are ignored and a
warning of the failure is entered in eyepoller.log. An information message is also added
to eyepoller.log for each successful override read from the file. Comment lines starting
with # and blank lines are silently ignored.

SurePath User Guide 154

Entuity

Status
Maintained by Entuity and used with configuration produced by Professional Services.
Changes to this file are maintained during SurePath upgrades.

eyepoller_overrides_system.cfg
Location
entuity_home/etc

Format
Text file.
Description
SurePath’s default behavior is to poll a device using a port with MIB2 support. When a device
does not include a port with MIB2 support and uses its own enterprise MIB to collect device
data SurePath’s default behavior would not return data. Through
eyepoller_overrides.cfg you can configure SurePath to poll the enterprise MIB. The
polling definitions are held in separate configuration files which would be developed by
Entuity Professional Services.
On SurePath startup eyepoller checks for eyepoller_overrides.cfg and when it is
available reads its configuration. eyepoller only checks eyepoller_overrides.cfg
when it starts, it does not reread the file again until it is restarted.
eyepoller configuration has the format:
sysoid> status <admin-status-oid:indexing> <oper-status-oid:indexing>
<time-of-last-change-oid:indexing> {<sysuptime-oid>}
<sysoid> util64 <in-octets-64:indexing> <out-octets-64:indexing>
where:
 Indexing should be either M2 or ES to indicate use of ifIndex or entIndex respectively.
 SNMPv1 polling is used for status.
 SNMPv2 for util64, SNMPv3 for SNMPv3 devices.
 Status sysuptime-oid is optional, and if not present the default of 1.3.6.1.2.1.1.3 is used.

If there is an error in the formatting of any line, the line’s instructions are ignored and a
warning of the failure is entered in eyepoller.log. An information message is also added
to eyepoller.log for each successful override read from the file. Comment lines starting
with # and blank lines are silently ignored.
Status
Maintained by Entuity and used with configuration produced by Professional Services.
Changes to this file are maintained during SurePath upgrades.

SurePath User Guide 155

Entuity

httpd_eye.conf
Location
entuity_home/lib/apache/conf/

Format
Text file containing configuration information for the Apache web server. For further
information on this type of configuration file (default name httpd.conf) refer to the Apache
documentation. This is available via the following URL:
http://www.apache.org/

Description
This file provides all the information required by the web server to provide the GUI front end
for SurePath. You should only ever need to modify the file if there is a need to reconfigure
port numbers, amend log file settings. Changes to this file are only applied once configure
is run and SurePath started.
Status
Maintained by the System Administrator. Entuity does not maintain user changes to this file
during SurePath upgrades.

license.dat (license file)

Location
entuity_home/etc

Format
Internal use only.

Description
Contains coded information about the SurePath managed object credits and expiry dates.
The license file, by default license.dat, is used by licenseSrvr and can be checked
using checkLicense.
SurePath is shipped with an evaluation license which can only be used for a limited period
and should only be used in a test environment.
Status
Provided by an Entuity representative.
Maintained by the System Administrator.

mib.txt
Location
entuity_home/etc

SurePath User Guide 156

Entuity

Format
Internal use only.

Description
Contains information relating to ASN (Abstract Syntax Notation). The file is used by various
SNMP polling processes, including prole, as well as by snmpget and snmpwalk.

Status
Read only.

newbin.vendor
Location
entuity_home/etc

Format
Internal use only.

Description
Deprecated, retained for backward compatibility.

Status
Deprecated. Read-only.

provost.conf
Location
entuity_home/etc

Format
Internal use only.
Description
Configuration file for the main scheduling process, provost.

Status
Read only.

serverid.xml
Location
entuity_home/etc

SurePath User Guide 157

Entuity

Format
This file includes details that are used when identifying the SurePath server identity, this is
most applicable when distinguishing between multiple servers, Entuity, SurePath or a
combination of the two.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns2:serverIdentity xmlns:ns2="http://www.entutity.com/webrpc">
<id>ce333d40-fc09-42b6-a4dd-a0315ed3da20</id>
<version>2.0.0.p0</version>
<versionDisplay>Entuity SurePath 2.0</versionDisplay>
<hostAddress>COMPRESSOR</hostAddress>
<webPort>80</webPort>
<sslAccess>false</sslAccess>

<certificate>MIIChzCCAfCgAwIBAgIGARUD8xxFMA0GCSqGSIb3DQEBBQUAMIGHMS
0wKwYDVQQhMDMxNWRhM2VkMjAxFDASBgNVBAsMC0RldmVsb3BtZW50MRAwDgYDVQQKD
AdFbnR1a0NVoXDTE3MDkxMTEyMTY0NVowgYcxLTArBgNVBAMMJGNlNDg0ZDQwLWZjMD
gtNDhiNi1hMWRkLWEwMzE1ZGEzZWQyMDEUMBIGA1UECwwLRGV2ZWxvcG1lbnQxEDAOB
gNVBAoMB0VudHVpdHkxDzANBgNVBAcMBkxvbmRvbjEQMA4GA1UECAwHRW5nbGFuZDEL
MAkGA1UEBhMCVUswgZ0wDQYJKoZIhvcNAQEBBQADgYsAMIGHAoGBAJCHNZjkkyWKl0H
sGs72mfU44xoiKiOddCzkSIS2Bj2NL3Qs4tfWslVXaz+Q2PuF4/
i3i5o8E4jJmZqHqTHaWK8KfGsE6y8eB470oh9ONnMxoFsd4YrUCntrd1X4mbVwvaa6E
mbQVZgEDZXTZoo2BbfVyhJzA9ey4k2jKSkVLPuTAgEDMA0GCSqGSIb3DQEBBQUAA4GB
AI2ykCawwzAZ2gfpjPCLymS0DMTDkhXgwc86trG6KnbRdpEpYpApx5I+N5eIaTEVj/
tH0xBnrKPWnhCMiXqiLgqAsCZ80aPRNc9wPnxIMXdTIwUfeK0wPa+pNe5GyofUYZa-
la8T4IpBqZy+JhGyLzF+0rSEuwVRoKzLeJQjO87gM</certificate>
</ns2:serverIdentity>
where:
 serverIdentiity, web RPC of the SurePath server.
 id, unique SurePath server identifier.
 version, internal SurePath server version number.
 versionDisplay, SurePath server version number displayed through the Help About dialog.
 hostAddress, SurePath server host name.
 webPort, SurePath server web port, by default 80.
 sslAccess, indicates whether the SurePath server is using SSL, true, or not, false.
 certificate, SurePath server certificate.

Description
This file includes details that are used when identifying the SurePath server identity, this is
most applicable when distinguishing between multiple servers, Entuity, SurePath or a
combination of the two.

SurePath User Guide 158

Entuity

Status
Automatically generated by SurePath install and configure. System administrators can
identify and change the id used with an SurePath server through configure serverid.
Entuity maintains changes to this file during SurePath upgrades.

snmpV3.cfg
For SurePath to handle SNMPv3 traps from devices it must, as a minimum, know device
name and user details. For devices SurePath manages, SurePath can retrieve the required
information from its database. For devices SurePath does not manage you should enter
identifying details in snmpV3.cfg.
Location
entuity_home/etc

Format
Text file, with each line defining information required to handle traps from a particular device.

Description
When you require SurePath to handle SNMPv3 traps from devices it does not manage, use
this configuration file to specify how SurePath should handle these traps.
Each line details one device, and must include the device name and user and optionally
engineID, authentication and privacy password.
For example:
-d 10.66.1.13 -u mark
-d 10.66.1.14 -e 0x80000312010A42010E -u mark -a MD5 -A "Auth
Password"
-d 10.66.1.15 -e 0x80000312010A42010F -u mark -a MD5 -A "Auth
Password" -x DES -X "Priv Password"
where:
 -d specifies the device name, e.g. 10.66.1.15,
 -u specifies the user name, e.g. mark
 -e specifies the device engine, e.g. 0x80000312010A42010F
 -a specifies the authentication protocol, i.e. MD5, SHA
 -A specifies the authentication password, "Auth Password"
 -x specifies the privacy protocol, i.e. AES, DES
 -X specifies the privacy password, e.g. "Priv Password".

startup_o/s.cfg
The startup configuration file; for Windows named startup_WIN32.cfg and for Linux
systems startup_UNIX.cfg.

SurePath User Guide 159

Entuity

Location
entuity_home/etc

Format
Text file containing lines in the format: systemVariable=value, under headings denoted by
square brackets [].

Description
Configuration file used by starteots when starting SurePath to determine which processes
to start. For Windows implementations SurePath services are also configured here. Each
process has its own section.
This is an example section:
[syslogger]
state=normal
type=command
start=${ENTUITY_HOME}${FPS}bin${FPS}syslogger
directory=${LOGDIR}
memorylimitmb=4000
is_critical=n

These are the available options:

 [syslogger], is the section name enclosed in square brackets.
 state which sets the state(s) of the module. This label allows you to group modules by
associating them with the same state. In the control_system section of entuity.cfg
you can set defaultState, to your chosen state. When SurePath starts all of those modules
start.
For example by default SurePath starts all those sections with state set to normal.
A section can have more than one state, each state separated by a comma, e.g.:
state=maint,normal
state is the only value you can amend. When state is set to none, the function always
starts.
 type, indicates the type of function to start:
 command, indicates start includes an instruction to run an executable.
 service, indicates start includes an instruction to start a Windows service.
 servicename, name of the Windows service to start.
 start, includes the instruction used to start the process.
 directory, indicates the location of the log file, which when set to ${LOGDIR} is the log
directory specified through logdir in entuity.cfg.
 memorylimitmb a Unix and Linux specific configuration setting. By default all processes
are set to 4000 (4GB), except dsKernelStatic which is set to 8000 (8GB).

SurePath User Guide 160

Entuity

 is_critical, identifies whether the function is critical to SurePath core functionality, Y, yes
and N, no.

The last line of the file must always be a reference to the site specific startup file:
!startup_WIN32_site_specific.cfg

Status
Maintained by Entuity.
When upgrading SurePath this file is overwritten. You should make any site specific changes
to startup_o/s_site_specifc.cfg.

startup_o/s_site_specific.cfg
The site specific startup configuration file; for Windows named startup_WIN32.cfg and
for Linux systems startup_UNIX.cfg.
Location
entuity_home/etc

Format
Text file containing lines in the format: systemVariable=value, under headings denoted by
square brackets [].
Description
This file is referenced by startup_o/s.cfg. It is where you should enter site specific
configuration settings for your installation startup. Values entered here override values for the
same settings entered in by startup_o/s.cfg.
You can copy an entire section from startup_o/s.cfg to this file and amend its settings.
When you only want to amend a small part of an existing startup section, then you can add
the section name and just the required attribute(s). This makes it easier to identify your
changes. For example when you want to amend the state of remedy, in startup_o/s.cfg
the full section is:
[remedy]
state=none
type=command
start=${ENTUITY_HOME}\integ\ForkEvent\forkevent
${ENTUITY_HOME}\etc\remedyforkevent.cfg pipe_remedy
directory=${LOGDIR}
is_critical=n

In startup_o/s_site_specific.cfg you can enter:

[remedy]
state=normal

SurePath User Guide 161

Entuity

Status
Maintained by the System Administrator. When upgrading SurePath this file is preserved.

sw.cfg
Location
entuity_home/etc

Format
Text file containing lines in the format: systemVariable=value, under headings denoted by
square brackets [].
Description
This is the main StormWorks configuration file and must not be edited. It also contains
references to secondary configuration files, all pre-fixed by sw_, that contain details
regarding specific SurePath StormWorks services, e.g. events, ip peering. These files also
must not be edited.
When SurePath configure is run sw.cfg (and through it the secondary files) is referenced
and the StormWorks services are configured.
Status
Created and maintained by Entuity.
h

sw.cfg and the sw_name.cfg files must only be edited by an Entuity representative, or
! under guidance of Entuity. Incorrect amendments of these files can seriously impact
SurePath’s performance.

sw_cm_transforms.cfg
Location
entuity_home/etc
Format
Text file containing lines in the format: systemVariable=value, under headings denoted by
square brackets [].

Description
The retrieval script, policy file and exclusion files are included to SurePath through
sw_cm_transforms.cfg. These transforms first attempt to match on the full system OID,
e.g .1.3.6.1.4.1.9.1.495 then the vendor component .1.3.6.1.4.1.9 and finally null. You can
also individually assign scripts and files against devices through Component Viewer.
[Transform sysOidToRetrievalScriptTransform]
Description=Transform sysOID to configuration monitor retrieval script

SurePath User Guide 162

Entuity

ClientData=
InputType=string
OutputType=string
start_run_hp.expect(.1.3.6.1.4.1.11),
start_run_cisco.expect(.1.3.6.1.4.1.9),
start_run_juniper.expect(.1.3.6.1.4.1.2636),
null(*)

[Transform sysOidToExcludedDifferenceTransform]
Description=Transform sysOID to configuration monitor excluded differ-
ences file
ClientData=
InputType=string
OutputType=string
cisco-generic-exclusions(.1.3.6.1.4.1.9),
null(*)

[Transform sysOidToPolicyRulesTransform]
Description=Transform sysOID to configuration monitor policy rules
file
ClientData=
InputType=string
OutputType=string
cisco-generic-policies(.1.3.6.1.4.1.9),
hp-generic-policies(.1.3.6.1.4.1.11),
null(*)

Status
Created and maintained by Entuity. System administrators can amend this file, configure
must be run for changes to take affect. Entuity maintains changes to this file during SurePath
upgrades.

sw_iptosysname.cfg
Location
entuity_home/etc

Format
Text file containing lines in the format: systemVariable=value, under a heading denoted by
square brackets [].

SurePath User Guide 163

Entuity

Description
This is the scheduling definition for running iptosysname, which changes within SurePath
device names to system names.
The default configuration is:
[Job jobIpToSysName]
Description=Job to change device names to be sysNames
Interval=86400
Offset=10800
ClientData=
Modes=normal
Method=simple;variable workdir=concat(get_config_var("entuity_home"),
"\\lib\\tools");
=logMessage(concat(piped_exec("iptosysname",
workdir,0,7200000,""),"\n"))

where:
 Job, identifies the section as one that defines a job to change device names within
SurePath from IP address to sysname.
 Interval, time in seconds between running of the job. The default is 86400, one day.
 Offset, defines when the job runs as an offset from 00:00. the default is 10800, equivalent
to 03:00.
 Client Data and Modes should not be amended.
 Method, defines the job and should not be amended.
Status
Created and maintained by Entuity. This file is only enabled when included to
sw_site_specific.cfg and configure is then run.

sw_ph.cfg
Location
entuity_home/etc

Description
Controls parsing of the StormWorks configuration files and must not be edited.

Status
Created and maintained by Entuity.

SurePath User Guide 164

Entuity

sw_site_specific.cfg
Location
entuity_home/etc

Format
Text file containing references to files that specify extra functionality, i.e. customer specific
modifications. Files with a hash before their name are not included to the SurePath
configuration, e.g.
#!sw_user_specific_function.cfg
File names that are prefixed with an exclamation mark are included to the SurePath
configuration:
!sw_user_specific_function.cfg

Description
This is the StormWorks configuration file to which site specific functionality, specifically their
configuration files are included.
When SurePath configure is run sw.cfg (and through it the secondary files, including
sw_site_specific.cfg) is referenced and the StormWorks services are configured.
Status
Created and maintained by Entuity. Administrators may be asked to include and exclude
references to files when adding and removing site specific functionality.
When upgrading SurePath this file is not updated, as you would lose your site specific
settings. You should check the release notes as to whether the latest version of this file
includes new functionality, or examine the file directly.

systemcontrol.log
Location
entuity_home/log

Description
Log file recording the behavior and state of system processes. If the Process Health page
indicates an error in one or more processes you may review this file when troubleshooting
the cause.
Status
Created and maintained by Entuity.

SurePath User Guide 165

Entuity XMLDataCollector.xml

system_menus.xml
This file specifies the system menus used in the SurePath web interface. The available web
interface menus are a combination of menus defined in this file and in user_menus.xml.
Menus are added to SurePath during SurePath configure.
system_menus.xml is managed by Entuity and should only be amended by Entuity.

user_menus.xml
This file specifies all user menus used in the SurePath web interface. The available web
interface menus are a combination of menus defined in this file and in system_menus.xml.
Menus are added to SurePath during SurePath configure.
user_menus.xml is user maintained. It is not overwritten during SurePath updates.

XMLDataCollector.xml
Specifies how to identify a device, apply the appropriate XML query to the device and
interpret its XML reply. For example for Nexus, XML Data Collector identifies a device through
its chassis identifier and system version. It can then perform the GET_MAC action with the
appropriate XML configuration.
This extract includes the XML for the MAC address implementation. There are 2:
 Match sets with evaluation occurring in the order specified.
 GET_MAC actions called by the version match set. Both actions write to the same table in
the XMLAPIDB.

Location
entuity_home/etc

Format
XML text file defining data collection.
<?xml version="1.0"?>
<XMLAPIRoot>
<version-match-sets>
<version-match-set version-match-set-id="Nexus-1000v-001" >
<version-match-set-test field="chassis_id" value="Nexus 1000V
Chassis" />
<version-match-set-test field="sys_ver_str" value="4.2\(1\)SV.*"
/>
</version-match-set>
<version-match-set version-match-set-id="Nexus-Default">
<version-match-set-test field="chassis_id" value=".*" />

SurePath User Guide 166

Entuity XMLDataCollector.xml

</version-match-set>
</version-match-sets>
<!-- ********************* ACTIONS ********************* -->
<actions>
<action actionName = "GET_MAC" version-match-set-id="Nexus-1000v-
001" >
<command>
<show>
<mac>
<address-table>
<static/>
</address-table>
</mac>
</show>
</command>
<rowDelimiter delimiter="ROW_mac_address" />
<resultTable databaseAndTable="XMLAPIDB.MacToPort" />
<resultFields>
<resultField field="disp_port" column="Interface" />
<resultField field="disp_mac_addr" column="MACAddr" />
</resultFields>
</action>
<action actionName = "GET_MAC" version-match-set-id="Nexus-
Default" >
<command>
<show>
<mac>
<address-table>
<static/>
</address-table>
</mac>
</show>
</command>
<rowDelimiter delimiter="ROW_mac_address" />
<resultTable databaseAndTable="XMLAPIDB.MacToPort" />
<resultFields>
<resultField field="disp_port" column="Interface" />

SurePath User Guide 167

Entuity XMLDataCollector-log4j.properties

<resultField field="disp_mac_addr" column="MACAddr" />

</resultFields>
</action>
</actions>
</XMLAPIRoot>

XMLDataCollector-log4j.properties
Location
entuity_home/etc/XMLDataCollector-log4j.properties

Description
Sets the level of logging applied to EYEXMLDataCollector.jar.

Status
Created and maintained by Entuity.

SurePath User Guide 168

Index C
Certified Device 82, 88
Checksum
A checking 112, 120
Administrator Access Rights checksums.txt 112, 120
configure 53
Cisco ASA devices
install 53
packet size 84
Ageing Out
Command Line
devDefunct 135
SurePath Install 65
Anti-virus Software
Community String
database corruption 116, 119
amend 88
performance implications 52
device file 96, 128
Apache Tomcat
configure
parameters 150
administrator privileges 53
port setting 75, 80
firewall considerations 60
version 118
log files 77
Apache Web Server overview 121
configuration 156 port usage setting 60
log file configuration 156 running 77
Apache Webserver serverid 159
version 118 sw_cm_transforms.cfg 163
Audit Log
auditLogKeepTime 132 D
auth.log Database
configure 134 change password 79
Auto Refresh directories 70, 122
set 107 improving performance 134
autodisc.txt 129 location 132
password, change 73, 122
autoDiscovery
port 132
see also Device File
port numbers for 75, 80
adding devices 123
running slow 142
automatic running 134
classify unrecognized devices 134 Database Corruption
device name resolution 91, 136 conflicting software 116, 119
duplicateIpCheck 134 dbcheck 99
hypervisors 82 dev.txt
VMs 82 file format 129
see Device File
B devDefunct
Basic Management Level 82 configuration 135
bin.vendor 128 Device Clock Inconsistency
certified device 82 setting tolerance levels 140
Device File

SurePath User Guide 169

Entuity

description 128 Disk space

format 95, 96, 130 configuring 136
importing 81 diskMonitor
setting the name 132 configuring 136
Device Port(s) Utilization Accuracy Lost DNS 96
setting wrap margin 140 hostname format 91
Device Reachability Degraded Event name resolution 136
set 138 DsKernelStatic.log
Device Reachability Events red alert 144
enableDeviceUnreachableEvents 138 yellow alert 145
Device Reachability Incident DVD ISO image
set 138 installing SurePath 120
Device Support Datasets Dynamically Assigned IP Addresses
overview 81 SurePath recommendation 89
Device Types 87
device support datasets 81 E
overview 83
Entuity
reassign to device 88
hostname 72
Device Unreachable Cleared Event license file 132
set 138 server
Device Unreachable Event host identifier 148
set 138 hostname 132
Devices key buffer size 134
assign port event status 138 proxy_timeout 147
bad, marked as 143 version 133
deleting 135 Entuity Server License Alert
DHCP recommendation 89 warning threshold 139
discovery priority 135 entuity_home
display name 84 location 132
dynamically assigned IP addresses 89
entuity.cfg
ICMP ping enable 82
arena allocation 59
IPv6 management 83
Audit Log 132
management level 82
autodiscovery 134
polling 84
description 131
SNMP agent 81
devDefunct 135
SNMP Packet Size
discovery 91
set 84
diskMonitor 136
statically assigned IP address 89
login authorization 133
vendor files 128
prole 145
DHCP Sla 148
devices 89 SNMPserv 149
Discovery spare ports 147
priority settings 135 system_control 149
see autoDiscovery eostimeoutsnmp 132

SurePath User Guide 170

Entuity

Event Management Process H

listening port
Home Page
set 53, 75, 80, 117
set 107
receiver port
set 53, 75, 80, 117 Host Identifier 53, 64, 66, 78, 148
install progress screen 121
Event Receiver Port
obtaining 106
set 53, 75, 80, 117
Hostnames
Event Request Listener Port 53, 75, 80, 117
DNS resolution 137
Event Viewer Entuity server 72, 132
color coding events 108 format 91
maximum number of events 150 format, autoDiscovery options 136
show Entuity server 150 SurePath server 79
sounds 150
httpd
eventEngine not running 55
configure 151
httpd_eye_conf 156
event-engine-cfg-template.properties 151
httpd.conf 156
eventProject.xml 153
Events
assign port events to devices 138
I
associating sounds 150 ICMP Ping
eventsProject.xml 153 enabled 81
excluding Giants 138 management interface disabled 82
show raising Entuity server 150 inst_service 115
Events System install 121
configure 151 administrator privileges 53
EYEInstall.log 64, 67 home folder 63
host identifier 64, 121
eyepoller
ISO image 120
enabling events 139
Linux 65
raising events against ports 141
log files 64
login requirements 53
F patches 111
File 128 preparation 119
uninstalling SurePath 115
Firefox
wizard
supported versions 22
progress screen 64
Firewall Considerations 60
Install SurePath
Flapping log files 67
path history 32
Installation
Full Management Level 82 preparation 52
worksheet 116
G Installation Settings 141
GetNext Request installPatch
checkWalkOrder 149 error messages 113

SurePath User Guide 171

Entuity

running 111 check 105

interface descriptions 145 license verification 105
license.dat 105, 156
Internet Explorer
low credits event 139
supported version 22
server alert 106
Inventory
Linux
add to 123
arena allocation 59
administration 85
arena limit 133
discovery overview 81
configure SurePath 77
permission levels 83
install SurePath 65
Inventory Administration Name Service Cache Daemon 58
licensing 105 RPC Port Mapper 57
Inventory Candidates 91 rpcbind 57
adding devices 92, 93 server timezone 59
duplicate IP address check 134 system requirements 21
management level 82, 92 virtual memory limit 160
proliferate 129 Log Files 67
IPv4 83, 84 Apache Web Server 156
IPv6 dsKernelStatic.log 77
device management 83 EYEConfigure.log 77
EYEInstall.log 64
ISO Image File location setting 132
third party tools 120 login authorization 133
Logical Connections 19
J Login
Java Runtime Environment authorization log 133
see JRE configure logging 134
Login Requirements (for Installation) 53
L
Latency M
unknown 82 MAC Address New
lexicographic checking 149 cause 142
License File 68 MAC Address Port Change
evaluation period 52 cause 142
host identifier, obtaining 106 MAC Addresses
overview 106 configuring macman 141
SurePath version checking 105 machistorylimit 142
License file 118 macman
license.dat 106 entuity.cfg 141
alternate files 132 locking up 149
location 132 machistorylimit 142
overview 156 mallocArenaMax 133
see License File
Management Interfaces
Licensing 99, 105, 116 ICMP ping availability 81

SurePath User Guide 172

Entuity

Management Level 82 Path Stability 32

modify 92 Path Summary 24
VM Platforms 92
PDU
Maria Database Server override file 133
version 118 snmpMaxPduSize 133
MariaDB Server SNMPoidsPerPdu 144
change password 79 Physical Connections
MaxUserPort 59 permissions 47
registry setting 70, 116 Ping Only
requirements 59 VM Platforms 85
mib.txt 156 Ping Only Management Level 82
Microsoft Hyper-V Port Mapper 56
hypervisor discovery 85
portmap 57
Windows only 85
Ports
Multi-Server Administration
assign event status to device 138
licensing 105
defaults 53
description format 145
N spare ports 147
Name Service Cache Daemon Preferences
see nscd General 107
Network Path Changed from Reference 37 Preparation for Installation 52, 119
newbin.vendor 157 Process Health
Not Classified Devices systemcontrol.log 165
autoDiscovery and unrecognized devices Prodigy
134 exclude giantsI 138
nscd 58 prole 145
proliferate
O device support dataset 82
discovery priority 135
Oracle VM Managers 85
SNMPv3 duplicate engine id 54
adding to SurePath 97
security certificates 98 provost.conf 157
proxy_timeout 147
P
Patches 120 R
downloading 112 Reachability
install overview 111 unknown 82
Path Administration readme file 120
licensing 105 Red Alert
Path Discovery 12 SNMPredAlertSecs 144
Path History Refresh
keep time 124 noRefreshViewMapInProliferate 136

SurePath User Guide 173

Entuity

rpc.portmap 57 SNMPv3
rpcbind 57 authentication details 90
duplicate engine id 54
end host connectivity 133
S seed file format 129
secdb trap configuration 159
user authentication database 118 Spare Ports
section 132 configure days 147
Security spareporttime 147
login files 133 SSL 23, 68
Seed File Certificate Signing Request 54
SNMPv3 format 129 configuration 79
serverid.xml listening port 53
configure 157 requirements 54
SurePath fails to start 55
Severity Levels
color coding 108 starteye 99

SHA-1 112, 120 Starting Entuity

configuration file 159, 161
SHA-2 112, 120 start modes 149
Shutting Down SurePath 99 Starting the software 99, 115
SLA Reports slow startup 99
rollup values 148 startup_$_site_specific.cfg 161
start day 149
startup_$.cfg 159
slalogger
entuity.cfg 148 Static IP Address
SurePath server 52
SNMP
agent port setting 143 Status Summary Dashboard
GetNext Request 149 set as home page 107
OIDs per PDU 144 stopeye 100
packet size set 84 StormWorks
receiving traps 133 configuration files 162
snmpMaxOverrides.cfg 84 parser configuration file 164
supported versions 54
SurePath
SNMP Agent DVD ISO image, opening 120
device management 81 General Acceptance (GA) 111
SNMP Agent Not Responding hostname 79
configuring 139 license agreement 62
SNMP Timeout logical connections 19
change attributes 88 number of managed objects 105
patches 111
SNMP timeout 132 shutdown 99
snmpMaxPDUOverrides.cfg 84 SSL and failure to start 55
SNMPserv 149 starting 99
static IP address 52
SNMPv1/v2
authentication details 90 sw_cm_transforms.cfg 162

SurePath User Guide 174

Entuity

apply changes 163 User Groups

sw_ph.cfg 164 modifying 103
sw_site_specific.cfg 165 User Permissions
modifying user groups 103
sw.cfg 162
user_menus.xml 166
sysoids
see Device File Users
setting a default 132
System Files 128
System Requirements
Linux 21 V
virtual machines 23 Vendor Files 88, 128
web UI 22 device support datasets 81
Windows 22 newbin.vendor 157
system_control 149 uncertified 82
system_menus.xml 166 Views
overview 101
systemcontrol.log 165
VLAN Hosts
SNMPv3 contexts 133
T
VM Platforms 87
term signal 100 adding 130
Ticker adding a device 97
listening port 53 adding to SurePath 92
Time Zone Settings attributes 85
Linux 59 autoDiscovery 82
connection attributes 96
trapportnum 133 modify management level 92
Traps Oracle VM Managers 85
receiving adding 97
default port 133 SurePath, running on 23
Trunk Ports VMware ESXi 85
MAC addresses 141 VMware
supported versions 23
U VMware ESXi 85
Uncertified Device 82, 88
request certification 83 W
unclassified device type 83 Web Server
Unclassified Device Types 83 port number 133
Uninstall SurePath 115 port setting 75, 80
Unix Window Firewalls
virtual memory limit 160 live status 52
ping application 52
User Authentication 23
database tables 118 Windows
default user accounts 122 automatic updates, turn off 52
log file 133 command line configuration 77

SurePath User Guide 175

Entuity

firewall considerations 60
port usage setting 59
SurePath services 99
system requirements 22
Worksheets
installation 116

X
XMLAPIDB 118

Y
Yellow Alert
SNMPyellowAlertSecs 145

SurePath User Guide 176

*467218*