HP IMC’s New eAPI

Now that I got rum-pooh out of my system…  on to a slightly more technical post.

Not sure if anyone of you caught the recent announcements about the new eAPI from HP’s Intelligent Management center.  In a nutshell, this is a RESTful API which allows programatic access to almost all ( maybe all?) of the IMC functions through an HTTP(s) interface.

Now I’m not a programer at all, but I like to think I have a working knowledge of programing logic. At least enough to give a half-decent programmer enough information to get the job done.

So when I had a co-worker present me with a problem earlier this week, I thought “Hey, I wonder what this new eAPI can really do?”.  I did mention I’m not a programer right?  After this little exercise, I’m thinking I might just have to pick up some scripting skills this year. 🙂

So what’s the value of the eAPI? It functionally allows IMC to act as the progamatic upper layer APIs and abstracts the actual management task from the underlying hardware devices.

In less complicated terms; it means that a program can say  “Hey, IMC change the VLAN on this port” and IMC, assuming IMC actually supports that particular device, it will change the VLAN on that port.

INDEPENDANT OF THE ACTUAL VENDOR

Yup. That’s right.  IMC doesn’t care if that device is a HP 5500EI ( comware ), a HP 3800 ( procurve), or even a Cisco Catalyst 3560.  From the perspective of the developer on the other side. It’s as simple as “Hey, IMC change the VLAN on this port”.

So the actual challenge I was given was the following.

” A customer wants to take a bar-code reader, scan in the MAC address of a device, plug it into the network, push a button and then have IMC automatically put it in the right VLAN”.

Now first I had to break that down into the various components.

1) Bar-code reader scans the MAC address

2) Program has to capture the MAC address for use in the %mac-address% variable in the script.

3) Find the device in the network

Hmmm… this could be more difficult than I thought.

So, I need to mock this up, so I break out to a windows CMD prompt.

Ping a known address ( my Synology NAS — LOVE THIS PRODUCT ).  And then put do a arp -a  to get the following output

10.101.0.51           00-11-32-10-03-8b

Now if I was using the IMC web-interface, I would just use the   Resource-Terminal Access-Real-Time Location feature which will, you guessed it, locate a host in real-time using the mac-address or the IP address.

Hmmm… that kinda sucks for output for the script to leverage.  So I went and looked at the eAPI documentation and came out with this little baby

The eAPI call is the following  ( if you wanted to search for an IP address you would use type=2 instead of 1 )

( Don’t click this, it won’t take you anywhere)

http://10.101.0.201:8080/imcrs/res/access/realtimeLocate?type=1&value=00-11-32-10-03-8b

The return is the following

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes” ?>

<list>

<realtimeLocation>

<locateIp>00:11:32:10:03:8b</locateIp>

<deviceIp>10.101.0.221</deviceIp>

<ifDesc>GigabitEthernet1/0/21</ifDesc>

</realtimeLocation>

</list>

Yup. Good old XML. Easy to apply transforms or grab variables.  Programmers love this stuff.

4) So now I have the device IP (switch) that this is plugged into, and the ifDesc which is the actual interface it’s located on. So now I have to figure out how to apply the VLAN to this interface. So I break out the trusty eAPI documentation and start looking for the VLAN section.

Hmmm… I have the devIP and the ifDesc.. not the devID and the ifIndex

note to self: Feedback to the developers to have the first command return the devID and the ifIndex variables

So now I have to find the devID and the ifIndex for that devIP and intDesc

5a) Now if I was on the trusty IMC web interface, I would go to the device resource page… hmmm… that doesn’t appear to be there. I guess instead, let’s go to the eAPI documentation and look for something that looks like a dev query.

Yup. It’s actually called devquery. And it looks like I can filter based on the device IP.

Cool. So now I can search for the specific device IP and hope we get the devID variable back that we need for the VLAN call.

http://10.101.0.201:8080/imcrs/plat/res/device?ip=10.101.0.221

The return is the following

  <?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes” ?>

<list>

<device>

<id>15</id>     ———————————————- This is the device ID that we need to reference later

<label>HP_5500EI</label>

<ip>10.101.0.221</ip>

<mask>255.255.255.0</mask>

<status>1</status>

<statusDesc>Normal</statusDesc>

<sysName>HP_E5500EI</sysName>

<contact>HP Montreal</contact>

<location>Marlborough, MA 01752 USA</location>

<sysOid>1.3.6.1.4.1.43.1.16.4.3.36</sysOid>

<sysDescription>HP_5500EI</sysDescription>

<devCategoryImgSrc>Switch</devCategoryImgSrc>

<topoIconName>stack</topoIconName>

<categoryId>1</categoryId>

<symbolId>1022</symbolId>

<symbolName>HP_5500EI</symbolName>

<symbolType>3</symbolType>

<symbolDesc>HP_5500EI</symbolDesc>

<symbolLevel>3</symbolLevel>

<parentId>1003</parentId>

<typeName>3Com S4800G PWR 24-Port</typeName>

<mac>00:1e:c1:dc:fc:01</mac>

<link op=”GET” rel=”self” href=”http://10.101.0.201:8080/imcrs/plat/res/device/15” />

</device>

</list>

There it is.  DevID is  “15”.

5b) So now we need to figure out that ifIndex value associated with <ifDesc>GigabitEthernet1/0/21</ifDesc> that we pulled above.

If I was in the webinterface, I would simply go to the device ( 10.101.0.221 ), click on the interface list, click on interface Gig 1/0/21 and I would pull out the ifIndex from the interface…

But again, those programmers don’t want HTML, they want an easy XML output that they can play with. So let’s find that…

http://10.101.0.201:8080/imcrs/plat/res/device/15/interface?start=1&size=100

This returns a whole bunch of data for all the interfaces on the switch, but I’m sure that any decent programmer can write a regex expression to only return the one who’s ifDesc value is for Gig 1/0/21, right?

<interface>

<ifIndex>21</ifIndex>      ——————————————–In this case, the ifindex value is the same as the port number. That’s not always going to be true. This is the other variable for the set VLAN

<ifType>6</ifType>

<ifTypeDesc>ETHERNETCSMACD</ifTypeDesc>

<ifDescription>GigabitEthernet1/0/21</ifDescription>

<adminStatus>1</adminStatus>

<adminStatusDesc>Up</adminStatusDesc>

<showStatus>2</showStatus>

<statusDesc>Down</statusDesc>

<operationStatus>2</operationStatus>

<operationStatusDesc>Down</operationStatusDesc>

<ifspeed>10000000</ifspeed>

<appointedSpeed>-1</appointedSpeed>

<ifAlias>GigabitEthernet1/0/15 Interface</ifAlias>

<phyAddress>00:1e:c1:dc:fc:4f</phyAddress>

<mtu>1522</mtu>

<lastChange>4 day(s) 21 hour(s) 39 minute(s) 50 second(s) 990 millisecond(s)</lastChange>

<lastChangeTime>42359099</lastChangeTime>

<filterTrapStatus>0</filterTrapStatus>

</interface>

So now we have the DevID     15     and the ifIndex    for the actual interface where that MAC-address is located.

So let’s go back to the set that VLAN

Let’s assume that you wanted to put the device in VLAN 20,   you would run the following

http://10.101.0.201:8080/imcrs/vlan/20?devId=15&ifIndex21

That’s about it for the task. Now any decent programmer is going to have to put in some checking and error handling, for instance, you might want to check whether or not that VLAN actually EXISTS on the switch. ( Can’t put a VLAN on a port if the VLAN doesn’t exist on the switch, right? ) or maybe return an error if the MAC-address is actually seen on two interfaces, but in a nutshell that’s it.

note: I would also suggest that the dev actually bounce the port to make sure that the device hasnt’ gotten locked in with a DHCP address on the wrong subnet.

/plat/res/device/{deviceId}/interface/{ifIndex}/down   to down the interface

so for use that would be  /plat/res/device/15/interface/21/down

and then immediately do a

/plat/res/device/{deviceId}/interface/{ifIndex}/up

or again for us  /plat/res/device/15/21/up

Now whether the actual switch commands are “switchport acces vlan 20 ”  or ” port access vlan 20 ” or some other variation on a theme doesn’t actually matter to your devOps team. They just write the code to follow the steps and IMC and the eAPI will take care of the rest.

Pretty cool stuff. 🙂

@netmanchris

Rum-Pooh. I love our Universe

As promised on twitter, I had to blog this out as the universe is just TOO amazing a place not to share this story.

So I recently had a chance to present at an industry event in Las Vegas.  The topic was Compliance and how our products can help you to deal with some of the burden that government, or internal governance and compliance initiatives can put on the networking staff.

Now I firmly believe that configuration management is probably THE most important discipline within the network management domains. Good Configuration management can help you prevent a lot of the other issues that will creep up.

I also fully accept and realize this is not exactly the sexiest or interesting material, so like any good presenter does when faced with some dry material. I tried to add in some anecdotes and metaphors  to make the material a little less dry and a little more memorable.

So the story:

My co-presenter was giving a real-life example of a customer of ours who had two FTE employees who’s entire reason for being was to start at device #1 in the network, and manually go through the configuration to ensure it was in compliance with the various governance policies that the organization had.

That’s right; two people who’s job in life is to login to switches and routers and go through mind-numbing configurations line by line to see if there were any unsecured services, any default vendor credentials, ACLs were in place, etc…

Now I applaud the fact that these guys at least recognized the importance of that kind of attention to detail, but I can’t imagine been the person who actually did this MANUALLY.

When presented with this kind of data point, there’s of course someone in the crowd who has to question the sanity of this.

In this case Lindsey Hill @northlandboy  was the person who chimed in. For those of you who know Aaron, @neelixx was also in the crowd.

” Why would ANYONE do that? Why wouldn’t they write a script and be done with it!?!?!?”

And that’s where the story really begins.

My answer went something like this

” So as you may have noticed… we’re in Las Vegas”

audience laughs

” I was invited last night to a team building session which was advertised as ” Squishies and Freaks”.  Squishies are girl drinks. Very tasty and typically some bright, happy color. Freaks? Well we just had to leave the hotel and go walking the Las Vegas strip for that. “

audience laughs – For those of you who have been to Las Vegas. You know that the strip draws some interesting characters. This particular weekend was the electric daisy circus, which I hear is a 40 to 80 thousand person rave.  ( I didn’t go )  But needless to say, the characters were out, and I had LOTS of characters to pick from. Back to my pitch

”  So there were lots of interesting characters out last night, we saw a man in a Minnie Mouse costume, some stilt walkers, etc… but the most memorable to me was the person in a Winnie the Pooh costume, sitting under one of the overpasses, drinking a Captain Morgan’s rum straight from the bottle. “

As you can imagine, at this point, even my co-presenter is looking at me a little strange. People came to this session to hear about compliance, and I’m on some story about a Rum-Winnie. I was definitely getting a “Get to the point Chris” stare.

” So to answer your questions….  I have absolutely NO idea at all why ANYONE would put two full time people on manually verifying device configurations. I saw a Rum-Winnie last night. I have NO idea why anyone does ANYTHING that they do. All I can tell you is that there is a better way, and we can help you with that “

At this point the audience laughs, my co-presenter is happy that I somehow managed to make that seem relevant and the rest of the presentation goes off without a hitch.

We all pack up, say goodbye to old friends and new, and get on planes to go back to our families.

Fast forward about 5 days.

I’m back in Montreal and there’s a company event where engineers from our labs have been invited as a mini-tech day to talk about the new innovations, etc… that they are working from. There was a dinner invite and I’m a geek. So I just couldn’t pass up the chance to sit down and talk hard-core tech with the people who are working on the next-gen of products.

I arrived a little late because of the kids karate class, and sit down at the free chairs and start chatting with the people. One of them recognizes the new shirt and asked me what I was presenting on in Vegas.

Now it’s not every day that you can bring Rum-Winnie into a technical presentation and somehow make it relevant to the overall content, and this just happened, so I’m happy to share the story.

C’Mon it’s Rum-Winnie!!!!  How could I NOT share this story.

This is where it gets really cool.  Everyone laughs at the story, but the guy sitting across from me starts gets a little twinkle in his eye and starts reaching for his phone.

He plays with it and then hands it across the table…  and…

 

Turns out this mostly random guy from Austin, Texas that I met at a Jack Astor’s in Montreal who HAPPENED to be in Vegas at the same time that I was who HAPPENED to be out walking the Vegas strip chose to take a picture of the Rum-Pooh that I had randomly decided to use as an example in my presentation!

How freaken cool is the universe we live in?

 

@netmanchris

 

BYOD – The other implications

WARNING – MIDNIGHT POST.  I’ll come back and fix this in a couple of days, but it’s been banging around in my head and I needed to get it out.

 

So I’m going to get a little controversial here. I’m actually hoping to have my thought process attacked on this one. Hopefully, not personally attacked, but I guess that’s the danger of blogging.

 

Open Disclosure: I don’t work for Cisco.  I guess that’s why I can write this piece and think this through as I’ve got nothing to lose here. I’m sure someone will point and say “Hey! HP GUY!” but I truly don’t feel that whom I work for is going to change the power of this argument.  But because some people get wrapped around those things, I wanted to state that loud and clearly. I am an HP employee. This blog is purely my own thoughts and musings and i no way represents that of my employer in any way shape or form. 🙂

 

So I was at HP discover last week and had a chance to catch up with a TON of customers and partners, as well as have some great conversations with the independent bloggers. To be honest, those are my favorite, because they are the last people to drink the koolaid.If you are trying to convince them of anything, you better have a well constructed argument and proof to support it.

 

So the other topic on everyone’s minds was of course BYOD. Bring Your own Device. Other than Openflow and SDN, I think this is one of the most talked about waves that’s hitting our industry right now. Of course we had the usual discussions about access control, DHCP finger printing, user-agent finger printing, dot1x , web portal, etc… but we also got into some VERY interesting discussions about the greater implications of BYOD.

Now keep in mind, I’m an old voice guy too. My voice books are so old, they’re actually blue, and not that snazzy purple color that you kids use to color coordinate your bookshelves. I know what the SEP in the Callmanagler stands for, and I remember CCM when it shipped on CDs. ( yes, it actually did kids ).

 

So in some ways, I feel like I’m watching my past wash away when I type the following words.

Voice is dead.

Now it might be a few years before everyone realizes it, but there are a lot of forces going on in our industry right now and they seem to all be pointing to a place where handsets are obsolete.

The argument goes something like this

 

1) BYOD is here and it’s not going away.

2) If BYOD is here, then employees are probably teleworking and using their cel phones.

3) If customers are teleworking and using their cel phones, they don’t need desk phones.

4) If customers don’t need desk phones…. they don’t need desk phones.

 

The implications of this really started to hit me and I did a self check and realized, I don’t remember the last time I used a “normal” handset. I work out of a home office. I use a cel phone with unlimited calling.

Not to mention the fact that HP has hooked us up with Microsoft Lync, which means plugin the headset and escalate that IM call to voice or video whenever I need it. and NO handset involved. Oh.. and the Lync client for the iPhone was released too.

The last time I looked, this was an approx $1-2B business for Cisco, so I’m fairly sure they don’t want anyone to realize that investing in new handsets is probably not the wisest move right now. This is a Billion dollar market that they are going to have to replace with something else, or continue to milk it for as long as they can.

Now to be honest, there’s always the Call Center argument which I’ll try and stop right now. Call Centers are not going away. There’s always going to be a business need. Voicemail systems? They might just become part of the cloud, I don’t know. But traditional handset deployments? I think maybe people just haven’t realized they have been throwing money away.

 

On with the rambling midnight logic!

 

The extension to this logic is that if we’re done with handsets, then

why do we need all this POE everywhere?

 

To be honest, I think the only phone that every used anywhere close to the 15.4 watts of 802.3af was the Cisco 7970 series. Most other phones used 2-3 watts, maybe up to 7 with a speaker phone on. So the whole ” I need all 24 ports running full 802.3af class 3 devices at the same time ” is a something that never actually happened ( or at least I’ve never seen it ). 

Now we’re seeing RFP disqualifiers requiring 740 watts per switch ( full 15 watts on all 48 ports ), and I’m sure we will soon be seeing new models coming out with 1,440 watts of POE+ power!!! ( 30 watts per port on a 48 port switch ).

Now POE is an enabling tool, we still need it for access points at the least, but other than that? I can’t name one practical business tool that runs on POE right now that would not qualify as a corner case.

And I don’t see anyone plugging in 24 or 48 access points into the same switch.

 

I would love a sanity check here guys. Is it just me? I’m making an informed prediction throw a crystal ball. Feel free to let me know if my ball’s broken. 🙂

 

@netmanchris