Profile Manager

Profile Manager feature in SapphireIMS helps you to define profiles for the discovery. These profiles are used to collect data for the devices discovered in SapphireIMS.

A profile has to be created and configured in the discovery rule. The profile contains the type or protocol information used for data collection as well as the credentials needed to access the device. The creation of various types of profiles is described below

Following type of profile types are supported.

Device Profiles : used for discovery and data collection from devices
Application Profiles : used for data collection of performance data from supported applications
Cloud Profile : Collection of data of resources in the Azure cloud
Cloud Native Profile : Collection of data of resources hosted in the local network, specifically containers and container orchestration platforms.

In addition you can also define profiles for the following:

DHCP Scope - Define this profile if you need to include DHCP scope details as part of the discovery process. Refer DHCP Profiles for details.

Exclusion IP List - Define this profile if you need to exclude devices from the discovery process. Refer Exclusion Profiles for details.

Device Profiles

Click on 'Settings' in the main tab. Under 'Inventory Management' section, click on 'Profile Manager'. The list of profiles is displayed.

You can filter the profile by type which are those pertaining to 'Credentials', those pertaining to 'DHCP Scope' or those pertaining to 'Exclusion IP List'.
You can set the number of entries to be displayed on a page and navigate across pages.
To delete an entry, select the profile and click on 'Delete'.

Note: In case of Enterprise Plus edition, a drop down box for 'Site' selection allows viewing of profiles for a particular site.

Click on 'Add' to add a new profile or click on a profile to modify it.
The sections below describe each type of profile in detail.
The following data collection methods are supported when the profile type is selected as 'Device'.

WMI
SNMP
WBEM
SSH
Intel AMT **
VM
LDAP
FTP
CLI
Dell Wyse

In the case of storage devices, the data can be collected using either WBEM (SMI-S standard) or using CLI based on what is supported by the device. The profile can thus be appropriately created.

**Note: Though Intel AMT appears in the list, it is no longer supported and will be obsoleted in future releases.

WMI (Windows Management Interface)

WMI data collection type is used for collecting data from Windows systems. To use this data collection type you need to specify the credentials with administrative privilege on the domain level (this will ensure data collection for all systems under that domain) or local system level (this will ensure data collection for all systems for which the credentials match). WMI type is also used for importing user information or authenticating from an AD server.

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'WMI'.
4	Windows 98 Profile	Check this box if it is for a Windows 98 system.
5	User Name	Enter the User name for logging into the device
6	Password	Enter the Password for the device.
7	Scope	Select either 'Domain' or 'Local' as per the user name defined
8	Domain	If domain level scope is specified, select the domain for which the credentials are defined. If the domain that you need to select is not listed, then use the ‘Add New Domain’ button to define a new domain account. In case the profile is being used for importing from AD server or authentication from the AD server, specify scope as Domain and provide the domain of the AD server.

Click 'Save' to save the configuration.
Repeat the process to add more WMI profiles.

SNMP

SNMP data collection type is used for collecting data from systems (and devices like routers/switches) where SNMP service is enabled. To use this data collection type you need to specify the SNMP credentials (‘Read’ and ‘Write’ community strings)

On clicking 'Add', the following screen is displayed. The key parameters to be specified when a new SNMP credential profile is defined is given below.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'SNMP'.
4	Version	Select the SNMP version between 'v1', 'v2c' or 'v3'.
5	Read Community	Enter the Read community string (by default this will be ‘public’). Applicable for v1 and v2c only.
6	Write Community	Enter the Write community string (by default this will be ‘private’). Applicable for v1 and v2c only.
7	Security Name	Enter a string used for security purposes. Applicable for v3 only.
8	Security Authorization Protocol	Select the protocol which you want to use for authentication. Applicable for v3 only.
9	Security Authorization Password	Password to authenticate. Applicable for v3 only.
10	Security Privacy Protocol	Select the encryption type for the Security Privacy password. Applicable for v3 only.
11	Security Privacy Password	Enter the Privacy password. Applicable for v3 only
12	Context Name	Enter the context name. Applicable for v3 only.
13	SNMP Port	Port on which SNMP agent listens (by default this will be 161)
14	Retries	Specify the retry attempts for data collection
15	Timeout (Sec)	Specify the time out value within which the data collection is attempted.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen. If you need to add more SNMP profiles, repeat the above process.

WBEM (Web Based Enterprise Management)

WBEM data collection type is used for collecting data from UNIX systems where WBEM service is enabled. To use this data collection type you need to specify the WBEM credentials.

On clicking 'Add', the following screen is displayed. The key parameters to be specified when a new WBEM credential profile is defined is given below.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'WBEM'.
4	User Name	Enter a User Account Name which has administrator privileges.
5	Password	Enter the Password for the user account.
6	Enable SSL	Check this box to enable SSL for secure communication using WBEM.
7	Port	Port for the WBEM service. By default, it is 5989.
8	SSL Certificate	Browse and select the certificate used for WBEM authentication.
9	Vendor	Select the vendor for the device from which data has to be collected..
10	Model	Select the device model.
11	Timeout (Sec)	Select the time out value within which the data collection is attempted.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen. If you need to add more WBEM profiles, repeat the above process.

Note: WBEM is available as an in-built package on systems like Solaris, HP Raid Array. SapphireIMS system also provides pre-compiled WBEM agents for other operating systems like Linux. Refer to the Appendix for more detail.

SSH

SSH data collection type is used for collecting data from UNIX systems where SSH service is enabled. To use this data collection type you need to specify the SSH credentials.

On clicking 'Add', the following screen is displayed. The key parameters to be specified when a new SSH credential profile is defined is given below.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'SSH'.
4	User Name	Enter a User Account Name which has administrator privileges.
5	User Secure Key Authentication	If secure key authentication (RSA / DSA keys) is required, then the checkbox 'User Secure Key Authentication' needs to be enabled.
6	Password	Enter the Password for the user account.
7	Private Key Identity File	The 'Private Key Identity File' can be searched using 'Browse' and uploaded using the 'Upload' button. This file needs to be in putty format (PPK).
8	Passphrase	If the key is created using a Passphrase then the same has to be provided in the 'Passphrase' field.
9	Use Sudo	If the account is non root account and super-user privilege is permitted through 'sudo' then select the checkbox 'Use Sudo' to activate this mode. Please refer to Appendix > Pre-requisite file settings for 'Sudo' account access
10	Port	Port for the SSH service. By default, it is 22.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen. If you need to add more SSH profiles, repeat the above process.
By default if SSH data collection type is used, the default location where the SSH script is installed is '/opt/SapphireIMS'. This can be modified by changing the 'SSH scripts install path' settings in Global Settings. SapphireIMS will automatically install the SSH script in this location.

Virtual Machines (VM)

VM data collection type is used for collecting data from virtual machines. This includes VMware, Hyper V and Xen OS and VMware cluster inventory data collection (VMware vCenter server). To use this data collection type you need to specify the VM credentials.

On clicking 'Add', the following screen is displayed. The key parameters to be specified when a new VM credential profile is defined is given below.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'VM'.
4	User Name	Enter a User Account Name for the VM which has administrator privileges.
5	Password	Enter the Password for the user account.
6	Scope	Set the scope as 'Domain' if the systems to be managed are part of a domain else select 'Local'.
7	Domain	In case of Domain, select the 'Domain' from the list. If a new Domain has to be added, click on 'Add New Domain'. Enter the 'Domain Name' and click on 'Add Domain'. Then the newly added Domain can be selected.
9	Enable SSL	Enable 'SSL' if the VM has to be accessed through secure socket layer.
10	Port	Port for the service. By default, it is 443.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen. If you need to add more profiles, repeat the above process.

LDAP

LDAP data collection type is used to connect to the active directory (AD) domain controller to obtain the host names or workstations in the specified domain. Appropriate workstation profiles (WMI) also need to be selected to access the respective workstations for data collection. Following are the key parameters to be specified when a new LDAP credential is to be defined.

On clicking 'Add', the following screen is displayed. The key parameters to be specified when a new LDAP credential profile is defined is given below.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'LDAP'.
4	Operating Systems	Select the Operating System as either 'Windows' of 'Unix'.
5	User Name	For Windows: Enter a LDAP User Account Name which has administrator privileges.
6	Password	For Windows: Enter the Password for the user account.
7	Fully Qualified Domain Name	For Windows: Enter the domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS) of the AD domain controller
8	Enable SSL	For Windows: Enable 'SSL' if the VM has to be accessed through secure socket layer.
9	Port	For Windows: Port for the domain controller. By default, it is 636.
10	DN	For Unix: Enter the Distinguished Name.
11	Password	For Unix: Enter the Password.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen. If you need to add more LDAP profiles, repeat the above process.

FTP (File Transfer Protocol)

FTP profile is created for accessing the FTP server to perform a backup using FTP.

On clicking 'Add', the following screen is displayed. The key parameters to be specified when a new FTP credential profile is defined is given below.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'FTP'.
4	Operating Systems	Select the Operating System as either 'Windows' of 'Unix'.
5	User Name	Enter User Name for the FTP server.
6	Password	Enter the Password.
7	Port	Enter the Port for the FTP server. By default, it is 21.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

CLI (Command Line Interface)

CLI data collection type is used to collect data from the following set of storage devices.

EMC VNX Block
VNX Series
VNX 5100
VNX 5300
VNX 5500
VNX 5700
VNX 7500

EMC Clariion
CX Series
CX 3-10
CX 3-20
CX 3-40
CX 3-80
CX4
CX4-960
CX45
CX300
CX400
CX500
CX600
CX700
CX800
FC Series
FC4700
AX 4

IBM - DS

Following are the data collection parameters to be specified when a new CLI credential is defined

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'CLI'.
4	User Name	Enter User Name for a CLI account which has administrative privilege.
5	Password	Enter the Password.
6	Vendor	Select the vendor for the storage device among those supported.
7	Model	Select the model of the storage device.
8	Timeout (Sec)	Select a timeout value within which attempt for data collection is made.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

Dell Wyse

SapphireIMS support collection of data from thin clients. This could be collected in one of two ways:

Using WMI or SSH and directly collecting the information from the target system.
For Dell thin clients, data can be collected from the Dell Wyse Device Manager using REST API. SapphireIMS supports Dell Wyse Device Manager Version 5.7.2. The configuration is described below.

There are certain pre-requisites before enabling Dell Wyse Manager

Dell Wyse Device Manager (Version 5.7.2) must be installed and the REST API enabled.
Dedicated credentials for SapphireIMS to access Dell Wyse Device Manager needs to be available and cannot be shared by other applications.
The Key and Initialization Vector (IV) must be supplied for CBC mode AES encryption.
The thin client machines must be reachable from SapphireIMS if the option to get the device status from the clients directly using 'ping' is enabled.

Note: If the Global Setting 'Ping based on Dell Wyse Server' is set to 0 (default), then the status of the devices is obtained directly using 'ping' else the status is obtained from Dell Wyse Device Manager.

Following are the data collection parameters to be specified when a credential for Dell Wyse Manager is defined

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Device'.
3	Credential Type	Enter the credential type which is the protocol used for collecting the data which is 'Dell Wyse'.
4	User Name	Enter User Name for the Dell Wyse Device Manager.
5	Password	Enter the Password.
6	Enable SSL	Check this box if SSL is to be used.
7	Advanced Settings	Check this box if the Key, Initialization Vector (IV) and Page Size (100 by default) has to be changed. The password is sent using AES encryption using CBC mode for which the default Key and IV values are used. However these can be modified.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

Application Profiles

Application credential profiles are required when the discovered application has to be monitored for performance. The following categories of applications are supported for performance monitoring when the profile type is selected as 'Application'. A representative configuration in each of the application categories are given in the sections below. Note that the parameters vary with the application.

Application Servers

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Application'.
3	Application Name	Select the Application name as 'Jboss'.
4	JMX Port	Enter the Port on which the JBoss server runs.
5	User Name	Enter User Name for the server on which the JBoss runs.
6	Password	Enter the Password.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

Application Services

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Application'.
3	Application Name	Select the Application name from the drop down list.
4	User Name	Enter User Name for the server on which the application is running.
5	Password	Enter the Password.
6	Domain	Enter the Domain.
7	WinRM Port	Enter the port for WinRM connectivity. Use the command "winrm e winrm/config/register" to know the configured WinRM port of the machine.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

Database Servers

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Application'.
3	Application Name	Select the Application name from the drop down list.
4	User Name	Enter User Name for the server on which the data base is running.
5	Password	Enter the Password.
6	Service Name / SID	Enter the Service Name or SID of the data base server and select Connect As option.
7	Port	Enter the Port (default for Oracle is 1521).

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

Web Servers/Services

On clicking 'Add', the following screen is displayed.

The fields are described in the following table.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the type of profile as 'Application'.
3	Application Name	Select the Application name from the drop down list.
4	User Name	Enter User Name for the server on which the data base is running.
5	Password	Enter the Password.
6	Domain	Enter the Domain.

Click 'Save' to save the configuration. The new credential profile defined is listed in the listing screen.

Cloud Discovery

On clicking 'Add', the following screen is displayed.

Provide a 'Credential Name'. The 'Profile Type' is 'Cloud'.
Enter the 'Client ID' which is the application ID of the service principal.
Enter the 'Client Secret' which is the client secret/password of the service principal.
Enter the 'Tenant ID' of the service principal.
Enter the 'Subscription ID' used for creating the service principal.
Enter the 'Management Group' for the subscription. If not specified, the subscription is listed under 'ROOT'.
Click on 'Save' to return to the listing screen.

Cloud Native Discovery Profile

This section details the steps for configuring the Profile for Cloud Native Discovery. Cloud Native Discovery involves discovery of the following types of natives resources hosted in the local network.

Container Orchestration Platforms such as Kubernetes and OpenShift
Docker Containers

The configuration of the profiles is described in the following sections.

Kubernetes Discovery Profile

Click 'Add' in the Profile Manager listing screen. The following screen is displayed.

The fields are described below.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the profile type as 'Cloud Native Discovery'.
3	Cloud Native Type	Select the Cloud Native Type as 'Kubernetes'.
4	Authentication Type	Select the Authentication Type as 'Static Token' which is the only type currently supported.
5	Authentication Token	Enter the Authentication Token string.
6	Port	Enter the Port number on which Kubernetes is listening for HTTPS requests.

Click on 'Save' to save the profile.

OpenShift Discovery Profile

Click 'Add' in the Profile Manager listing screen. The following screen is displayed.

The fields are described below.

Serial No	Field Name	Description
1	Credential Name	Enter a name for the credential.
2	Profile Type	Select the profile type as 'Cloud Native Discovery'.
3	Cloud Native Type	Select the Cloud Native Type as 'OpenShift'.
4	Authentication Type	Select the Authentication Type as 'HTPasswd Identity' which is the only type currently supported.
5	User Name	Enter the 'User Name'.
6	Password	Enter the 'Password'.
7	Port	Enter the Port number on which OpenShift is configured to listen for HTTPS requests.

Click on 'Save' to save the profile.

Docker Container Discovery Profile

To discover Docker Containers, there is no separate profile which needs to be created in the Profile Manager. The Docker Containers are discovered by establishing an SSH session with the target host. Create and select an appropriate SSH based discovery profile configuration.