Infinite Device Management, ICE and SNMPv3
The Information Collection Engine (ICE) software can be configured to use SNMPv3 for secure communication with print devices. The ICE software can be configured to use settings defined in the Information Collection Engine tab in Site Details on the IDM server or the settings may be configured locally with the ICE software. Managing SNMPv3 settings locally will allow you to manage a site via the IDM website while keeping SNMPv3 passwords and usernames local to the machine that runs the ICE software.
Why SNMPv3 over SNMP version 1 and 2?
SNMP version 3 provides a number of security enhancements over previous versions of SNMP that give an increased level of protection against possible attacks or intrusions. SNMPv3 does this using three features:
- Users - when trying to access data stored in a printer’s MIB, a username is required providing a higher level of security than simply providing a Community Name.
- Authentication - additional security is provided by using either a SHA or MD5 hash algorithm applied to the passwords.
- Encryption - DES/AES level security can be added to the data being transferred without overwhelming agents and clients without a lot of unnecessary cryptography overhead.
Why SNMPv1/v2 over SNMPv3?
While SNMPv3 will provide a high level of security in sensitive environments, there are other considerations when choosing to implement SNMPv3:
- Implementing SNMPv3 requires an effort on the part of the dealer and on the end customer IT department to ensure that the deployment is successful and maintainable.
- Improper implementation can result in print devices not scanning.
- Troubleshooting mixed SNMP environments can be difficult and time consuming.
SNMPv3 Configuration in ICE and IDM
To view and/or change the SNMPv3 settings in IDM:
- Login to Infinite Device Management.
- Go to Administration.
- Go to Customers.
- Use the Find/Filter options to locate the customer site that you wish to add SNMPv3 support for.
- Click on the Site name.
- Click on Information Collection Engine tab.
To view and/or change the SNMPv3 settings in ICE:
- Open the ICE Administrator.
- Go to Configure --> SNMPv3 settings...
- Check "Override server settings". If checked, then all SNMPv3 settings will be pulled and stored locally on the computer running the ICE. If unchecked, settings will be pulled from the server and you will only be able to view the settings. NOTE: If unchecked, the settings displayed may not be up to date. They will update the next time the ICE does a scan.
- You can enter an IP address of a device to and click the Test button to test the SNMPv3 settings against a particular device.
SNMPv3 Device Scanning/ Scan option - You have three options to choose from. "Do Not Use SNMPv3" means SNMPv3 is not used at all. "Allow SNMPv3 devices" means that the ICE will try communicating with SNMPv3 if the device does not respond to SNMPv1 or v2. "Only scan SNMPv3 devices" means that the ICE will only try to find and scan devices that are setup to use SNMPv3. Non-SNMPv3 devices will not be scanned at all.
User Name - The security name to use when communicating with SNMPv3 devices.
Context Name/Context(s) - A comma-delimited list of the SNMPv3 contexts the ICE will try for SNMPv3 communication. It is recommended that the most common contexts in the environment be put first for faster discovery. Note that the ICE will always try an empty or blank context as the last context it tries.
Security Level - The SNMP v3 security level that will be used.
Authorization Protocol - The authorization protocol to use for SNMPv3 communication.
Authorization Key - The password to use for authorization.
Privacy Protocol - The privacy protocol to use for SNMPv3 communication.
Privacy Key - The password to use for privacy.
How did we do with this article?