You can only monitor systems that you know! GLPI is a very successful open source ITSM solution, the project follows a modular approach and can therefore be extended by many very useful plugins. And yes … GLPI is mainly “French”  ! In this very short introduction, I’ll will give you a rapid overview how to: – automate your IT inventory to manage pc’s, servers, vm’s, vmware, … – add printers and network components via “snmp” – add special assets like databases, appliances, URL’s, lines, racks, datacenters… – add additional information’s to all this components – add people from your LDAP / AD – add plugins to GLPI – build reports – import / export your data – handle tickets, problems, changes, or projects In my second presentation “Monitoring @ G&D ” I will later show you how we’ve automated our monitoring with the help of GLPI, some db view’s and python scripts.

1. SAP Basis Team
Giesecke & Devrient
ITSM by Asterix
and friends
You can only monitor
systems that you know!

2. About:
Name: Karsten Fischer – SAP Basis Team
Company: Giesecke and Devrient (G+D) https://www.gi-de.com/
Areas of technical responsibility for my last 20 years @ G&D:
Firewalls, VPN, Proxys, Routers, Switches, HP-NNM, Identity Management, Oracle, PKI,
Smartcards, Certificates, Kaltura, bigsister, Cacti, Icinga1, CMK, NagioSQL, ELK, Mysql, …. ,
SAP, Icinga2, GLPI, DB2, k8s, …
2

3. About: Giesecke and Devrient
G+D: founded 1852 , +11k employees, revenue € +2.3 billion, HQ Munich
Banknote: Design, Security, Production, Cash Cycle, Cash Automation, …
Digital Payment: Onboarding, Authentication, Mobile & Wearable Payment, …
Payment Cards: Banking and Credit Cards, Card Issuance Services, …
Connectivity: 5G, eSIM, SIM, IoT Security, Connected Cars, Digital Car Key, …
Enterprise Security: Hard- & Software-Based Authentication, Signature Card, …
Health: Card, Health Card Application Management, …
Veridos: Passport, Border Control & Management, National ID, Residence Permit,
Driver's License, Vehicle Registration, ...
Secunet: SINA, EasyPASS
3

5. GLPI – “Gestionnaire Libre de Parc Informatique“
5
• started in 2003 by the INDEPNET association, URL https://glpi-project.org/
• later some “support” companies created around the project
• 2015 TECLIB became “editor” (roadmap, development leadership, core support)
• start as Asset Inventory, later added Assistance, Management, etc …
• many plugins available, see https://plugins.glpi-project.org/
• plugins can be migrated to the core … and some plugins disappeared …
• 2012 the French Prime Minister urged all authorities to use
opensource software whenever possible

6. GLPI
–
Architecture
6
Client / Server
Apache
GLPI Core (php)
mysql
fusion
srv
plugins
plugins
fusion
agent
SNMP
v1/2/3
Server
VMware
API
Auth .
fusion
proxy
XML
fusion
agent
mobil
+ glpi
agent

7. GLPI - Components
7
INVENTORY
SERVICEDESK MANAGEMENT
printers
network
computers
peripherals
racks
databases
mobiles
lines
tickets projects accounts
users
dataflows
software
changes
problems planning
forms
suppliers contracts
certificates
contacts
budgets
licenses
documents
scan done by
FusionInventory
or others
“generic”
entities
kanban
datacenter
bussines processes

8. GLPI
–
Overview
8

9. GLPI
–
Start
screen
(
Admin
)
Version
9
9

10. GLPI
–
Start
screen
(
Self
Service
)
10

11. GLPI
–
Asset
–
Overview
11

12. GLPI
–
Computer
list
(
all
OM1
Systems
are
“fake”
)
12

13. 13
… and btw everything is
linked criss-cross
GLPI
Navigation

14. GLPI
–
Computer
List
-
Maps
14

15. GLPI
–
Computer
details
(
all
OM1
Systems
are
“fake”
)
15

16. GLPI
–
Computer
impact
16

17. GLPI
–
Computer
impact
(list)
17

18. GLPI
–
Computer
…
OS
18

19. GLPI
–
Computer
…
HW
19

20. GLPI
–
Computer
…
Volumes
20

21. GLPI
–
Computer
…
SW
21

22. GLPI
–
Computer
…
network
22

23. GLPI
–
Computer
…
network
23

24. GLPI
–
Computer
VM’s
and
containers
/
pods
24

25. GLPI
–
Computer
…
Virt
Host
25

26. GLPI
–
Computer
…
Management
26

27. GLPI
–
Computer
…
Antivirus
27

28. GLPI
–
Computer
…
certificates
28

29. GLPI
–
Computer
…
certificates
29

30. GLPI
–
Computer
…
history
30

31. GLPI
–
Computer
…
Icinga
(
via
additional
fields
plugin
)
31

32. GLPI
–
Network
32

33. GLPI
–
Network
33

34. GLPI
–
Printer
34

35. GLPI
–
Printer
35

36. Detour: Plugins to add Information’s to GLPI
36
• Data Injection (import xls,csv, …)
• Fusioninventory Agent / Fusioninventory for GLPI
• OCS Inventory NG
• GLPI Agent (beta)
• SCCM ( connects to MS SCCM )
• PrinterCounters
• AirWatch plugin (VMware)
• OpenVAS ( needs update )
• Xivo
• … and via mysql ( @ your own risk  )

37. GLPI
–
Architecture
37
Client / Server
Apache
GLPI Core (php)
mysql
fusion
srv
plugins
plugins
fusion
agent
SNMP
v1/2/3
Server
VMware
API
Auth .
fusion
proxy
XML
fusion
agent
mobil
+ glpi
agent

38. FusionInventory Agent + FusionInventory for GLPI
38
• inventory via local agent (perl) or via remote (SNMP/API’s)
• Inventory of:
• Computers ( Win, LX, AIX, BSD, … )
• VM’s (Vmware, Virtualbox, libvirt, Xen, OpenVZ, HyperV, docker, … )
• Network devices and Printers (SNMP)
• https://fusioninventory.org/
• Control via “Fusioninventory4GLPI”
• additional content possible
• “DMZ” agent possible
• Next: glpi-agent

39. FusionInventory
for
GLPI
39

40. GLPI
–
Racks
40

41. GLPI
–
Database
41

42. GLPI
–
Database
42

43. GLPI
–
Database
43

44. GLPI
–
Database
44

45. GLPI
–
SAP
45

46. GLPI
–
SAP
46

47. GLPI
–
SAP
47

48. GLPI
–
SAP
48

49. GLPI
–
Start
screen
(
Admin
)
Version
10
alpha
49

50. GLPI
–
Asset
–
Overview
50

51. GLPI
–
Computer
list
51

52. GLPI
–
Computer
details
52

53. GLPI
–
Computer
impact
53

54. GLPI – Service Desk - Assistance Overview
54

55. GLPI
–
so
many
tickets

55

56. GLPI
–
Inside
a
Tickets
56

57. GLPI
–
Inside
a
Tickets
57

58. GLPI
–
Inside
a
Tickets
58

59. GLPI
–
Changes
and
Planning
59

60. GLPI – Assistance – Problems and Tasks (Kanban)
60

61. GLPI
–
forms
61

62. GLPI
–
run
your
forms
62

63. GLPI
-
Licenses
63

64. GLPI
-
Suppliers
64

65. GLPI – Management - Documents
65

66. GLPI – Project Management
66

67. GLPI
–
Users,
Groups,
Profiles
67

68. GLPI
–
Users,
Groups,
Profiles
68

69. GLPI
–
Users,
Groups,
Profiles
69

70. • Partner Infos: https://glpi-project.org/partners/
• Telemetry: https://glpi-project.org/telemetry/
• Contact: polina@teclib.com
• Support: https://glpi-project.org/wp-content/uploads/en.pdf
GLPI – Support- and Partnermodel, Users
70

71. Thank you for
your attention Q&A

72. SAP Monitoring
@ G&D
Automated Icinga “Config Build”
with data from GLPI
SAP Basis Team
Giesecke & Devrient

74. Come on … why so complicated?
74
Advantages of automated generation via GLPI:
 the solution scales
 can't forget anything in your Icinga2 configuration
 relevant changes on all systems are “immediately” visible
 full automation is possible (because GLPI “feeds” Icinga2 with “sys data” )
 system administrator has an GUI inside GLPI to change I2 settings
 Easy setting of downtimes for entire “landscapes”
 .. dependencies become transparent (VM >> ESX >> Switch)
…. and “YOU” (the I2 Admin) can concentrate on more important things

75. Additional Host Configuration via Fields Plugin - Configuration
75

76. Additional Host Configuration via Fields Plugin – in Computers
76

77. Special views and tables added to GLPI
 v_info: all basic information’s on servers, network, SAP, etc in one view
 v_icinga2_computer: special information’s from fields plugin
 v_sap_instances , v_sap_instances_hosts:
 v_sap_database , v_sap_db_instances: all special information’s from the
database plugin and fields plugin inside “databases”
 v_ip , v_network_interfaces: technical network information’s
 info_process: special table with processes extracted from the hosts xml file
 tcp_scan: tcp scan results ( glpi host id, IP , tcp port, ssl, certificate, … )
 v_icinga2_sap_maintenance: special view to set maininance in icinga
 v_docu: all link’s and dokuments for glpi objects like computer, network, etc
77

78. Additional tools to enrich data in GLPI
 scanhostmulti.py >> purpose: TCP scan of the host to determine all open TCP
ports and put these in a special GLPI table
 xml_to_db.py >> purpose: extra process information’s from xml files in
glpi/files/_plugins/fusioninventory/xml/computer/… on GLPI
server, reason: <PROCESSES> section is ignored during import 
 further planned personal expansions for fusioninventory:
 Link between TCP Port and Process, so what process is “listening” on the
servers TCP port
 prozess.ps1 >> purpose: add running processes list to fusioninventory xml on
Windows systems (unfortunately process information's are missing in fi4win )
 Transfer of Interesting config settings to an additional GLPI table:
Ansible values, SAP Profile, DB2 settings, mysql config, etc …
78

79. host
script
(py)
-
overview
79
GLPI-DB
table Tabelle Tabelle Tabelle
View
GET GROUPS
GET SERVER LIST
GET USERS
Tabelle
Missing files ?
Redundant files?
Updates?
LOOP SERVER Host Info SQL
EXIT
SQL
Disc Info
Network Info
SQL
SQL
Process Info SQL
CONFIG
FILES
START

80. python scripts and other files to extract the
Icinga config from GLPI
 glpi-to-sap-host.py ( 1300 lines only )
 Parameter’s -p sap-process , -t sap-tcp , -d sap-disk , -z “Icinga-Parent-Zone”
 reads the host table, check for rescan & monitoring = yes and dst file exists
 If there are any changes or missing files:
 Create complete list of Users / Groups
 Loop through this host for:
 Info’s: v_info, v_icinga2_computer, v_icinga2_computer_group
 Disk: Looping with for computer through glpi_items_disks
 IP & Interfaces: looping glpi_ipaddresses, v_ip
 Processes: looping through info_process
 TCP Ports: looping through tcp_scan
80

81. python scripts and other files to extract the
Icinga config from GLPI
 sap-process:
 # 1: programm to search
 # 2: display name in icinga
 # 3: process check string - if field is X it will be ignored
 # 4: number of process for warning (X = ignored )
 # 5: number of process for critical (X = ignored )
 # 6: user (X = ignored )
 # 7: mail or sms&mail or ignore M/S/C/I , default is I OR X for Ignore
 # 8: hostname filter - starting with string
 # 9: variable that will be created when we found this process
 Example: %/squid -f%;squid proxy;X; 0:20;0:40;X;M;;SQUID;
81

82. python scripts and other files to extract the
Icinga config from GLPI
 sap-disk:
 # 1: 1=enabled , 0 = disabled !
 # 2: warning - X is host default
 # 3: critical - X is host default
 # 4: mail or sms&mail or ignore M/S/I , default is Ignore
 # 5: pattern , like om1
 Example: /db2/.*/log_dir;1;20%;15%;S;p;
82

83. python scripts and other files to extract the
Icinga config from GLPI
 sap-tcp:
 # 1: portnumer
 # 2: display
 # 3: warntime # 4: crittime
 # 5: ssl # 6: certificatewarndays
 # 7: http # 8: httpSearchString
 # 9: checkIntervall # 10: retryInterval
 # 11: mail or sms&mail or ignore M/S/I , default is Ignore
 Example: 4443;https;2;3;Y;30,7;X;X;X;X;S
 Example: 5044;logstash beats;2;3;X;X;X;X;X;X;M
83

84. Host Configuration – additional GLPI views
84
View
created
from
standard
GLPI
tables
View
created
from
standard
tables
and
tables
created
by
fields
plugin

85. Icinga Host Configuration generated from GLPI views (red text is from GLPI)
85

86. Host in Icinga automatically generated from GLPI
86

87. Servicechecks
in
Icinga
-
disc/load/cpu
automatically
generated
from
GLPI
87

88. Servicechecks
in
Icinga
-
mem/nfs/eth
automatically
generated
from
GLPI
88

89. Servicechecks
in
Icinga
-
procs
automatically
generated
from
GLPI
89

90. Servicechecks
in
Icinga
-
tcp
automatically
generated
from
GLPI
90

91. Servicechecks
in
Icinga
–
special
tcp
automatically
generated
from
GLPI
91

92. Servicechecks
–
elastic
/
vmware
automatically
generated
from
GLPI
92

93. Database configured via GLPI and Fields Plugin - Configuration
93

94. Database configured via GLPI and Fields Plugin
94

95. Database configured – additional views
95
View
created
from
standard
tables
and
database
/
fields
plugin
tables
View
created
from
standard
tables
and
database
plugin
tables

96. Icinga DB Configuration generated from GLPI views (red text is from GLPI)
96

97. Database in Icinga generated from GLPI
97

98. SAP Instance configured via GLPI and Fields Plugin
98

99. SAP Instance configured via GLPI and Fields Plugin
99

100. SAP Instance configured via GLPI and Fields Plugin
100

101. SAP Instance configured – additional views
101
View
created
from
standard
tables
and
SAP
/
fields
plugin
tables
View
created
from
standard
tables
and
SAP
plugin
tables

102. SAP Instance in Icinga generated from GLPI – mostly via RFC – RZ20
102

103. Supercalifragilisticexpialidocious
…
SAP
special
checks
103

104. Supercalifragilisticexpialidocious
…
SAP
special
checks
104

105. Supercalifragilisticexpialidocious
…
SAP
Cloud
+
Cloud
connector
105

106. In case you are interested in turning this
solution into a project on GitHub
(together with me) …
Here my email adresses:

107. Thank you for
your attention
Q&A