Adding the Devices to NSM

8/17/2019 Adding the Devices to NSM

1/11

Confguring Global Cluster Data with Confguration Groups (JUNOS Clusters Only)

You can apply confguration groups to a JUNOS cluster object just as you can to a stanalone JUNOS

e!ice" See #Using Confguration Groups$ "You can cluster J Series routers or S%& Series gateways" You

cannot cluster '& Series

e!ices Series e!ices or & Series e!ices"You can inclue confguration groups within te*plates

when confguring cluster objects"'+actly the sa*e rules apply as when confguring a stanalone e!ice"

See #Using

Confguration Groups with ,e*plates$"

Confguring e*ber-.e!el Data in a JUNOS Cluster

,o pro!ie confguration ata /or a specifc cluster *e*ber such as the noe na*eNS i*ple*ents a

special /or* o/ the wilcar *echanis* to esignate a confguration group to a specifc cluster *e*ber"

0or ease o/ *anage*ent we reco**en placingall your *e*ber-specifc confguration ata in one

confguration group /or each *e*ber"

You can apply *ultiple confguration groups to each *e*ber"

NO,'1 2*porte confgurations alreay ha!e the *e*ber-specifc confguration groups create an

applie" Use the proceure escribe hereonly /or *oele confgurations"

3e reco**en using noe4 an noe5 as the na*es o/ the confguration groups that correspon to

*e*ber 4 an *e*ber 5 o/ the cluster although you can use any na*e containing the strings #noe4$

an #noe5$" 3e reco**en you o not use noe4 ornoe5 as the na*es o/ confguration groups that

contain cluster-le!el ata"

,o confgure *e*ber-le!el ata in a J Series cluster /ollow these steps1

5" 2n the De!ice anager select De!ices"

6" 0ro* the list o/ e!ices select the cluster whose *e*ber you want to confgure an

then clic7 the 'it icon"

8" 2n the Confguration tab select Confg Groups"

9" Clic7 the : icon an select Confg Group /or ;: Noe (noe4"

: confguration group calle #noe$ appears in the Confg Group .ist"

?" %ight-clic7 Confguration in the cluster *e*ber tree an select :pply@'+clue Confg Group /ro* the

list"

,he :pply@'+clue Confg Groups ialog appears with the confguration group na*e noe alreay

highlighte in the :!ailable Confg Groups list"

A" Clic7 the : icon abo!e the :pplie Confg Groups list (an not the : button)"

: ialog bo+ appears an reBuests you to enter a string"

" ,ype apply EnoeF in the bo+ an then clic7 O>"

,he EnoeF is auto*atically e+pane by NS to create an apply confguration groups noe4 an

noe5 to each *e*ber noe"

" Clic7 O> to apply the confguration group"

2/ you later nee to eit the local ata /or a cluster *e*ber you o so by eiting the confguration group

/or that *e*ber"

Confguring JUNOS De!ices with %eunant %outing 'ngines

Confguring a e!ice with ual %outing 'ngines iHers /ro* confguring a e!ice with a single %outing

'ngine in that you can confgure /eatures /or a specifc %outing 'ngine" ,wo special confguration groups

are use /or this purpose1

Confguration group re4 /or the %outing 'ngine in slot 4

Confguration group re5 /or the %outing 'ngine in slot 5


2/11

0eatures confgure in these special %outing 'ngine confguration groups appear only in the %outing

'ngine confguration to which they were applie" ,hey o not appear in the global confguration

regarless o/ which %outing 'ngine is the *aster" :ll other confguration groups applie to the e!ice

apply to the global confguration an

not to ini!iual %outing 'ngines"

Confguring a %outing 'ngine

,he /ollowing e+a*ple confgures a separate hostna*e /or the %outing 'ngine in slot 4"

,o confgure a separate hostna*e /or a %outing 'ngine in slot 4 an /ollow these steps1

5" 2n the na!igation tree select De!ice anager I De!ices"

6" 2n the De!ice ,ree ouble-clic7 the JUNOS router with reunant %outing 'ngines"

8" 2n the Confguration tab o/ the e!ice eitor select Confg Groups .ist"

9" 2/ the confg group re4 e+ists open it by ouble-clic7ing its icon" 2/ it oes not alreay

e+ist clic7 the : icon na*e the new confguration group re4 an then sa!e it"

=" 2n the na!igation tree /or re4 select Syste*"

?" 2n the ;ost Na*e fel assign a na*e to the %outing 'ngine /or e+a*ple Dual-%'-re4"A" Clic7 O> twice"

0igure1 Confguring %outing 'ngine Specifc ara*eters

Kiewing a %outing 'ngine Confguration

,he /ollowing e+a*ple shows how to isplay the hostna*e assigne to a specifc %outing 'ngine" See

ne+t 0igure an /ollow these steps1

5" 2n the na!igation tree select De!ice anager I De!ices"


3/11


8" 2n the 2n/o tab o/ the e!ice eitor select %outing 'ngine Confguration"

Kiewing a %outing 'ngine Confguration

,he /ollowing e+a*ple shows how to isplay the hostna*e assigne to a specifc %outing 'ngine" See

ne+t 0igure an /ollow these steps15" 2n the na!igation tree select De!ice anager I De!ices"


8" 2n the 2n/o tab o/ the e!ice eitor select %outing 'ngine Confguration"

9" Double-clic7 on the confguration group na*e to show the confguration /or the corresponing %outing

'ngine"

=" 2n the na!igation tree select Syste*" ,he confgure %outing 'ngine na*e appears in the ;ost Na*e

fel"

0igure1 Kiewing the %outing 'ngine Confguration


4/11

Adding the IDP 250 Devices to NSM

This procedure assumes the IDP 250 devices are reachable through their respective management ports as

mentioned in the previous section.

The following steps are required to add the IDP-250 devices as standalone devices to !" according to the

etwor# $rchitecture shown in %igure &'(

,o i*port an 2D Series e!ice with a 7nown 2 aress1

1- 2n the NS na!igation tree select De!ice Manager > Devices"

Figure 1 : NSM Add IDP Device Wizard: Add Device

2- )lic# the * icon and select Device to displa+ the $dd Device wi,ard.

3- !elect Device Is eachable default/ and clic# et to displa+ the page where +ou configure connection

settings.


5/11

Figure 2 : NSM Add Device Wizard: Connection Settings

4- In the Specify Connection Settings dialog box, enter the following connection information:

- Enter the IP address of the IDP Series device: 1!"1#$"%"1%

- Enter admin for the &sername of the device admin &ser : admin

- Enter the password for the device admin &ser" 'o& set the password for admin when yo& ran the (C) *i+ard

: admin-pwd

- 'nter the passwor /or the e!ice root user" You set the passwor /or root when you ran the

:C 3iLar1 root-pwd

- Select SS; Kersion 6 an port 66"

Clic. /ext"

0he *i+ard displays a page where yo& can verify the integrity of the connection between the IDP Series appliance and

/S) as shown in the fig&re below" Please wait a moment as the /S) retrieves SS .ey fingerprint information from

the IDP Series appliance"

Figure 3 : NSM Add Device Wizard: SSH Key Fingerprint Information

5- .og into the 2D OS co**an-line inter/ace an !eri/y the SS; 7ey fngerprint"Co*paring the

SS; 7ey fngerprint in/or*ation enables you to etect *an-in-the-*ile attac7s1

a" Connect to the 2D OS co**an-line inter/ace1

• Use SS; to connect to the 2 aress or hostna*e /or the *anage*ent inter/ace"

.og in as a*in an enter su M to switch to root"

• 2/ you pre/er *a7e a connection through the serial port an log in as root"


6/11

b" 'nter cd /etc/ssh"

c" 'nter ssh-keygen -l -f ssh_host_dsa_key.

,he co**an generates output si*ilar to the /ollowing1

1024 f4:91:d0:04:b7:61:00:77:45:c3:cc:bd:af:b3:5b:a2 ssh_host_dsa_key.pb

:/ter you ha!e !erife the SS; 7ey fngerprint *atches clic7 Ne+t"

,he 3iLar isplays a page where NS retrie!es an isplays in!entory in/or*ation"

lease wait a *o*ent as the NS retrie!es in!entory in/or*ation /ro* the 2D Series :ppliance"

Figure 4 : NSM Add Device Wizard: Inventory Inforation

6- 2erify that the device type, 3S version, device serial n&mber, and device mode are correct"

- Clic. /ext to add the device to /S)" 4pon s&ccess, /S) displays the following message:

Figure ! : NSM Add Device Wizard: Add Device "onfiration


7/11

!- Clic. /ext to import the config&ration from the IDP Series device" 4pon s&ccess, /S) displays the following

message:

Figure # : NSM Add Device Wizard: "onfiguration I$ort "onfiration

"- Clic. 5inish"

10- :/ter the job is co*plete ouble-clic7 the e!ice in De!ice anager to !iew the i*porte

confguration"

,o chec7 the e!ice confguration status *ouse o!er the e!ice an !eri/y that the e!ice status isplays

Managed"

Figure % : NSM Device Manager: &ie'ing Device Statu(


8/11

1P !! !$ !" Integration

,o a the KN SS. Secure :ccess :ppliances cluster in NS we shoul a the cluster frst an

then a each *e*ber" :ing a *e*ber is si*ilar to aing a stanalone e!ice"

Secure :ccess clusters be confgure by the e!ice a*inistrator to operate in acti!e@passi!e *oe

or in acti!e@acti!e *oe"

Clusters in acti!e@passi!e *oe are *ae up o/ a pri*ary *e*ber an a seconary *e*ber" :ll

trac ows through the pri*ary *e*ber" 2/ the pri*ary *e*ber /ails then the seconary *e*ber

ta7es o!er"

Adding and Importing the Secre Access C!ster to NSM

2/ the cluster is alreay installe an confgure on the networ7 then you can a an i*port that

cluster into NS"

5" On each cluster *e*ber e!ice confgure NS a*inistrator logon creentials"

6" 2n NS a the cluster object using the : Cluster wiLar"

2n the De!ice anager select Devices clic7 the : icon an select C!ster /ro* the list" ro!ie

the cluster na*e color o/ the icon OS na*e plat/or* an *anage OS !ersion" ,he OS na*e

plat/or* an OS !ersion *ust *atch those on the physical e!ices"

8" 2n NS a each cluster *e*ber"

%ight-clic7 the cluster icon in the De!ice anager select Ne" > C!ster Mem#er an /ollow the

instructions in the : Cluster e*ber wiLar" 3hen pro*pte select Device Is Not $eacha#!e

to a an e+isting e!ice with a yna*ic 2 aress"

,he last step in aing the cluster *e*ber pro*pts you to continue aing cluster *e*bers"Select this option i/ you ha!e *ore *e*bers to aP unselect it i/ you are one aing *e*bers"

9" On each cluster *e*ber e!ice confgure an acti!ate the NS agent an establish an SS;

session with NS"

=" 2*port the cluster"

2n the De!ice anager open the cluster icon right-clic7 on one cluster *e*ber an select Import

Device /ro* the list" You o this only once an /or the entire cluster because the confguration is

ientical /or all cluster *e*bers"

:/ter i*porting the confguration appears at the cluster le!el in NS" ,o eit the confguration

open the cluster icon not the ini!iual cluster *e*bers"

Step b Step SA-4500 Cluster NSM Integration

,his step by step confguration guie shows how to a the >:S:%C Secure :ccess S:-9=44

cluster that alreay e+ists on the networ7 an i*ports the confguration into NS" ,he cluster in

this e+a*ple has two *e*bers1

%OC-42,C-C,%42:-45-SSK an %OC-42,C-C,%42Q-45-SSK"

:ing an i*porting a cluster consists o/ three *ajor steps1


9/11

R :ing the Cluster

R :ing the Cluster e*bers

R 2*porting the Cluster confguration

:ing the Cluster

: a new cluster to NS as /ollows1

5" Select Device Manager > Devices an then clic7 the : icon an select C!ster /ro* the

list"

,he : Cluster wiLar starts"

5" 'nter the cluster-le!el in/or*ation into the New Cluster ialog bo+ as shown in 0igure 5?5

below1

Figure ) :ing the Secure :ccess Cluster

5- Clic7 %& "

,he new cluster appears in the De!ice anager"

:ing the Cluster e*bers

5" On the e!ice itsel/ confgure the cluster *e*ber e!ice with logon creentials /or the NS

a*inistrator"

6" : the cluster *e*ber in NS1

a" 2n the De!ice anager right-clic7 on the SA-C!ster icon an select Ne" >C!ster Mem#er

/ro* the list"


10/11

b" 2n the New Cluster e*ber ialog bo+ enter a na*e an color /or the cluster *e*ber an select

Device Is Not $eacha#!e"

c" Clic7 Ne't" ,he Speci/y OS Na*e Kersion an lat/or* screen appears"

" Speci/y an 2 aress /or the NS De!ice anager ser!er or accept the e/ault an then clic7

Ne't"

e" a7e a note o/ the UniBue '+ternal 2D auto*atically isplaye by NS" ,he e!ice a*inistrator

will nee it later to connect the e!ice to NS"

/" 'nter the NS userna*e an passwor confgure on the e!ice"

g" 'nter a frst-connection one-ti*e passwor an *a7e a note o/ it" ,he e!ice a*inistrator will

nee it to connect the e!ice to NS"

h" Chec7 the &eep Adding C!ster Mem#ers bo+ to a another cluster *e*ber"

,he 0inish button changes to the Ne+t button"

i" Clic7 Ne't an repeat the process /or the secon cluster *e*ber" 3hen you ha!e fnishe aing

cluster *e*bers lea!e the >eep :ing Cluster e*bers bo+ e*pty an clic7 (inish"

8" Confgure an acti!ate connecti!ity on each cluster *e*ber by per/or*ing the /ollowing steps

on each cluster *e*ber1

a" Open the S)stem > Con*gration > NSM Agent screen to a the NS *anage*ent

application"

b" 2n the ri*ary Ser!er fel enter the 2 aress o/ the De!ice Ser!er"

c" 2n the ri*ary ort fel enter +,0"

" 0ill out the Qac7up Ser!er an Qac7up ort fels i/ a high a!ailability De!ice Ser!er is confgure"

e" 2n the De!ice 2D fel enter the uniBue e+ternal 2D pro!ie by the NS a*inistrator"

/" 2n the ;:C fel enter the one-ti*e passwor also pro!ie by the NS a*inistrator"

g" Clic7 the .na#!e button to enable the NS agent"

h" Clic7 Save Changes"

,he e!ice so/tware initiates the ,C connection to NS an ientifes itsel/

using the specife e!ice 2D an ;:C" ,he two sies then engage in SS; transport layer

interactions to set up an encrypte tunnel an NS authenticates itsel/ to the e!ice base on

user na*e an passwor"

9" Confr* Connecti!ity in NS"

Keri/y that the connection status o/ the cluster *e*ber in the De!ice .ist is #Up$"

2*porting the Cluster confguration

,o i*port the cluster confguration /ollow these steps1

5" 0ro* the NS na!igation tree select Device Manager > Devices"

6" %ight-clic7 SA-C!ster (the cluster na*e) an select Import Device /ro* the list"

NS starts a job to i*port the confguration" : job winow reports the progress o/ the job" 3hen the

job fnishes the confguration status /or each cluster *e*ber changes /ro* #2*port Neee$ to#anage$"


11/11

Adding the Devices to NSM

Documents

Transcript of Adding the Devices to NSM