Technical Documentation

Activating Devices (NSM Procedure)

This section includes the following topics:

Activating a Reachable IDP Device

To activate a device:

  1. In the NSM Device Manager, right-click the device and select Activate Device to display the Activate Device wizard.
  2. Select Device deployed and IP is reachable.

  3. In the Specify Connection Settings dialog box, enter the following connection information:

    • Enter the IP address of the IDP device.
    • Enter the username of the device admin user.
    • Enter the password for the device admin user.
    • Enter the password for the device root user.

      Note: In NSM, passwords are case-sensitive.

    • Select SSH Version 2 as the connection method and port 22.
    Click Next.

  4. On the Verify Device Authenticity page, use an out-of-band method to verify the RSA key fingerprint information to prevent man-in-the-middle attacks. For example:

    1. Log into the CLI as admin and enter su - to switch to root.
    2. Enter cd /etc/ssh.
    3. Enter ssh-keygen -l -f ssh_host_dsa_key.
    4. After you have verified the key, click Next.
    In response, NSM connects to the IDP device to retrieve device information. This process takes a moment.
  5. Verify that the device type, OS version, device serial number, and device mode are correct.
  6. Click Next to add the device to NSM.
  7. Click Next to import the configuration from the IDP device.
  8. Click Finish.

    For IDP 4.1 and later devices, NSM next runs a job to update the IDP device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job.

  9. After the job is complete, double-click the device in Device Manager to view the imported configuration.

    To check the device configuration status, mouse over the device and verify that the device status displays Managed.

Activating an Unreachable IDP Device

To activate an unreachable device:

  1. In the NSM Device Manager, right-click the device and select Activate Device to display the Activate Device wizard.
  2. Select Device deployed, but IP is not reachable.

  3. On the Specify One Time Password page:

    • Make a note of the unique external ID for the device. The device administrator will need it to connect the device to NSM. This ID number represents the device within the management system. The wizard automatically provides this value.
    • Specify the first connection one-time password (OTP) that authenticates the device.
    • Click Show Device Commands to display the list of CLI commands that must be executed on the device to connect to NSM. The commands enable management, set the unique external ID, set the management IP address to the device server IP address, and set the device OTP.

      Copy these commands to a text file.

    Click Finish to complete the Add Device wizard and include the new device in the Device Manager list.
  4. Log into the CLI as admin and enter su - to switch to root.
  5. Run the CLI commands you copied in Step 3.
  6. In the NSM Device Manager, mouse over the device to track its configuration status. The first status message is Waiting for 1st connect. After the connection has been established, the status displays Import Needed.
  7. Right-click the device and select Import Device.

    The Job Information box displays the job type and status for the import; when the job status displays successful completion, click Close.

    For IDP 4.1 and later devices, NSM next runs a job to update the IDP device with the Recommended IDP security policy. The Job Information dialog box shows the status of the Update Device job.

  8. After the job is complete, double-click the device in Device Manager to view the imported configuration.

    To check the device configuration status, mouse over the device and verify that the device status displays Managed.

Published: 2010-01-12