You can create several types of AIM device groups:
Device—for devices upon which to perform AIM administrative
operations. See Creating a Device Group.
Directives—for devices that are supported by the
Juniper Data Collector.
Proxy—for devices in the end customer's network.
You can create Proxy device groups when AIM is run in Partner Controller
mode.
After you have verified and saved the Organization credentials
by clicking Save Credentials, the page expands and the Device Group
and Registered Alerts tables appear (for more information about associating
registering alerts to an organization, seeAssociating Registered Alerts to an Organization). The Device Group and Archive Locations tables are empty until
you create device groups.
To create a device group, do one of the following:
Click Settings > Organizations. The Organizations
table appears.
Create
a new device group or add a device group to an existing organization.
To create a new organization and device group, click Add
New. The Organization Credentials page appears for you to enter the
settings for a new organization. Click Save Changes. The Device Groups
and Alert Registration tables appear below the organization credentials
area.
To add a device group to an existing organization, click
the organization name in the Organizations table. The Organization
Details page, the Device Groups, and the Alert Registration tables
appear.
In the Organization Device Group table, click Add New. The Device
Group page appears with the Archive Locations table (for more information
about the Archive Locations, table, see Configuring Archive Locations.
The Organization to which the device group belongs
appears in the Organization field. You cannot modify the Organization
name.
Creating a Directives Group
A directives group is a group of devices from which the Juniper
Data Collector can gather intelligence information. A device group
is a group of devices from which AI-Scripts collects incident and
intelligence information.
A device may belong to several directives groups. A device may
belong to both a device group and a directives device group. If a
device belongs to both types of groups, both AI-Script-driven and
Juniper Data Collector-driven data collection occurs for that device.
The directives group specifies the archive locations into which
the Juniper Data Collector deposits JMBs for devices in that group.
The archive locations are folders on the local file system. If the
Juniper Data Collector encounters a failure when uploading the JMB
to a particular archive location, it uses the next location, retrying
until there is either success or all archive locations fail. The JDC
places a JMB into a single archive location.
The directives group has a Juniper Data Collector directives
file (directives.rc) that specifies the data collection processing
that is performed for the devices in the group.
An organization can contain several directives device groups.
Organizations do not share directives device groups. Each organization
must use its own archive locations to avoid intermingling of data
between organizations.
When the Juniper Data Collector starts, it reads from the database
the information for all of the directives groups. It determines from
this information which devices to poll, which Juniper Data Collector
directives files to use, and which archive locations to write the
JMB file. When the user saves changes for a directives device group,
the AIM sends a refresh message to the Juniper Data Collector to read
the information for that particular directives device group.
You can create a directives group of supported Juniper Data
Collector devices using the AIM Settings > General Settings and AIM
Settings > Organizations user interfaces. You can add a supported
device to one or more directives groups. For more detailed information
about creating directives groups, see Creating a Directives Group
and Adding Devices.
Ensure that the devices running JUNOS have the NETCONF
protocol enabled. See .
Add the users you want to associate to a directives group
in AIM Settings>Users and User Groups.
Create a directory on the AIM server where you want the
Juniper Data Collector to send device JMBs. For example, from a shell,
enter the following command:
mkdir –p /JDC/jmbarchive
Know the network name, the host name, and the SSH username,
the SSH password, and port number for each device you want to add
to a directives group. For a JUNOSe device, you need the following:
SNMPv2c community string or SNMPv3 user credentials
a Telnet password
Enable 15 password
For a JUNOS device, enable NETCONF.
Creating a Directives Group
and Adding Devices
To create a directives group and add a supported device, follow
these steps.
Configure the AIM General Settings for the
Juniper Data Collector. Select Settings.
Specify the JDC maximum number of concurrent tasks working in
parallel to collect information from devices.
Create an AIM organization if one does not already
exist. You can add a directives group to organizations that already
have device groups for which AI-Scripts collect data.
When you create an organization, the Devices Group and Alert
Registration tables appear.
Create a Directives Group. In the Device Groups
table, select Add New Directives Group from the drop-down list box.
The Directives Group page appears.
On the Directives Group page, add the directives
group name and the archive location pathname, then click Test Access.
The AIM Directives Group page defaults to the directives file directive.rc. Access may fail if credentials, passwords, or
user names are incorrect or if the network is not available. Click
Save Changes. The Devices table and the Associate User Groups table
appear.
In the Devices table, either associate existing
Juniper Data Collector supported devices or add new devices.
To associate devices to a directives group, click Associate
Devices. The Associate Devices page appears with a list of the devices
you added to AIM by host name and device name. Click Save Changes.
The devices appear in the Directives Group Devices table.
To add a new device to the directives group, click Add
New Device. The Create Device and Add to Directives Group page appears.
Enter the new device settings and click Test Connection. If the connection
is successful, click Create Device. The new device appears in the
Directives Group Devices table. (See Directives Group Page Description).
In the Associate User Groups table, associate
the user groups you want to access the directives group.
Click Save Changes. The directives group appears
in the Organization Device Groups table.
Directives Group Page Description
Table 30 describes the Directives Group Page settings.
Table 30: Directives
Group Page Description
Name
Description
Privileges
Length/Range
Default
Save Changes
Saves the directives group settings and displays the Devices
and Associated User Group tables.
AIM Admin Settings
N/A
N/A
Name
The name of the directives group.
AIM Admin Settings
32 characters
blank
Organization
The name of the organization in which the directives group is
being created.
AIM Admin Settings
N/A
N/A
Directives File
A configuration file that drives the Juniper Data Collector
data collection process. The directives.rc file is installed
during the AIM installation.
AIM Admin Settings
N/A
directive.rc
Enable Data Collection
This check box allows the Juniper Data Collector to collect
information from supported devices.
AIM Admin Settings
N/A
This option is selected.
Create Device and Add to Directives Group Page Button Descriptions
Table 31 describes the Create Device and Add to Directives Group page buttons.
Table 31: Create
Device and Add to Directives Group Page Button Descriptions
Button Name
Description
Privileges
Enable/Disable
Results
Create Device
Displays the Create Device and Add to Directives Group page
used to add a supported device to a directives group.
AIM Admin Settings
Enabled
The system message: Validation Error: Value is required.appears when you click the Create Device button without specifying
the required fields on the Create Device and Add to Directives Group
Page.
Clicking the Create Device button when all the required
values are specified displays the'Directive Group page.
Test Connection
Tests the connection between AIM and the device in a directives
group.
AIM Admin Settings
Enabled
Connection Failed : SSH negotiation failed
Table 32 describes
the fields on the Create Device and Add to Directives Group page.
Table 32: Create Device and Add to Directives Group Page Field Descriptions
Name
Description
Privileges
Length/Range
Default
Network Name
The name AIM uses to reach the device (for example. an IP address
or DNS name),
AIM Admin Settings
64 characters
Blank
Host Name
A name you give a device for convenience (for example, an IP
address, DNS name, or any name you create).
AIM Admin Settings
128 characters
Blank
Directives Group
A unique name for the directives group. Click the link to return
to the directives group.
Not allowed to modify
N/A
Display field
Directives
Group
Start Time (HH:mm:UTC)
The start time (Coordinated Universal Time) for Juniper Data
Collector operations for the device.
AIM Admin Settings
HH:mm
00:00
Start Day
A weekday on which to start data collection.
AIM Admin Settings
Drop-down list box that displays the start day options from
Sunday to Saturday
Sunday
Product Family
The Juniper Networks operating system running on the device
(for example, JUNOS, JUNOSe, or ScreenOS.
AIM Admin Settings
Drop-down list box that displays the product family options:
JUNOS, JUNOSe, or NetScreen (ScreenOS)
JUNOS
(JUNOSe) SNMP Version
The SNMP version configured on the device (for example. SNMPv2c
or SNMPv3).
AIM Admin Settings
Drop-down list box that displays the SNMP version options: SNMPv2c
or SNMPv3
SNMPv2c
Test Results
The AIM-to-device connection results.
Not allowed to modify
N/A
Blank display field
SSH
Settings
SSH User Name
A user name for authentication on the device.
AIM Admin Settings
32 characters
Blank
SSH Password
A password for authentication on the device.
AIM Admin Settings
32 characters
Blank
Port
The forwarding TCP port number for SSH.
AIM Admin Settings
1–65, 535
22
(JUNOSe)
SNMPv2c Settings
(JUNOSe) Community String
Authentication of clients is performed by a community string,
a password.
AIM Admin Settings
32 characters
Blank
(JUNOSe)
SNMPv3 Settings
User Name
SNMPv3 user name
AIM Admin Settings
32 characters
Blank
Authentication Protocol
SNMPv3 authentication protocol
AIM Admin Settings
N/A
None
SNMPv3 Authentication key
SNMPv3 authentication key, needed if SHA or MD5 authentication
is selected.
AIM Admin Settings
20 (SHA)
16 (MD5)
0 (none)
Blank
Privacy Protocol
SNMPv2 Privacy Protocol
AIM Admin Settings
N/A
None
SNMPv3 Privacy Key
SNMPv3 privacy key, needed if DES is selected.
AIM Admin Settings
16 (DES)
0 (none)
Blank
JUNOSe
Terminal Settings
(JUNOSe) Terminal Password
Password used to access the JUNOSe device through telnet (if
enabled on the device)
AIM Admin Settings
32 characters
Blank
(JUNOSe) Enable 15 Password
Password used to access all JUNOSe CLI commands for iJMB generation
(if enabled on the device).
AIM Admin Settings
32 characters
Blank
Ensuring NETCONF Over SSH Is Enabled
To ensure that NETCONF over SSH is enabled on a JUNOS device,
follow these steps:
Log in to the JUNOS device.
Enter the following CLI command:
user@host> show configuration
Output similar to the following appears:
system {
host-name Neon;
root-authentication {
encrypted-password "$1$rQQ4q1eZ$
}
login {
message "Please DO NOT change couser lab {
uid 2000;
class superuser;
authentication {
encrypted-password "$1$m
}
}
user lablab {
uid 2001;
class superuser;
authentication {
encrypted-password "$1$w
}
}
}
services {
ftp;
ssh {
root-login allow;
protocol-version v2;
}
telnet;
netconf {
ssh;
}
web-management {
http;
}
}
syslog {
user * {
any emergency;
}
file messages {
any any;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
}
In the show configuration CLI command
output, look for the following NETCONF over SSH configuration:
To enable NETCONF service over SSH, follow these steps:
Include one or both of the following statements
at the indicated configuration hierarchy level.
To enable SSH access over the devoted port (32000) as
specified by the IETF specification, include the ssh statement
at the [edit system services netconf] hierarchy level.
[edit system login user account-name authentication]
user@host# top
[edit]
user@host# set system services netconf ssh
To enable access over the default SSH port (22), include
the ssh statement at the [edit system services] hierarchy
level. This configuration also enables SSH access to the device for
all users and applications.
[edit]
user@host# set system services ssh
Commit the configuration.
[edit]
user@host# commit
Repeat the preceding steps on each JUNOS
device where the client application establishes NETCONF sessions.
For more information about NETCONF, see the JUNOS
NETCONF API Guide.
Creating a Proxy Device Group and Adding Devices
To create a proxy device group and add devices, follow these
steps:
Click Settings > Organizations. The Organizations
page appears.
In the Organization table, click an existing organization
name or create a new one. The Organization details page appears. To
create an organization, see Adding Organization Credentials.
If you create a new organization and save the credentials,
the Organization Credentials details and Groups table appears.
If you click an existing organization name to add a Proxy
Group, the Organization Credentials details and Groups table already
exists.
In the Groups table, select Proxy Device
Group in the Add New drop-down list box. The Proxy Device Group page
appears with the Archive Locations table.
Enter the end customer alias, user name, and password in the
Organization page. The end customer alias must be a unique alphanumeric
name (you can use a through z, capital A through Z, and 0 through
9) with up to 80 characters.
Add an archive location where JMBs from the device
will be stored. For every end user, the partner should create a proxy
organization with a unique archive location for receiving JMBs. The
archive location directory should be used exclusively for JMBs and
no other AIM files.
Click Save Credentials. The Devices table and the
Associated User Groups table appears.
The associated devices are ones that have been managed and imported
from the JUNOScope software or those that have been set up manually
to send JMBs to the archive location.
In the Associated User Groups table, click Add
New to associate the user groups that you want to have access to the
Proxy device group. The User Groups page appears.
In the User Groups table, select one or more user
groups that you want to associate to the user group.
Click Save Credentials.
Device Group Page Description
Table 33 defines the Device
Groups table command buttons.
Table 33: Device Group
Page Button Descriptions
Button Name
Description
Privileges
Enable/Disable
Results
Save Changes
Saves device group parameters and archive locations.
If an AI-Script bundle is specified, that bundle is installed
on all the devices in the device group.
AIM Admin
If privileged
An error message is displayed if the device group and archive
locations settings are not saved.
Table 34 defines the Organization
page Device Group fields.
Table 34: Device Group
Page Field Descriptions
Name
Description
Privileges
Length/Range
Default
Name
Name of the device group
AIM Admin Settings
32 characters
Blank
Organization
Name of the organization to which this device group belongs.
Provides a drop-down list of all the AI-Script bundles managed
by AIM.
AIM Admin Settings
N/A
Blank
No-copy
Indicates the command to not save a copy of the AI-Script bundle
file during installation on the device.
AIM Admin Settings
Checked or unchecked
Blank
Unlink
Indicates the command to remove the AI-Script bundle after successful
installation on the device.
AIM Admin Settings
Checked or unchecked
Blank
Proxy Device Group Page Description
Table 35 describes
the Proxy Device Group page buttons.
Table 35: Proxy Device Group
Page Button Descriptions
Button Name
Description
Privileges
Enable/Disable
Results
Save Credentials
Tests connection to JSS, and if successful, then saves organization
name and authentication credentials in the database. It also retrieves
the end customer ID.
AIM Admin Settings
If privileged
Saves the new organization credentials in the AIM database
Create Policy
Lets you create a reaction policy associated with an organization.
For example, you can create a reaction policy that triggers when a
new intelligence message is received. For more information about creating
a reaction policy, see Creating Reaction Policies.
Reaction Policy
Available after you click Save Changes
Opens the Reaction Policies page.
Table 36 describes
the fields on the Proxy Device Group page.
Table 36: Proxy Device
Group Page Field Descriptions
Field Name
Description
Privileges
Length/Range
Results
Customer Alias
A unique alphanumeric name for the customer (a through z, capital
A through Z, and 0 through 9).
AIM Admin Settings
Up to 80 characters
Organization
Name of the organization to which this proxy device group belongs.
