Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Administration Portal Getting Started


Congratulations on choosing CSO for SD-WAN, Hybrid WAN, SD-Enterprise, and NFV lifecycle management. This guide is designed to help you quickly learn the basics of the Administration Portal.

Administration Portal Capabilities

The Administration Portal is designed to perform a number of tasks, including:

  • Present a compact, graphical view of important information in the Dashboard

  • Monitor system performance

  • Manage resources used by tenants and their customers

  • Configure service level agreement (SLA) parameters and application profiles

  • Manage tenants

  • Manage Administration Portal users and roles

Deployment Options

Using the previously-mentioned capabilities you can create, deploy, manage, and monitor all of the elements required for Contrail SD-WAN, Hybrid WAN, , SD-LAN, and Next Generation Firewall (NGFW) deployments:

  • Hybrid WAN Deployment–End users at a customer site access VNFs that run on a CPE device located at that site.

    In a Hybrid WAN deployment, CSO provides centrally managed and flexible VNF deployment at remote locations. When you deploy multiple Hybrid WAN sites, each one stands on its own.

  • Contrail SD-WAN Deployment–End users at customer sites access VNFs that run on a CPE device located at their site.

    In addition to site-local VNF access, an SD-WAN deployment provides for site-to-site communication between customer sites using either a hub-and-spoke topology or a dynamic mesh topology. Individual SD-WAN sites can be extended to include SD-LAN and Mist WiFi access points.

  • SD-LAN Deployment-You can use CSO to manage EX-Series LAN switches at customer sites.

    An SD-LAN deployment can be extended to include Mist WiFi access points.

  • NGFW Deployment–You can use CSO to manage customer-site SRX-Series devices and their built-in services thus providing managed security services to remote sites.An NGFW deployment can be extended to include SD-LAN and MIST WiFi access points.

In order to perform any of the deployments mentioned above, there are some things you need to know how to do within the CSO GUI. An administrator, working within the Administration Portal, must be familiar with a number of tasks. Some are for setup and configuration of CSO and some are needed in order to configure the components used in the previously-mentioned deployments, The following sections describe those tasks at a high level without linking them to any particular deployment.

Administration Tasks within the Administration Portal

The following procedures describe how to perform some of the administration tasks in the Administration Portal.

Set SMTP Server

CSO uses e-mail to send first-time access messages to new users, account locked messages, and so on. Because of this, you must configure an SMTP server for CSO to use.

  1. Click Administration > SMTP

    The SMTP page appears.

  2. Fill out the information shown in Figure 1 according to the needs of your SMTP server.
    Figure 1: SMTP Server
    SMTP Server
  3. Click Save when complete.

    It is recommended that you send a test email to confirm that your settings are correct. When using the Send Test Email button, you will get either a success or failure message. Click Save once again after you receive a success message.

Add an OpCo User

The following task describes adding an OpCo user.

  1. Click Administration > Users

    The Users page appears

  2. Click the Add icon (+)

    The Add OpCo User page appears

  3. Fill out the information in the form as shown in the image above.

    If you leave the status set to enabled, CSO sends an email to the specified email address upon completion of the procedure. If you set the status to disabled, no email is sent to the user.

  4. Click OK when finished.


CSO uses Role-Based Access Control (RBAC) to isolate control of certain features to specific roles (groups of users). The following task describes how to add a custom role to your tenant.

  1. Click Administration > Roles.

    The Roles page appears.

  2. Click the add icon (+).

    The Add Role page appears

  3. Specify the details for the role.

    Pay particular attention to the Access Privileges. Many combinations are possible. Selecting some privileges automatically selects others.

  4. Click OK.

    A status message appears about the new role.

Email Templates

The following task describes the Email Templates used by CSO

There are several circumstances under which CSO sends email to users. You can see and edit these email templates as follows:

  1. Click Administration > Email Templates

    The Email Templates page appears that shows a list of CSO email templates as shown in Figure 2

    Figure 2: Email Templates Page
    Email Templates Page

    The template names indicate under which circumstances the template is used.

  2. Click the check box next to one of the template names.
  3. Click the edit icon (pencil)

    The Edit Template page appears.

  4. Edit the YAML template as needed.
  5. (Optional) Click Restore Default Content if there are problems with your template after editing.
  6. Click Save

    A successful save message appears.

Add Tenants

The following tasks describe how to add tenants in the administration portal:

Add a Single Tenant

This task describes how to add a single tenant.. Alternatively, you could import a file that contains data for multiple tenants and their sites by clicking Tenants > Import Tenants > Import.

You can add SD-WAN, Hybrid WAN, Next Gen Firewall, and LAN services in any combination for your tenant.


You cannot add or remove services once the tenant is added. Make your service selections with this in mind.

To add a single tenant:

  1. Click Tenants.
  2. Click the add icon (+).

    The Add Tenant window appears.

  3. Complete the configuration for the tenant as shown in Figure 3.
    Figure 3: Add Tenant Workflow
    Add Tenant Workflow
  4. Click OK to save the changes.

Add Multiple Tenants

This task describes how to add multiple tenants using a JSON formatted text file.

To add multiple tenants:

  1. Click Tenants > Import Tenants > Import

    The Import Tenants page appears

  2. To obtain a sample JSON file for use in the import procedure, click the Download Sample JSON link below the file upload field.
  3. Edit the JSON file to suit your tenant needs and save.
  4. Click the Browse button and select the JSON file you just saved or another previously configured JSON file.
  5. Click the Import button.

    The status of the import and add jobs will appear as messages on the Tenants page.

Add SD-WAN Steering Profiles

The following tasks describe adding various SD-WAN Profiles that can be used by your tenants in SD-WAN Policy intents.

Add SLA-Based Steering Profiles

This task describes how to add SLA-Based Steering Profiles for use by your tenants in SD-WAN Policy intents.

  1. Click Configuration > SLA Based Steering Profiles

    The SLA-Based Steering Profiles page shows a list of Juniper-supplied steering profiles, with names that start with “CSO-”. These profiles can be used as-is in SD-WAN Policies.

  2. Click the Add icon (+)

    The Create SLA Profile page appears as shown in Figure 4

    Figure 4: Add SLA-Based Steering Profile
    Add SLA-Based Steering Profile
  3. Fill out the information on the page.

    Since SLA-Based Steering profiles are intended to assist CSO in making path switching decisions, it is recommended to leave the Path Preference set to Any. This allows CSO to switch traffic to different WAN paths in situations where SLAs are not being met by the active path.

Add Path-Based Steering Profiles

This task describes how to add a Path-Based Steering Profile for use by your tenants in SD-WAN Policy intents.

  1. Click Configuration > Path Based Steering Profiles

    The Path-Based Steering Profiles appears.

  2. Click the Add icon (+)

    The Create Path Profile page appears.

  3. Fill out the information on the page.

    Since Path-Based steering profiles are intended to allow an administrator to choose a specific path for certain traffic types to use, it makes sense to choose a specific path in the Path Preference section. This ensures that your path preference is used rather than a system-determined path.

Allocate Network Services

You must assign network services to tenants to enable them to access the network services. The network services are published to the network services catalog by the SP administrator, or Juniper Networks in the case of cloud-hosted CSO. You can assign services in the following ways:

  • Assign one or more services to a single tenant:

    1. Click Tenants.

      The Tenants page appears.

    2. Select a tenant and click Allocate Network Services. Alternatively, click the Allocate Network Services link under the Assigned Services column.

      The Allocate Network Services to Tenant-Name page appears.

    3. Select the services that you want to assign to the tenant and click OK.

      You are returned to the Tenants page and the status of the assign operation is displayed.

  • Assign a service to one or more tenants:

    1. Click Configuration > Network Services.

      The Network Services page appears.

    2. Select the service that you want to assign to the tenants and click Allocate Services.

      The Select Tenant(s) to allocate the Service page appears.

    3. Select the tenants to which you want to assign the service and click OK.

      You are returned to the Network Services page. The count in the Tenants column is incremented by the number of tenants that you assigned to the service.

License Management

The following tasks describe what can be accomplished on the CSO licensing pages.

Upload Device Licenses

To upload a license:

  1. Click Administration > Licenses > Device Licences.

    The License Files page appears.

  2. Click the add icon (+).

    The Add License page appears as shown in Figure 5

    Figure 5: Upload Device License
    Upload Device License
  3. Specify the details for the license.
  4. Click OK.

    The Upload License page displays the progress of the license upload.

  5. Click OK to save the changes.

    The status of the save operation is displayed.

Assign CSO Licenses to Tenants

The SP Administrator adds CSO licenses to the application. You can distribute the added licenses to your tenants. The following procedure describes this process.

  1. Click Administration > Licenses > CSO Licenses

    The CSO Licenses Page is displayed. All assigned licenses and the license counts appear in the list

  2. Click the checkbox next to the license you want to assign.
  3. Click the Update Assignment button.

    The Assign CSO License window appears and shows the quantity for this license and the number available for assignment to tenants

  4. From the Tenants section, click the + button to add a new assignment.

    A new row on the list will appear.

  5. From the Tenant pull-down, select the tenant.
  6. Enter the number of licenses to assign to this tenant in the Quantity field. Alternatively, you can click the up and down arrows on the right of the field until the appropriate number appears in the field.
  7. Click OK

    The window will close and the CSO Licenses page will update immediately.