Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Modifying Junos Space Network Management Platform Settings

    As the Super Administrator or System Administrator, you can modify the settings of Junos Space Network Management Platform.

    To modify the settings of Junos Space Platform:

    1. On the Junos Space Platform UI, select Administration > Applications.

      The Applications page is displayed.

    2. Select Network Management Platform.
    3. Select Modify Application Settings from the Actions menu or right-click Network Management Platform and select Modify Application Settings.

      The Modify Application Settings (Modify Network Management Platform Settings) page is displayed and the Device section is selected by default.

      Note:

      • You cannot modify the application settings if another user is currently modifying the application settings. You receive a pop-up message indicating the user who is currently modifying the application settings.
      • For the Junos Space Platform settings that have numerical values, the label [Default] is displayed to the right of the text box if the value is the system default.
      • From Release 17.1R1 onward, Junos Space Network Management Platform automatically saves the changes you make in each section of the Modify Application Settings page while you modify the Network Management Platform settings.

        The settings are saved only temporarily so that you can change the settings in other sections. To save the settings across sections, you must explicitly click the Modify button; for more information, see 15.

    4. (Optional) Modify the settings related to the devices, as shown in Table 1.

      Table 1: Device Settings

      Field

      Description

      Add SNMP configuration to device for fault monitoring

      This check box is selected by default, which ensures that the SNMP target for the devices that are discovered from Junos Space Platform is set to the Junos Space VIP node. This configuration enables these devices to send their SNMP traps to the Junos Space VIP node.

      If you clear the check box, then SNMP trap targets are not set for the devices that are newly added in Junos Space Platform. The devices whose SNMP trap targets are not set do not send their SNMP traps to the Junos Space VIP node.

      Allow Device Communication

      This check box enables discovered devices to communicate with the Junos Space server. If the check box is cleared, the discovered devices cannot communicate with the Junos Space server.

      Allow users to auto log in to devices using SSH

      This check box allows users to automatically log in when starting an SSH connection on a device. The default (check box is cleared) indicates that you have to add your credentials to log in to a device using SSH.

      Auto resync device

      This check box ensures that when the network is the system of record, configuration changes on a connected Juniper Networks device are synchronized with or imported to the application database. By default, this check box is selected.

      Configure commit synchronize during device discovery

      This check box ensures that for either system of record, configuration changes in Junos Space Platform for a device are pushed, committed, and synchronized during device discovery. By default, this check box is selected.

      Disable network monitoring for all devices

      This check box determines whether Network Monitoring is used to monitor only Junos Space fabric nodes (check box is cleared) or both Junos Space fabric nodes and devices (check box is selected):

      Note: This check box is cleared by default.

      1. If the Disable network monitoring for all devices check box is selected, then during device discovery Junos Space Platform does not push SNMP trap targets to devices or add devices into Network Monitoring. In addition, if a Resync Nodes job is triggered, Junos Space Platform removes devices that are already present in Network Monitoring and removes the trap target settings that were previously set on the devices. In addition, Junos Space Platform does not synchronize additional devices with the Network Monitoring workspace.
      2. If the Disable network monitoring for all devices check box is cleared, Junos Space Platform does the following:
        • Pushes the SNMP trap targets to the devices during the discovery of new devices if the Add SNMP configuration to device for fault monitoring check box is selected

          If the Add SNMP configuration to device for fault monitoring check box is cleared, then the SNMP trap targets are not pushed to the devices.

        • Adds the device into Network Monitoring during the discovery of new devices

        Note: For devices that are added to Junos Space Platform before the Disable network monitoring for all devices check box is cleared, you must initiate a manual device resynchronization to add the devices into Network Monitoring.

      3. If the Disable network monitoring for all devices check box was previously cleared and is changed to selected, then you must trigger a manual device resynchronization so that Junos Space Platform removes the devices from Network Monitoring. The rest of the behavior is the same as explained in the first step.

      System of Record Settings

      This setting enables you to specify whether the network is the system of record (NSOR, which is the default) or whether Junos Space Platform is the system of record (SSOR).

      Note: Resynchronization choices on this page apply only to NSOR.

      Enable approval workflow for configuration deployment

      This option is for a candidate configuration (previously known as consolidated configuration) and lets a user deploy any configuration changes made from Junos Space Platform on to a device only on approval. By default, this check box is selected. By clearing this check box, you can deploy the configuration directly without approval.

      Enable commit confirmed for configuration deployment

      Specify that the device waits for a specified time for the configuration to be explicitly committed when a commit configuration request is sent from Junos Space Platform. The default wait time is 10 minutes.

      This check box is cleared by default.

      Junos Space initiates connection to device

      This check box is selected by default, so Junos Space Platform initiates a connection with managed devices. To have managed devices initiate a connection with Junos Space Platform, clear this check box.

      Looking Glass Device response timeout in secs

      Specify a timeout interval for devices on which the looking glass feature is applied. Junos Space Platform waits until the specified timeout interval for a response has lapsed and if there is no response, the request is timed out.

      The minimum timeout interval is 30 seconds, the maximum is 600 seconds, and the default is 120 seconds.

      Max auto resync waiting time secs

      This field specifies the initial time within which device configuration changes are synchronized with the database. If multiple commit logs are received from devices, Junos Space waits for this time interval to lapse before the resynchronization of the device configuration is initiated.

      The default waiting time is 20 seconds. This setting is applicable only when the network is the system of record.

      Number of devices to connect per minute for Space Initiated Connection

      This parameter enables you to control the number of devices connecting with Junos Space Platform. The default number of devices allowed to connect per minute in connections initiated by Junos Space Platform is 500 devices and the maximum number of devices is 1000. If Junos Space Platform connects to too many devices simultaneously, the performance of the network is weakened.

      Polling time period secs

      This setting is for specifying the interval at which to poll the configuration of devices that do not support system logging (non-Junos OS devices). Junos Space Platform polls and compares the configuration it has with that of the device at the interval set here. If there is a difference, it is reported. If the network is the system of record, Junos Space Platform synchronizes its configuration with that on the device. The default is 900 seconds.

      SSH port for device connection

      This field specifies the SSH port on the device. Junos Space Platform uses this port to discover devices. The default value, 22, is the standard SSH server port.

      Enable abort rpc call for timed out sessions

      Enabling this option calls <abort/> rpc for timed out NETCONF sessions. If this option is not enabled, <close-session/> rpc is used to close all NETCONF sessions. The difference in behavior applies only to timed out or terminated sessions.

      Manually Resolve Fingerprint Conflict

      When a fingerprint conflict occurs during device reconnection or when a user connects to a device by using the secure console or SSH, Junos Space Platform allows the user to resolve a fingerprint conflict manually or resolves the conflict automatically.

      This check box is selected by default, which means that the user must resolve the fingerprint conflict manually. If the check box is cleared, Junos Space Platform resolves the fingerprint conflict automatically by accepting the fingerprint that is presented during authentication.

      Note: If Junos Space Platform maintains an active connection with a device, the change in the device fingerprint is not recognized by Junos Space Platform. Fingerprint changes on devices are recognized when the devices reconnect with Junos Space.

      Support WW Junos Devices

      Select this check box to enable support for devices running worldwide Junos OS (ww Junos OS devices) and clear the check box to disable support for ww Junos OS devices.

      This check box is cleared by default.

    5. (Optional) Click the User hyperlink (on the left of the page) to modify the settings related to users, as shown in Table 2.

      Table 2: User Settings

      Field

      Description

      Automatic logout after inactivity (minutes)

      Specify the time, in minutes, after which a user who is idle (that is, has not performed any action such as pressing a key or clicking a mouse) is automatically logged out of Junos Space Platform. This setting conserves server resources and protects the system from unauthorized access.

      The default value for this setting is five minutes. From Junos Space Platform Release 17.1R1 onward, you can set a value of up to 480 minutes. If you set the configuration to Never, the idle time out is disabled and the user is never logged out of Junos Space Platform due to inactivity.

      Note: From Release 17.1R1 onward, you can override this setting by specifying a user-specific value when you create or modify a user account.

      Disable inactive user after time period (Days)

      Specify the number of days after which a user who is inactive (a user who has not performed any action such as pressing a key or clicking the mouse) is automatically disabled in Junos Space Platform. The Disable inactive user after time period (Days) setting is available from Junos Space Platform Release 16.1R1 onward. This setting protects the system from unauthorized access. A user who is disabled cannot log in to Junos Space Platform. To enable the user to log in again, use the Enable Users action on the User Accounts page of the Role-Based Access Control workspace.

      By default, the time period is set to Never, which means the user is never disabled because of inactivity. You can choose a period of up to 120 days to permit a user to be inactive, after which the user is disabled.

      If an SMTP server and the user’s e-mail address are configured, an e-mail notification about account disabling is sent to the user 24–48 hours before the user account is disabled.

      Maximum concurrent UI sessions per user

      Specify the number of concurrent user sessions allowed per user for GUI login at the global level (that is, for all users).

      The default value is 5. You can enter a value from 0 (zero) through 999. Entering 0 (zero) means that there are no restrictions on the number of concurrent UI sessions allowed per user. However, the system performance may be affected if you allow unlimited concurrent UI sessions.

      Note:

      • If you are a super user, this concurrent user session limit does not apply and you are allowed to log in even when you have exceeded this limit.
      • The changes that you make to the concurrent UI sessions limit (either at the global level or at the user level) do not affect existing sessions; this limit is validated against the next user login only.

      UI auto refresh interval in seconds

      Specify the time, in seconds, after which the Junos Space GUI is refreshed automatically. The default value is 3 seconds.

      Use User Password Auth Mode choices

      • Use User Password Auth Mode—Select this option, which is the default, if you want the Junos Space server to authenticate the user on the basis of username and password entered by the user.
      • Use X509 Certificate Complete Certificate—Select this option if you want the Junos Space server to authenticate the user on the basis of the certificate of the user.
      • Use X509 Certificate Parameters—Select this option if you want the Junos Space server to authenticate the user on the basis of the X.509 certificate parameters.

      For more information about changing authentication modes, refer to Changing User Authentication Modes.

      Note: If you change the authentication mode from password-based to certificate-based by using the Use X509 Certificate Complete Certificate option without uploading appropriate certificates or from certificate-based to certificate parameter–based by using the Use X509 Certificate Parameters option without adding and activating the parameters, an error message is displayed in a pop-up window. Click OK to close the pop-up window.

    6. (Optional) Click the Password hyperlink (on the left of the page) to modify the settings related to password rules, as shown in Table 3.

      Note: You click the User Settings icon on the Junos Space banner (see Changing Your Password on Junos Space) to change your password, but the constraints that govern the password are set on the Modify Application Settings (Modify Network Management Platform Settings) page.

      Table 3: Password Settings

      Field

      Description

      Advanced Settings

      To view or configure advanced password settings, click the view/configure hyperlink.

      You are taken to the Password > Advanced Settings section. Refer to step a for details.

      Minimum no. of characters

      Specify the minimum number of characters that a password must contain.

      The minimum value for this field is 6 (the default) and the maximum value is 999.

      No. of previous passwords cannot be reused

      Specify the number of previous passwords that cannot be reused when users change their passwords. For example, if you enter 10, users cannot reuse any of their previous 10 Junos Space Platform passwords.

      The range is 0 (zero) through 999 and the default is 6; 0 (zero) indicates that there is no restriction on password reuse.

      No. of unsuccessful attempts before lockout

      Specify the number of successive attempts after which Junos Space Platform locks out users who enter incorrect passwords. Junos Space Platform identifies users by their IP addresses, so that even if users have exceeded the limit for incorrect passwords on one system they can try to log in again from a different system.

      The range is 0 (zero) through 999 and the default is 4; 0 (zero) means that users are not locked out due to login failures.

      Note: This verification applies only to users who are in the Junos Space Platform database. It does not work with RADIUS and TACACS+ server authentication.

      Time interval for lockout in hours

      Specify the interval (in hours) for which a user who has entered incorrect passwords more than the number of times specified in No. of unsuccessful attempts before lockout is locked out.

      The range is 0 (zero) through 999 and the default is 12 (hours); 0 (zero) means that users are never locked out.

      Note: You can unlock a locked-out user at any time (see Disabling and Enabling Users).

      Time interval for password expiry in months

      Specify the duration (in months) after which passwords of all the locally authenticated Junos Space Platform users expire.

      The range is 0 (zero) through 999 and the default is 3; 0 (zero) means that the passwords never expire.

      Note:

      • This configuration does not have any impact on the RADIUS or TACACS+ server–authenticated users.
      • If you upgrade to Junos Space Release 13.1 or later, the password expiry time of the existing local users remain as is until the users modify their passwords or you change the value in this field.

      Time interval for password expiry notification in months

      Specify the number of months in advance that users are warned that their passwords will expire. For example, if you enter 2, users receive a notification two months before their current passwords expire.

      The range is 0 (zero) through 999 and the default is 1 (month). Make sure that the value you enter here is less than or equal to the value in the Time interval for password expiry in months field.

      1. (Optional) Modify the fields related to advanced password settings as explained in Table 4.

        Table 4: Advanced Password Settings

        Field

        Description

        At least one lowercase character

        Specify whether at least one lowercase letter is required in the password. This check box is selected by default.

        At least one number not in the last position

        Specify that the password must contain at least one number and that a number cannot be the last character of the password. This check box is selected by default.

        When this check box is selected, a password that contains a number as the last character is not allowed.

        At least one special character not in the last position

        Specify that the password must contain at least one special character (non-alphanumeric character) and that a special character cannot be the last character of the password. This check box is selected by default.

        When this check box is selected, a password that contains a special character as the last character is not allowed.

        At least one uppercase character

        Specify whether at least one uppercase letter is required in the password. This check box is disabled by default.

        No more than three repetitive characters

        Specify that a password should not contain the same character repeated more than three times in succession; for example, Exam333pl3e and E3x3a3m3ple are valid passwords, whereas Exam3333ple is not.

        This check box is selected by default.

        Not repeat of the user ID

        Specify that the username should not be part of the password. This check box is selected by default.

        Not reverse of the user ID

        Specify that the username in reverse should not be a part of the password. This check box is selected by default.

    7. (Optional) Click the Domain hyperlink (on the left of the page) to modify the settings related to domains, as shown in Table 5.

      Table 5: Domain Settings

      Field

      Description

      Enable users to manage objects from all allowed domains in aggregated view

      Specify whether a user can view and manage all objects from all domains to which the user is assigned (check box is selected) or not (check box is cleared, which is the default). For example, when this check box is selected, a user can stage a script belonging to one domain to a device in another domain.

      A user can override this configuration by setting the preference from the User Settings configuration section.

      Enable option to manage read/execute access to parent domain objects at time of domain creation

      Specify whether users with access to a child domain object can access objects belonging to the parent domain (check box is selected) or not (check box is cleared, which is the default).

      When this check box is selected, a user with access to child domain objects can perform read and execute actions on parent domain objects. The following objects are accessible:

      • Device templates and template definitions
      • CLI Configlets, Configuration Views, and XPath and regular expressions
      • Images, scripts, operations, and script bundles
      • Reports and report definitions
    8. (Optional) Click the Audit Log hyperlink (on the left of the page) to modify the settings related to audit logs, as shown in Table 6.

      Table 6: Audit Log Settings

      Field

      Description

      Audit log forwarding interval in minutes

      Enter the time interval based on which audit logs will be forwarded according to the audit log forwarding criteria that are configured and enabled.

      The default time interval for audit log forwarding is 60 minutes.

      Log successful audit log forwarding

      Select this check box for successful audit log forwarding to be logged.

      Note: For more information about forwarding audit logs, see Audit Log Forwarding in Junos Space Overview.

      Record HTTP GET method

      Select this check box if you want all API GET calls to be logged in the audit log. By default, this check box is cleared.

      Note: If this check box is selected, only API GET calls invoked from external scripts are logged; API GET calls originating from the Junos Space Platform user interface or Junos Space applications are never logged.

    9. (Optional) Click the Search hyperlink (on the left of the page) to modify the settings related to search, as shown in Table 7.

      Field

      Description

      Index auto update interval in seconds

      Specify the interval (in seconds) for automatic updates to the index.

      The default is five seconds, which means that for every five seconds the system automatically checks whether there are any new changes in the database that need to be indexed.

      Index page interval in hours

      Specify the index page interval in hours. The default is two hours.

      This field determines the interval at which Junos Space Platform reindexes objects in the database. For example, if you specified the index page interval as three hours on 23-Dec-2014 at 4:00 PM (current date and time) and that the last indexing was completed at 1:00 PM on 22-Dec-2014, because the last indexing was performed more than three hours ago, Junos Space Platform indexes objects from 1:00 PM on 22-Dec-2014 to 4:00 PM on 22-Dec-2014 and marks the last index date and time as 22-Dec-2014 4:00 PM. This process is repeated for the specified index page interval—3 hours in this example—until all the objects are indexed.

      If there is no last index time present in the database, Junos Space Platform uses the date and time of the database creation as the last index time.

      Pause indexing during device import

      Specify whether indexing should be paused during device import (check box is selected, which is the default) or not (check box is cleared).

      If you have to discover a large number of devices (for example, in the range of thousands), this setting speeds up the device discovery by approximately 10%.

    10. (Optional) Click the CLIConfiglets hyperlink (on the left of the page) to modify the settings related to CLI Configlets, as shown in Table 8.

      Table 8: CLI Configlet Settings

      Field

      Description

      Advanced XPath Processing

      If this check box is selected, whenever you trigger an action on a device that requires BaseX support, the BaseX database is populated for that device across the Junos Space nodes. Any resynchronization or discovery triggered after the configuration is enabled is handled.

      If this check box is cleared (default), then the BaseX database is not used.

      Enable Approval Workflow for Configlets

      If this check box is selected, the configuration changes through CLI Configlets for devices are displayed in the Change Summary tab on the Review/Deploy Configuration page in the Devices workspace. You can exclude, include, approve, reject, or delete the changes through CLI Configlets (displayed in curly-braces format) before deploying the configuration changes on the device.

      If you select this check box, the Apply CLI Configlets workflows in the Devices and CLI Configlets workspace display a Submit button.

      If this check box is cleared (default), the Submit button is not displayed in the Apply Configlet workflows (in the Devices and CLI Configlets workspaces) and you cannot submit the configuration changes through CLI Configlets. You must apply the CLI Configlets in the Apply Configlet workflows to deploy the configuration changes through CLI Configlets.

    11. (Optional) Click the RESTAPI hyperlink (on the left of the page) to modify the settings related to REST APIs, as shown in Table 9.

      Table 9: REST API Settings

      Field

      Description

      Include detailed results in job completion response

      This setting affects how detailed job results data is returned by a hornet-q poll API when a Junos Space job or a “'Long Running Request” is completed. The job results data is always returned in the last hornet-q progress-update response message that has the <state> element set to “DONE” and the <percentage> set to “100.0”'.

      If this check box is selected, the last progress-update response returns detailed results in the <data> element. If this check box is cleared (default), the last progress-update response returns the detailed results in an href attribute of the <detail-link> element along with the type attribute containing the media-type name of the custom job detail.

      Note: This setting applies only to those jobs that support “detail-link” reporting (currently, the /api/space/script-management and /api/space/configlet-management jobs).

      For other jobs that do not support “detail-link” reporting, the last progress-update response returns detailed results in the <data> element or returns the <data> element as “No Result Data Available”. In both cases, the <summary> element contains the summary of job results.

    12. (Optional) Click the Security hyperlink (on the left of the page) to modify the settings related to HTTPS access to Junos Space Platform through Web browsers or other HTTP clients, as shown in Table 10.

      Table 10: Security Settings

      Field

      Description

      Disable weak algorithms for WEB or API access

      This setting affects the type of key exchange, encryption, authentication, and MAC digest algorithms used for HTTPS access to Junos Space Platform through Web browsers and API clients. By default, this check box is not selected.

      If this check box is selected, only Transport Layer Security (TLS) version 1.2 protocol–compliant Web or API clients can access Junos Space. The TLS 1.2 algorithm is available from Junos Space Platform Release 16.1R1 onward. Table 11 lists TLS version 1.2 algorithms that are supported for HTTPS access when weak algorithms are disabled.

      One of the following cipher suites is configured on the Apache Web server depending on whether the corresponding check box is selected or cleared:

      • ECDHE-RSA-AES256-GCM-SHA384
      • ECDHE-ECDSA-AES256-GCM-SHA384
      • ECDHE-RSA-AES256-SHA384
      • ECDHE-ECDSA-AES256-SHA384
      • DHE-DSS-AES256-GCM-SHA384
      • DHE-RSA-AES256-GCM-SHA384
      • DHE-RSA-AES256-SHA256
      • DHE-DSS-AES256-SHA256
      • ECDH-RSA-AES256-GCM-SHA384
      • ECDH-ECDSA-AES256-GCM-SHA384
      • ECDH-RSA-AES256-SHA384
      • ECDH-ECDSA-AES256-SHA384
      • AES256-GCM-SHA384
      • AES256-SHA256
      • ECDHE-RSA-AES128-GCM-SHA256
      • ECDHE-ECDSA-AES128-GCM-SHA256
      • ECDHE-RSA-AES128-SHA256
      • ECDHE-ECDSA-AES128-SHA256
      • DHE-DSS-AES128-GCM-SHA256
      • DHE-RSA-AES128-GCM-SHA256
      • DHE-RSA-AES128-SHA256
      • DHE-DSS-AES128-SHA256
      • ECDH-RSA-AES128-GCM-SHA256
      • ECDH-ECDSA-AES128-GCM-SHA256
      • ECDH-RSA-AES128-SHA256
      • ECDH-ECDSA-AES128-SHA256
      • AES128-GCM-SHA256
      • AES128-SHA256

      If this check box is cleared, only the TLS version 1.1 protocol–compliant Web and API clients can access Junos Space.

      Note: You can enable or disable weak algorithms only if all load balancers are in the UP state. When you enable or disable weak algorithms, a warning message is sent to all user sessions, the user sessions are stopped, and the users are logged out.

      Table 11: Supported TLS Version 1.2 Algorithms for HTTPS Access When Weak Algorithms Are Disabled

      Encrypted Connection

      Details

      MAC

      ECDHE-RSA-AES256-GCM-SHA384

      TLSv1.2

      Kx=ECDH Au=RSA Enc=AESGCM(256)

      Mac=AEAD

      ECDHE-RSA-AES256-SHA384

      TLSv1.2

      Kx=ECDH Au=RSA Enc=AES(256)

      Mac=SHA384

      DHE-RSA-AES256-GCM-SHA384

      TLSv1.2

      Kx=DH Au=RSA Enc=AESGCM(256)

      Mac=AEAD

      DHE-RSA-AES256-SHA256

      TLSv1.2

      Kx=DH Au=RSA Enc=AES(256)

      Mac=SHA256

      AES256-GCM-SHA384

      TLSv1.2

      Kx=RSA Au=RSA Enc=AESGCM(256)

      Mac=AEAD

      AES256-SHA256

      TLSv1.2

      Kx=RSA Au=RSA Enc=AES(256)

      Mac=SHA256

      ECDHE-RSA-AES128-GCM-SHA256

      TLSv1.2

      Kx=ECDH Au=RSA Enc=AESGCM(128)

      Mac=AEAD

      ECDHE-RSA-AES128-SHA256

      TLSv1.2

      Kx=ECDH Au=RSA Enc=AES(128)

      Mac=SHA256

      DHE-RSA-AES128-GCM-SHA256

      TLSv1.2

      Kx=DH Au=RSA Enc=AESGCM(128)

      Mac=AEAD

      AES128-GCM-SHA256

      TLSv1.2

      Kx=RSA Au=RSA Enc=AESGCM(128)

      Mac=AEAD

      AES128-SHA256

      TLSv1.2

      Kx=RSA Au=RSA Enc=AES(128)

      Mac=SHA256

    13. (Optional) Click the HealthMonitoring hyperlink (on the left of the page) to modify the health monitoring settings related to the System Health Report displayed on the Administration statistics page, as shown in Table 12.

      Table 12: Health Monitoring Settings

      Field

      Description

      Interval for monitoring CPU counters update in minutes

      Specify the difference in minutes between the time when the overall load on a Junos Space node and CPU resources shared by processes on the node was last calculated and the system time.

      Range: One through 120 minutes

      Default: Two minutes

      Interval for monitoring device management session in minutes

      Specify an interval in minutes to execute the netstat -anlp | awk '{print $5}' | grep ":22" | wc –l command to calculate the device management SSH sessions established between a Junos Space node and the managed devices connected to that node.

      Range: 10 through 120 minutes

      Default: 30 minutes

      Device Management Sessions Monitoring Threshold

      Specify the tolerance level up to which the difference in the number of device management SSH sessions calculated by using the netstat -anlp | awk '{print $5}' | grep ":22" | wc –l command (Number of Devices column) and the number of device management SSH sessions as listed in the Junos Space database (Console Count column) is accepted.

      When this difference exceeds the specified tolerance level, the Management sessions are mismatched with UI data parameter in the System Health Report displays a red “No”.

      Range: 0 (zero) through 1000

      Default: 10

      Disk Utilization Threshold Value in percentage

      Specify a percentage of hard disk drive free space above which the usage is considered to be higher than normal usage.

      Range: 30% through 100%

      Default: 50%

      High CPU Threshold Value in percentage

      Specify a percentage of CPU resource usage above which the usage is considered to be higher than normal usage.

      Range: 30% through 100%

      Default: 50%

      Extended Period for High CPU in minutes

      Specify an interval in minutes above which a higher-than-average usage of CPU resources must be reported.

      Range: 10 through 120 minutes

      Default: 30 minutes

      Interval for monitoring HPROF file in hour

      Specify an interval in hours to detect and log the Heap and CPU Profiling Agent (HPROF) files on all Junos Space nodes in the Junos Space fabric.

      Range: One through 240 hours

      Default: One hour

      Interval for monitoring large database in hour

      Specify an interval in hours to detect and log MySQL database tables exceeding 10 GB.

      Range: One through 240 hours

      Default: One hour

      Purge Health Data Older than in Month

      Specify an interval in months to purge health-related data such as high CPU usage data in the server.log files.

      Range: One through 12 months

      Default: One month

    14. (Optional) Click the X509-Certificate-Parameters hyperlink (on the left of the page) to add the X.509 certificate parameters that are validated during certificate parameter–based authentication.

      The right of the page displays the X.509 certificate parameters, as shown in Table 13.

      You can specify the parameters that are validated when a user logs in. The values for these parameters can be specified when you create the user in the Role Based Access Control workspace. For more information, see Creating Users in Junos Space Network Management Platform.

      Table 13: X509 Certificate Parameter (Variable) Details

      Column

      Description

      Comments

      Comments about the X.509 certificate parameter

      Click the view/configure hyperlink to add comments.

      Admin Status

      Status of the parameter: active or inactive

      Certificate Parameter

      Name of the X.509 certificate parameter

      Parameter Display Name

      Description of the X.509 certificate parameter

      For more information about adding, deleting, modifying, and reordering the parameters, see Adding and Activating X.509 Certificate Parameters for X.509 Certificate Parameter Authentication.

    15. After you have modified the settings, you can do one of the following:
      • Save the changes by clicking the Modify button.

        The Change Summary pop-up window displays the summary of the settings you modified. It also displays warnings, if any, regarding the changed settings. Click the Confirm button to save the changes. Alternatively, you can click the Cancel button to discard the modifications.

        The settings that you modified are saved and you are taken back to the Applications page.

      • Discard the changes by clicking the Cancel button.

        The changes you made are discarded and you are taken back to the Applications page.

    For troubleshooting, see the /var/log/jboss/servers/server1/server.log file, which captures any internal errors, and the audit logs.

    Release History Table

    Release
    Description
    From Release 17.1R1 onward, Junos Space Network Management Platform automatically saves the changes you make in each section of the Modify Application Settings page while you modify the Network Management Platform settings.
    From Junos Space Platform Release 17.1R1 onward, you can set a value of up to 480 minutes.
    From Release 17.1R1 onward, you can override this setting by specifying a user-specific value when you create or modify a user account.
    The Disable inactive user after time period (Days) setting is available from Junos Space Platform Release 16.1R1 onward.
    The TLS 1.2 algorithm is available from Junos Space Platform Release 16.1R1 onward.

    Modified: 2017-08-31