Device Management in Junos Space Platform
When using Junos Space to manage your network, you must first discover the devices in your network through a device discovery profile, add these devices to the Junos Space Platform database, and allow the devices to be managed by Junos Space Platform. When devices are successfully discovered and managed by Junos Space Platform, the following actions occur:
A dedicated Device Management Interface (DMI) session is established between Junos Space and each device. This DMI session typically rides on top of an SSHv2 connection with the device. For devices running the export version of Junos OS (ww Junos OS devices), DMI uses a Telnet connection through the wwadapter. The DMI session is maintained till the device is deleted from Junos Space, which means that the session is reestablished in case of transient network problems, device reboots, Junos Space restarts, and so forth.
When the network itself is the system of record (NSOR), Junos Space imports the complete configuration and inventory of the device into its own database. To keep device information current, Junos Space listens to system log events raised by the device that indicate device configuration or inventory changes, and Junos Space automatically resynchronizes its database with the latest information from the device. When the Junos Space Network Management Platform is the system of record (SSOR), Junos Space reflects the changes on the device, but a Junos Space user with appropriate user privileges must resolve out-of-band changes.
By default, Junos Space adds itself as an SNMP trap destination by automatically inserting the appropriate SNMP configuration on the device during device discovery; however, you can disable this behavior from the Network Management Platform > Administration > Applications Network Management Platform > Modify Application Settings page.
Junos Space uses SNMP polling to collect key performance indicators (KPIs) from the devices. To enable SNMP polling on managed devices requires that the Network Monitoring feature be turned on.
By default, Junos Space Network Monitoring is turned on for all devices.
Starting from Release 16.1R1, you can use a NAT server to discover and manage devices that are outside your Junos Space network and which cannot reach Junos Space Platform. When you add a NAT configuration on the Administration > Fabric > NAT Configuration page and forwarding rules on the NAT server, the IP addresses translated through the NAT server are added to the outbound ssh stanza of the external devices.
The following sections list the device management capabilities of Junos Space Platform:
Before you can discover devices into Junos Space, ensure the following:
You know the key details about the devices to discover. You provide this information as input to discover devices:
Device details–IP address or hostname of the device or subnet to scan
Credentials–User ID and password of a user account that has appropriate user privileges on the device
SNMP Credentials–Community string with read-only access if you are using SNMPv2c or valid SNMPv3 credentials. SNMP credentials are not required if you do not plan to use Junos Space to monitor faults and performance of managed devices.
The IP address of the device can be reached from your Junos Space server.
SSHv2 is enabled on the device (set system services ssh protocol protocol-version v2) and any firewalls along the way allow Junos Space to connect to the SSH port (default TCP/22) on the device. To discover devices running the export version of Junos OS, the wwadapter must be installed on Junos Space and Telnet must be enabled on the device and reachable from Junos Space.
SNMP port (UDP/161) on the device is accessible from Junos Space, which allows Junos Space to perform SNMP polling on the device to collect KPI data for performance monitoring.
SNMP trap port (UDP/162) on Junos Space is accessible from the device, which allows the device to send SNMP traps to Junos Space for fault management.
Starting from Release 16.1R1, you can create a device discovery profile (in the Devices workspace) to set preferences for discovering devices. After verifying the prerequisites, you create a device discovery profile from the Network Management Platform > Devices > Device Discovery Profiles page. The device discovery profile contains the preferences to discover devices, such as, device targets, probes, authentication details, SSH credentials, and a schedule at which the profile should be run to discover devices. You can also manually run the device discovery profile from the Network Management Platform > Devices > Device Discovery Profiles page. The time required to complete the discovery process depends on multiple factors such as the number of devices you are discovering, the size of configuration and inventory data on the devices, the network bandwidth available between Junos Space and the devices, and so forth.
After your devices are successfully discovered in Junos Space, you can view the devices from the Network Management Platform > Devices > Device Management page. The Connection Status for the discovered devices should display “Up” and the managed status should be “In Sync” as shown in Figure 1, which indicates that the DMI session between Junos Space and the device is up and that the configuration and inventory data in Junos Space is in sync with the data on the device.
For complete information about discovering and managing devices, see the Devices workspace documentation in the Junos Space Network Management Platform Workspaces User Guide.
Starting from Release 16.1R1, new enhancements to device authentication are introduced. Junos Space Network Management Platform can authenticate a device by using credentials (username and password), 2048 bit or 4096 bit keys (which uses public-key cryptographic principles such as RSA, DSS, ECDSA), or the device’s SSH fingerprint. You can choose an authentication mode on the basis of the level of security needed for the managed device. The authentication mode is displayed in the Authentication Status column on the Device Management page. You can also change the authentication mode. You need to ensure the following to use these modes of authentication:
Credentials-Based–Device login credentials with administrative privileges are configured on the device before the device connects to Junos Space Platform.
Key-Based (keys generated by Junos Space Platform)–By default, a Junos Space installation includes an initial public and private key pair. You can generate a new key pair from the Administration workspace and upload the Junos Space’s public key to the devices that are to be discovered from the Devices workspace. Junos Space logs in to these devices through SSH and configures the public key on all the devices. You need not specify a password during device discovery; you need to specify only the username.
Custom key-based–A private key and an optional passphrase. You can upload the private key to Junos Space Platform and use the passphrase to authenticate the private key. You don’t need to upload the private key to devices.
For complete information about device authentication, see the Devices workspace documentation in the Junos Space Network Management Platform Workspaces User Guide.
Viewing the Device Inventory
Junos Space Platform maintains up-to-date inventory details of all managed devices in the database. This includes the complete hardware, software, and license inventory of each device as well as details of all physical and logical interfaces on these devices. You can resynchronize a managed device with the Junos Space Platform database to fetch the current configuration and inventory details.
You can view and export hardware, software, and license inventory details, and the physical and logical interfaces of a device from the Junos Space user interface. You can acknowledge the inventory changes on a device from the Junos Space user interface. For complete information about these tasks, see the Devices workspace documentation in the Junos Space Network Management Platform Workspaces User Guide.
Upgrading Device Images
Junos Space Platform can be a central repository for all device OS images and provide workflows to download and install these images on managed devices. You can upload, stage, and verify the checksum of device images, and deploy device images and Junos Continuity software packages to a device or multiple devices of the same device family simultaneously from the Images and Scripts workspace. For complete information about upgrading device images, see the Images and Scripts workspace documentation in the Junos Space Network Management Platform Workspaces User Guide.