Communication Between an Infranet Controller and NSM Overview

The Infranet Controller and the NSM application communicate through the Device Management Interface (DMI). DMI is a collection of schema-driven protocols that run on a common transport (that is, TCP). DMI is designed to work with Juniper Networks platforms to make device management consistent across all administrative realms.

• NetConf (for inventory management, XML-based configuration, text-based configuration, alarm monitoring, and device specific commands)
• Structured syslog
• Threat flow for network profiling

DMI supports third-party network management systems that incorporate the DMI standard; however, only one DMI-based agent per device is supported.

The Infranet Controller’s configuration is represented as a hierarchical tree of configuration items. This structure is expressed in XML and can be manipulated with NetConf. NetConf is a network management protocol that uses XML. DMI uses NetConf’s generic configuration management capability to allow remote configuration of the device.

To allow NSM to manage the Infranet Controller using the DMI protocol, NSM must import the schema and metadata files from the Juniper Networks Schema Repository, a publicly accessible resource that is updated with each device release. In addition to downloading the Infranet Controller’s current schema, NSM may also download upgraded software.

The Schema Repository enables access to XSD and XML files defined for each device, model, and software version.

Before attempting to communicate with NSM, you must first complete the initial configuration of the Infranet Controller. Initial configuration includes network interface settings, DNS settings, licensing, and password administration.

If you have several Infranet Controllers that will be configured in a clustering environment, the cluster abstraction must first be created in the NSM Cluster Manager. Then you can add individual nodes.

After you have completed the initial network configuration, you can configure the Infranet Controller to communicate with NSM using the appropriate network information. Once the Infranet Controller has been configured to communicate with NSM, the Infranet Controller contacts NSM and establishes a DMI session through an initial TCP handshake.

All communications between the Infranet Controller and NSM occur over SSH to ensure data integrity.

After the Infranet Controller initially contacts NSM and a TCP session is established, interaction between the Infranet Controller and NSM is driven from NSM, which issues commands to get hardware, software, and license details of the Infranet Controller. NSM connects to the Schema Repository to download the configuration schema that is specific to the Infranet Controller.

NSM then issues a command to retrieve configuration information from the Infranet Controller. If NSM is contacted by more than one Infranet Controller as a member of a cluster, information from only one of the cluster devices is gathered. NSM attempts to validate the configuration received from the Infranet Controller against the schema from Juniper Networks.

Once the Infranet Controller and NSM are communicating, the Infranet Controller delivers syslog and event information to NSM.

After NSM and the Infranet Controller are connected, you can make any configuration changes directly on the Infranet Controller, bypassing NSM. NSM automatically detects these changes and imports the new configuration data. Changes to Infranet Controller cluster members will similarly be detected by NSM.

When you make changes to the Infranet Controller configuration through NSM you must push the changes to the device by performing an Update Device operation.

When you double-click the Infranet Controller device icon in the Device Manager and select the Configuration tab, the configuration tree appears in the main display area in the same orientation as items appear on the Infranet Controller admin console.