Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Communication Between NSM and a Device Overview

    The NSM application and a device communicate through the Device Management Interface (DMI). DMI is a collection of schema-driven protocols that run on a common transport (that is, TCP). DMI is designed to work with Juniper Networks platforms to make device management consistent across all administrative realms. Supported DMI protocols include:

    • NetConf (for inventory management, XML-based configuration, text-based configuration, alarm monitoring, and device specific commands)
    • Structured syslog
    • Threat flow for network profiling

    DMI supports third-party network management systems that incorporate the DMI standard; however, only one DMI-based agent per device is supported.

    The device’s configuration is represented as a hierarchical tree of configuration items. This structure is expressed in XML and can be manipulated with NetConf. NetConf is a network management protocol that uses XML. DMI uses NetConf’s generic configuration management capability to allow remote configuration of the device.

    To allow NSM to manage the device using the DMI protocol, NSM must import the schema and metadata files from the Juniper Networks Schema Repository, a publicly accessible resource that is updated with each device release. In addition to downloading the device’s current schema, NSM may also download upgraded software.

    The Schema Repository enables access to XSD and XML files defined for each device, model, and software version.

    Before attempting to communicate with NSM, you must first complete the initial configuration of the device. Initial configuration includes network interface settings, DNS settings, licensing, and password administration.

    If you have several devices that will be configured in a clustering environment, the cluster abstraction must first be created in the NSM Cluster Manager. Then you can add individual nodes.

    After you have completed the initial network configuration, you can configure the device to communicate with NSM using the appropriate network information. Once the device has been configured to communicate with NSM, the device contacts NSM and establishes a DMI session through an initial TCP handshake.

    All communications between the device and NSM occur over SSH to ensure data integrity.

    After the device initially contacts NSM and a TCP session is established, interaction between the device and NSM is driven from NSM, which issues commands to get hardware, software, and license details of the device. NSM connects to the Schema Repository to download the configuration schema that is specific to the device.

    NSM then issues a command to retrieve configuration information from the device. If NSM is contacted by more than one device as a member of a cluster, information from only one of the cluster devices is gathered. NSM attempts to validate the configuration received from the device against the schema from Juniper Networks.

    Once the device and NSM are communicating, the device delivers syslog and event information to NSM.

    After NSM and the device are connected, you can make any configuration changes directly on the device, bypassing NSM. NSM automatically detects these changes and imports the new configuration data. Changes to device cluster members will similarly be detected by NSM.

    When you make changes to the device’s configuration through NSM, you must push the changes to the device by performing an Update Device operation.

    When you double-click the device icon in the Device Manager and select the Configuration tab, the configuration tree appears in the main display area in the same orientation as items appear on the device’s admin console.

    Published: 2013-01-06