Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Managing System Administration

    Use the options on the System Administration menu to perform the tasks described in the following sections:

    Rebooting or Shutting Down the NSM4000 Appliance

    To reboot or shut down the NSM4000 appliance, select System Administration > Bootup and Shutdown, and then click either Reboot System or Shutdown System. See Figure 1.

    Figure 1: Reboot or Shut Down

    Reboot or Shut Down

    Changing the User Password

    To change the user password, select System Administration > Change User Password, fill out the form shown in Figure 2, and then click Change.

    Figure 2: Change User Password

    Change User Password

    Configuring the Network

    To access options that allow you to configure the network, select System Administration > Network Configuration. The Network Configuration window appears as shown in Figure 3.

    Figure 3: Network Configuration Options

    Network Configuration
Options

    The following sections describe each of the options available in the Network Configuration window:

    Network Interfaces

    Use this option to manage the network interfaces. See Figure 4.

    Figure 4: Network Interfaces

    Network Interfaces

    Routing and Gateways

    Use this option to configure and manage routes and gateways. See Figure 5.

    Figure 5: Routes and Gateways

    Routes and Gateways

    Hostnames and DNS Clients

    Use this option to configure and manage hostnames and DNS clients. See Figure 6.

    Figure 6: DNS Client Options

    DNS Client Options

    Host Addresses

    Use this option to manage host addresses. See Figure 7.

    Figure 7: Host Address

    Host Address

    Managing RADIUS Servers

    The NSM4000 appliance WebUI supports authentication of users defined in the RADIUS servers, in addition to authentication of locally defined admin users.

    When a user logs in to the NSM4000 appliance using the WebUI, the software first checks the UNIX user database and then the WebUI user database to authenticate the user. If the user is not a locally defined admin user, the software contacts the RADIUS servers added to the RADIUS server list in the Web UI to authenticate the user. The RADIUS servers are contacted in the order of priority set in the RADIUS server list. If any of the RADIUS servers authenticates the user, the user is logged in with the privileges that are associated with the user profile. If none of the servers authenticate the user, the user login fails.

    Note: The NSM4000 appliance must be configured as a RADIUS client on a RADIUS server so that the RADIUS server responds to authentication requests from the appliance. Select any Juniper make or model in the Make/Model field while adding an NSM4000 appliance as a RADIUS client. You will need to update the Juniper dictionary file (juniper.dct) in the RADIUS server with the Juniper defined Vendor-Specific Attribute (VSA) for the NSM4000 appliance:ATTRIBUTE Juniper-Nsmxpress-Profile Juniper-VSA(6, string) r. You also need to add NSM4000 appliance users with their associated user profiles (SysAdmin, NSMAdmin, Operator, Guest), to the RADIUS database. For more details, see the Steel-Belted Radius Documentation.

    Note: You need System Administration or NSM Administration permission to manage RADIUS servers in the NSM4000 appliance WebUI.

    The following sections explain how to manage a RADIUS server.

    Adding a RADIUS Server

    To add a RADIUS server:

    1. Select System Administration > RADIUS Management. The RADIUS servers dialog box appears listing the RADIUS Servers that have been added. See Figure 8.

      Figure 8: RADIUS Servers Dialog Box

      RADIUS Servers Dialog
Box
    2. Click Add to add a RADIUS server to the WebUI. The Add RADIUS Server dialog box appears. See Figure 9.

      Figure 9: Add RADIUS Server Dialog Box

      Add RADIUS Server Dialog Box
    3. Configure the following parameters in the Add RADIUS Server dialog box:

      1. Name: The name of the user to be authenticated by the RADIUS server
      2. Server address: The IP address or the hostname of the RADIUS server.
      3. Shared secret: The shared secret the NSM4000 appliance and the RADIUS server use for secure authentication.
      4. Auth Port: The RADIUS authentication software port. (We recommend UDP port 1812.)
      5. Acct Port: The RADIUS accounting software port. (We recommend UDP port 1813.)
      6. Disconnect/CoA port: The change of authorization or disconnect port.
      7. Timeout (sec): Automatic timeout in second(s) of the RADIUS access request, after which the request is retransmitted, if applicable. Enter a value between 1 and 10 seconds.
      8. Retries: The number of times the RADIUS access request must be retransmitted for RADIUS authentication. Enter a value between 1 and 5.
    4. Click Add. The RADIUS Servers dialog box appears with the RADIUS server you added listed.

    Changing the Priority of RADIUS Servers

    To change the priority of RADIUS servers:

    1. Select System Administration > RADIUS Management. The RADIUS Servers dialog box appears listing the RADIUS Servers that have been added.
    2. To increase the priority of a RADIUS server, select the check box next to the name of the server whose priority you want to increase, and click Move Up.

      To decrease the priority of a RADIUS server, select the check box next to the name of the server whose priority you want to decrease, and click Move Down.

    Deleting a RADIUS Server

    To delete a RADIUS server:

    1. Select System Administration > RADIUS Management. The RADIUS Servers dialog box appears listing the RADIUS servers that have been added.
    2. Select the check box next to the name of the server you want to delete, and click Delete Selected.

      Note: You need System Administration permissions to delete RADIUS servers.

    Editing RADIUS Server Parameters

    To edit the parameters of a RADIUS server:

    1. Select System Administration > RADIUS Management. The RADIUS Servers dialog box appears listing the RADIUS Servers that have been added.
    2. Select the name of the server whose properties you want to edit. The Edit RADIUS Server dialog box appears. See Figure 10.

      Figure 10: Edit RADIUS Server Dialog Box

      Edit RADIUS Server Dialog Box
    3. Edit the parameters you want to change and click Save.

    Monitoring with SNMP

    You can configure your NSM4000 appliance for SNMP monitoring from a network operations server. The server can then issue periodic SNMP Get instructions to return the status of the NSM4000 appliance.

    You configure SNMP on the NSM4000 appliances with access credentials for either SNMP v2c or SNMP v3. NSM4000 appliances support read-only access to the System Descriptor (sysDescr) and Host Resource MIB.

    This section provides instructions for configuring NSM appliances for SNMP monitoring. You must provide access credentials for the SNMP server, a list of IP addresses from which logon requests will be accepted, and the trap conditions to be reported to the SNMP server.

    To configure SNMP monitoring of your NSM4000 appliance, select System Administration > SNMP Monitoring. The SNMP window appears. This window contains the tabs described in the following sections:

    SNMP Configuration

    To configure SNMP:

    1. Select System Administration > SNMP Monitoring.
    2. Select the SNMP Config tab, which is shown in Figure 11.

      Figure 11: Configuring SNMP

      Configuring SNMP
    3. Select the version of SNMP to be used, either v2c or v3.
    4. Provide authentication information:
      • If you selected SNMP v2c, enter a username.
      • If you selected SNMP v3, enter a username and password.

        The password must be at least 8 characters long.

        The NSM4000 appliances implement a single username and password, which is effective only for SNMP communication and is not related to any other username and password used on the NSM4000 appliance.

    5. To limit SNMP Get requests to specific servers, select Only, and then enter the IP addresses of the permitted servers.
    6. Click Save.

    SNMP System Information

    To configure SNMP system information:

    1. Select System Administration > SNMP Monitoring.
    2. Select the System Info tab, which is shown in Figure 12.

      Figure 12: Configuring SNMP System Information

      Configuring SNMP System
Information
    3. Enter the following information, which is required for any SNMP-managed device:
      • Contact—Contact information for the appliance.
      • Location—Location of the appliance.
      • Description—A brief description of the appliance.
    4. Click Save.

    SNMP Trap Configuration

    To configure SNMP trap conditions:

    1. Select System Administration > SNMP Monitoring.
    2. Select the SNMP Traps tab, which is shown in Figure 13.

      Figure 13: Configuring SNMP Traps

      Configuring SNMP Traps
    3. In the Manager IP field, enter the IP address of the SNMP management server.
    4. Select from the following trap conditions:
      • Disk space low

        Enter the percentage of free disk space below which SNMP issues a trap.

      • Memory low

        Enter the percentage of free memory below which SNMP issues a trap.

      • CPU high

        Enter the percentage of CPU use over which SNMP issues a trap.

      • NSM start/stop
      • Admin Logon/Logoff
      • External IP unreachable

        Enter the IP address of the required device.

    5. Click Save.

    Forwarding Syslog Messages

    The NSM4000 appliances provide a simple mechanism for configuring syslog messaging between the NSM4000 appliance and a syslog receiver running rsyslog, syslog-NG, or basic syslog. This mechanism simplifies choosing syslog receivers, data sources of the messages you want to log, and the message transport used.

    For the type of message transport, you can choose among TCP, SSL, and UDP. For rsyslog or syslog-NG implementations use TCP or SSL. SSL adds security to TCP; if you select SSL, the NSMappliance creates a secure tunnel to the syslog receiver. UDP messaging is available for basic syslog implementations.

    The following sections provide procedures for managing syslog message forwarding:

    Viewing Syslog Receivers

    To view the syslog receivers configured on your NSM4000 appliance, follow these steps:

    1. Select System Administration > Syslog Forwarding. The Syslog Forwarding window appears. Figure 14 shows an example.

      Figure 14: Syslog Forwarding Window

      Syslog Forwarding Window
    2. View the configured syslog receivers in the table in the top portion of the window. Table 1 describes the fields.

      Table 1: Viewing Syslog Receivers

      Field

      Description

      Receiver

      A name provided by the network administrator to identify the syslog receiver

      IP Address

      The IP address of the syslog receiver

      Type

      The protocol used for forwardingmessages: UDP, TCP, SSL

      Data sources

      The data sources configured for forwarding

      System

      The system logs configured to be sent to this receiver.

      Device Server

      The device server logs configured to be sent to this receiver.

      GUI Server

      The GUI server logs configured to be sent to this receiver.

      HA Server

      The HA server logs configured to be sent to this receiver.

    Adding and Configuring Syslog Receivers

    To add and configure a syslog receiver, follow these steps:

    1. Select System Administration > Syslog Forwarding.
    2. In the Data Sources section, select the syslog facility for each GUI server log, Device server log, and HA server log. The syslog facility is a field included in the syslog message to help identify the data source.
    3. Click Save.
    4. Click Add new Receiver.

      The Syslog Receiver configuration window appears, as shown in Figure 15.

      Figure 15: Configuring a Syslog Receiver

      Configuring a Syslog Receiver
    5. In the Name field, enter a name for the syslog receiver. This is the name that the syslog receiver will be known by within NSM.
    6. In the IP field, enter the IP address of the syslog receiver.
    7. In the Transport field, select the type of syslog receiver:
      • Select UDP for basic syslog implementations.
      • Select TCP for rsyslog or syslog-NG implementations.
      • Select SSL to create a secure tunnel to a syslog receiver in rsyslog or syslog-NG implementations.
      • In the System Logs section of the Data Sources table, select the sources of data from which system messages will be forwarded to the syslog receiver. These sources can include NSM4000 appliance system messages, package updates, and mail logs.
      • In the NSM section of the Data sources table, select each GUI server log, device server log, and HA server log to be forwarded to the syslog receiver.
    8. Click Save to save and apply the configuration.

    Editing Syslog Receiver Configurations

    To edit a syslog receiver configuration, follow these steps:

    1. Select System Administration > Syslog Forwarding.
    2. In the Syslog Receivers window, click the name of the syslog receiver you want to edit.

      The syslog receiver configuration window appears for the selected receiver.

    3. Make the desired changes to the configuration.
    4. Click Save to save and apply your edits to the configuration of this syslog receiver.

    Deleting Syslog Receivers

    To delete a syslog receiver configuration, follow these steps:

    1. Select System Administration > Syslog Forwarding.
    2. In the Syslog Receivers window, check the box next to each syslog receiver you want to delete.
    3. Click Delete selected receivers.

      The NSM4000 appliance deletes the selected syslog receivers and any secure tunnels configured for their use.

    Changing the System Time

    To set the system time, select System Administration > System Time. From the System Time window, you can perform the following functions:

    • Set or change the system time.
    • Set the time zone.
    • Configure an NTP server to synchronize the system time with an external clock.

    Installing Updates

    Select System Administration > System Update to perform the following tasks:

    • Check for updates and install them.
    • Enable or disable automatic updates.
    • Add or modify proxy settings for the Yum server.

    Managing Users

    The NSM4000 appliance WebUI allows you to create multiple users with role-based access control to the WebUI. You can create a user in the WebUI and associate the user to a predefined user profile. You can also map a user created in the NSM4000 appliance OS to a predefined user profile in the WebUI. However, this user profile is only applicable to the local OS user in the WebUI.

    Note: You need System Administration permission to create users.

    This topic contains the following sections:

    Creating New NSM4000 Appliance Users

    To create a local OS user:

    1. Select System Administration > User Management. The NSM4000 Users dialog box appears listing all NSM4000 users. See Figure 16.

      Figure 16: NSM4000 Users Dialog Box

      NSM4000 Users Dialog Box
    2. Click Create a new NSM4000 User. The Create NSM4000 user dialog box appears. See Figure 17.

      Figure 17: Create NSM4000 User Dialog Box

      Create NSM4000 User Dialog
Box
    3. Enter the username in the Username text box.
    4. Select Unix authentication from the Password drop-down list. The Password and Confirm Password text boxes are then disabled since the password is fetched from the local OS.
    5. From the User Profile drop-down list box, select the user profile you want to associate with the local user in the WebUI.
    6. Click Submit. The NSM4000 Users dialog box appears with the new NSM4000 appliance user listed.

    To create a WebUI user:

    1. Select System Administration > User Management. The NSM4000 Users dialog box appears listing all the NSM4000 appliance users. See Figure 16.
    2. Click Create a new NSM4000 User. The Create NSM4000 user dialog box appears.
    3. Enter a username in the Username text box.
    4. Select Set to from the password drop-down list and enter the password you want to set in the password text box.
    5. Reenter the password in the Confirm Password text box.
    6. Select the user profile you want to associate with this user from the User Profile drop-down list box.
    7. Click Submit. The NSM4000 Users dialog box appears with the new NSM4000 appliance user listed.

    Deleting a User

    To delete a user:

    1. Select System Administration > User Management. The NSM4000 Users dialog box appears listing all NSM4000 appliance users.
    2. Select the check box next to the name of the user you want to delete and click Delete Selected. Click Delete User in the Delete Users confirmation dialog box that appears.

      Note: You cannot delete admin users or change their user profiles.

    Editing User Attributes

    To edit user attributes:

    1. Select System Administration > User Management. The NSM4000 Users dialog box appears, with all the NSM4000 appliance users listed.
    2. Click on the name of the user whose attributes you want to edit. The Edit NSM4000 Users dialog box appears.
    3. Edit the parameters you want to change and click Submit. You can change the password and the user profile.

    Understanding User Profiles

    NSM4000 appliances provide four predefined user profiles that allow you to implement role-based access control over the NSM4000 appliance WebUI. A user created via the WebUI or in the RADIUS server can be associated with any one of the following profiles:

    • System Administrator—System administrators are superusers who have full access to all the modules in the NSM4000 appliance WebUI.
    • NSM Administrator—NSM administrators have access to NSM Administration, RADIUS Management, Maintenance and Troubleshooting modules.
    • Network Operator—Network operators have access to Network Utilities and Report Generation modules.
    • Guest User—Guest users have read access to System Information and System Statistics modules.

    When a user logs in, the NSM4000 appliance modules are displayed or hidden based on the user profile and the permissions associated with the profile. For more details about user profiles and permissions, see Table 2.

    Table 2: NSM4000 Appliance WebUI User Profiles and Permissions

    NSM4000 Appliance Modules

    System Administrator

    NSM Administrator

    Network Operator

    Guest User

    System Administration

    Bootup and Shutdown

    Yes

    No

    No

    No

    Change User Password

    Yes

    Yes

    No

    No

    Network Configuration

    Yes

    No

    No

    No

    RADIUS Management

    Yes

    No

    No

    No

    SNMP Monitoring

    Yes

    No

    No

    No

    Syslog Forwarding

    Yes

    No

    No

    No

    System Time

    Yes

    No

    No

    No

    System Update

    Yes

    No

    No

    No

    User Management

    Yes

    No

    No

    No

    WebUI Configuration

    Yes

    No

    No

    No

    NSM Administration

    Change NSM Super User Password

    Yes

    Yes

    No

    No

    Download NSM MIBs

    Yes

    Yes

    No

    No

    Export Audit Logs

    Yes

    Yes

    Yes

    No

    Export Device Logs

    Yes

    Yes

    Yes

    No

    Generate Reports

    Yes

    Yes

    Yes

    No

    NSM Configuration Files

    Yes

    Yes

    No

    No

    NSM Database Backup

    Yes

    Yes

    No

    No

    NSM Management IP

    Yes

    Yes

    No

    No

    Schedule Security Updates

    Yes

    Yes

    No

    No

    Maintenance

    System Statistics

    Yes

    Yes

    Yes

    Yes

    Troubleshooting

    Action Audit Logs

    Yes

    Yes

    No

    No

    Error Logs

    Yes

    Yes

    Yes

    No

    Network Utilities

    Yes

    Yes

    Yes

    No

    Tech Support

    Yes

    Yes

    Yes

    No

    System Information

    Yes

    Yes

    Yes

    Yes

    Configuring the Web Interface

    To specify which NSM client computers can access the NSM4000 appliance through the Web interface, select System Administration > WebUI Configuration. The Allowed IP Addresses window appears as shown in Figure 18.

    Figure 18: Web Interface Access

    Web Interface Access

    Published: 2014-10-30