Sky Enterprise Getting Started Guide
Use this Getting Started guide to add your devices to Sky Enterprise for cloud based management.
Obtaining Login Credentials for Sky Enterprise
This section is for Sky Enterprise administrators at the headquarters or network operations center (NOC).
As a Sky Enterprise administrator, perform the following tasks:
- Receive an account activation e-mail from the Sky Enterprise team after your user places an order.
- Click the link in the e-mail to activate your account.
Adding Devices to Sky Enterprise Using Zero Touch Provisioning
ZTP enables you to provision and configure devices automatically, minimizing most of the manual intervention required for adding devices to a network. ZTP on SRX Series devices is responsible for the initial boot-up and configuration of the device when the device is powered on. This feature ensures that the person installing the device onsite at the branch does not have to login into the device to make any configuration changes or software upgrades.
This functionality includes:
Providing the bootstrapping of the device. The device is shipped with a factory-default configuration. The factory-default configuration includes the URL of the redirect server, that is used to connect to Sky Enterprise by using a secure encrypted connection.
Automatically connecting to Sky Enterprise over the Internet, and downloading the configuration from Sky Enterprise when the SRX Series device boots up with the factory-default configuration. The initial configuration is applied and committed on the SRX Series device.
In order to perform Zero Touch Provisioning (ZTP) on a device, the device must run a version of Junos OS that supports this feature. Currently, ZTP is supported on SRX Series devices shipping with Junos OS Release 15.1x49-D110 and later, and on EX Series devices shipping with Junos OS Release 18.2R1 and later.
The following section provides simple steps to add a new device in a branch and automatically provision it from Sky Enterprise. Some steps in this section are for remote users and some for the Sky Enterprise administrator. Users at the remote site, connect their devices to the network and the administrator configures Sky Enterprise for the new devices, validates the new devices, and organizes them in the sites.
Connecting a Device to the Network
This section is for users connecting their devices to Sky Enterprise from the remote site.
As a Sky Enterprise user, follow these steps to connect your device to the network:
- Send the device serial number to the Sky Enterprise administrator at headquarters or NOC. The serial number of the device is available at the rear side of the chassis and on the package label.
- Power on your device and connect cables to the device
according to your network design.
This task assumes that the device will get DHCP IP address and will have Internet connectivity along with DNS resolution when connected according to the network design. This is required for the device to reach Sky Enterprise. If your branch does not provide this functionality, see Sky Enterprise Technical Support Guide to configure static IP address and enable Phone-Home functionality with Static IP address.
Configuring Sky Enterprise for a New SRX Series Device
This section is for Sky Enterprise administrators at the Sky Enterprise headquarters or NOC.
As administrator, define the configuration that is pushed down to the device when it registers with Sky Enterprise. The device serial number is used to map it to the configuration template that you want applied to the device.
To enable ZTP for devices, perform the following steps:
Create a ZTP Template
As a Sky Enterprise administrator, you must create a ZTP template for the first time a ZTP device is added to Sky Enterprise. Typically, you create a ZTP template for a set of similar devices or sites. For example, a template for all small branch sites and one for all medium sites:
Small_Branch_SRX template
Medium_Site_SRX template
To create a ZTP template:
- Select Configuration> Device Provisioning.
The Device Provisioning page appears.
- Select Add ZTP Template. See Figure 1.
Figure 1: Adding ZTP Templates 
- Provide the following information for the ZTP template:
Name of the ZTP template.
Description of the ZTP template.
Name of the administrator who can authorize devices.
Basic bootstrap configuration on the SRX Series device. This configuration typically includes necessary information such as, IP addresses, subnets for the branch, and WAN connectivity parameters.
Edit the ZTP Template
As a Sky Enterprise administrator, update the ZTP template to specify required parameters for the new device to be registered and managed on Sky Enterprise. Here is a sample configuration for ZTP template:
Some parameters such as hostnames, IP addresses, local subnets are branch-specific. For such parameters use curly brackets.
<device xmlns="http://juniper.net/zerotouch-bootstrap-server">
<unique-id>{{ serial }}</unique-id>
<configuration>
<config>
<configuration operation="merge">
<system>
<host-name>{{ hostname }}</host-name>
<login>
<user>
<name>{{ ztp_username }}</name>
<class>super-user</class>
<authentication>
<encrypted-password>{{ ztp_password }}</encrypted-password>
</authentication>
</user>
</login>
<services>
<ssh>
<protocol-version>v2</protocol-version>
</ssh>
<outbound-ssh>
<client>
<name>skyenterprise-ncd01</name>
<device-id>{{ ztp_host_id }}</device-id>
<secret>{{ ztp_secret }}</secret>
<keep-alive>
<retry>3</retry>
<timeout>5</timeout>
</keep-alive>
<services>netconf</services>
<servers>
<name>skyent-ncd01.juniper.net</name>
<port>4087</port>
<retry>1000</retry>
<timeout>60</timeout>
</servers>
</client>
<client>
<name>skyenterprise-ncd02</name>
<device-id>{{ ztp_host_id }}</device-id>
<secret>{{ ztp_secret }}</secret>
<keep-alive>
<retry>3</retry>
<timeout>5</timeout>
</keep-alive>
<services>netconf</services>
<servers>
<name>skyent-ncd02.juniper.net</name>
<port>4087</port>
<retry>1000</retry>
<timeout>60</timeout>
</servers>
</client>
</outbound-ssh>
</services>
</system>
</configuration>
</config>
</configuration>
</device>
Figure 2 shows the configuration for a ZTP template.
Add the New Device to Sky Enterprise
As a Sky Enterprise administrator, add the new ZTP enabled device to Sky Enterprise by creating a ZTP profile for the new device:
- Select Devices.
- Click Add Device. See Figure 3.
Figure 3: Adding the New Device to Sky Enterprise 
- In the Add Device page, specify the device variables:
Name of the device.
Serial number of the device that will get this configuration pushed down to the device.
Choose the ZTP template that applies to this device.
Provide the parameters that are specific to this branch. See Figure 4.
Figure 4: Specifying Parameters for the New Device 
Some parameters that are required for the device to register with Sky Enterprise, are auto-generated by Sky Enterprise:
ztp_username
ztp_password
ztp_host_id
ztp_secret
- Click Create Device.
A configuration snippet (configlet) appears in a popup window. This configuration is for your reference as it will automatically be added to the device during the ZTP process.
Figure 5: Sample Configuration Snippet 
- Review the configuration and click Cancel. You can also click X on the top-right corner.
Review the Final Configuration
As a Sky Enterprise administrator, review the final configuration that will be pushed to the device as part of the ZTP process:
- Select Configuration> Device Provisioning> ZTP Devices>
Action.
- Review the final configuration.
Figure 6: Final Configuration to be Pushed to the New Device 
Validating and Authorizing the New Device
As a Sky Enterprise administrator, validate that the new device being added to Sky Enterprise has the correct serial number.
New ZTP devices initially display an Entitle state while the serial number is automatically added to the Juniper Redirect service (typically for less than ten minutes). When the state changes to Start the device is ready for the ZTP process.
After a device is connected, its authorization status appears as required. In addition, you also receive an e-mail indicating that an authorization is required.
To validate the device, follows these steps:
- Select Configuration> Device Provisioning.
Figure 7: Authorization Required 
- Review the serial number and other information.
- Select Authorize from the Action menu for the
new device.
The configuration is pushed down to the device.
Figure 8: Authorizing the New Device 
- Select Devices> Devices to view the added device.
Organizing New Devices in the Sites
As a Sky Enterprise administrator, organize the newly added devices:
- Select Devices> Sites> New Site.
The Sites page appears.
Figure 10: Sites and Devices 
- Select New Site.
The New Site page appears.
- Provide the name and address of the site. And select the
device to be included in the site.
Figure 11 shows the newly added device is listed in the site.
Figure 11: New Device Listed in the Site 
Adding Devices to Sky Enterprise Manually
Manually adding a device to Sky Enterprise involves some tasks from the Sky Enterprise administrator at the headquarters or NOC and some from the users adding their devices to Sky Enterprise from remote sites.
Tasks Performed by the Sky Enterprise Administrator
As a Sky Enterprise administrator at the headquarters or NOC, perform these steps to manually add a device to Sky Enterprise:
- Select Devices> Devices> Add Device.
- Specify the following details for the new device:
Name of the device.
Category of the device. For example, switch or firewall.
- Click Create Device.
Figure 12: Adding a New Device to Sky Enterprise 
- Send a copy of the unique configuration snippet to the
user who created the new device in the remote site.
A configuration snippet specific to this device is generated by Sky Enterprise and displayed on the screen. Figure 13 shows a sample configuration snippet.
Figure 13: Sample Configuration Snippet 
- Ensure that the device has Internet connectivity and DNS resolution to be able to register with Sky Enterprise. Check reachability to skyent-ncd01.juniper.net and skyent-ncd02.juniper.net on TCP port 4087.
Tasks Performed by the User at Remote Site
As a Sky Enterprise user at the remote site, follow these instructions to add the configuration snippet:
- Enter the configuration mode of the device using the console
port or via the management interface using telnet or SSH. user@host% cliuser@host>configure
Once the configuration snippet is committed, the device will call home to Sky Enterprise for registration and authentication. The Sky Enterprise administrator can now check the portal to confirm if the device status has changed from offline to online.
- Paste the configuration you received from your Sky Enterprise
administrator. Here is a sample configuration snippet:[edit]set system services ssh protocol-version v2set system login user skyenterprise class super-userset system login user skyenterprise authentication encrypted-password $1$oneconfi$TVmrVmExrHb06DFq7qxPw0set system services outbound-ssh client skyenterprise-ncd01 device-id TEX_Branch1_EX-jnprrvirset system services outbound-ssh client skyenterprise-ncd01 secret f7127757fdac2572b665c9ca99c1d0f1set system services outbound-ssh client skyenterprise-ncd01 services netconf keep-alive retry 3 timeout 5set system services outbound-ssh client skyenterprise-ncd01 : skyent-ncd01.juniper.net port 4087 timeout 60 retry 1000set system services outbound-ssh client skyenterprise-ncd02 device-id TEX_Branch1_EX-jnprrvirset system services outbound-ssh client skyenterprise-ncd02 secret f7127757fdac2572b665c9ca99c1d0f1set system services outbound-ssh client skyenterprise-ncd02 services netconf keep-alive retry 3 timeout 5set system services outbound-ssh client skyenterprise-ncd02 : skyent-ncd02.juniper.net port 4087 timeout 60 retry 1000
- Commit your configuration. [edit]user@host# commit