Modifying Junos Space Network Management Platform Settings

Add SNMP configuration to device for fault monitoring

This check box is selected by default, which ensures that the SNMP target for the devices that are discovered from Junos Space Platform is set to the Junos Space VIP node. This configuration enables these devices to send their SNMP traps to the Junos Space VIP node.

If you clear the check box, then SNMP trap targets are not set for the devices that are newly added in Junos Space Platform. The devices whose SNMP trap targets are not set do not send their SNMP traps to the Junos Space VIP node.

Allow Best Match Schema

This check box enables the discovered devices to be aired with the best matching schema when the exact match for the device is not available.

Allow Device Communication

This check box enables discovered devices to communicate with the Junos Space server. If the check box is cleared, the discovered devices cannot communicate with the Junos Space server.

Allow users to auto log in to devices using SSH

This check box allows users to automatically log in when starting an SSH connection on a device. The default (check box is cleared) indicates that you have to add your credentials to log in to a device using SSH.

Auto resync device

This check box ensures that when the network is the system of record, configuration changes on a connected Juniper Networks device are synchronized with or imported to the application database. By default, this check box is selected.

Configure commit synchronize during device discovery

This check box ensures that for either system of record, configuration changes in Junos Space Platform for a device are pushed, committed, and synchronized during device discovery. By default, this check box is selected.

Disable network monitoring for all devices

This check box determines whether Network Monitoring is used to monitor only Junos Space fabric nodes (check box is cleared) or both Junos Space fabric nodes and devices (check box is selected):

1. If the Disable network monitoring for all devices check box is selected, then during device discovery Junos Space Platform does not push SNMP trap targets to devices or add devices into Network Monitoring. In addition, if a Resync Nodes job is triggered, Junos Space Platform removes devices that are already present in Network Monitoring and removes the trap target settings that were previously set on the devices. In addition, Junos Space Platform does not synchronize additional devices with the Network Monitoring workspace.

2. If the Disable network monitoring for all devices check box is cleared, Junos Space Platform does the following:

   • Pushes the SNMP trap targets to the devices during the discovery of new devices if the Add SNMP configuration to device for fault monitoring check box is selected

     If the Add SNMP configuration to device for fault monitoring check box is cleared, then the SNMP trap targets are not pushed to the devices.

   • Adds the device into Network Monitoring during the discovery of new devices

   Note:

   For devices that are added to Junos Space Platform before the Disable network monitoring for all devices check box is cleared, you must initiate a manual device resynchronization to add the devices into Network Monitoring.

3. If the Disable network monitoring for all devices check box was previously cleared and is changed to selected, then you must trigger a manual device resynchronization so that Junos Space Platform removes the devices from Network Monitoring. The rest of the behavior is the same as explained in the first step.

System of Record Settings

This setting enables you to specify whether the network is the system of record (NSOR, which is the default) or whether Junos Space Platform is the system of record (SSOR).

Enable approval workflow for configuration deployment

This option is for a candidate configuration (previously known as consolidated configuration) and lets a user deploy any configuration changes made from Junos Space Platform on to a device only on approval. By default, this check box is selected. By clearing this check box, you can deploy the configuration directly without approval.

Enable commit confirmed for configuration deployment

Specify that the device waits for a specified time for the configuration to be explicitly committed when a commit configuration request is sent from Junos Space Platform. The default wait time is 10 minutes.

This check box is cleared by default.

Junos Space initiates connection to device

This check box is selected by default, so Junos Space Platform initiates a connection with managed devices. To have managed devices initiate a connection with Junos Space Platform, clear this check box.

Looking Glass Device response timeout in secs

Specify a timeout interval for devices on which the looking glass feature is applied. Junos Space Platform waits until the specified timeout interval for a response has lapsed and if there is no response, the request is timed out.

The minimum timeout interval is 30 seconds, the maximum is 600 seconds, and the default is 120 seconds.

Max auto resync waiting time secs

This field specifies the initial time within which device configuration changes are synchronized with the database. If multiple commit logs are received from devices, Junos Space waits for this time interval to lapse before the resynchronization of the device configuration is initiated.

The default waiting time is 20 seconds. This setting is applicable only when the network is the system of record.

Number of devices to connect per minute for Space Initiated Connection

This parameter enables you to control the number of devices connecting with Junos Space Platform. The default number of devices allowed to connect per minute in connections initiated by Junos Space Platform is 500 devices and the maximum number of devices is 1000. If Junos Space Platform connects to too many devices simultaneously, the performance of the network is weakened.

Polling time period secs

This setting is for specifying the interval at which to poll the configuration of devices that do not support system logging (non-Junos OS devices). Junos Space Platform polls and compares the configuration it has with that of the device at the interval set here. If there is a difference, it is reported. If the network is the system of record, Junos Space Platform synchronizes its configuration with that on the device. The default is 900 seconds.

SSH port for device connection

This field specifies the SSH port on the device. Junos Space Platform uses this port to discover devices. The default value, 22, is the standard SSH server port.

Enable terminate rpc call for timed out sessions

Enabling this option calls <terminate/> rpc for timed out NETCONF sessions. If this option is not enabled, <close-session/> rpc is used to close all NETCONF sessions. The difference in behavior applies only to timed out or terminated sessions.

Manually Resolve Fingerprint Conflict

When a fingerprint conflict occurs during device reconnection or when a user connects to a device by using the secure console or SSH, Junos Space Platform allows the user to resolve a fingerprint conflict manually or resolves the conflict automatically.

This check box is selected by default, which means that the user must resolve the fingerprint conflict manually. If the check box is cleared, Junos Space Platform resolves the fingerprint conflict automatically by accepting the fingerprint that is presented during authentication.

Support WW Junos Devices

Select this check box to enable support for devices running worldwide Junos OS (ww Junos OS devices) and clear the check box to disable support for ww Junos OS devices.

This check box is cleared by default.

Device Outage Detection Time in seconds

This field specifies the time needed for detecting a device outage.

Default value : 180 seconds

Min value: 90 seconds

Max value: 900 seconds

Automatic logout after inactivity (minutes)

Specify the time, in minutes, after which a user who is idle (that is, has not performed any action such as pressing a key or clicking a mouse) is automatically logged out of Junos Space Platform. This setting conserves server resources and protects the system from unauthorized access.

The default value for this setting is five minutes. From Release 17.1R1 onward, you can set a value of up to 480 minutes. If you set the configuration to Never, the idle time out is disabled and the user is never logged out of Junos Space Platform due to inactivity.

Disable inactive user after time period (Days)

Specify the number of days after which a user who is inactive (a user who has not performed any action such as pressing a key or clicking the mouse) is automatically disabled in Junos Space Platform. The Disable inactive user after time period (Days) setting is available from Release 16.1R1 onward. This setting protects the system from unauthorized access. A user who is disabled cannot log in to Junos Space Platform. To enable the user to log in again, use the Enable Users action on the User Accounts page of the Role-Based Access Control workspace.

By default, the time period is set to Never, which means the user is never disabled because of inactivity. You can choose a period of up to 120 days to permit a user to be inactive, after which the user is disabled.

If an SMTP server and the user’s e-mail address are configured, an e-mail notification about account disabling is sent to the user 24–48 hours before the user account is disabled.

Maximum concurrent UI sessions per user

Specify the number of concurrent user sessions allowed per user for GUI login at the global level (that is, for all users).

The default value is 5. You can enter a value from 0 (zero) through 999. Entering 0 (zero) means that there are no restrictions on the number of concurrent UI sessions allowed per user. However, the system performance may be affected if you allow unlimited concurrent UI sessions.

UI auto refresh interval in seconds

Specify the time, in seconds, after which the Junos Space GUI is refreshed automatically. The default value is 3 seconds.

Use User Password Auth Mode choices

• Use User Password Auth Mode—Select this option, which is the default, if you want the Junos Space server to authenticate the user on the basis of username and password entered by the user.

• Use X509 Certificate Complete Certificate—Select this option if you want the Junos Space server to authenticate the user on the basis of the certificate of the user.

• Use X509 Certificate Parameters—Select this option if you want the Junos Space server to authenticate the user on the basis of the X.509 certificate parameters.

Advanced Settings

To view or configure advanced password settings, click the view/configure hyperlink.

You are taken to the Password > Advanced Settings section. Refer to step 6.a for details.

Minimum no. of characters

Specify the minimum number of characters that a password must contain.

The minimum value for this field is 6 (the default) and the maximum value is 999.

No. of previous passwords cannot be reused

Specify the number of previous passwords that cannot be reused when users change their passwords. For example, if you enter 10, users cannot reuse any of their previous 10 Junos Space Platform passwords.

The range is 0 (zero) through 999 and the default is 6; 0 (zero) indicates that there is no restriction on password reuse.

No. of unsuccessful attempts before lockout

Specify the number of successive attempts after which Junos Space Platform locks out users who enter incorrect passwords. Junos Space Platform identifies users by their IP addresses, so that even if users have exceeded the limit for incorrect passwords on one system they can try to log in again from a different system.

The range is 0 (zero) through 999 and the default is 4; 0 (zero) means that users are not locked out due to login failures.

Time interval for lockout in hours

Specify the interval (in hours) for which a user who has entered incorrect passwords more than the number of times specified in No. of unsuccessful attempts before lockout is locked out.

The range is 0 (zero) through 999 and the default is 12 (hours); 0 (zero) means that users are never locked out.

Time interval for password expiry in months

Specify the duration (in months) after which passwords of all the locally authenticated Junos Space Platform users expire.

The range is 0 (zero) through 999 and the default is 3; 0 (zero) means that the passwords never expire.

Time interval for password expiry notification in months

Specify the number of months in advance that users are warned that their passwords will expire. For example, if you enter 2, users receive a notification two months before their current passwords expire.

The range is 0 (zero) through 999 and the default is 1 (month). Make sure that the value you enter here is less than or equal to the value in the Time interval for password expiry in months field.

Enable users to manage objects from all allowed domains in aggregated view

Specify whether a user can view and manage all objects from all domains to which the user is assigned (check box is selected) or not (check box is cleared, which is the default). For example, when this check box is selected, a user can stage a script belonging to one domain to a device in another domain.

A user can override this configuration by setting the preference from the User Settings configuration section.

Enable option to manage read/execute access to parent domain objects at time of domain creation

Specify whether users with access to a child domain object can access objects belonging to the parent domain (check box is selected) or not (check box is cleared, which is the default).

When this check box is selected, a user with access to child domain objects can perform read and execute actions on parent domain objects. The following objects are accessible:

• Device templates and template definitions

• CLI Configlets, Configuration Views, and XPath and regular expressions

• Images, scripts, operations, and script bundles

• Reports and report definitions

Audit log forwarding interval in minutes

Enter the time interval based on which audit logs will be forwarded according to the audit log forwarding criteria that are configured and enabled.

The default time interval for audit log forwarding is 60 minutes.

Log successful audit log forwarding

Select this check box for successful audit log forwarding to be logged.

Record HTTP GET method

Select this check box if you want all API GET calls to be logged in the audit log. By default, this check box is cleared.

Index auto update interval in seconds

Specify the interval (in seconds) for automatic updates to the index.

The default is five seconds, which means that for every five seconds the system automatically checks whether there are any new changes in the database that need to be indexed.

Index page interval in hours

Specify the index page interval in hours. The default is two hours.

This field determines the interval at which Junos Space Platform reindexes objects in the database. For example, if you specified the index page interval as three hours on 23-Dec-2014 at 4:00 PM (current date and time) and that the last indexing was completed at 1:00 PM on 22-Dec-2014, because the last indexing was performed more than three hours ago, Junos Space Platform indexes objects from 1:00 PM on 22-Dec-2014 to 4:00 PM on 22-Dec-2014 and marks the last index date and time as 22-Dec-2014 4:00 PM. This process is repeated for the specified index page interval—3 hours in this example—until all the objects are indexed.

If there is no last index time present in the database, Junos Space Platform uses the date and time of the database creation as the last index time.

Pause indexing during device import

Specify whether indexing should be paused during device import (check box is selected, which is the default) or not (check box is cleared).

If you have to discover a large number of devices (for example, in the range of thousands), this setting speeds up the device discovery by approximately 10%.

Advanced XPath Processing

If this check box is selected, whenever you trigger an action on a device that requires BaseX support, the BaseX database is populated for that device across the Junos Space nodes. Any resynchronization or discovery triggered after the configuration is enabled is handled.

If this check box is cleared (default), then the BaseX database is not used.

Enable Approval Workflow for Configlets

If this check box is selected, the configuration changes through CLI Configlets for devices are displayed in the Change Summary tab on the Review/Deploy Configuration page in the Devices workspace. You can exclude, include, approve, reject, or delete the changes through CLI Configlets (displayed in curly-braces format) before deploying the configuration changes on the device.

If you select this check box, the Apply CLI Configlets workflows in the Devices and CLI Configlets workspace display a Submit button.

If this check box is cleared (default), the Submit button is not displayed in the Apply Configlet workflows (in the Devices and CLI Configlets workspaces) and you cannot submit the configuration changes through CLI Configlets. You must apply the CLI Configlets in the Apply Configlet workflows to deploy the configuration changes through CLI Configlets.

Include detailed results in job completion response

This setting affects how detailed job results data is returned by a hornet-q poll API when a Junos Space job or a “'Long Running Request” is completed. The job results data is always returned in the last hornet-q progress-update response message that has the <state> element set to “DONE” and the <percentage> set to “100.0”'.

If this check box is selected, the last progress-update response returns detailed results in the <data> element. If this check box is cleared (default), the last progress-update response returns the detailed results in an href attribute of the <detail-link> element along with the type attribute containing the media-type name of the custom job detail.

Disable weak algorithms for WEB or API access

This setting affects the type of key exchange, encryption, authentication, and MAC digest algorithms used for HTTPS access to Junos Space Platform through Web browsers and API clients. The check box is selected by default.

If this check box is selected, only Transport Layer Security (TLS) version 1.2 protocol–compliant Web or API clients can access Junos Space. The TLS 1.2 algorithm is available from Release 16.1R1 onward. Table 11 lists TLS version 1.2 algorithms that are supported for HTTPS access when weak algorithms are disabled.

One of the following cipher suites is configured on the Apache Web server depending on whether the corresponding check box is selected or cleared:

• ECDHE-RSA-AES256-GCM-SHA384

• ECDHE-ECDSA-AES256-GCM-SHA384

• ECDHE-RSA-AES256-SHA384

• ECDHE-ECDSA-AES256-SHA384

• DHE-DSS-AES256-GCM-SHA384

• DHE-RSA-AES256-GCM-SHA384

• DHE-RSA-AES256-SHA256

• DHE-DSS-AES256-SHA256

• ECDH-RSA-AES256-GCM-SHA384

• ECDH-ECDSA-AES256-GCM-SHA384

• ECDH-RSA-AES256-SHA384

• ECDH-ECDSA-AES256-SHA384

• AES256-GCM-SHA384

• AES256-SHA256

• ECDHE-RSA-AES128-GCM-SHA256

• ECDHE-ECDSA-AES128-GCM-SHA256

• ECDHE-RSA-AES128-SHA256

• ECDHE-ECDSA-AES128-SHA256

• DHE-DSS-AES128-GCM-SHA256

• DHE-RSA-AES128-GCM-SHA256

• DHE-RSA-AES128-SHA256

• DHE-DSS-AES128-SHA256

• ECDH-RSA-AES128-GCM-SHA256

• ECDH-ECDSA-AES128-GCM-SHA256

• ECDH-RSA-AES128-SHA256

• ECDH-ECDSA-AES128-SHA256

• AES128-GCM-SHA256

• AES128-SHA256

If this check box is cleared, only the TLS version 1 protocol–compliant Web and API clients can access Junos Space.

ECDHE-RSA-AES256-GCM-SHA384

TLSv1.2

Kx=ECDH Au=RSA Enc=AESGCM(256)

Mac=AEAD

ECDHE-RSA-AES256-SHA384

TLSv1.2

Kx=ECDH Au=RSA Enc=AES(256)

Mac=SHA384

DHE-RSA-AES256-GCM-SHA384

TLSv1.2

Kx=DH Au=RSA Enc=AESGCM(256)

Mac=AEAD

DHE-RSA-AES256-SHA256

TLSv1.2

Kx=DH Au=RSA Enc=AES(256)

Mac=SHA256

AES256-GCM-SHA384

TLSv1.2

Kx=RSA Au=RSA Enc=AESGCM(256)

Mac=AEAD

AES256-SHA256

TLSv1.2

Kx=RSA Au=RSA Enc=AES(256)

Mac=SHA256

ECDHE-RSA-AES128-GCM-SHA256

TLSv1.2

Kx=ECDH Au=RSA Enc=AESGCM(128)

Mac=AEAD

ECDHE-RSA-AES128-SHA256

TLSv1.2

Kx=ECDH Au=RSA Enc=AES(128)

Mac=SHA256

DHE-RSA-AES128-GCM-SHA256

TLSv1.2

Kx=DH Au=RSA Enc=AESGCM(128)

Mac=AEAD

AES128-GCM-SHA256

TLSv1.2

Kx=RSA Au=RSA Enc=AESGCM(128)

Mac=AEAD

AES128-SHA256

TLSv1.2

Kx=RSA Au=RSA Enc=AES(128)

Mac=SHA256

Enable File System Intrusion Detection Monitoring

Select this check box to enable file integrity check. For more information, see Managing File Integrity Check.

Interval for monitoring the File Changes in hours

Specify the time interval at which Junos Space Platform should run file integrity check. You can enter a value in hours. By default, this is set to 24 hours. For more information, see Managing File Integrity Check

Interval for monitoring CPU counters update in minutes

Specify the difference in minutes between the time when the overall load on a Junos Space node and CPU resources shared by processes on the node was last calculated and the system time.

Range: One through 120 minutes

Default: Two minutes

Interval for monitoring device management session in minutes

Specify an interval in minutes to execute the netstat -anlp | awk '{print $5}' | grep ":22" | wc –l command to calculate the device management SSH sessions established between a Junos Space node and the managed devices connected to that node.

Range: 10 through 120 minutes

Default: 30 minutes

Device Management Sessions Monitoring Threshold

Specify the tolerance level up to which the difference in the number of device management SSH sessions calculated by using the netstat -anlp | awk '{print $5}' | grep ":22" | wc –l command (Number of Devices column) and the number of device management SSH sessions as listed in the Junos Space database (Console Count column) is accepted.

When this difference exceeds the specified tolerance level, the Management sessions are mismatched with UI data parameter in the System Health Report displays a red “No”.

Range: 0 (zero) through 1000

Default: 10

Disk Utilization Threshold Value in percentage

Specify a percentage of hard disk drive free space above which the usage is considered to be higher than normal usage.

Range: 30% through 100%

Default: 50%

High CPU Threshold Value in percentage

Specify a percentage of CPU resource usage above which the usage is considered to be higher than normal usage.

Range: 30% through 100%

Default: 50%

Extended Period for High CPU in minutes

Specify an interval in minutes above which a higher-than-average usage of CPU resources must be reported.

Range: 10 through 120 minutes

Default: 30 minutes

Interval for monitoring HPROF file in hour

Specify an interval in hours to detect and log the Heap and CPU Profiling Agent (HPROF) files on all Junos Space nodes in the Junos Space fabric.

Range: One through 240 hours

Default: One hour

Interval for monitoring large database in hour

Specify an interval in hours to detect and log MySQL database tables exceeding 10 GB.

Range: One through 240 hours

Default: One hour

Purge Health Data Older than in Month

Specify an interval in months to purge health-related data such as high CPU usage data in the server.log files.

Range: One through 12 months

Default: One month

Comments

Comments about the X.509 certificate parameter

Click the view/configure hyperlink to add comments.

Admin Status

Status of the parameter: active or inactive

Certificate Parameter

Name of the X.509 certificate parameter

Parameter Display Name

Description of the X.509 certificate parameter