Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Modifying Junos Space Network Management Platform Settings

As the Super Administrator or System Administrator, you can modify the settings of Junos Space Network Management Platform.

To modify the settings of Junos Space Platform:

  1. On the Junos Space Platform UI, select Administration > Applications.

    The Applications page is displayed.

  2. Select Network Management Platform.
  3. Select Modify Application Settings from the Actions menu or right-click Network Management Platform and select Modify Application Settings.

    The Modify Application Settings (Modify Network Management Platform Settings) page is displayed and the Device section is selected by default.

    Note:
    • You cannot modify the application settings if another user is currently modifying the application settings. You receive a pop-up message indicating the user who is currently modifying the application settings.

    • For the Junos Space Platform settings that have numerical values, the label [Default] is displayed to the right of the text box if the value is the system default.

    • In each section of the Modify Application Settings (Modify Network Management Platform Settings) page, the settings that you modified are automatically saved from Junos Space Network Management Platform Release 17.1R1 onward.

      The settings are saved only temporarily so that you can change the settings in other sections. To save the settings across sections, you must explicitly click the Modify button; for more information, see 15.

  4. (Optional) Modify the settings related to the devices, as shown in Table 1.
    Table 1: Device Settings

    Field

    Description

    Add SNMP configuration to device for fault monitoring

    This check box is selected by default, which ensures that the SNMP target for the devices that are discovered from Junos Space Platform is set to the Junos Space VIP node. This configuration enables these devices to send their SNMP traps to the Junos Space VIP node.

    If you clear the check box, then SNMP trap targets are not set for the devices that are newly added in Junos Space Platform. The devices whose SNMP trap targets are not set do not send their SNMP traps to the Junos Space VIP node.

    Allow Best Match Schema

    This check box enables the discovered devices to be aired with the best matching schema when the exact match for the device is not available.

    Allow Device Communication

    This check box enables discovered devices to communicate with the Junos Space server. If the check box is cleared, the discovered devices cannot communicate with the Junos Space server.

    Allow users to auto log in to devices using SSH

    This check box allows users to automatically log in when starting an SSH connection on a device. The default (check box is cleared) indicates that you have to add your credentials to log in to a device using SSH.

    Auto resync device

    This check box ensures that when the network is the system of record, configuration changes on a connected Juniper Networks device are synchronized with or imported to the application database. By default, this check box is selected.

    Configure commit synchronize during device discovery

    This check box ensures that for either system of record, configuration changes in Junos Space Platform for a device are pushed, committed, and synchronized during device discovery. By default, this check box is selected.

    Disable network monitoring for all devices

    This check box determines whether Network Monitoring is used to monitor only Junos Space fabric nodes (check box is cleared) or both Junos Space fabric nodes and devices (check box is selected):

    Note:

    This check box is cleared by default.

    1. If the Disable network monitoring for all devices check box is selected, then during device discovery Junos Space Platform does not push SNMP trap targets to devices or add devices into Network Monitoring. In addition, if a Resync Nodes job is triggered, Junos Space Platform removes devices that are already present in Network Monitoring and removes the trap target settings that were previously set on the devices. In addition, Junos Space Platform does not synchronize additional devices with the Network Monitoring workspace.

    2. If the Disable network monitoring for all devices check box is cleared, Junos Space Platform does the following:

      • Pushes the SNMP trap targets to the devices during the discovery of new devices if the Add SNMP configuration to device for fault monitoring check box is selected

        If the Add SNMP configuration to device for fault monitoring check box is cleared, then the SNMP trap targets are not pushed to the devices.

      • Adds the device into Network Monitoring during the discovery of new devices

      Note:

      For devices that are added to Junos Space Platform before the Disable network monitoring for all devices check box is cleared, you must initiate a manual device resynchronization to add the devices into Network Monitoring.

    3. If the Disable network monitoring for all devices check box was previously cleared and is changed to selected, then you must trigger a manual device resynchronization so that Junos Space Platform removes the devices from Network Monitoring. The rest of the behavior is the same as explained in the first step.

    System of Record Settings

    This setting enables you to specify whether the network is the system of record (NSOR, which is the default) or whether Junos Space Platform is the system of record (SSOR).

    Note:

    Resynchronization choices on this page apply only to NSOR.

    Enable approval workflow for configuration deployment

    This option is for a candidate configuration (previously known as consolidated configuration) and lets a user deploy any configuration changes made from Junos Space Platform on to a device only on approval. By default, this check box is selected. By clearing this check box, you can deploy the configuration directly without approval.

    Enable commit confirmed for configuration deployment

    Specify that the device waits for a specified time for the configuration to be explicitly committed when a commit configuration request is sent from Junos Space Platform. The default wait time is 10 minutes.

    This check box is cleared by default.

    Junos Space initiates connection to device

    This check box is selected by default, so Junos Space Platform initiates a connection with managed devices. To have managed devices initiate a connection with Junos Space Platform, clear this check box.

    Looking Glass Device response timeout in secs

    Specify a timeout interval for devices on which the looking glass feature is applied. Junos Space Platform waits until the specified timeout interval for a response has lapsed and if there is no response, the request is timed out.

    The minimum timeout interval is 30 seconds, the maximum is 600 seconds, and the default is 120 seconds.

    Max auto resync waiting time secs

    This field specifies the initial time within which device configuration changes are synchronized with the database. If multiple commit logs are received from devices, Junos Space waits for this time interval to lapse before the resynchronization of the device configuration is initiated.

    The default waiting time is 20 seconds. This setting is applicable only when the network is the system of record.

    Number of devices to connect per minute for Space Initiated Connection

    This parameter enables you to control the number of devices connecting with Junos Space Platform. The default number of devices allowed to connect per minute in connections initiated by Junos Space Platform is 500 devices and the maximum number of devices is 1000. If Junos Space Platform connects to too many devices simultaneously, the performance of the network is weakened.

    Polling time period secs

    This setting is for specifying the interval at which to poll the configuration of devices that do not support system logging (non-Junos OS devices). Junos Space Platform polls and compares the configuration it has with that of the device at the interval set here. If there is a difference, it is reported. If the network is the system of record, Junos Space Platform synchronizes its configuration with that on the device. The default is 900 seconds.

    SSH port for device connection

    This field specifies the SSH port on the device. Junos Space Platform uses this port to discover devices. The default value, 22, is the standard SSH server port.

    Enable terminate rpc call for timed out sessions

    Enabling this option calls <terminate/> rpc for timed out NETCONF sessions. If this option is not enabled, <close-session/> rpc is used to close all NETCONF sessions. The difference in behavior applies only to timed out or terminated sessions.

    Manually Resolve Fingerprint Conflict

    When a fingerprint conflict occurs during device reconnection or when a user connects to a device by using the secure console or SSH, Junos Space Platform allows the user to resolve a fingerprint conflict manually or resolves the conflict automatically.

    This check box is selected by default, which means that the user must resolve the fingerprint conflict manually. If the check box is cleared, Junos Space Platform resolves the fingerprint conflict automatically by accepting the fingerprint that is presented during authentication.

    Note:

    If Junos Space Platform maintains an active connection with a device, the change in the device fingerprint is not recognized by Junos Space Platform. Fingerprint changes on devices are recognized when the devices reconnect with Junos Space.

    Support WW Junos Devices

    Select this check box to enable support for devices running worldwide Junos OS (ww Junos OS devices) and clear the check box to disable support for ww Junos OS devices.

    This check box is cleared by default.

    Device Outage Detection Time in seconds

    This field specifies the time needed for detecting a device outage.

    Default value : 180 seconds

    Min value: 90 seconds

    Max value: 900 seconds

  5. (Optional) Click the User hyperlink (on the left of the page) to modify the settings related to users, as shown in Table 2.
    Table 2: User Settings

    Field

    Description

    Automatic logout after inactivity (minutes)

    Specify the time, in minutes, after which a user who is idle (that is, has not performed any action such as pressing a key or clicking a mouse) is automatically logged out of Junos Space Platform. This setting conserves server resources and protects the system from unauthorized access.

    The default value for this setting is five minutes. From Release 17.1R1 onward, you can set a value of up to 480 minutes. If you set the configuration to Never, the idle time out is disabled and the user is never logged out of Junos Space Platform due to inactivity.

    Note:

    From Release 17.1R1 onward, you can override this setting by specifying a user-specific value when you create or modify a user account.

    Disable inactive user after time period (Days)

    Specify the number of days after which a user who is inactive (a user who has not performed any action such as pressing a key or clicking the mouse) is automatically disabled in Junos Space Platform. The Disable inactive user after time period (Days) setting is available from Release 16.1R1 onward. This setting protects the system from unauthorized access. A user who is disabled cannot log in to Junos Space Platform. To enable the user to log in again, use the Enable Users action on the User Accounts page of the Role-Based Access Control workspace.

    By default, the time period is set to Never, which means the user is never disabled because of inactivity. You can choose a period of up to 120 days to permit a user to be inactive, after which the user is disabled.

    If an SMTP server and the user’s e-mail address are configured, an e-mail notification about account disabling is sent to the user 24–48 hours before the user account is disabled.

    Maximum concurrent UI sessions per user

    Specify the number of concurrent user sessions allowed per user for GUI login at the global level (that is, for all users).

    The default value is 5. You can enter a value from 0 (zero) through 999. Entering 0 (zero) means that there are no restrictions on the number of concurrent UI sessions allowed per user. However, the system performance may be affected if you allow unlimited concurrent UI sessions.

    Note:
    • If you are a super user, this concurrent user session limit does not apply and you are allowed to log in even when you have exceeded this limit.

    • The changes that you make to the concurrent UI sessions limit (either at the global level or at the user level) do not affect existing sessions; this limit is validated against the next user login only.

    UI auto refresh interval in seconds

    Specify the time, in seconds, after which the Junos Space GUI is refreshed automatically. The default value is 3 seconds.

    Use User Password Auth Mode choices

    • Use User Password Auth Mode—Select this option, which is the default, if you want the Junos Space server to authenticate the user on the basis of username and password entered by the user.

    • Use X509 Certificate Complete Certificate—Select this option if you want the Junos Space server to authenticate the user on the basis of the certificate of the user.

    • Use X509 Certificate Parameters—Select this option if you want the Junos Space server to authenticate the user on the basis of the X.509 certificate parameters.

    For more information about changing authentication modes, refer to Changing User Authentication Modes.

    Note:

    If you change the authentication mode from password-based to certificate-based by using the Use X509 Certificate Complete Certificate option without uploading appropriate certificates or from certificate-based to certificate parameter–based by using the Use X509 Certificate Parameters option without adding and activating the parameters, an error message is displayed in a pop-up window. Click OK to close the pop-up window.

  6. (Optional) Click the Password hyperlink (on the left of the page) to modify the settings related to password rules, as shown in Table 3.
    Note:

    You click the User Settings icon on the Junos Space banner (see Changing Your Password on Junos Space) to change your password, but the constraints that govern the password are set on the Modify Application Settings (Modify Network Management Platform Settings) page.

    Table 3: Password Settings

    Field

    Description

    Advanced Settings

    To view or configure advanced password settings, click the view/configure hyperlink.

    You are taken to the Password > Advanced Settings section. Refer to step 6.a for details.

    Minimum no. of characters

    Specify the minimum number of characters that a password must contain.

    The minimum value for this field is 8 (the default) and the maximum value is 999.

    No. of previous passwords cannot be reused

    Specify the number of previous passwords that cannot be reused when users change their passwords. For example, if you enter 10, users cannot reuse any of their previous 10 Junos Space Platform passwords.

    The range is 0 (zero) through 999 and the default is 6; 0 (zero) indicates that there is no restriction on password reuse.

    No. of unsuccessful attempts before lockout

    Specify the number of successive attempts after which Junos Space Platform locks out users who enter incorrect passwords. Junos Space Platform identifies users by their IP addresses, so that even if users have exceeded the limit for incorrect passwords on one system they can try to log in again from a different system.

    The range is 0 (zero) through 999 and the default is 4; 0 (zero) means that users are not locked out due to login failures.

    Note:

    This verification applies only to users who are in the Junos Space Platform database. It does not work with RADIUS and TACACS+ server authentication.

    Time interval for lockout in hours

    Specify the interval (in hours) for which a user who has entered incorrect passwords more than the number of times specified in No. of unsuccessful attempts before lockout is locked out.

    The range is 0 (zero) through 999 and the default is 12 (hours); 0 (zero) means that users are never locked out.

    Note:

    You can unlock a locked-out user at any time (see Disabling and Enabling Users).

    Time interval for password expiry in months

    Specify the duration (in months) after which passwords of all the locally authenticated Junos Space Platform users expire.

    The range is 0 (zero) through 999 and the default is 3; 0 (zero) means that the passwords never expire.

    Note:
    • This configuration does not have any impact on the RADIUS or TACACS+ server–authenticated users.

    • If you upgrade to Junos Space Release 13.1 or later, the password expiry time of the existing local users remain as is until the users modify their passwords or you change the value in this field.

    Time interval for password expiry notification in months

    Specify the number of months in advance that users are warned that their passwords will expire. For example, if you enter 2, users receive a notification two months before their current passwords expire.

    The range is 0 (zero) through 999 and the default is 1 (month). Make sure that the value you enter here is less than or equal to the value in the Time interval for password expiry in months field.

    1. (Optional) Modify the fields related to advanced password settings as explained in Table 4.
      Table 4: Advanced Password Settings

      Field

      Description

      At least one lowercase character

      Specify whether at least one lowercase letter is required in the password. This check box is selected by default.

      At least one number not in the last position

      Specify that the password must contain at least one number and that a number cannot be the last character of the password. This check box is selected by default.

      When this check box is selected, a password that contains a number as the last character is not allowed.

      At least one special character not in the last position

      Specify that the password must contain at least one special character (non-alphanumeric character) and that a special character cannot be the last character of the password. This check box is selected by default.

      When this check box is selected, a password that contains a special character as the last character is not allowed.

      At least one uppercase character

      Specify whether at least one uppercase letter is required in the password. This check box is disabled by default.

      At least eight characters of previous password is changed

      Specify that you must change eight characters of the previous password while trying to set a new password. This check box is selected by default.

      No more than three consecutive repetitive characters

      Specify that a password should not contain the same character repeated more than three times in succession; for example, Exam333pl3e and E3x3a3m3ple are valid passwords, whereas Exam3333ple is not.

      This check box is selected by default.

      Not repeat of the user ID

      Specify that the username should not be part of the password. This check box is selected by default.

      Not reverse of the user ID

      Specify that the username in reverse should not be a part of the password. This check box is selected by default.

  7. (Optional) Click the Domain hyperlink (on the left of the page) to modify the settings related to domains, as shown in Table 5.
    Table 5: Domain Settings

    Field

    Description

    Enable users to manage objects from all allowed domains in aggregated view

    Specify whether a user can view and manage all objects from all domains to which the user is assigned (check box is selected) or not (check box is cleared, which is the default). For example, when this check box is selected, a user can stage a script belonging to one domain to a device in another domain.

    A user can override this configuration by setting the preference from the User Settings configuration section.

    Enable option to manage read/execute access to parent domain objects at time of domain creation

    Specify whether users with access to a child domain object can access objects belonging to the parent domain (check box is selected) or not (check box is cleared, which is the default).

    When this check box is selected, a user with access to child domain objects can perform read and execute actions on parent domain objects. The following objects are accessible:

    • Device templates and template definitions

    • CLI Configlets, Configuration Views, and XPath and regular expressions

    • Images, scripts, operations, and script bundles

    • Reports and report definitions

  8. (Optional) Click the Audit Log hyperlink (on the left of the page) to modify the settings related to audit logs, as shown in Table 6.
    Table 6: Audit Log Settings

    Field

    Description

    Audit log forwarding interval in minutes

    Enter the time interval based on which audit logs will be forwarded according to the audit log forwarding criteria that are configured and enabled.

    The default time interval for audit log forwarding is 60 minutes.

    Log successful audit log forwarding

    Select this check box for successful audit log forwarding to be logged.

    Note:

    For more information about forwarding audit logs, see Audit Log Forwarding in Junos Space Overview.

    Record HTTP GET method

    Select this check box if you want all API GET calls to be logged in the audit log. By default, this check box is cleared.

    Note:

    If this check box is selected, only API GET calls invoked from external scripts are logged; API GET calls originating from the Junos Space Platform user interface or Junos Space applications are never logged.

  9. (Optional) Click the Search hyperlink (on the left of the page) to modify the settings related to search, as shown in Table 7.
  10. (Optional) Click the CLIConfiglets hyperlink (on the left of the page) to modify the settings related to CLI Configlets, as shown in Table 8.
    Table 8: CLI Configlet Settings

    Field

    Description

    Advanced XPath Processing

    If this check box is selected, whenever you trigger an action on a device that requires BaseX support, the BaseX database is populated for that device across the Junos Space nodes. Any resynchronization or discovery triggered after the configuration is enabled is handled.

    If this check box is cleared (default), then the BaseX database is not used.

    Enable Approval Workflow for Configlets

    If this check box is selected, the configuration changes through CLI Configlets for devices are displayed in the Change Summary tab on the Review/Deploy Configuration page in the Devices workspace. You can exclude, include, approve, reject, or delete the changes through CLI Configlets (displayed in curly-braces format) before deploying the configuration changes on the device.

    If you select this check box, the Apply CLI Configlets workflows in the Devices and CLI Configlets workspace display a Submit button.

    If this check box is cleared (default), the Submit button is not displayed in the Apply Configlet workflows (in the Devices and CLI Configlets workspaces) and you cannot submit the configuration changes through CLI Configlets. You must apply the CLI Configlets in the Apply Configlet workflows to deploy the configuration changes through CLI Configlets.

  11. (Optional) Click the RESTAPI hyperlink (on the left of the page) to modify the settings related to REST APIs, as shown in Table 9.
    Table 9: REST API Settings

    Field

    Description

    Include detailed results in job completion response

    This setting affects how detailed job results data is returned by a hornet-q poll API when a Junos Space job or a “'Long Running Request” is completed. The job results data is always returned in the last hornet-q progress-update response message that has the <state> element set to “DONE” and the <percentage> set to “100.0”'.

    If this check box is selected, the last progress-update response returns detailed results in the <data> element. If this check box is cleared (default), the last progress-update response returns the detailed results in an href attribute of the <detail-link> element along with the type attribute containing the media-type name of the custom job detail.

    Note:

    This setting applies only to those jobs that support “detail-link” reporting (currently, the /api/space/script-management and /api/space/configlet-management jobs).

    For other jobs that do not support “detail-link” reporting, the last progress-update response returns detailed results in the <data> element or returns the <data> element as “No Result Data Available”. In both cases, the <summary> element contains the summary of job results.

  12. (Optional) Click the Security hyperlink (on the left of the page) to modify the settings related to HTTPS access to Junos Space Platform through Web browsers or other HTTP clients, as shown in Table 10.
    Table 10: Security Settings

    Field

    Description

    Disable weak algorithms for WEB or API access

    This setting affects the type of key exchange, encryption, authentication, and MAC digest algorithms used for HTTPS access to Junos Space Platform through Web browsers and API clients. The check box is selected by default.

    If this check box is selected, only Transport Layer Security (TLS) version 1.2 protocol–compliant Web or API clients can access Junos Space. The TLS 1.2 algorithm is available from Release 16.1R1 onward. Table 11 lists TLS version 1.2 algorithms that are supported for HTTPS access when weak algorithms are disabled.

    One of the following cipher suites is configured on the Apache Web server depending on whether the corresponding check box is selected or cleared:

    • ECDHE-RSA-AES256-GCM-SHA384

    • ECDHE-ECDSA-AES256-GCM-SHA384

    • ECDHE-RSA-AES256-SHA384

    • ECDHE-ECDSA-AES256-SHA384

    • DHE-DSS-AES256-GCM-SHA384

    • DHE-RSA-AES256-GCM-SHA384

    • DHE-RSA-AES256-SHA256

    • DHE-DSS-AES256-SHA256

    • ECDH-RSA-AES256-GCM-SHA384

    • ECDH-ECDSA-AES256-GCM-SHA384

    • ECDH-RSA-AES256-SHA384

    • ECDH-ECDSA-AES256-SHA384

    • AES256-GCM-SHA384

    • AES256-SHA256

    • ECDHE-RSA-AES128-GCM-SHA256

    • ECDHE-ECDSA-AES128-GCM-SHA256

    • ECDHE-RSA-AES128-SHA256

    • ECDHE-ECDSA-AES128-SHA256

    • DHE-DSS-AES128-GCM-SHA256

    • DHE-RSA-AES128-GCM-SHA256

    • DHE-RSA-AES128-SHA256

    • DHE-DSS-AES128-SHA256

    • ECDH-RSA-AES128-GCM-SHA256

    • ECDH-ECDSA-AES128-GCM-SHA256

    • ECDH-RSA-AES128-SHA256

    • ECDH-ECDSA-AES128-SHA256

    • AES128-GCM-SHA256

    • AES128-SHA256

    If this check box is cleared, only the TLS version 1 protocol–compliant Web and API clients can access Junos Space.

    Note:

    You can enable or disable weak algorithms only if all load balancers are in the UP state. When you enable or disable weak algorithms, a warning message is sent to all user sessions, the user sessions are stopped, and the users are logged out.

    Table 11: Supported TLS Version 1.2 Algorithms for HTTPS Access When Weak Algorithms Are Disabled

    Encrypted Connection

    Details

    MAC

    ECDHE-RSA-AES256-GCM-SHA384

    TLSv1.2

    Kx=ECDH Au=RSA Enc=AESGCM(256)

    Mac=AEAD

    ECDHE-RSA-AES256-SHA384

    TLSv1.2

    Kx=ECDH Au=RSA Enc=AES(256)

    Mac=SHA384

    DHE-RSA-AES256-GCM-SHA384

    TLSv1.2

    Kx=DH Au=RSA Enc=AESGCM(256)

    Mac=AEAD

    DHE-RSA-AES256-SHA256

    TLSv1.2

    Kx=DH Au=RSA Enc=AES(256)

    Mac=SHA256

    AES256-GCM-SHA384

    TLSv1.2

    Kx=RSA Au=RSA Enc=AESGCM(256)

    Mac=AEAD

    AES256-SHA256

    TLSv1.2

    Kx=RSA Au=RSA Enc=AES(256)

    Mac=SHA256

    ECDHE-RSA-AES128-GCM-SHA256

    TLSv1.2

    Kx=ECDH Au=RSA Enc=AESGCM(128)

    Mac=AEAD

    ECDHE-RSA-AES128-SHA256

    TLSv1.2

    Kx=ECDH Au=RSA Enc=AES(128)

    Mac=SHA256

    DHE-RSA-AES128-GCM-SHA256

    TLSv1.2

    Kx=DH Au=RSA Enc=AESGCM(128)

    Mac=AEAD

    AES128-GCM-SHA256

    TLSv1.2

    Kx=RSA Au=RSA Enc=AESGCM(128)

    Mac=AEAD

    AES128-SHA256

    TLSv1.2

    Kx=RSA Au=RSA Enc=AES(128)

    Mac=SHA256

  13. (Optional) Click the HealthMonitoring hyperlink (on the left of the page) to modify the health monitoring settings related to the System Health Report displayed on the Administration statistics page, as shown in Table 12.
    Table 12: Health Monitoring Settings

    Field

    Description

    Enable File System Intrusion Detection Monitoring

    Select this check box to enable file integrity check. For more information, see Managing File Integrity Check.

    Interval for monitoring the File Changes in hours

    Specify the time interval at which Junos Space Platform should run file integrity check. You can enter a value in hours. By default, this is set to 24 hours. For more information, see Managing File Integrity Check

    Interval for monitoring CPU counters update in minutes

    Specify the difference in minutes between the time when the overall load on a Junos Space node and CPU resources shared by processes on the node was last calculated and the system time.

    Range: One through 120 minutes

    Default: Two minutes

    Interval for monitoring device management session in minutes

    Specify an interval in minutes to execute the netstat -anlp | awk '{print $5}' | grep ":22" | wc –l command to calculate the device management SSH sessions established between a Junos Space node and the managed devices connected to that node.

    Range: 10 through 120 minutes

    Default: 30 minutes

    Device Management Sessions Monitoring Threshold

    Specify the tolerance level up to which the difference in the number of device management SSH sessions calculated by using the netstat -anlp | awk '{print $5}' | grep ":22" | wc –l command (Number of Devices column) and the number of device management SSH sessions as listed in the Junos Space database (Console Count column) is accepted.

    When this difference exceeds the specified tolerance level, the Management sessions are mismatched with UI data parameter in the System Health Report displays a red “No”.

    Range: 0 (zero) through 1000

    Default: 10

    Disk Utilization Threshold Value in percentage

    Specify a percentage of hard disk drive free space above which the usage is considered to be higher than normal usage.

    Range: 30% through 100%

    Default: 50%

    High CPU Threshold Value in percentage

    Specify a percentage of CPU resource usage above which the usage is considered to be higher than normal usage.

    Range: 30% through 100%

    Default: 50%

    Extended Period for High CPU in minutes

    Specify an interval in minutes above which a higher-than-average usage of CPU resources must be reported.

    Range: 10 through 120 minutes

    Default: 30 minutes

    Interval for monitoring HPROF file in hour

    Specify an interval in hours to detect and log the Heap and CPU Profiling Agent (HPROF) files on all Junos Space nodes in the Junos Space fabric.

    Range: One through 240 hours

    Default: One hour

    Interval for monitoring large database in hour

    Specify an interval in hours to detect and log MySQL database tables exceeding 10 GB.

    Range: One through 240 hours

    Default: One hour

    Purge Health Data Older than in Month

    Specify an interval in months to purge health-related data such as high CPU usage data in the server.log files.

    Range: One through 12 months

    Default: One month

  14. (Optional) Click the X509-Certificate-Parameters hyperlink (on the left of the page) to add the X.509 certificate parameters that are validated during certificate parameter–based authentication.

    The right of the page displays the X.509 certificate parameters, as shown in Table 13.

    You can specify the parameters that are validated when a user logs in. The values for these parameters can be specified when you create the user in the Role Based Access Control workspace. For more information, see Creating Users in Junos Space Network Management Platform.

    Table 13: X509 Certificate Parameter (Variable) Details

    Column

    Description

    Comments

    Comments about the X.509 certificate parameter

    Click the view/configure hyperlink to add comments.

    Admin Status

    Status of the parameter: active or inactive

    Certificate Parameter

    Name of the X.509 certificate parameter

    Parameter Display Name

    Description of the X.509 certificate parameter

    For more information about adding, deleting, modifying, and reordering the parameters, see Adding and Activating X.509 Certificate Parameters for X.509 Certificate Parameter Authentication.

  15. After you have modified the settings, you can do one of the following:
    • Save the changes by clicking the Modify button.

      The Change Summary pop-up window displays the summary of the settings you modified. It also displays warnings, if any, regarding the changed settings. Click the Confirm button to save the changes. Alternatively, you can click the Cancel button to discard the modifications.

      The settings that you modified are saved and you are taken back to the Applications page.

    • Discard the changes by clicking the Cancel button.

      The changes you made are discarded and you are taken back to the Applications page.

For troubleshooting, see the /var/log/jboss/servers/server1/server.log file, which captures any internal errors, and the audit logs.

Release History Table
Release
Description
17.1R1
In each section of the Modify Application Settings (Modify Network Management Platform Settings) page, the settings that you modified are automatically saved from Junos Space Network Management Platform Release 17.1R1 onward.
17.1R1
From Release 17.1R1 onward, you can set a value of up to 480 minutes.
17.1R1
From Release 17.1R1 onward, you can override this setting by specifying a user-specific value when you create or modify a user account.
16.1R1
The Disable inactive user after time period (Days) setting is available from Release 16.1R1 onward.
16.1R1
The TLS 1.2 algorithm is available from Release 16.1R1 onward.