Paragon Automation Getting Started

Ready. Set. Let’s go!

This guide explains the high-level tasks that you can perform after you log in to the Paragon Automation GUI. The Paragon Automation suite consists of the following applications:

Paragon Pathfinder (formerly NorthStar Controller)
Paragon Insights (formerly HealthBot)
Paragon Planner (formerly NorthStar Planner)
Anuta Networks ATOM
Paragon Active Assurance (formerly Netrounds)
Note:
- To access Anuta ATOM from Paragon Automation, you must first integrate ATOM with Paragon Automation. See Get Started with ATOM.
- Currently, Paragon Active Assurance features are not accessible from the Paragon Automation GUI, because Active Assurance is not yet integrated with Paragon Automation. You can access the documentation on the Paragon Active Assurance TechLibrary page.

Access Paragon Automation and Set Up Licenses

Before you use the Paragon Automation applications:

Log in to the Paragon Automation GUI by using the web application URL (or the ingress controller virtual IP [VIP] address) and the credentials that your Paragon Automation administrator provided. If you're logging in for the first time, the GUI prompts you to change the password.
For details, see Access the Paragon Automation GUI in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).

Note:
For information on the default username and password after installation, see the Log in to the Paragon Automation UI section (in the
Install and Update Paragon Automation topic) of the Paragon Automation Installation Guide (located in the Install/Upgrade Software section of the Paragon Automation Documentation page).
To use Paragon Insights, Paragon Pathfinder, and Paragon Planner, you must install the necessary licenses on the License Management page (Administration > License Management).
For more information, see About the License Management Page in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).

Note:
If you do not install the licenses, then some menu items in the Paragon Automation menu are not displayed.

Add and Configure Devices

Add or discover the devices that you want Paragon Automation to monitor and manage:
1. On the Devices page (Configuration > Devices), click the Add (+) icon.
  The Add Devices page appears.
  
  Note:
  You can either discover existing devices already present in your network (Discover Devices option) or add new devices manually (Add New Devices option) by specifying device details. In this guide, we'll cover the discovery of existing devices.
  
  For details on how to add new devices, see Add Devices in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
2. Check that the Discover Devices option is highlighted.
3. You can either enter device details manually or import the device details from a comma-separated values (CSV) file:
  - To enter the device details manually, select Enter Manually, which is the default. Go to Step 1.d.
  - To enter the device details using a CSV file:
    1. Select Import From File, and click Browse.
      Tip:
      Click the Download Sample CSV File link to download a sample CSV and use the sample file to create your own CSV file.
    2. In the File Upload dialog box, select the CSV file to upload, and click Open.
      Paragon Automation parses the file and displays the device details in one or more Targets and Credentials sections.
    3. (Optional) Confirm that the device details and credentials were imported correctly.
      Go to Step 1.h.
4. Click the Managed Status toggle button to specify whether the device is managed or unmanaged:
  Note:
  Paragon Automation supports Juniper Networks and Cisco IOS XR devices. For a complete list of supported devices, see Supported Devices and OS Versions in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
  - Managed: Indicates that Paragon Automation can discover the device by using NETCONF. This is the default option.
  - Unmanaged: Indicates that Paragon Automation cannot discover the device by using NETCONF.
5. In the Hostname / IP Targets field, enter the hostnames or IP addresses of the devices that you want Paragon Automation to discover.
  You can enter multiple hostnames or IP addresses by typing each entry and then pressing Enter.
6. (Optional) You can also select devices from the list of devices discovered by Paragon Pathfinder (using BGP-LS):
  - Click the Add targets from topology to this list link.
    The Add Topology Targets page appears.
  - Select the check boxes corresponding to the devices that you want to add, and click Add.
    You are returned to the Add Devices page. The IP addresses of the devices that you added appear in the Hostname / IP Targets field.
7. In the Device Credentials field, enter the username and password.
  Note:
  For Junos OS devices, we recommend that you use a non-root account with super user permissions. Ensure that you configure this account on each device that you discover or add.
8. Click OK.
  Paragon Automation triggers a device discovery job and displays a confirmation message with a link to the job. You are returned to the Devices page.
9. (Optional) Click the job ID link on the confirmation message (or on the Jobs page [Monitor > Jobs]) to open the Job Status page, where you can monitor the status of the device discovery.
10. After the job finishes, go to the Devices page and verify that the devices are discovered correctly.
  Note:
  - For managed devices, the Management Status should be Up, indicating that Paragon Automation established a connection with the device. In addition, the Sync Status should be In Sync, indicating that the configuration and the inventory data in Paragon Automation and on the device are in sync.
  - For unmanaged devices, the Management Status should be Unmanaged, and the Sync Status should be Unknown.
For each device that you added, configure the fields related to Path Computation Element (PCE) protocol (PCEP), NETCONF, and (optionally) parameters related to telemetry.
Note:
These configurations will be used by Paragon Pathfinder and Paragon Insights.
1. On the Devices page (Configuration > Devices), select the device, and click the Edit (pencil) icon.
  The Edit Device-Name page appears.
2. Configure the parameters related to PCEP in the Protocols > PCEP section.
  - Specify which PCEP version to use from the Version list:
    - Select Non-RFC, which is the default option, to run in non-RFC 8231/8281 compliance mode.
      You can use this option for devices running Junos OS versions 15.x through versions 19.x.
    - Select RFC Compliant to run in RFC 8231/8281 compliance mode. You can use this option for any vendor's devices that conform to RFC 8231/8281. For example, Juniper devices running Junos OS versions 19.x and later.
    - Select 3rd party PCC for older versions of Cisco devices.
  - In the IP Address field, enter the IP address used by the device to connect to Paragon Automation for managing LSPs.
3. Configure the NETCONF parameters in the Protocols > Netconf section.
  - Enabled: Click the toggle button to enable NETCONF on the device.
  - Bulk Commit: Click the toggle button to enable NETCONF bulk commit. If you enable bulk commit, you can provision multiple LSPs in a single commit instead of using multiple commits.
    Note:
    
    When you use point to multipoint (P2MP) LSPs on Juniper devices, you must enable bulk commit to enable support for P2MP LSP provisioning on the devices.
    
    In other cases, enabling bulk commit is optional, and you can use bulk commit if you want to improve provisioning efficiency.
  - iAgent/Netconf Port: Enter the port number (on the device) to be used for NETCONF. This port should not be used for any other service.
    The default port number is 830 for Juniper Networks devices and 22 for other devices.
4. (Optional) If you want Pathfinder to receive telemetry data from devices, configure the system identifier (for Junos Telemetry Interface [JTI]) and the management IP address in the Device ID Details section.
  Note:
  For the JTI system identifier, use the format device-host-name:jti-ip-address, where:
  - device-host-name is the hostname of the device.
  - jti-ip-address is the IP address (local-address statement) that is configured for the export profile in Junos OS.
5. Click OK to save your changes.
For details, see Edit Devices in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).

Get Started with Paragon Pathfinder

Add the devices to the controller device group:
1. On the Device Group Configuration page (Configuration > Device Groups), select the controller device group, and click the Edit (pencil) icon.
  The Edit Device Group page appears.
2. In the Devices field, select the devices that Paragon Automation previously discovered, and then save and deploy the changes.
For details, see Edit a Device Group in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
Run the device collection task in one of the following ways:
- From the Administration menu:
  1. On the Task Scheduler page (Administration > Task Scheduler), click the Add (+) icon.
    The Create New Task wizard appears.
  2. In Step 1 of the wizard, specify the following and click Next.
    - In the Name field, enter a name for the task.
    - From the Task Group list, select Collection Tasks.
    - From the Task Type list, select Device Collection.
  3. In Step 2 of the wizard, select the devices that you want to include in device collection, specify the task and collection options, and click Next.
  4. In Step 3 of the wizard, specify the schedule and recurrence for the task.
  5. Click Submit.
    The device collection task is added. You're returned to the Task Scheduler page.
    
    For details, see Add a Device Collection Task in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
- From the Network menu:
  1. On the Topology page (Network > Topology), select the check boxes corresponding to the devices for which you want to run device collection.
  2. From the More list, select Run Device Collection.
    For details, see Add a Device Collection Task in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
Configure topology acquisition by using the following high-level steps:
1. Enable BGP-LS on the devices.
2. (Optional) Configure BGP-LS peers in Paragon Automation.
  Note:
  You can perform this step only if you previously configured BGP-LS peers during the Paragon Automation installation.
  1. Open the BGP Monitoring Protocol (BMP) configuration file in an editor.
  2. Add the device IP addresses to the BMP configuration file.
    Note:
    The BMP configuration file (kube-cfg.yml) is located in the /etc/kubernetes/po/bmp/ directory on the Paragon Automation primary node. For information on how to access the primary node, see the Paragon Automation Installation Guide (located in the Install/Upgrade Software section of the Paragon Automation Documentation page).
  3. Apply the new configuration file.
3. Verify the status of the BGP-LS sessions.
4. Verify that the BGP-LS routes are being advertised on the device, and that the routes are received by Paragon Automation.
Verify that the network topology is discovered, and that the topology is displayed in the Paragon Automation GUI. On the Topology page (Network > Topology):
1. Check that the devices are displayed (with a router icon) on the topology map.
2. On the Node tab (of the Network Information table), verify that the Type, IP Address, and Management IP (address) are displayed for each device.
For LSP management, configure PCEP and NETCONF on each device:
1. Configure PCEP on the device.
2. Verify that NETCONF is enabled on the device.
3. Verify that PCEP and NETCONF sessions are established on the device.
On the Node tab (of the Network Information table), for each device, verify that the PCEP Status and NETCONF Status fields display Up.
Provision LSPs from the Tunnel tab of the Network Information table (on the Topology page).
For more information, see Add a Single LSP, Add Diverse LSPs, and Add Multiple LSPs in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).

Get Started with Paragon Insights

Configure the devices that you're monitoring using Paragon Insights to stream telemetry data.
For details, see Network Device Requirements in the Paragon Insights Installation Guide (located in the Set Up > Get Started section of the Paragon Insights Documentation page).
Add the devices to a device group:
1. On the Device Group Configuration page (Configuration > Device Groups), click the Add (+) icon.
  The Add Device Group page appears.
2. Configure the fields to add a device group, and include the devices that Paragon Automation previously discovered to the device group.
  For details, see Add a Device Group in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
(Optional) Review the pre-existing rules and playbooks.
If required, you can:
- Upload predefined rules, predefined playbooks, or both. You can download predefined rules and playbooks from the Paragon Insights GitHub repository.
- Create rules, playbooks, or both.
For details, see the Playbooks and Rules chapters of the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
Apply one or more playbooks to the device group:
1. On the Playbooks page (Configuration > Playbooks), click the paper airplane icon corresponding to the playbook that you want to apply.
  The Run Playbook: Playbook-Name page appears.
2. Enter the name of the playbook instance.
3. Select the device group to which you want to apply the playbook.
4. (Optional) Enter the variables.
5. (Optional) Choose the schedule at which you want the playbook to run.
6. Click Save & Deploy.
  After a few seconds, Paragon Insights runs the playbook instance.
7. Click the deployment status icon (on the Paragon Automation banner) to verify that the deployment was successful.
For more information, see Manage Playbook Instances in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
After the playbook instances have finished running, access the Network Health page (Monitoring > Network Health), and select the device group for which you want to monitor the health.

Get Started with Paragon Planner

Use Paragon Pathfinder to create an archive directly from the live network.
For details, see Add a Network Archive Task in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
Ensure that the client PC from which you access the Paragon Planner desktop application has the following installed:
- Java Runtime Environment (JRE): Depending on the operating system (OS) of the client PC, you must install a JRE or equivalent. For example, Azul Zulu (https://www.azul.com/downloads/?package=jdk) offers builds of Open Java Development Kit (OpenJDK) for both Windows and Mac OS.
- Web Start: You can use Open Web Start (https://openwebstart.com/) as a replacement for Java Web Start. Alternatively, you can use Iced Tea on Windows (https://adoptopenjdk.net/icedtea-web.html).
Access the Paragon Planner desktop application by:
1. Downloading the Java Network Launch Protocol (JNLP) file by using the Paragon Automation GUI.
2. Using the JNLP file to launch the Paragon Planner desktop application.
3. Logging in using your Paragon Planner credentials.
For details, see Access Paragon Planner Desktop Application in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
Use the network model from the Pathfinder archive to run simulations in Paragon Planner.
For information about the tasks you can accomplish by using Paragon Planner, see the Paragon Planner Desktop Application User Guide and the Paragon Planner User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).

Get Started with ATOM

Because ATOM is a separate application, you must perform the following steps to integrate ATOM with Paragon Automation:

Configure the Paragon Automation portal IP address in the Paragon Automation GUI:
1. Select Administration > Authentication > Portal Settings from the Paragon Automation menu.
  The Portal Settings page appears.
2. In the Portal URL field, modify the URL to access the Paragon Automation GUI. You can use one of the following formats:
  - https://hostname.domain-name, where:
    - hostname is hostname of the server on which Paragon Automation was installed.
    - domain-name is the domain assigned to the server.
    For example, https://paragon.example.com/
  - https://server-ipv4-address
    Where server-ipv4-address is the IPv4 address of the server on which Paragon Automation was installed.
3. Click Save.
  A message indicating that the Paragon Automation portal URL was updated successfully appears.
For details, see Configure Portal Settings in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
To enable ATOM users to use single sign-on (SSO) to log in to the Paragon Automation GUI, you must register Paragon Automation as a client in Keycloak. ATOM uses Keycloak to authenticate users.
Note:
Ensure that you have the following information before registering Paragon Automation as a client with Keycloak:
- IPv4 address of the ATOM Keycloak server
- URL to access the Paragon Automation GUI, as explained in Step 1.b.
- IPv4 address of the ATOM primary node
- Username and password to log in to the ATOM primary node
For details, see Register Paragon Automation with Keycloak in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
To enable SSO, you must add Anuta ATOM as an identity provider in Paragon Automation:
Note:
Before you add ATOM as an identity provider, ensure that you obtain the following:
- The issuer URL, which is URL for the authentication server of the identity provider. You can obtain the URL from the OpenID Connect configuration values by using an API to query the authentication provider's well-known configuration endpoint.
  For example, you can use the URL-based API https://atom-keycloak-ipv4-address/.well-known/openid-configuration to obtain the issuer URL. Here, atom-keycloak-ipv4-address is the IPv4 address of the ATOM server on which Keycloak is installed.
- The client ID and client secret, which are available after you register paragon-automation as a client in Keycloak in Step 2.
1. On the Identity Providers page (Administration > Authentication > Identity Providers), click Add Identity Provider if you're adding an identity provider for the first time; otherwise, click the Add (+) icon.
  The Add Identity Provider page appears.
2. Select OpenIDConnect as type of the identity provider, enter the name, and specify the other parameters.
3. Click OK.
  A confirmation message appears indicating that the identity provider is added successfully. You're returned to the Identity Providers page.
For details, see Add Anuta ATOM as an Identity Provider in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).
Add Anuta ATOM as an external element management system (EMS) application:
1. On the External EMS page (Administration > External EMS), click the Add (+) icon.
  The Add External EMS page appears.
2. Specify the following:
  - From the Type list, select ATOM.
  - In the Server Address field, specify the IPv4 address to access the ATOM UI as follows:
    - For a non-high availability (non-HA) setup, enter the IPv4 address that was configured for the ATOM primary node.
    - For a high availability (HA) setup, enter the virtual IPv4 address that was configured.
  - In the Username and Password fields, username and password for accessing ATOM, which were configured during the ATOM installation.
  - In the Parameters field, specify the following parameters:
    Note:
    The client ID and client secret values are available after you register paragon-automation as a client in Keycloak in Step 2.
    - client_id
    - client_secret
    - port (and value 443), which is the port that Paragon Automation uses to connect to Keycloak. (Port 443 is applicable to ATOM version 11.0 or later.)
3. Click OK.
  A message indicating whether the external EMS application was successfully added or not is displayed.
For details, see Add Anuta ATOM as an External EMS Application in the Paragon Automation User Guide (located in the How To > User Guides section of the Paragon Automation Documentation page).

After you perform the preceding steps, Anuta ATOM users can sign in to Paragon Automation by using their Anuta ATOM credentials.

For more information about Anuta ATOM, see the Anuta ATOM Documentation page.