Frequently Asked Questions

Network Configuration Management, Network Change & Configuration Management Software, Network Device Management, Configure Switches, Routers, Firewalls & Other Network Devices



General Product Information

What is ManageEngine DeviceExpert?

ManageEngine DeviceExpert is a comprehensive Network Change and Configuration Management (NCCM) solution that enables the Network Administrator to efficiently and effortlessly manage the configurations of Network Devices. DeviceExpert offers multi-vendor network device configuration, continuous monitoring of configuration changes, notifications on respective changes, detailed operation audit and trails, examining device configurations for compliance to a defined set of policies and standards, real-time compliance status reporting, easy and safe recovery to trusted configurations, automation of configuration tasks and insightful reporting. For more details, click here.

What does DeviceExpert do?

DeviceExpert can manage network devices such as switches, routers, firewalls wireless access points and integrated access devices etc. from multiple vendors such as Cisco, HP, Nortel, Force10, D-Link, Juniper, NetScreen, Juniper, NETGEAR, Dell, 3Com, Foundry, Fortinet, ADTRAN, Enterasys, Huawei, Extreme, Proxim, Aruba and Blue Coat. It discovers network devices, builds up an inventory database and allows IT administrators to take control of configuring the devices from a central console. The web-based administrator console provides the User Interface to perform all the configuration operations. Additionally, it can be accessed from anywhere using any standard web browser.

Can DeviceExpert Manage the Configurations of Cisco Devices?

Yes, DeviceExpert can manage the configurations of cisco devices. Cisco router configuration, Cisco switch configuration and Cisco firewall configuration can be done using DeviceExpert. Apart from cisco devices, DeviceExpert can be used to manage the configurations of switches, routers, firewalls, wireless access points and integrated access devices from other vendors such as HP, 3com, Foundry, FortiGate and NetScreen.

Can DeviceExpert be used to manage router configuration / switch configuration / firewall configuration?

Yes, DeviceExpert can be used to manage router configuration, switch configuration and firewall configuration from multiple vendors such as Cisco, HP, 3Com, Foundry, FortiGate and NetScreen.

What are the devices supported by DeviceExpert?

DeviceExpert at present supports switches, routers, firewalls, wireless access points and integrated access devices. For new device support, send your request.

What are the vendors supported by DeviceExpert?

DeviceExpert at present supports Cisco, HP, Nortel, Force10, D-Link, Juniper, NetScreen, Juniper, NETGEAR, Dell, 3Com, Foundry, Fortinet, ADTRAN, Enterasys, Huawei, Extreme, Proxim, Aruba and Blue Coat. For new vendor support, send your request.

Is DeviceExpert available for evaluation or direct purchasing?

DeviceExpert is available for both evaluation and direct purchase. Please contact our sales team at +1-888-720-9500 or email sales@manageengine.com

Do I need any prerequisite software to be installed before using DeviceExpert?

There is no prerequisite software installation required to use DeviceExpert. MySQL, TFTP server and Syslog server are bundled with the product itself. If you want to received change management notifications via email, you need to configure an external SMTP server (optional).

What is the Licensing Policy for DeviceExpert?

Professional Evaluation Edition download valid for 30 days, capable of supporting a maximum of 50 devices. Free support would be offered during evaluation.

Professional Edition - Licensing based on the number of devices support needed. Priority support would be offered. For more information / to get license, contact sales@manageengine.com

Free Edition - download valid for ever, capable for supporting a maximum of two devices.

Do I have to reinstall DeviceExpert when moving to the Professional Edition?

No. You need not have to reinstall or shut down the server. You just need to enter the new license file in the "Register" link present in the top right corner of the DeviceExpert web interface.

What are the browser versions supported by DeviceExpert?

Web Interface requires one of the following browsers** to be installed in the system:

  • IE 7 and above (on Windows)
  • Firefox 2.0 and above (on Windows and Linux)

** DeviceExpert is optimized for 1024 x 768 resolution and above

What are the System Configuration Requirements for DeviceExpert?

Refer to the information available in the System Requirements section.


Logging in to the Web Interface

I forgot the password to login to Web Interface

You can a get a new password for an account using the Login Name and Email Id of that account (the Email id should match with the one that was configured for the user earlier)

  • Click 'Forgot Password?' link in the login screen
  • Provide the Login Name in the text filed
  • Provide the Email Id configured for the service
  • The password will be mailed to your mail account
  • Use that auto generated password for logging into the service which you can choose to change later on

How do I change the password of my login account?

Login to the DeviceExpert Web Interface

Users with admin privileges can change their Login Password through the 'Edit Account Settings' functionality of "Admin" Tab. Ordinary users (that is, users who do not have admin privileges) can change their Login Password through the 'Edit Account Settings' functionality present in left-hand side of "Home" Page.

To Change Login Password,

    • click "Admin" tab >> "Change Password "
    • enter the old password
    • enter new password
    • confirm the new password
    • click "Save"
    • password is now reset

Discovery

I have my devices listed in a text file. Can I import them to the inventory of DeviceExpert?

DeviceExpert provides the option to import devices from a text file and add them to the inventory. To import devices from a text file, DeviceExpert requires that the entries in the file conform to a specific format. For more details, refer to the section on "Device Addition" in help documentation.

Can I apply same set of credentials to multiple devices as a bulk operation?

Yes. You can apply the same set of credentials 'as they are' to multiple devices. In such cases, to avoid the cumbersome task of entering the credentials for each device separately, DeviceExpert offers the flexibility of creating common credentials and sharing the common credentials among multiple devices. This is called as 'Credential Profile'. For more details, click here.


Inventory & Change Detection

How does DeviceExpert help me in keeping track of configuration changes?

One of the ways to detect configuration changes in a device is by monitoring syslog messages. Many devices generate syslog messages whenever their configuration undergoes a change. By listening to these messages, it is possible to detect any configuration change in the device. This comes in handy for administrators to keep track of the changes being made and to detect any unauthorized changes.

DeviceExpert leverages this change notification feature of devices to provide real-time change detection and tracking. A syslog server comes in-built with DeviceExpert. It occupies port 514.

Besides the real-time change detection, configuration changes could also be tracked through scheduled, periodic backup of device configuration. For more details refer to the section "Configuration Change Detection" in help documentation.


Reports

Can I receive automatically generated reports on Device Configuration in my mailbox?

Yes, DeviceExpert provides option to mail reports to email IDs. You can schedule reports to be generated at any point of time and reports will be mailed to your email ID.


Can DeviceExpert generate email alerts?

Yes, DeviceExpert can be configured to send email alerts whenever there happens a change in configuration. For more details refer to the section "Change Management " in help documentation.

Does DeviceExpert maintain historical data about Device Configuration?

'Yes it maintains historical data of device configuration. The historical data are available in the device properties page of each device. For more details refer to the section "Device Configuration Details" in help documentation.


Security Aspects

How much security does DeviceExpert offer to my configuration?

DeviceExpert offers a good level of security to your configuration as all the configuration information retrieved from devices are encrypted and stored in DB. Also device credential information are also encrypted and stored in DB.

Can we install our own SSL certificate? How?

Yes, you can install your own SSL certificates in DeviceExpert. Please follow the steps below to do that:

If you are using keytool utilities for certificate generation

The DeviceExpert runs as a HTTPS service. It requires a valid CA-signed SSL certificate with the principal name as the name of the host on which it runs. By default, on first time startup, it creates a self signed certificate. This self signed certificate will not be trusted by the user browsers. Thus, while connecting to DeviceExpert, you need to manually verify the certificate information and the hostname of DeviceExpert server carefully and should force the browser to accept the certificate.

To make the DeviceExpert server identify itself correctly to the web browser and the user:

  • you need to obtain a new signed certificate from a CA for the DeviceExpert host or
  • you can configure an existing certificate obtained from a CA with wild-card principal support for the DeviceExpert host

Step 1: The first step is to create the public-private key pair that will be used for the SSL handshake

  • Go to <DeviceExpert_Home>/jre/bin folder
  • Execute the command "./keytool -genkey -alias DeviceExpert -keyalg RSA -keypass <privatekey_password> -storepass <keystore_password> -validity <no_of days> -keystore <keystore_filename>"
  • The command will prompt you to enter details about you and your organization
    • For the 'first and the last name' enter the FQDN of the server running DeviceExpert
    • For other fields enter the relevant information
    • <keystore_password> is the password to access the keystore, <privatekey_password> is the password to protect your private key and <no_of_days> is the validity of the key pair in number of days, from the day it was created
  • This will create a keystore file named <keystore_filename> in the same folder, with the generated key pair

Step 2: Create a Certificate Signing Request (CSR) for submission to a certificate authority to create a signed certificate with the public key generated in the previous step.

  • Go to <DeviceExpert_Home>/jre/bin folder
  • Execute the command "keytool -certreq -keyalg RSA -alias DeviceExpert -keypass <privatekey_password> -storepass <keystore_password> -file <csr_filename> -keystore <keystore_filename>"
    • Note that the <csr_filename> that you choose should have .csr extension. The <privatekey_password>, <keystore_password> and <keystore_filename> are the ones used in the last step
  • This will create a CSR file named <csr_filename> in the same folder

Step 3 : Submit the CSR to a Certificate Authority (CA) to obtain a CA signed certificate

  • Some of the prominent CAs are Verisign (http://verisign.com), Thawte (http://www.thawte.com), RapidSSL (http://www.rapidssl.com). Check their documentation / website for details on submitting CSRs and this will involve a cost to be paid to the CA
  • This process usually takes a few days time and you will be returned your signed SSL certificate and the CA's certificate as .cer files
  • Save them both in the <DeviceExpert_Home>/jre/bin folder
Step 4: Import the CA-signed certificate to the DeviceExpert server
  • Import your SSL certificate into your keystore
  • Go to <DeviceExpert_Home>/jre/bin folder
  • Execute the command "keytool -import -alias DeviceExpert -keypass <privatekey_password> -storepass <keystore_password> -keystore <keystore_filename> -trustcacerts -file <your_ssl_certificate>"
  • <your_ssl_certificate> is the certificate you obtained from the CA, a .cer file saved in the previous step. The <privatekey_password>, <keystore_password> and <keystore_filename> are the ones used in the previous steps
  • Now copy the <keystore_filename> to the <DeviceExpert_Home>/conf folder

Step 5: Finally, configure the DeviceExpert server to use the keystore with your SSL certificate

  • Go to <DeviceExpert_Home>/conf folder
  • Open the file server.xml
  • Search for the entry 'keystoreFile', which will have the default value set to "conf/server.keystore". Change the value to "conf/<keystore_filename>" where <keystore_filename> is the one used in the previous steps
  • Also search for the entry 'keystorePass' (which will infact be next to keystoreFile), which will have the default value set to "RGV2aWNlRXhwZXJ0". Change the value to "<keystore_password>" where <keystore_password> is the one used in the previous steps
  • Restart the DeviceExpert server and connect through the web browser. If you are able to view the DeviceExpert login console without any warning from the browser, you have successfully installed your SSL certificate in DeviceExpert!

Note 1: Tomcat by default accepts only the JKS (Java Key Store) and PKCS #12 format keystores. In case, the keystore is of PKCS #12 format, include the following option in the server.xml file along with the keystore name,

keystoreType=”PKCS12″

This tells tomcat that the format is PKCS12. Restart the server after this change.

To configure existing wild card supported SSL certificate,

  • Go to <DeviceExpert_Home>/conf folder
  • Open the file server.xml
  • Search for the entry 'keystoreFile', which will have the default value set to "conf/server.keystore". Change the value to "conf/<keystore_filename>" where <keystore_filename> is the one belong to the existing wild-card certificate.
  • Also search for the entry 'keystorePass' (which will in fact be next to keystoreFile), which will have the default value set to "RGV2aWNlRXhwZXJ0". Change the value to "<keystore_password>" where <keystore_password> is the one used to protected the existing wild-card certificate keystore.
  • Restart the DeviceExpert server and connect through the web browserconsole. If you are able to view the DeviceExpert login console without any warning from the browser, you have successfully installed your SSL certificate in DeviceExpert!

Note 2: Please refer your CA's documentation for more details and troubleshooting

If you are using OpenSSL / Microsoft Utilities

Follow these steps to enable using your own certificates :
  • Generate the certificate signing request and generate the certificate using MS CA, as you did before (or use the cert generated before). DO NOT use the one generate using keytool
  • Have tested here with the Base64 encoded certs, so use the same
  • Download OpenSSL from here http://www.slproweb.com/download/Win32OpenSSL_Light-0_9_8e.exe and install it in your system
  • After install, go to the OpenSSL\bin folder
  • Copy the private key (generated with your CSR), your certificate and the root certificate into this bin folder
  • Run this command on the command prompt : openssl pkcs12 -export -in <cert_file>.cer -inkey <private_key>.key -out <keystore_file>.p12 -name DeviceExpert -CAfile <root_cert_file>.cer -caname DeviceExpert -chain
    • where
      • cert_file is the certificate with the .cer extention
      • private_key is the private key file with a .key extension
      • keystore_file is the keystore that will be generated with a .p12 or .pfx extension
      • root_cert_file is the root certificate with a .cer extension
      • provide extension to all the file entries on the command line
    • When prompted for password, enter 'RGV2aWNlRXhwZXJ0'
  • This will generate the keystore file <keystore_file>.p12 on the same folder
  • Copy this file to <DeviceExpert_Install_Folder>\conf folder
  • Move to <DeviceExpert_Install_Folder>\conf folder
  • Open the file server.xml and do the following changes
  • Search for the entry 'keystoreFile', which will have the default value set to "conf/server.keystore". Change the value to "conf/<keystore_file>.p12"
  • Make sure the entry  for 'keystorePass' is set to "RGV2aWNlRXhwZXJ0"
  • Add a new entry keystoreType=”PKCS12″ next to the keystorePass entry
  • Save the server.xml file
  • Restart the DeviceExpert server and connect through the web browser. If you are able to view the DeviceExpert login console without any warning from the browser, you have successfully installed your SSL certificate in DeviceExpert!

I want to prevent unauthorized configuration changes to my core devices.

You can make use of the 'Change Management' feature of DeviceExpert. For more details refer to the section "Configuration Change Management " in help documentation.


Miscellaneous

I have enabled syslog-based change detection for my device. But the product does not seem to detect any configuration changes.

Configuration change messages will be generated only at certain logging levels. So check if the logging level in the device is set to one of the values listed in the "Syslog Config for Change Detection" - logging level drop-down. Also, ensure if syslog server is running and the syslog port (514) is free for DeviceExpert's use.

Has DeviceExpert been reviewed by any independant reviewers?

  • Yes. DeviceExpert has been reviewed by the following magazines/reviewers:
    • SC Magazine, the world's longest running monthly publication focusing on information security has reviewed DeviceExpert. Review report available here
    • 3d2f, a web portal featuring reviews on software products has reviewed DeviceExpert. Report available here.