Admin Operations

 

Contents

 

Overview

While configuring Network Configuration Manager for usage in your network, you can perform certain administrative operations. The operations are classified under below categories.

 

Basic Settings

The following operations have been classified as 'Basic Settings':

 

  1. Mail Settings
  2. Proxy Settings
  3. Server Settings
  4. Rebranding
  5. Trouble-Ticket Settings
  6. SNMP Trap Settings
  7. Database Administration

 

Mail Settings

NCM sends various notifications to the users (for example, reports) using an SMTP mail server running in your network. This section explains how to specify the SMTP server details and entering email IDs.

To specify SMTP Server details,

  1. Go to Settings >> "Basic Settings" >> "Mail Settings".

  2. Enter SMTP server name in the text field, enter SMTP port and enter username and password, if your SMTP settings require authentication.

  3. In the text field for 'From' or 'Sender' address, specify the email id of the originator of the email; by default, the from address is specified as 'noreply@zohocorp.com'.

  4. After configuring the 'Mail Settings', you can test if connection could be established with your server. Click "Test". Network Configuration Manager will attempt to establish connection with your mail server. If the configuration is proper and if Network Configuration Manager is able to establish a connection, you will see the message "Mail Server connection established successfully".

  5. Click "Save".

By default, the SMTP server runs in the port 25. You can specify any other SMTP server also.

 

Proxy Settings

In your enterprise network setup, you might need to go through a proxy server to access the internet. In such a case, you need to configure the username and password for internet access. This section explains how to carry out proxy configuration.

To configure proxy settings,

  1. Go to Settings >> "Basic Settings" >> "Proxy Settings" tab.
     

The parameters to be configured are:

  • HTTP Proxy Host: Host name of the proxy server (eg: proxy-server)

  • HTTP Proxy Port: Port number at which the server is running (eg: 80)

  • Username to access the internet

  • Password

After configuring the 'Proxy Settings', you can test if connection could be established with the proxy server. To test, just click the button "Test" of "Test Mail Server". Network Configuration Manager will attempt to establish connection with proxy server. If the configuration is proper and if Network Configuration Manager is able to establish a connection, you will see the message "Success".

Server Settings

TFTP Server Setting

Network Configuration Manager uses TFTP server to transfer the configuration files to-and-fro the devices. In case, Network Configuration Manager is running in multi-homed machines, you can specify the interface to be used for transferring the configuration files from/to the devices. The interface specified here will be used for transferring (backup, upload) configuration files of all devices in inventory.

To specify a particular interface,

  1. Go to "Settings" >> "Basic Settings">> "Server Settings" >> "TFTP Server".

  2. Select the required IP from the drop-down. Click "Save".

  3. To give effect to this change, you need to restart Network Configuration Manager server.

 

SCP Server Setting

Network Configuration Manager provides the option to use SCP to transfer the configuration files to-and-fro the devices. In case, Network Configuration Manager is running in multi-homed machines, you can specify the interface to be used for transferring the configuration files from/to the devices. The interface specified here will be used for transferring (backup, upload) configuration files of all devices in inventory.

To specify a particular interface,

  1. Go to "Settings" >> "Basic Settings" >> "Server Settings" >> "SCP Server".

  2. Select the required IP from the drop-down. Click "Save".

  3. To give effect to this change, you need to restart Network Configuration Manager server.

     

Syslog Server Setting

By default, Network Configuration Manager binds its syslog listener to port 514. In case, your machine is multi-homed and if you want to run some other application with a syslog server in the same machine, you can bind the Network Configuration Manager syslog server to a specific interface leaving the other interface(s) for use by other application(s).

To specify a particular interface,

  1. Go to "Settings" >> "Basic Settings" >> "Server Settings" >> "Syslog Server".

  2. Select the required IP from the drop-down. Click "Save".

  3. To give effect to this change, you need to restart Network Configuration Manager server.

 

Rebranding

Rebranding option helps you replace Network Configuration Manager logo that is displayed in the web client as well as in the reports, with your company's logo. You can also change the product name if needed.

To replace NCM logo and product in the web client and reports, follow the steps given below:

  1.  "Settings" >> "Basic Settings" >> "Rebranding".

  2. Enter the Product Name that you want to display in the Reports.

  3. Browse and import the Image to replace the NCM logo that is displayed in the web client and reports.

  4. Click Save.

  5. Once done with the above changes, restart OpManager.

 

Trouble Ticket Settings

Upon detecting changes in configuration, Network Configuration Manager provides the option to generate trouble tickets to your Help Desk. You can set your Help Desk email ID here.

  1. Go to "Settings" >> "Global Settings" >> "Trouble Ticket Settings"

  2. Enter Help Desk email ID and click "Save" to give effect to the settings.

 

SNMP Trap Settings

SNMP v2 traps could be sent to a specific host upon detecting a configuration change. Settings could be done for that purpose here.

To send SNMP trap to the desired host (based on the change management condition specified through change management rule),

  1. Go to "Settings" >> "Global Settings" >> "SNMP Trap"

  2. Enter hostname or IP address of the recipient. Also, enter SNMP port and community. Default values 162 for port and public for community.

  3. Click "Save".

 

User Management

User Management Operations such as adding new users and assigning them roles, editing the existing users and deleting the user could be performed only by the Administrators. Operator do not have this privilege.

Administrators can create as many users as required and define appropriate roles for the user. From Settings >> User Management, administrators can

  1. View all the existing users

  2. Create new users

  3. Change the access level, device list of existing users

  4. Delete an existing user

To view the existing list of users

  • Go to Settings >> User Management. The list of users will be displayed with respective login names, access levels and email IDs.

 

Note: The default login name and password  for fresh Network Configuration Manager installation is 'admin' and 'admin' respectively. The default email ID has been configured as admin@manageengine.com. After logging in to the Network Configuration Manager, change the email ID for admin user. Otherwise, when you invoke 'forgot password' email would be sent to admin@manageengine.com.

 

Adding New Users

 

To Add New Users

  1. Go to Settings >> User Management. Click "Add"

  2. Define the "Access Level" (role) for the new user - Administrator/Operator; Users falling under "Administrator" category shall have unlimited privilege and access over all functionalities of Network Configuration Manager. On the other hand, the users falling under operator category will have very restricted access.

  3. Provide the user's email ID. This email ID will be used in the 'Forgot Password' feature to intimate the password to the user when the user invokes 'Forgot Password'. While invoking 'Forgot Password' link in the login UI of Network Configuration Manager, the users will have to provide the username and the email ID. Network Configuration Manager will reset the password of the user and it would be mailed to the user's ID  

  4. Enter "password"; the password should be at least 5 characters long

  5. Confirm the new password

  6. Select the required time zone and click on next

  7. Now select the devices/ device groups to be assigned to the user

  8. Click "Save". new user account has been created

 

To Edit existing Users

  1. Go to Settings >> User Management.

  2. In the UI that opens, click on the user account to be edited.

  3. Change the access level and device list of the user as desired and Click "Update"

 

To Delete existing Users

  1. Go to Settings >> User Management.

  2. In the UI that opens, click the delete icon present against the respective username. The user will be removed from Network Configuration Manager once and for all.

     

Privileges for Configuration and other Operations

The following table explains the privileges associated with each access level for performing various device configuration operations:

 

Access Level

Configuration & Other Operations

Device Addition

Upload (Pushing configuration into the device)

Authority for approving various requests

Compliance

Admin Operations

User Management

Administrator


(create, associate compliance policies)

 

Operator


(only for authorized devices, subject to approval by administrator / Power User)

 

RADIUS Server Settings

You can make Network Configuration Manager work with RADIUS server in your environment. You can also leverage the RADIUS authentication for user access bypassing the local authentication provided by Network Configuration Manager. This section explains the configurations involved in integrating RADIUS server with Network Configuration Manager.
 

Providing Basic Details about RADIUS Server

To configure RADIUS server in Network Configuration Manager, provide the following basic details about RADIUS server and credentials to establish connection:

  1. Go to "Setting" >> "User Management" tab and click "RADIUS Server Settings"

  2. In the UI that opens, provide the following details:

  3. Server Name/IP Address  - enter the host name or IP address of the host where RADIUS server is running

  4. Server Authentication Port - enter the port used for RADIUS server authentication. By default, RADIUS has been assigned the UDP port 1812 for RADIUS Authentication

  5. Server Protocol - select the protocol that is used to authenticate users. Choose from four protocols - Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), Microsoft Challenge-Handshake Authentication Protocol (MSCHAP), Version 2 of Microsoft Challenge-Handshake Authentication Protocol (MSCHAP2)

  6. Server Secret - enter the RADIUS secret used by the server for authentication

  7. Authentication Retries - select the number of times you wish to retry authentication in the event of an authentication failure

  8. Click "Save".

 

Discovery

Devices can be added to the inventory in three ways:

 

1. Discover Devices

Pre-requisite

Discovery can be initiated only for the SNMP-enabled devices. So, ensure that your devices are SNMP-enabled before trying discovery.

The Discovery Process

The SNMP-enabled devices available in the network can be discovered and added to the Network Configuration Manager inventory. You can discover a specific device, devices present in a specific IP range and even multiple devices.

To Initiate Discovery,

  • Go to Settings >> Discovery

  • The discovery wizard provides the option for discovering the devices with specific IP addresses or devices falling under a specific IP range and multiple devices whose details are present in a file. Based on your need for discovery, choose any one of the options for "Discover Devices by".

  • Create SNMP profile to specify SNMP credentials,

  • Network Configuration Manager supports SNMP versions - v1, v2c and v3
  • Enter a name and description for the credential profile for your reference
  • Enter the SNMP credentials depending on the SNMP version chosen

 

v1

v2

v3

Enter the SNMP port, read community (mandatory). Also specify write community.

Enter the SNMP port, read community (mandatory). Specify write community.  

Enter the SNMP port

User Name: Enter the name of the user (principal) on behalf of whom the message is being exchanged.

Context Name: An SNMP context name or "context" in short, is a collection of management information accessible by an SNMP entity. An item of management information may exist in more than one context. An SNMP entity potentially has access to many contexts. In other words, if a management information has been defined under certain context by an SNMPv3 entity, any management application can access that information by giving that context name. The "context name" is an octet string, which has at least one management information.

Authentication Protocol & Password: Select any of the authentication protocols either MD5 or SHA and enter the password. MD5 and SHA are processes which are used for generating authentication/privacy keys in SNMPv3 applications.

Encryption: Select any of the encryption protocols either DES or EAS-128 and enter the password. Note: Only after configuring Authentication it is possible to configure Encryption.

  • To initiate discovery, click the OK button. The wizard will discover the desired device(s) and add them to the inventory. You will find the new device(s) in the inventory list.

Note:

  1. You can even create multiple profiles and Network Configuration Manager would use all of them for discovery.

  2. To add, edit or delete any profile, go to Settings>>Device Management>>Credential Profile

 

Format for entries to discover multiple devices from flat files

You can even discover multiple devices by simply loading a file containing the device details. Entries in the file need to be in a specific format as detailed below.

  • You have the option to enter hostname or IP address or both of the devices to be discovered.
  • Each entry has to be entered in a separate line.
  • When you enter both hostname and IP address of a host, you need to separate the entries with a space or a tab.

For example, typical entries in the file would be something like the ones below:

cisco805
catalyst2900 192.168.117.12
foundry2402

192.168.111.2 cisco1710    

 

Tracking Discovery Status

After starting discovery of devices, you can track the status of discovery on real time basis. You can find the progress of discovery (that is percentage of completion) and finally the result - whether the device/devices was/were discovered successfully and added to the inventory. In case of failure of discovery process, the probable reason for the failure is also reported.

Apart from viewing the status of discovery of a particular attempt on real-time basis, you can even view historical information pertaining to all device discovery attempts made so far and their respective status / result by clicking the link "Discovery Reports".

 

2. Manual Addition of Devices

You can add new devices through Manual Addition also. To add a device manually,

  1. Go to "Settings" >> "Discovery" and click on "IP / Host Name"

  2. The device can be added by providing hostname/IP address of the device to be added, the device vendor, type, series & model from the drop-down and click "Add"

  3. You will see the progress of device addition in the UI and once the device gets added, you will be prompted to enter credentials for the same

 

3. Importing Devices from a Text file

 

Network Configuration Manager provides the option to import devices from a text file and add them to the inventory. To import devices from a text file, Network Configuration Manager requires that the entries in the file conform to a specific format.

Ensure that the entries in the file are in the following format: (column names should be in the same order as shown in the format below with each name separated by a comma):

 

Format : <Hostname or IP Address>,<Device Template Name>,<Series>,<Model>

Example: catalyst2900,Cisco IOS Switch,2900,2924

    192.168.111.11,Cisco IOS Router,800,805

    192.168.111.22,Force10 E-Series Switch,E600

    procurve2524,HP Procurve Switch

 

To import devices from a text file,

  1. Go to "Inventory >> Click on '+' symbol" and click "Import Devices from text file", click "browse" and locate the file and "Import"

  2. Check the inventory and see if the device has been added

 

Configlets

Configlets offered by Network Configuration Manager are of two types.

The following table provides information about the each type of configlet and when to use them:

 

TFTP Mode

Simple Script Execution

Advanced Script Execution

TFTP mode is for uploading a partial configuration change to a device/devices through TFTP.

 

Example:

 

  • Enabling TELNET service

  • Changing SNMP Community

  • Forwarding Syslog messages

  • Changing the interface

 

In all the above case, TFTP mode of configuration upload could be used. In general, for carrying out changes to existing configuration, this mode could be used.

 

For other cases like executing a command on device, Script execution mode has to be used.

 

To execute a single command on the CLI console.

 

Example: Synchronizing Running & Startup Configurations. Through a single line in the script containing the command
copy running-config startup-config,
you can synchronize the startup and running configurations of any number of devices.

 

Other Examples:

 

  • Changing Passwords

  • Updating NTP Server Entries

  • Getting 'show version' output

 

To execute a series of inter-connected commands on a device in command line. After the execution of one command, some input has to be provided before the next command is invoked. In such a situation, advanced scripting would be useful.

 

When the execution of a command changes the prompt of the device or takes too much of time to execute or requires fine-grained control to track the flow, advanced script execution has to be used.

 

Example: Backing up your current IOS image to a TFTP server. To do this, the following sequence would be used:

 

  • Command to be used copy flash  tftp

    - the location of your current IOS image

  • TFTP server's IP has to be specified

  • The file where it has to be copied, has to be specified

 

The above sequence of command execution could be transformed into an advanced script as below:

 

<command prompt=']?'>copy flash:/%SOURCE_FILE_NAME% tftp</command>

<command prompt=']?'>%TFTP_SERVER_IP%</command>

<command timeout='70'>%DESTINATION_FILE_NAME%</command>

 

Other Examples:

  • Uploading OS images / firmware upgrade
  • Configuring banner message
  • Resetting passwords of HP ProCurve and Extreme Summit devices
  • Deleting files from flash

 

To know more on Configlets and how to use them, please refer to Automation using Configlets & Scripts.

 

Device Management

The following operations have been classified as 'Device Management' Operations

  1. All Schedules
  2. Schedule Audit
  3. Notification
  4. Show Commands
  5. Label Management
  6. Custom Column

 

All Schedules & Schedule Audit

Refer to the section 'Scheduling Tasks'

 

Notification

Refer to the page 'Configuration change management' for more information on this.

 

Show Commands

You can perform various actions on the device such as enabling real-time configuration change detection, executing various 'show' commands on the device, edit device properties, edit credentials and launching telnet connection with the device.

Executing 'show' commands

To execute show commands, go to "Settings">>"Device Management">>"Show Command" .

You can execute 'show' commands such as 'Show Version', 'Show Interfaces', "Show Tech Support", "Show Access Lists", "Show Logging", "Show IP Traffic" and "Show Buffers" on specific devices from the inventory tab. Network Configuration Manager executes the command and displays the result.

 

Adding Commands

  • Enter the name of the command.

  • Provide the required commands and select the vendor.

  • Click on 'Save'. The newly created command gets listed under show commands tab.

To execute 'show' commands,

  1. Go to "Inventory >> Devices" and click the hostname of the particular device on which the show command is to be executed.

  2. Go to "Actions" and click the link "Show Commands" in the drop-down. The various commands that are applicable for the selected device, are displayed. Click the desired command. The result of the command gets displayed.

 

Note: If you want to execute show commands on multiple devices at one go, make use of the script execution in configuration templates.

 

Label Management

For any version of configuration, you can associate a label - that is, a unique tag. As configuration versions keep on changing, you will have difficulty in remembering the version number of a particular good configuration. To avoid that, you can associate the version with a label for easy identification. You can associate labels directly for the current configuration of any device. Labels can be associated with any other desired version also.
 

Creating Labels

You can create any number of labels and use them whenever needed - that is, associate them with desired configuration versions. 

To create labels,

  1. Go to "Settings">>"Device Management">>"Label Management"

  2. In the UI that opens, click "Add". Provide a name for the label and in the text field for "Description" provide details for future reference [to remember and identify the label] and click "Save".

  3. The new label has been created; the name of the label will be listed in UI; it will be listed in all the drop-downs that are related to associating a label.

 

Labeling current Configuration

The current startup and running configuration of any device or group of devices can be labeled with a unique tag. This labelling comes in handy when you want to revert to that particular configuration version. This tagging would also be useful for reverting to a previous good version in the event of a disaster.

To put a label to a current configuration of a device or a group of devices,

  1. Go to Inventory >> "Devices" and select the devices whose current configurations are to be labeled.

  2. Click the button "More Actions" >> "Label Configuration".

  3. In the UI that opens, you can select a label from the available labels OR you can create a new label. In the text field for "Description" provide details for future reference [to remember and identify the label] and click "Update"

Note: You can label the current configurations of devices belonging to a device group from the "Devices" >> "Device Group" >> 'Name of the device group' >> "More Actions" >> "Label Current Configuration".

 

Putting Labels to desired versions

You can associate labels to any desired configuration version. To associate label for a specific version of a particular device, go to Inventory >> "Devices" >> go to the "Device Details" page by clicking the name of the device. Go to"configs", then click on the "Version" against Startup/Running as required

In the UI that opens up, click on 'Versions' tab from the drop-down; Select "Associate Label" from the more action icon and follow the steps detailed above.

 

Custom Column

If you want to specify certain additional information about your devices, you can add custom columns. For instance, you can depict information about the department to which a particular device belongs as a custom column. The column-value pair specified here appears in Inventory>>Device>>"+"

 

Compliance

Refer to the section 'Compliance' to know more about Compliance management in NCM.

 

Approval Requests

The list of the configuration upload requests made by the Operators and the status of approval by 'Administrators' or 'Power Users' are shown here.

  1. Go to "Change Management".

  2. In the UI that opens, the following details will be displayed.

 

Pending Requests - Showing the list of all requests that are pending approval

Approved Requests - Showing the list of all requests that were approved by 'Administrators' or 'Power Users'

Rejected Requests - Showing the list of all requests that were rejected by 'Administrators' or 'Power Users'' along with the reason for rejection

 

PCI

Refer to the section 'PCI Review'.

 

Exclude Criteria

Option to Exclude Specific Lines/Text

While generating configuration difference between anytwo versions, there might be requirements to exclude certain specific lines or text. For example, lines containing Cryptochecksum information, speed token, NTP clock-period should be ignored while taking the difference. While Network Configuration Manager itself takes care of excluding information like the ones above, users can specify exclude criteria based on specific needs. Once the criteria is specified, Network Configuration Manager will exclude the lines matching the specified criteria for all devices belonging to the device template for which the exclude criteria is created.

You may make use of Regular Expressions while specifying the Exclude Criteria. For instance, if you wish to exclude the lines containing the text "logging" followed by an IP address, you may specify the criteria as logging.*

To specify the exclusion criteria,

  • Go to 

  • In the UI that opens up, click "Add" at the top right.

  • Select the required device template in the drop-down and Specify the criteria to be excluded.

  • Click on 'Save'

Once you do this, the specified criteria will be enforced for the selected devices and the lines matching the criteria will be ignored while taking configuration difference. Similarly You can also delete a particular 'Exclude Criteria' by selecting delete 'Exclude Criteria'.

 

Finding SysObjectID

When you require support for new device models in Network Configuration Manager, the sysObjectID of the new device is needed for supporting discovery of the device. To enable you to find the sysObjectID, Network Configuration Manager provides the tool sysObjectID Finder.

To find the sysObjectID,

  1. Go to "Settings">>"Device Management">>"SysObjectID Finder"

  2. In the UI that opens, provide the Hostname/IP of the device whose sysObjectID has to be found

  3. Set a 'timeout' value and 'retry count' for the sysObjectID finding operation

  4. Click 'next'

  5. sysObjectID and sysDescr of the device are returned 

  6. Click "save" and add the template.

 

Database Administration

In typical production environments, Network Configuration Manager would deal with a huge amount of data related to device configuration. Audit logs on who performed what operation and when, also gets piled up in the database. Over a period of time, it becomes too huge a size. If you want to remove unwanted data, you can do periodic database cleanup.

You can perform two types of cleanup operations:

  1. Device Audit cleanup

  2. Configuration History Cleanup

 

To cleanup device audit logs,

  1. Go to "Settings">>"Global Settings">>"Database Administration" .

  2. In the UI that opens up, select the checkbox below 'Delete Device audit records older than'. The audit logs generated prior to a specified number of days could be deleted. For example, if you choose '10 days', all audit logs older than 10 days will be deleted. Also, at any point of time, the audit logs of the recent 10 days alone would be maintained. You can select the days in the range of 10,20,30,60,90 and 120 from the drop-down

  3. Click 'Save' 

 

Configuration History Cleanup

  1. Go to  "Settings">>"Global Settings">>"Database Administration" 

  2. In the UI that opens up, select the checkbox below "Maintain latest version" or 'Delete Configuration Older than'. You can specify the maximum number of configuration versions that are to be kept in the database for each device and each configuration type. For example, if you choose to keep 10 versions in the history, only the most recent 10 versions would be kept in the history. This applies independently for each configuration type - that is, latest 10 versions in startup and 10 versions in running would be kept in the history. You can select the number in the range of 10,20,30,40,50 and 100 from the drop-down. Similarly you can delete configurations based on number of days. For example, if you choose '10 days', all configurations older than 10 days will be deleted. Also, at any point of time, the configurations of the recent 10 days alone would be maintained. You can select the days in the range of 10,20,30,60,90 and 120 from the drop-down.

  3. Click 'Save'.

 

Important Note: While removing older versions, as per the number set by you, the following rule would be applied.

While removing the versions, BASELINE version and those versions above it will not be removed.

For example, if you want to keep only the latest 10 configuration versions in the history and if there are say 15 versions at present, Network Configuration Manager will start removing the versions 1,2,3,4 & 5. While doing so, if, say version 3 has been labelled as BASELINE, Network Configuration Manager will immediately stop the deletion process. Versions 1 and 2 alone would be removed. All versions from 3 to 15 would be left undisturbed even though you have preferred to keep only 10 versions in the history.

 

Export Configuration & Database Backup History

Refer to the section 'Disaster Recovery'

 

Change Password

Users having an account with the Network Configuration Manager, can change their own password. 

 

For Users with Administrative Privileges

Users having admin privileges can change their login password through the 'Client settings' functionality of "Settings" Tab.

To Change Login Password

  1. Go to  Quick links (present at the top right) >> Change Password

  2. Enter details such as old password, new password, confirm the password, and click "Save"

 

Syslocation & Description

For non-SNMP devices, the syslocation and description doesn't get updated during discovery. In such cases, Network Configuration Manager helps you to update system location & description in bulk after device discovery

  1. Go to "Settings" >> "Device Management" >> "Syslocation & Description" . 

  2. Choose the devices/ device groups for which the Syslocation has to be updated.

  3. Click on "Update".

     

Changing Language

OpManager is available in English, Spanish, Chinese Simplified, Japanese, French, German, Korean and Italian languages. The following are the steps to change OpManager from one language to other supported language.

  • Go to Quick links (present at the top right)>> Language Selector.

  • Select your preferred language.

 

Support

You can find the support tab in the right corner on the UI

 

 

Accessing Database

 

To access the Database,

  1. Go to Support >> "DB Query".

  2. In the console, enter the query to be executed [only 'select' 'delete' and 'update' queries are supported].

 

Remember the following when executing a query,

  1. Table names and table columns are case-sensitive.

  2. For SELECT queries, set the row limit between 1 and 500. Default row limit is 10.

 

Warning! You are directly accessing the database at your own risk. Any update or delete operations will result in loss of data.

 

 

 


 

 

Was this article helpful?