Versions Compared

Old Version 3

changes.mady.by.user Viktoryia Varapayeva

Saved on

compared with

New Version 4

changes.mady.by.user Uday Dubey

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Anchor
NetMRI Security Settings
NetMRI Security Settings
Anchor
bookmark50
bookmark50
Anchor
bookmark51
bookmark51
Anchor
bookmark52
bookmark52
Use the Security page (Settings icon –> icon > General Settings section –>  section > Security) to configure certificates and define HTTPS, SNMP, and SSH settings. The settings you define here ensure that communications between NetMRI and managed network devices conform to best-practice security protocols. You must upload X.509 certificates in PEM format. Also, certain authentication and authorization services, such as LDAP, allow the use of certificates between the requesting client (NetMRI) and the server to protect connections from passing user login information and client-server exchanges in the clear.

...

  1. Using SSH or SCP, connect to the NetMRI Administrative Shell and enter the following command:
    configure certificates
  2. When prompted to select the certificate type, select https.
  3. When prompted for an action, choose 1. Generate CSR.
  4. When prompted to enter information for the CSR, the only required field is Common Name. You must enter the IP address or hostname of the NetMRI appliance. All other fields are optional.
  5. When the appliance generates the CSR, copy the text, as shown in the example, and paste it into the Certificate Request page of the site from which you are requesting a certificate.

    -----BEGIN CERTIFICATE REQUEST-----

    MIIC5zCCAc8CAQAwZDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQ

    MA4GA1UEBxMHTmV3YnVyeTEXMBUGA1UEChMOTXkgQ29tcGFueSBMdGQxFjAUBgNV

    BAMTDTE3Mi4yMy4yNy4xOTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB

    AQDCUvDcvohVWY7tWJo/9D1Olkc9u/nXCpzdhkB1t+hPnY4b1uInhLvcJATqM6u4

    kmPIqxCLFfuR3x2RYaiWiayHQP0VxUlz46UNeTPiHM8xdpX1yrclBLMfvBypZW4C

    ptKgKhrn1bUV4v8qilGCkPUUICS82jSdFcSVp6pSnkfKIst+pecoX9C5jkIH/p7E

    t1xXkJ2HUl92+S59o/Y0/B3V+MrBh9fy/enormcMX9dfjqJHK8FCSjezYw8TFO5V

    Dz0Wf31vtQ7WD50aALDJX1gmwna0WdtDyEd2lp2XV/zFvg6eo6W+q9Wbfq+dewBA

    FXXudk8ZEVICQOeRS4lRrF/jAgMBAAGgPjA8BgkqhkiG9w0BCQ4xLzAtMAkGA1Ud
    ----END CERTIFICATE REQUEST-----

    When you receive the CA-signed certificate, upload it to the appliance and activate it. Note that the certificate must be in PEM format and the file must have a .crt extension.

...

  1. In the Settings

...

  1. icon > General Settings

...

  1.  > Security page, click the NetMRI HTTPS Settings tab.

...

  1. In the HTTP Certificate section, click Upload. A message dialog appears stating the following:
    The NetMRI HTTP and HTTPS server settings are about to be updated and the web server restarted. If the NetMRI web server becomes inaccessible as a result of these changes, login to the NetMRI admin shell using SSH and run the command configure http to update the web server settings. Do you wish to proceed?

...

  1. Click Yes to proceed.

...

  1. In the Upload dialog box, click Browse. For the .PEM-format certificate file, select the respective file, and then click Upload. The HTTPS Certificate section updates with the new information.


Anchor
Running the NetMRI GUI in HTTP Mode
Running the NetMRI GUI in HTTP Mode
Anchor
bookmark55
bookmark55
Running the NetMRI GUI in HTTP Mode

...

To enable or disable the HTTP and HTTPS modes, perform the following:

  1. Go to Settings –>  > General Settings –>  > Security.
  2. Click the Net MRI HTTPS Settings tab.
  3. Select Enable HTTP for the Net MRI Interface, Enable HTTPS for the NetMRI Interface, or both. 

...

  1. Note: Use caution when saving your settings for UI browser operation. Settings on this page affect the operation of the Web server that is built into NetMRI, requiring a restart of the NetMRI web service. In case of a mistake (accidentally disabling both HTTP and HTTPS, for example), you may not be able to access the web interface after committing settings. To address this, use a terminal program, using the admin account, to connect to the NetMRI admin shell and run the configure http command, which is the command-line version of the feature set presented in the NetMRI HTTPS Settings tab.

...

  1. Close the Settings window.

Anchor
Configuring Global SNMP Settings
Configuring Global SNMP Settings
Anchor
bookmark53
bookmark53
Configuring Global SNMP Settings

You can define the default SNMP protocol settings that are used by NetMRI. To configure SNMP settings for the appliance, complete the following:

  1. Go to the Settings icon –> icon > General Settings –>  > Security page and click the SNMP Settings tab.
  2. Enable or disable Version 1/2c. If enabled, enter a Community String.
  3. Enable or disable Version 3. If enabled, enter an SNMPv3 Passphrase.
  4. Click Update.

...

You can define the default SSH protocol settings that are used by NetMRI. To configure SSH settings for the appliance, complete the following:

  1. Go to the Settings icon –> icon > General Settings –>  > Security page and click the SSH Settings tab.
  2. Configure settings to be used when NetMRI connects to network devices for configuration collection or Configuration Command Script execution (you must enable at least one protocol).
    1. Enable or disable SSH v1 Client Status. If enabled, select an SSH v1 Client Cipher.
    2. Enable or disable SSHv 2 Client Status. If enabled, click, CTRL+click or SHIFT+click to select SSH v2 Client Ciphers.

...

  1. Configure settings to be used by NetMRI when accepting connections to the Admin Shell (you must enable at least one protocol).
    1. Enable or disable SSH v1 Server Status.
    2. Enable or disable SSH v2 Server Status. If enabled, click, CTRL+click or SHIFT+click to select SSH v2 Server Ciphers.

...

  1. Click Update.

Subsequent attempts to access the NetMRI Admin Shell must comply with the new settings.

...

To install a CA certificate, perform the following:

  1. Go to the Settings icon –> icon > General Settings –> Security page and click the CA Certificates tab.
  2. Click Import.
  3. In the pop-up window, enter a logical name for the new certificate.
  4. Click Browse to locate the certificate file.
  5. Click Import to import the CA certificate to NetMRI. The certificate is added to the appliance. The newly imported CA Certificate will appear in the table in the CA Certificates tab after the import is complete.

...