NetMRI Security Settings

Use the Security page (Settings icon > General Settings section > Security) to configure certificates and define HTTPS, SNMP, and SSH settings. The settings you define here ensure that communications between NetMRI and managed network devices conform to best-practice security protocols. You must upload X.509 certificates in PEM format. Also, certain authentication and authorization services, such as LDAP, allow the use of certificates between the requesting client (NetMRI) and the server to protect connections from passing user login information and client-server exchanges in the clear.

The following four tabs appear on the Security page:

NetMRI HTTPS Settings	In the NetMRI HTTPS Settings tab, you can perform the following: Install an HTTPS certificate. For information, see Installing HTTPS Certificate. Enable or disable HTTP and HTTPS protocols. For information, see Running the NetMRI UI in HTTP Mode. When HTTPS is enabled, you can select one or more CipherSuites to be supported. A Cipher Suite is a combination of a transport protocol (e.g., TLS), an encryption algorithm (e.g., AES128), and an authentication algorithm (e.g., SHA). Most web browsers support a wide range of Cipher Suites. The list of default combinations provided by NetMRI is generally sufficient for most environments. High assurance environments should select only the Cipher Suites that are defined in their specific network security policy.
SSH Settings	Use the SSH Settings tab to configure the SSH protocols and ciphers used by NetMRI when connecting to network devices for configuration file collection and Configuration Command Script execution (i.e., Client mode); and the SSH protocols and ciphers supported by NetMRI when accepting connections to the Administrative Shell (i.e., Server mode). In both cases, you can selectively enable or disable the SSH v1 and SSH v2 protocols, and specify the ciphers to be supported by each protocol. For information, see Configuring Global SSH Settings. SSH v1 does not support cipher selection in Server mode because the NetMRI SSH server automatically negotiates the cipher based on the request from the SSH v1 client.
SNMP Settings	Use the SNMP Settings tab to specify the version and community/password for accessing the NetMRI SNMP agent. By default, SNMP v1 and SNMP v2c are enabled with a default community string. High assurance environments may disable those protocols and enable SNMP v3, providing an appropriate passphrase. The SNMPv3 feature uses the MD5 algorithm without encryption for authentication. The NetMRI SNMP Agent is automatically configured and restarted when the settings are updated. For information, see Configuring Global SNMP Settings. The SNMP Settings form applies only to the SNMP agent, not the SNMP protocols used by NetMRI to access network devices. When accessing network devices, NetMRI attempts SNMP v2c first, then tries SNMP v1.
CA Certificates	The CA Certificates tab provides importing and management of X.509 certificates from trusted Certificate Authorities for operations such as Active Directory and LDAP server authentication. For information, see Installing CA Certificate. Also, see About CA Certificates for Cisco APIC for APIC-specific information.