Escolar Documentos
Profissional Documentos
Cultura Documentos
Software (NAS)
User Training
Course Introduction
Tarpley Adams
Cisco Advanced Services
Operations and Network Management Practice
October 2008
http://libraries.ge.com/foldersIndex.do?entity_id=3787239
101&sid=101&sf=1&prod_id=80137
Training folder
Training Course
NAS Overview
Reporting
(compliance, change, visibility)
Management Engine
Switch Router
Load Balancers Switches Routers Firewalls
Integration Connectors
Device provisioning Other Network
Automated Configuration
Management
Discovery & Scripting
Reporting Systems
Inventory Import OS image updates
Network compliance
Individual devices (e.g.,
from DCR) Deployed assets
Network topology Change history
or 3rd party
Detailed asset inventory Audit & applications
OS images Compliance
Network audits
Network Best practices enforcement Central Data
SOX, VISA CISP, HIPAA, Repository
GLBA, ITIL, CobiT, COSO Member of
Federated CMDB
NAS
NAS NAS
Oracle
(Master)
Oracle Alpharetta Oracle
Cincinnati
London
(Singapore)
syslog relay
Network
Presentation_ID 2006 Systems, Inc. All rights reserved. Confidential 9
NAS at GE User Access
Alpharetta gisops32.admin.net.ge.com
Managing Americas
London - gisops34.admin.net.ge.com
Managing EMEA
Cincinnati - gisops30.admin.net.ge.com
Managing ASPAC
Transitioned to Singapore at some point
Core 1 Core 2
Database
Database
Realm 1 Realm 2
Realm 1 Realm 2
Site 1 Site 2
Device Secure Device
Management Tunnel Management
Site 1A Site 1B Site 2A
Opsware Opsware
NAS
Realm 2:
NAS
Device Gateway
Gateway Gateway
Gateway 10.1.2.3
Management
NAS
NASCore
Core
Realm1: Realm 1: Realm 2:
10.1.2.3 10.4.5.6 10.1.2.3
Realm 1:
10.1.2.3
Realm
NAS supports management of overlapping IP or loosely coupled IP networks
Each IP network has a Realm
A core manages devices in its local or remote Realm
Remote Realm management is accomplished via gateways (NAS Gateway)
Site
A site is a subdivision of a Realm
Each site belongs to one core and each device belongs to one site
NAS Core
NAS Gateway R2
NAS Gateway L2
Driver Scalable
Interfaces Implementation Supports a large set of
Perl
network devices
Configuration
Expect Object-oriented
Provisioning SNMP
TFTP Implementation is separate
Software Mgmt. FTP from the interface
SCP
Password Mgmt.
Telnet
SSH
The Policies menu provides access to policy monitoring tools which include:
An inventory of the policies on your device or network
Ability to create new policies
Ability to test for policy compliance
Training Course
Select Devices-
>Groups->New Group.
Or
Select Devices->New
Device Group.
Click Save to
complete the process.
1. Select Device->Groups.
2. Locate parent and click Edit.
3. Select Child Device Group.
4. Copy.
5. Click Save.
From the Tasks menu select the Multi-Task Project menu item
1. Enter the name of the multi task project
2. Add which tasks to run
3. Select the devices on which to run the tasks
4. Schedule and save task
Completed Tasks
1. Provide a device
name or IP
address.
2. Check applicable
task options.
3. Check scheduling
options.
4. Save task.
5. Verify the output of
the task.
Training Course
Adding Devices
Tasks->New Tasks->Import
NMAP
Router
SNMP Get
F5 Load Balancer
NAS
NAT IP address
internally configured IP address of the device (if it is different than the
primary IP address NAS uses to access the device)
be sure to enter the IP address that NAS should use to access the
device in the Device IP box at the top of the page
TFTP Server IP
NATd IP address of the NAS server local to the device
If not using NAT leave both fields empty
Three Ways:
Reports>Search
For>Devices
Search menu
Reports>Advanced
Search
Ability to perform
Boolean
search
Based on OR
You can:
Edit per device.
Edit by group.
Edit by batch.
ACLs
ACL ID, Handle, Type, Last Modified, Actions
Interfaces
Port Name, Port Status, IP Address
Managed IP Address
IP Address, Used to access device (yes/no), Type (primary/secondary)
IP Address
Port Name, Address, Address Type, VLAN, First Seen, Last Seen
MAC Addresses
Port Name, Address, Address Type, VLAN, First Seen, Last Seen
VLANs
Port Name, VLAN, VLAN Description
Modules
Slot, Model
Training Course
Troubleshooting Devices
Training Course
Juniper
Netscreen
ACL ID
Identifier
Handle
Comments
Configuration
Specify ACL Handle Here
Application
Action->View ACL
Training Course
Cisco
Nortel
Juniper
Netscreen
Opsware
NAS
Network
Automation
`
Router
End User
Training Course
Managing Policies
Required field
Must contain:
(?<!logging
\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?\n
)(logging NAS_Server\n)(?!logging
\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?\n
)
Must contain
(?<!logging
\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?\n
)(logging (A|B)\n){2}(?!logging
\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?\n
)
To import a policy:
1. Browse for the policy.
2. Click Import.
To export a policy:
1. Select the policy from
policy list.
2. Click Export.
Example Policies
Ensure Logging
Ensure Passwords
No Delay on Interfaces
NSA Router Best Practices
1. Verify software
version.
2. Verify compliance
rating.
Add Compliance
Benefits:
Training Course
Managing Reports
Search criteria
Search report
Training Course
Workflow
Workflow Wizard
Aids with the easy setup of tasks.
Process flow
Project
Originator
Approver (approved, not approved, suspended, override)
FYI recipients
Admin->Workflow Setup
Step 4:
Set up Originator.
Step 5:
Create Tasks for
Approval.
Step 6:
Set up device group to use
for workflow.
Step 7:
Set up the list of
approvers.
Check here if no
approvers required.
Step 8:
Identify FYI Users.
Save Workflow.
Delete a rule
Decrease priority
Increase priority
Training Course
User Accounts
Properties
User Name
User Host
Last Access Time
Two ways:
Reports->Search For->Users
Admin->Users->Search for Users
Power User
Power Command, All Scripts
permissions
All Tasks except change admin and
user settings
Administrator
Administrator Command
permissions
Assign members to
the User Group
Admin->Users.
Edit.
Add User Group.
Save.
Admin->User Groups
Edit.
Specify permissions.
Admin->User Groups
Edit.
Specify permissions.