Overview

After deploy the openNAC Core (mandatory) and all its components (optional) , we have to connect to the openNAC administration Portal, this is a web interface that allow us to operate and administrate openNAC technologies.

We have to use the IP just configured during deployment and to use our favourite browser as agent.

Open your favourite browser and type https://ip_management/admin, is important to use /admin to reach the right logon page.

The default credentials created when the product is being installed are:

Note

Username: admin

Password: opennac

Also interface languages are available to be used and change at shown by the step 1, by default English and is installed and available. This interface can be easily expanded.

Connect to web administration portal using your web browser.

../../../_images/logon.PNG

Once connected to the administration portal we have at the left side the main navigation menu, in this navigation menu we have different components and subcomponents split in different capabilities.

The main section are:

  • Dashboard: section includes general network access information dashboards.
  • ON NAC: Includes a policy section that allow us to manage network policy, a section called business profiles that allow us to group policies into logical groups called business profiles.
  • ON NetConf: Includes network configuration management capabilities, macros, scheduler and its related jobs.
  • ON NetBackup: Includes network backup configuration management capabilities, scheduler and its related jobs.
  • ON CMDB: Includes an asset inventory, policy objects, and security management capabilities.
  • Configuration: Includes a default configuration to be used by deployment, configurations wizards, OTP (One time password) and openNAC Agent management capabilities are included.
  • Status: This includes system, application, database services and performance status capabilities.
  • Analytics: This module connect us to the information collected (Sensor, Analytics, Core) includes sensor (Information collected by the sensor, mainly protocol decoding and sessions), core (policy and AAA events), user devices (Events collected from the users devices, this can be collected with the openNAC Agent or the sensor) and discovery, this is a search engine that allow us to search based on fields or stream.
  • Tech Support: Include tech-support file creation for troubleshooting capabilities.
../../../_images/interface_overview.PNG

This interface is fast and intuitive for the user, this include the use of TAB to improve user experience and efficient administration as shown by step 1.

../../../_images/interface_overview2.PNG

If you go at top right in the Web administration portal, you see the user status as shown by the step 1. This status shows the current user that is logged in and allows us to logout it as well as shown at the step 2. is possible to change the head panel color as shown at the step 3, as shown by the step 4 is possible to logout the user currently logged as shown by step 4.

../../../_images/interface_overview3.png

The Web administration portal allows to review all the changes that has been made during the current user session as shown by the step 1.

At this audit track the component and the object changed is shown in the change Log, this is shown at the step 2, this capability is useful to review changes during normal operative tasks as shown by step 3.

../../../_images/interface_overview4.png

Is possible to review this activity and also the activity for all the users, to view it go to Status –> File Log Viewer –> Audit

../../../_images/interface_overview4-1.png

openNAC Core includes an internal services monitoring capabilities, this allows to know the current status about openNAC Services as shown by the step 1, all these monitoring checks can be disabled and enabled and internally modified (checks intervals, process to monitor, thresholds assigned and many others…).

By default there are a few services under this monitoring service:

  • Administration Portal, monitor if the administration portal is up and running as excepted.
  • Radius services, monitor if the service is up and running as expected.
  • UDS (User Data source), the connection with identities databases is checked.
  • DHCP Reader, DHCP reader reads the information collected by the DHCP Server, this information is normally send by network devices, ip helpers or dhcp relay agents must be point to openNAC Core, openNAC never replies any DHCP request buts this will store the information for profiling, inventory processes.
  • DNS, openNAC can be the DNS Server in the network, is installed by default.
  • Queues, these queues are which all the asynchronous jobs are published and use by workers.
  • Log Collector monitor syslog services.
  • Backend, this checks that the API services works properly. API is one the main components of the solutions.
  • BBDD monitor database status, configuration, users, CMDB assets and product persistence rely on this component.
  • Collected: performance graphs published in the administration portal rely on these processes.

As mention before if you go and edit the file located at /usr/share/opennac/checkhealth/healtcheck.ini from here can be changed monitoring parameters and its options. Monitoring checks are based on API queries, openNAC Core includes an API Rest full that allows to monitor the main components from outside of the product (optional).

As a security method for API access is required to have a token Key, this authentication token must be included in every request. This API Key can be easily generated ON CMDB -> Security -> API Key, source IP is the only mandatory value, if the source IP and the token key doesn’t match the connection is dropped for lack of authentication.

../../../_images/interface_overview5.PNG

As soon as the openNAC product is deployed or updated or for other reason such us troubleshooting or bug finding, product’s version should be known. At the bottom left side we can see the current version deployed as shown by the step1, this can be a corporate or an opensource version. At the step 2 the version installed deployed can be also important to know, in this case is the version 6485. As shown by the steps 3 is possible to review the about notes to describe the service license or any additional information.

../../../_images/interface_overview6.png

In order to improve screen space and visibility, web administration interface can be contracted and expanded at shown by the step 1, the blue square is the button that should be used for that matter. This capability doesn’t affect only to the main menu.

../../../_images/interface_overview7.PNG

For instance this capability can be used at business profiles at ON NAC -> Business Profiles. As this is shown at the Step 1 this can hidden, business profiles include a button to show and Hide it, this allows to have wider screen.

../../../_images/interface_overview8.PNG