3.2.2.4.1. Configuration vars

In the Configuration vars section, you can set the default parameters and the general configuration parameters that OpenNAC Enterprise technologies will use.

The configuration parameters are divided into User session, General - Internal, General - Frontend, Queue manager, and Developer tools and experimental features.

3.2.2.4.1.1. User session

The user session parameter displays the following fields:

../../../../_images/user_session.png


  • Time the authenticated user remains in the session, after which the user must re-authenticate (hours): The value must be between 1 and 24.

  • Time that the session can remain inactive, after which the automatic disconnection will occur (minutes): The value must be between 10 and 1440.

  • Maximum number of concurrent sessions of an administrator (same account): The value must be between 1 and 10.

  • Number of administrators who can access simultaneously: The value must be between 1 and 100.

  • Expire admin users password every certain number of days: The value must be between 1 and 365.

3.2.2.4.1.2. General - Internal

The General - Internal parameters displays the following fields:

../../../../_images/internal.png


  • Interval to persist “last change” updates to DB (in seconds): You can set the time to include events in the database (by default, 1800 seconds). This optimization is created to avoid the same events with same source IP, destination, the policy used and so on.

  • Return VLAN as name instead of VLAN ID: Enable this flag to return VLAN as a name.

  • Enable SNMP Trap monitoring: This flag allows the Core to read SNMP Traps register and use network events.

  • Time user attributes retrieved from AD, based on certificate Common Name, are cached: The default value is 36000 (10h).

3.2.2.4.1.3. General - Frontend

The General - Frontend parameters displays the following fields:

../../../../_images/frontend.png


  • Allow access to API Documentation: Flag to allow access to the API documentation.

  • Kibana IP: Configure the Kibana IP and its port. It allows us to set the IP address for the Analytics server.

  • Kibana port: The Kibana’s port is 5601 (normally it is not required to be changed).

  • Dashboard home path: Define the dashboard home path in this field.

  • Add Contact phone to get OTP code: Contact phone that will be displayed in the “Get OTP code” pop-up window.

  • Add Contact e-mail to get OTP code: Contact e-mail that will be displayed in the “Get OTP code” pop-up window.

  • Add Contact phone to change the user password: Contact phone that will be displayed in the “recover or change the password” pop-up window.

  • Add Contact e-mail to change the user password: Contact e-mail that will be displayed in the “recover or change the password” pop-up window.

3.2.2.4.1.4. Queue manager

From the Queue manager parameters, we can manage the Core queues. There are common asynchronous tasks that need to be carried out by OpenNAC Enterprise. For instance, plugins execution. These queues publish these tasks, the workers register themselves in a queue and carry out the tasks. Queues runs on the Core along with OpenNAC Enterprise workers.

../../../../_images/queue.png


By default, forty workers are available.

If you need to configure and deploy a large number of plugins across multiple policies while receiving a significant amount of DHCP IP Helper data in the Core, you may require additional workers to handle the load. You can check your workers’ queues in Status > Trending > OpenNAC.

If needed, you can change the number of workers by clicking on the Edit workers button.

../../../../_images/edit_workers.png


You can also, stop the service and refresh the service status by clicking on the corresponding buttons.

Note

Any performance issue with the OpenNAC Enterprise platform can be investigated at Status > Trending. All components and subcomponents are being monitored and tracked for up to 1 Year.

3.2.2.4.1.5. Developer tools and experimental features

../../../../_images/developer_tools.png


  • Flag to enable developer tools and experimental features.

Modify concurrent sessions

We can change some parameters via API. One of them is the number of concurrent admin sessions. To modify this value, we need to execute the following curl:

curl http://127.0.0.1/api/configuration/session --header "X-Opennac-Username: <opennac-user>" --header "X-Opennac-Token: <opennac-token>" -X POST -d "{\"id\": \"session\", \"maxConcurrentAdminSessions\": \"100\"}" -H "Content-Type: application/json" -H "accept: application/json"

Example:

As you can see above, there is an ID for each section of the configuration. To check the available sections and their fields, click the button Save and open the developer tools. Select the Network tab and check the Headers. you will see the API call:

../../../../_images/api-management-session.png


To check the parameters of the section we need to click in Payload:

../../../../_images/api-management-payload.png


If we want to remove the current user sessions for the user admin, we need to go to the Core and execute the following command:

php /usr/share/opennac/api/scripts/reset-user-sessions.php -u admin