4.3.2. Deployment Steps

To ensure that the use case that we are deploying works correctly, it is necessary to carefully follow the steps we indicate. These may change depending on the requirements and needs in our case.

The mandatory and optional steps are detailed below. Remember it will depend on your specific case.

Architecture

• Architecture: The first step is the deployment of the nodes needed for this use case. Here we will find the necessary information related to the architecture of the use case. The detailed explanation of the deployment of each one of the nodes will be found in Deployment and basic configuration

Configuration

• Network Device Radius permissions: To allow network devices to make RADIUS requests against OpenNAC Enterprise, it is necessary to configure the permissions.

• Network Device Configuration: It is important that the network devices are configured to perform the relevant authentications when users connect. Also, for them to perform the authentications against OpenNAC Enterprise and to comply with the different network requirements.

Optional:

• 802.1x Certificate configuration: In case of authenticating by certificate, it will be necessary to configure the ON Core nodes that authenticate so that they can validate the client certificates.

• Supplicant configuration: In case of strong authentication (802.1x) it will be necessary for the clients to have the supplicant correctly configured.

• Next-Generation Firewall Integration: If we are using next-generation firewalls, it will be necessary to carry out the relevant configurations so that they work correctly with OpenNAC Enterprise.

Administration

• Segmentation policies: Policies are an essential part of the Segmentation use case. These regulate the conditional access to the network and therefore it is an essential requirement in the deployment of the use case.

• Create Network Devices in the CMDB: Within the CMDB it will be necessary to register the network devices and their configurations so that they work correctly with OpenNAC Enterprise.

Optional:

• Define the VLANS: The use of VLANs is a common method of network segmentation. This allows us to create isolated segments between them in the same network. To be able to segment using VLANs in the policies, it is necessary to have defined them before.

• Define the Security Profiles: ACL segmentation is another type of method to manage access and permissions within the same network. In OpenNAC Enterprise they are called Security Profiles. It will be necessary to define them to apply them in the policies where we want to apply segmentation.

• NGFW Intregation: There is the possibility that the NGFWs are the ones that apply the segmentation restrictions to the user devices. For this, OpenNAC Enterprise has to indicate what level of permissions or group these users should apply to. The configuration of these flows is done through integrations between OpenNAC Enterprise and the NGFWs.

Operation

• Operation : In this step we will start operating the use case and checking that all the functionalities are working as expected. If we find some unexpected behavior we can go to the troubleshooting section to fix the issue.

Monitoring

• Monitoring : At this point we will see how the data is being ingested and saved in ON Analytics. To check this we can open the different visualizations available for this use case.

Troubleshooting

• Troubleshooting : The first time the use case is tested after deployment, some problems may appear. In this section, we will see how to analyze them and look for possible failures to correct them. If any of the problems that may appear can be found in the Platform Administration -> Troubleshooting guide.