4.2.2. Deployment Steps

To get the use case that we are deploying to work correctly, it is necessary to follow the steps correctly. These may change depending on the requirements and needs that we need in our case.

The mandatory and optional steps are detailed below, depending on the case:

Architecture

  • Architecture: The first step is the deployment of the nodes needed for this use case. Here we will find the necessary information related to the architecture of the use case. Find a detailed explanation of the deployment of each one of the nodes in Deployment and basic configuration

Configuration

  • Network Device Radius permissions: To allow network devices to make RADIUS requests against OpenNAC Enterprise, it is necessary to configure the permissions.

  • Create Network Devices in the CMDB: Within the CMDB it will be necessary to register the network devices and their configurations so that they work correctly with OpenNAC Enterprise.

  • Network Device Configuration: It is important that the network devices are configured to perform the relevant authentications when users connect. Also for them to perform the authentications against OpenNAC Enterprise, and the different network requirements.

Optional:

  • Join ON Core to Active Directory domain: When we use 802.1x authentication against an active directory, it may be necessary for the ON Core servers to be registered in the domain. This is because the active directory must accept the authentication request. This is mainly necessary when using MSCHAP type 802.1x authentication.

  • 802.1x Certificate configuration in ON Core: In case of authenticating by certificate, it will be necessary to configure the ON Core nodes that authenticate so that they can validate the client certificates.

  • Supplicant configuration: In case of strong authentication (802.1x) it will be necessary for the clients to have the supplicant correctly configured.

  • User authentication using Kerberos traffic: If you are using the Kerberos login ticket authentication use case, you will need to perform these configurations.

  • Authentication for VPN Gateway: In the event that we are authenticating VPN connections, both from third parties and from the 2SRA use case, it will be necessary to configure it in this section.

  • Notification service configuration: There are some OpenNAC Enterprise configurations that allow email notifications, access certain policies, information about plugins, etc. If it is necessary to use them, you need to configure it.

  • Setup with Windows Fast Reconnect: If you need to have Windows Fast-Reconnect activated on Windows clients (for example roaming environments), you need to configure it.

  • Bulk import of devices (client info): If we have a file with the data of the network devices in xml or json format compatible with OpenNAC Enterprise, it is possible to import all of them at once.

Administration

  • Define the access Policies: Policies are an essential part of the UNAC use case. These regulate the conditional access to the network and therefore it is an essential requirement in the deployment of the use case.

Optional:

  • Define the User Data Sources: Depending on the needs of the deployment. In case of authenticating clients through an external data source (AD or LDAP), it will be necessary to add this authentication sources.

  • Enable Plugins: Depending on the needs of the deployment, it will be necessary to activate one or the other plugins.

Operation

  • Operation: In this step we will start operating the use case and checking that all the functionalities are working as expected. If we find some unexpected behavior we can go to the troubleshooting step in order to find and fix the issue.

Monitoring

  • Monitoring : At this point we will see how the data is being ingested and saved in ON Analytics. To check this, we can open the different visualizations available for this use case.

Troubleshooting