4.5.2. Deployment Steps
To ensure the proper functionality of the deployed use case, it is crucial to carefully follow the outlined steps. Keep in mind that these steps may vary depending on the specific requirements and needs of your case.
Below is a breakdown of both mandatory and optional steps, noting that their applicability will depend on your particular circumstances.
Architecture
Architecture: This section outlines the nodes necessary for the functioning of the use case, providing essential information related to its architecture. You can find a detailed explanation of the deployment of each of the nodes in Deployment and basic configuration
Configuration
Network Device RADIUS permissions: To allow network devices to make RADIUS requests against OpenNAC Enterprise, it is necessary to configure the permissions.
Depending on the type of network devices used for deployment:
Cable - Configuration: If you are deploying the captive portal with wired type network devices (Switch) it will be necessary to carry out the corresponding configuration.
Wifi - Configuration: If you are deploying the captive portal with wireless type network devices (AP/WLC) it will be necessary to carry out the corresponding configuration.
Administration
Define the User Data Sources: Depending on the needs of the deployment. In case of authenticating clients through an external data source (AD or LDAP), it will be necessary to add this authentication sources.
Register Network Devices in the CMDB: Within the CMDB it will be necessary to register the network devices and their configurations so that they work correctly with OpenNAC Enterprise.
Create Captive Workflow: Captive portal workflows define the process that a user must go through in order to access services. These may include username/password authentication, saml, access notifications, ON Agent installation, etc.
Create Captive Instance: The instance is the highest point in the configuration of a captive portal. It defines the characteristics and the location of the portal itself. This includes the address of the server that acts as the captive portal, the theme, etc.
Depending on the type of network devices used for deployment:
Captive portal access requires a minimum policy configuration in OpenNAC Enterprise to manage records and control permissions. The policies can be different depending on the type of flow and network device that we are using:
Optional:
Join ON Core to the Active Directory domain: When we use 802.1x authentication against an active directory, it may be necessary for the ON Core servers to be registered in the domain. This is because the active directory must accept the authentication request. This is mainly necessary when using MSCHAP type 802.1x authentication.
Manage Captive Sponsors: In some captive portal flows, it is required the validation of access by the “sponsors”. We must indicate which are these sponsors in case of using this functionality.
Create Captive Themes: Optionally, with the use of themes, we can customize the aesthetic appearance of the captive portals that we display (images, texts, html formats, etc.)
Using LDAPS or TLS in communication with LDAP (UDS): It is possible to securely communicate with LDAP. This will require the necessary configuration.
Operation
Operation : In this step, you will start operating the use case and checking that all the functionalities are working as expected. If you find unexpected behavior, refer to the troubleshooting section to understand and fix the issue.
Monitoring
Monitoring : See how the data is being ingested and saved in ON Analytics. To check this, open the different visualizations available for this use case.
Troubleshooting
Troubleshooting : The initial testing of the module post-deployment may present some issues. This section outlines the troubleshooting flow for the Visibility Use case. For troubleshooting node components and understanding general common issues, refer to the Platform Administration > Troubleshooting guide.