4.3.2. Deployment Steps
To ensure the proper functionality of the deployed use case, it is crucial to meticulously follow the steps outlined. Keep in mind that these steps may vary based on the specific requirements and needs of your case.
Below, you will find a breakdown of both mandatory and optional steps, with the understanding that their applicability depends on your unique circumstances.
Architecture
Architecture: This section outlines the nodes necessary for the functioning of the use case, providing essential information related to its architecture. You can find a detailed explanation of the deployment of each of the nodes in Deployment and basic configuration
Configuration
Network Device RADIUS permissions: To allow network devices to make RADIUS requests against OpenNAC Enterprise, it is necessary to configure the permissions.
Network Device Configuration: It is important that the network devices are configured to perform the relevant authentications when users connect. Also, for them to perform the authentications against OpenNAC Enterprise and to comply with the different network requirements.
Optional:
802.1x Certificate configuration: In case of authenticating by certificate, it will be necessary to configure the ON Core nodes that authenticate so that they can validate the client certificates.
Supplicant configuration: In case of strong authentication (802.1x) it will be necessary for the clients to have the supplicant correctly configured.
Next-Generation Firewall Integration: If we are using next-generation firewalls, it will be necessary to carry out the relevant configurations so that they work correctly with OpenNAC Enterprise.
Administration
Segmentation policies: Policies are an essential part of the Segmentation use case. These regulate the conditional access to the network and therefore it is an essential requirement in the deployment of the use case.
Create Network Devices in the CMDB: Within the CMDB it will be necessary to register the network devices and their configurations so that they work correctly with OpenNAC Enterprise.
Optional:
Define the VLANS: The use of VLANs is a common method of network segmentation. This allows us to create isolated segments between them in the same network. To be able to segment using VLANs in the policies, it is necessary to have defined them before.
Define the Security Profiles: ACL segmentation is another type of method to manage access and permissions within the same network. In OpenNAC Enterprise they are called Security Profiles. It will be necessary to define them to apply them in the policies where we want to apply segmentation.
NGFW Intregation: There is the possibility that the NGFWs are the ones that apply the segmentation restrictions to the user devices. For this, OpenNAC Enterprise has to indicate what level of permissions or group these users should apply to. The configuration of these flows is done through integrations between OpenNAC Enterprise and the NGFWs.
Operation
Operation : In this step, you will start operating the use case and checking that all the functionalities are working as expected. If you find unexpected behavior, refer to the troubleshooting section to understand and fix the issue.
Monitoring
Monitoring : See how the data is being ingested and saved in ON Analytics. To check this, open the different visualizations available for this use case.
Troubleshooting
Troubleshooting : The initial testing of the module post-deployment may present some issues. This section outlines the troubleshooting flow for the Visibility Use case. For troubleshooting node components and understanding general common issues, refer to the Platform Administration > Troubleshooting guide.