4.2.2. Deployment Steps

To get the use case that we are deploying to work correctly, it is necessary to follow the steps correctly. These may change depending on the requirements and needs that we need in our case.

The mandatory and optional steps are detailed below, depending on the case:

Architecture

  • Architecture: The first step is the deployment of the nodes needed for this use case. Here we will find the necessary information related to the architecture of the use case. Find a detailed explanation of the deployment of each one of the nodes in Deployment and basic configuration

Configuration

  • Network Device RADIUS permissions: To allow network devices to make RADIUS requests against OpenNAC Enterprise, it is necessary to configure the permissions.

  • Register Network Devices in the CMDB: In the CMDB, it is necessary to register network devices and their configurations to ensure they work correctly with OpenNAC Enterprise.

  • Network Device Configuration: It is important that network devices are configured to perform the necessary authentications when users connect to the network. Additionally, they should perform authentications against OpenNAC Enterprise and meet the various network requirements.

Optional:

  • Join ON Core to the Active Directory domain: When using 802.1x authentication with Active Directory, it may be necessary to register the ON Core servers in the domain. This is required because the Active Directory must accept the authentication request. It is particularly important when using MSCHAP-type 802.1x authentication.

  • 802.1x Certificate configuration in ON Core: In case of authenticating by certificate, it will be necessary to configure the ON Core nodes that authenticate so that they can validate the client certificates.

  • Supplicant configuration: In case of strong authentication (802.1x) it will be necessary for the clients to have the supplicant correctly configured.

  • User authentication using Kerberos traffic: If you are using the Kerberos login ticket authentication use case, you will need to perform its correspondent configurations.

  • Authentication for VPN Gateway: For VPN authentication connections, both from third parties and from the 2SRA use case, it will be necessary to perform proper configurations.

  • Notification service configuration: There are some OpenNAC Enterprise configurations that allow email notifications, access certain policies, information about plugins, etc. If it is necessary to use them, you need to configure it.

  • Setup with Windows Fast Reconnect: If you need to have Windows Fast-Reconnect activated on Windows clients (for example roaming environments), you need to configure it.

  • Bulk import of devices (client info): If we have a file with the data of the network devices in xml or json format compatible with OpenNAC Enterprise, it is possible to import all of them at once.

Administration

  • Define the access Policies: Policies are an essential part of the UNAC use case. They regulate the conditional access to the network and therefore it is an essential requirement in the deployment of the use case.

Optional:

  • Define the User Data Sources: Depending on the deployment needs, if clients are being authenticated through an external data source (such as AD or LDAP), it will be necessary to add these authentication sources.

  • Enable Plugins: Depending on the deployment needs, it will be necessary to activate specific plugins.

Operation

  • Operation: In this step, you will begin operating the use case and verify that all functionalities are working as expected. If any unexpected behavior is encountered, you can proceed to the troubleshooting section to identify and resolve the issue.

Monitoring

  • Monitoring: This section outlines how the data is being ingested and saved in ON Analytics. You will explore the different dashboards available for this use case.

Troubleshooting

  • Troubleshooting : When testing the use case for the first time after deployment, some issues may arise. In this section, we will discuss how to analyze these problems and identify potential failures for correction. Any issues that may occur can also be found in the Platform Administration > Troubleshooting guide.