Skip to content

AdminπŸ”—

The Admin section provides high-level system configuration, user management, security, operational management tools, and settings.

VNFsπŸ”—

The VNFs section manages virtual machine installations of the vNetC and SDLC, including the ACS, GuiA, SensAI, and Device Controllers.

vNetC CommanderπŸ”—

This section is composed of important processes working within the vNetC virtual machine.

System ApplicationsπŸ”—

System Applications are:

  • ACS
  • DHCP Server
  • GuiA
  • SensAI

Installing System ApplicationsπŸ”—

  1. Go to Admin.
  2. Select VNFs.
  3. Click Add a System Application button ()
  4. In the window that appears, click the desired System Application .

The example below demonstrates how to install GuiA; the steps are applicable to the other System Applications.

How to Install or Update GuiAπŸ”—

GuiA stands for Graphic UI Acceleration and is a System Application that increases UI performance. To add GuiA to your application do the following:

  1. Go to Admin/VNFs () and navigate to the section of the window titled System Applications .
  2. Click the create button () .
  3. Choose GuiA from the prompt .
  4. In the window that appears, enable the application by clicking the enable button ()and fill out the fields with the relevant IP information.
  5. Save your work by clicking the checkbox icon().
  6. The yellow Status box text will read Awaiting Status. When it changes to Connected, the process is complete.

How to Install or Update SensAIπŸ”—

SensAI is Verity's AI-powered messaging assistant. To add SensAI to your application do the following:

  1. Go to Administration/VNFs () and navigate to the section of the window titled System Applications ().
  2. Click the create button () .
  3. Choose SensAI from the prompt .
  4. In the window that appears, enable the application by clicking the enable checkbox ()and fill out the fields with the relevant IP information.
  5. Save your work by clicking the check icon().
  6. The yellow Status box text will read Awaiting Status. When it changes to Connected, the process is complete.
Together API Key integration for SensAIπŸ”—

SensAI requires a valid TogetherAI API key via https://api.together.ai/ to run properly. The user will be asked to create an API-Key from their account at: https://api.together.ai/settings/api-keys.

To configure the system using your Together AI API key, follow these instructions:

Note

SensAI requires the Together.AI "meta-llama/Llama-3.3-70B-Instruct-Turbo" LLM Model.

  1. Open the VMware application that contains the Satori VM. Select the Satori VM and under the Virtual Machine column click Console/Open browser console.
  2. Login to Satori with your username and password.
  3. Run the setup application from the shell by typing sudo ./satori_admin.sh and pressing Enter. You will see the following interface:
  ****************************************
    Welcome to the Satori Admin Menu 
    ****************************************

    Please choose an option:
    1) setup
    2) troubleshooting
    #?

Select Setup

  1. When prompted with #?, choose: 1 for setup.
  2. Press Enter to confirm your selection

Note

  • If you enter an invalid option, you'll see: "Invalid option. Please select 1 or 2."
  • The menu will remain active, allowing you to make another selection

Press Enter to skip through each menu item until prompted for your Together AI API key.

Type or copy your TogetherAI API key and press Enter.

After submitting your Together AI API key type sudo reboot to reboot the VM. After the reboot, it takes about 3 minutes for the Docker containers to start up and to announce itself to the vNetC.

LicensingπŸ”—

Licensing displays the license expiration date, support contact information, and reports on license and physical port usage.

UsersπŸ”—

Users provides tools for authentication, user settings, and role assignment.

RolesπŸ”—

The Roles settings can be accessed via Admin/User Roles. This lets users assign feature access to roles. To access this feature you must first enable Granular Permissions in feature flags..

The Roles window contains a collection of checkboxes with each user role listed as a column item and each feature listed as a row item. You enable and disable checkboxes to determine what features are accessible to each role.

Verity supports role based access (RBAC) permissions scheme to partition the various workflows to operational personnel.

Permission Parameters Role
[DEV] Device Management Add device controller, Edit device controller, Delete device controller, Swap switchpoints, Set read only mode, Capture device snapshot, Trigger a full device rescan by ACS, Open a remote access tunnel, Reboot switch, Mark device out of service. Device Operations
[NW] Network Edit POD name, Add a new preprovisioned switch Designate LAN TORs (Management Network), Lock switch Edit site, Create switch pairs, Create a static connection, Site Settings (DHCP snooping, Aggressive Reporting, CRC Failure Threshold) , Underlay Fabric Configuration Network Operations
[SEP] Switch Endpoint Edit Switch Name and type (spine/leaf) Delete Switch Edit switch Note, Port Provisioning Day-Day Service Management
[BP] Base Provisioning Manage Tenants, Gateways, LAGS, Route map assignments Infrastructure
[GBL] Globals Manage badges, RADIUS servers for 802.1x Security
[IE] Import Import snapshots, Clear system Global Provisioning
[ADM] Admin The Admin Role grants access to edit all features in the GUI User Administration
[SVC] Services Manage services, Change assigned tenant Service Creator
[SET] Sets Manage Firmware Update Sets Software Manager
[VIEW] Views Manage Views Monitoring

Assigning Users to Roles in AccountsπŸ”—

In Admin/User Accounts, each user is assigned a role.

  1. From the Admin window select the Users Accounts item box .
  2. In the window that appears, click the Access Level menu item twice for the chosen user. You can also select the edit icon () in the upper right corner of the User Accounts window to edit the page.
  3. Choose the Username you want to change and set the Access Level to the desired role.
  4. To complete the process, click the checkmark ( ) in the upper right corner of the User Accounts window to save your work.

User RADIUS LoginsπŸ”—

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer and can use either TCP or UDP as transport. The devices associated with Endpoints control access to a network as they contain a RADIUS client component that communicates with the RADIUS server. RADIUS is often the back end of choice for 802.1X authentication as well.

To access the RADIUS Logins settings:

Navigate to Admin and under the Users column select User Radius Logins .

RADIUS Login Secure DeploymentsπŸ”—

The Verity platform provides the option for RADIUS integration iVN-Authorization/Server IP/Port/Shared secret are required inputs. User permission level will be passed down according to the following levels:

Vendor IDs are assigned by IANA

| VENDOR | iPhotonix | 49683 |

RADIUS dictionary for Verity remote authentication provides the initial authorization level. Once authenticated, accounts are automatically created and updated with the iVN-Auth level. The "superuser" user does not actually exist within Verity, it is mapped to (same as) the "admin" user. The "authenticated" value indicates that the user is authenticated but that the authorization is based on internal records as managed by the Verity Admin page. The initial level is readonly. An authentication returned with no iVN-Auth entry will be ignored. Only the first iVN-Auth will be honored.

ATTRIBUTE iVN-Auth
VALUE iVN-Auth superuser
VALUE iVN-Auth admin
VALUE iVN-Auth readwrite
VALUE iVN-Auth readonly
VALUE iVN-Auth authenticated

Optional authorization modifier

This instructs the Verity Web UI to modify the operations and results available to the user. For example, the value "tech" modifies the web behavior for "admin" and "superusers" to include more technically-oriented features.

ATTRIBUTE iVN-Auth-Modifier string
VALUE iVN-Auth-Modifier tech

CertificatesπŸ”—

Certificates manages the import and revocation of application certificates. This is where you work with SSL certificates, certificate chains and certificate revocations.

How to Import CertificatesπŸ”—

To import a Certificate, go to the Admin section and select Certificates ().

Double-click the tile that describes the certificate you want to upload. You can either drag the certificate to the drag and drop section or click the browse button and select your certificate file to upload it .

vNetC Server CertificateπŸ”—

For the vNetC Server Certificate panel, certificate files must be in PEM format. The vNetC Server Certificate should include

  • Private Key File
  • Certificate File
  • Optional CA Intermediate Certificate

These should all be in PEM format, concatenated in that order. The CA Root Certificate should not be included.

Once uploaded, the vNetC Server Certificate is automatically added to the backend web path. Although this does reconfigure the backend process, this is done so that new connections will be handled using the new certificate but old connections will continue the operate as before, so there is no outage of the web service during a certificate update.

Information

Verity can be configured to support client certificate authentication. This operates in a "lockdown" mode that meets US DoD requirements. It does impose strict access requirements on all transports in the systems and demands client certificates for all users, devices, and external application access.

SoftwareπŸ”—

The Software section controls software lifecycle management including vNetC platform packages, hardware-specific firmware images, bundled image packages, configuration file management, and application package deployment.

ExternalπŸ”—

External integrates with external monitoring and management systems and automates database backup configurations.

DB BackupsπŸ”—

How to Automate DB BackupsπŸ”—

  1. Select Admin/DB Backup from the Main Navigation Bar .

  2. Enter the required information:

    • BWLimit(kbps): Bandwidth Limit
    • User: Username on the remove server
    • Server: Remote server name (can be IP address or hostname)
    • Port: IP port of the remote server
    • Filepath: Path on the remote server

  3. Enable the Enabled and Host Subdir boxes

  4. Once Enabled, click the Auth Key button to copy the authorization key.
  5. In the the database server, paste the key into: .ssh/authorized_keys
  6. Save

BrandingπŸ”—

Branding customizes the user interface with white-label options, including the login banner, top navigation logo, browser favicon, splash screen, and general application settings.

NetworkπŸ”—

Network configures system-wide network behavior, management connectivity, WAN routing, and optional feature toggles.

Site SettingsπŸ”—

Enable DHCP SnoopingπŸ”—

This feature enables DHCP Snooping.

DHCP Snooping is a security feature that helps protect against rogue DHCP servers, and along with the IP Source Guard capability, it protects against man-in-the-middle attacks or IP address conflicts. Rogue DHCP servers can assign incorrect IP addresses to devices, potentially leading to network downtime or security vulnerabilities.

The Enable DHCP Snooping feature is used to learn IP addresses offered to clients on β€˜Untrusted Ports’. DHCP Snooping protects your network by monitoring DHCP traffic and associating MAC addresses with assigned IP addresses on untrusted ports. As a side effect, only ports designated as trusted are allowed to forward DHCP OFFER messages. This is independent of the Verity Service feature, which blocks DHCP Servers.

When the system is in a secure β€˜lock down’ mode, β€˜IP source guard’ is enabled. All traffic from client devices that do not match the learned IP address and MAC address bindings is blocked. IP addresses can also be set statically.

Aggressive ReportingπŸ”—

This setting decreases the interval (and increases the polling rate) of switch controllers to 5 seconds.

CRC Failure ThresholdπŸ”—

The maximum number of CRC errors per second that will trigger automatic disabling of the port if it's part of a Link Aggregation Group (LAG).

Feature FlagπŸ”—

Feature flags are used to enable or disable visibility of options in the UI and other system wide behaviors. Please consult with BE Networks regarding the usage of these settings beyond the defaults that are set upon installation.

Admin SettingsπŸ”—

Admin Settings is accessed from Admin/Admin Settings and lets you configure the following:

  • vNetc Address on Management VLAN
  • Permissible IP Address Ranges on Managed Devices
  • Customized Download Address/FQDN

RoutingπŸ”—

Routing includes the following WAN IP information.

  • Hostname (fully qualified domain name)
  • RAT Port Range
  • WAN IP Source (DHCP or Static)
  • WAN Default Route
  • WAN IP Address
  • DNS Server