Administration🔗
Administration🔗
To access the Administration section click the administration icon from the world view.
Adminstrative Operations🔗
Routing🔗
Routing includes the following WAN IP information. Routing is available in Administration / Network.
- Hostname (fully qualified domain name)
- RAT Port Range
- WAN IP Source (DHCP or Static)
- WAN Default Route
- WAN IP Address
- DNS Server
Software Packages and Licensing🔗
System software updates are imported in Software Packages from Administration/Software Packages.
Once your license is uploaded License Usage and Physical Port Usage bar graphs are viewable in Admin/License. Here, the user can see the date of licensing expiration, contact information for support, and reports of license and physical port usage.
Certificates🔗
To import a Certificate, go to the Admin section and select Certificates.
The Certificates section is where you work with SSL certificates, certificate chains and certificate revocations.
Double-click the tile that describes the certificate you want to upload. You can either drag the certificate to the drag and drop section or click the browse button and select your certificate file to upload it 
.
For the "vNetC Server Certificate" panel, certificate files must be in PEM format. The vNetC Server Certificate should include
- Private Key File
- Certificate File
- Optional CA Intermediate Certificate
These should all be in PEM format, concatenated in that order. The CA Root Certificate should not be included.
Once uploaded, the vNetC Server Certificate is automatically added to the backend web path. Although this does reconfigure the backend process, this is done so that new connections will be handled using the new certificate but old connections will continue the operate as before, so there is no outage of the web service during a certificate update.
Information
Verity can be configured to support client certificate authentication. This operates in a "lockdown" mode that meets US DoD requirements. It does impose strict access requirements on all transports in the systems and demands client certificates for all users, devices, and external application access.
Brandings🔗
Branding is where you apply custom business branding to your Verity application as it is shown in the browser. The Branding section is available in Admin/Branding
Settings🔗
Settings is accessed from Admin/Network/Settings and lets you configure the following:
- vNetc Address on Management VLAN
- Permissible IP Address Ranges on Managed Devices
- Customized Download Address/FQDN
How to Access Feature Flags🔗
In Admin/Network/Feature Flags, the feature flag options are presented as a collection of checkboxes. The feature flags are generally used to enable or disable visibility of options in the UI and other system wide behaviors. Please consult with BE Networks regarding the usage of these settings beyond the defaults that are set upon installation.
Report🔗
Reports is available from the world view by clicking the Reports button.
Report lets you run scheduled service reports and export the data as a CSV file. This feature is available in Reports/MAC Export.
The options and fields for the report are:
| Field | Description |
|---|---|
| Run Daily | Run the MAC address search every day |
| Report Name | Filename output by the system. Recommend using CSV extension |
| Last Modified | Indicates last time report was run |
| Services | List of Services on the system. Check box indicates that the service should be included in the report |
How to Access RADIUS Logins Settings🔗
To access the RADIUS Logins settings, go to Admin/Users.
In the window that appears double-click the tile named "RADIUS Logins". Double-click the tile
named "RADIUS Logins".
RADIUS Login Secure Deployments🔗
Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer and can use either TCP or UDP as transport. The devices associated with Endpoints control access to a network as they contain a RADIUS client component that communicates with the RADIUS server. RADIUS is often the back end of choice for 802.1X authentication as well.
The Verity platform provides the option for RADIUS integration iVN-Authorization/Server IP/Port/Shared secret are required inputs. User permission level will be passed down according to the following levels:
Vendor IDs are assigned by IANA
| VENDOR | iPhotonix | 49683 |
RADIUS dictionary for Verity remote authentication provides the initial authorization level. Once authenticated, accounts are automatically created and updated with the iVN-Auth level. The "superuser" user does not actually exist within Verity, it is mapped to (same as) the "admin" user. The "authenticated" value indicates that the user is authenticated but that the authorization is based on internal records as managed by the Verity Admin page. The initial level is readonly. An authentication returned with no iVN-Auth entry will be ignored. Only the first iVN-Auth will be honored.
| ATTRIBUTE | iVN-Auth | |
|---|---|---|
| VALUE | iVN-Auth | superuser |
| VALUE | iVN-Auth | admin |
| VALUE | iVN-Auth | readwrite |
| VALUE | iVN-Auth | readonly |
| VALUE | iVN-Auth | authenticated |
Optional authorization modifier
This instructs the Verity Web UI to modify the operations and results available to the user. For example, the value "tech" modifies the web behavior for "admin" and "superusers" to include more technically-oriented features.
| ATTRIBUTE | iVN-Auth-Modifier | string |
|---|---|---|
SSH Access (SSH Keys)🔗
Go to Administration/Users/SSH Access
How to access SYSLOG🔗
- Go to Administration/External APIs.
- Click the window titled "SYSLOG".
How to Automate Backups🔗
- Go to Administration/External APIs.
- The tile titled "DB Backups" is where you automate system backups.
Users and Permissions🔗
Verity supports role based access (RBAC) permissions scheme to partition the various workflows to operational personnel.
| Permission | Parameters | Role |
|---|---|---|
| [DEV] Device Management | Add device controller, Edit device controller, Delete device controller, Swap switchpoints, Set read only mode, Capture device snapshot, Trigger a full device rescan by ACS, Open a remote access tunnel, Reboot switch, Mark device out of service. | Device Operations |
| [NW] Network | Edit POD name, Add a new preprovisioned switch Designate LAN TORs (Management Network), Lock switch Edit site, Create switch pairs, Create a static connection, Site Settings (DHCP snooping, Aggressive Reporting, CRC Failure Threshold) , Underlay Fabric Configuration | Network Operations |
| [SEP] Switch Endpoint | Edit Switch Name and type (spine/leaf) Delete Switch Edit switch Note, Port Provisioning | Day-Day Service Management |
| [BP] Base Provisioning | Manage Tenants, Gateways, LAGS, Route map assignments | Infrastructure |
| [GBL] Globals | Manage badges, RADIUS servers for 802.1x | Security |
| [IE] Import | Import snapshots, Clear system | Global Provisioning |
| [ADM] Admin | The Admin Role grants access to edit all features in the GUI | User Administration |
| [SVC] Services | Manage services, Change assigned tenant | Service Creator |
| [SET] Sets | Manage Firmware Update Sets | Software Manager |
| [VIEW] Views | Manage Views | Monitoring |
Roles🔗
The Roles window (Administration/Users/Roles) lets you assign feature access to roles. To access this feature you must first enable Granular Permissions in feature flags..
The Roles window contains a collection of checkboxes with each user role listed as a column item and each feature listed as a row item. You enable and disable checkboxes to determine what features are accessible to each role.
In Accounts, each user is then assigned a role.
Assigning User Roles in Accounts🔗
This feature lets you grant or restrict features to selected user roles.
Assigning Users to Roles🔗
- From the Administration window select the Users/Accounts item box.
- In the window that appears, click the Access Level menu item twice for the chosen user.
You can also select the edit icon (
) in the upper right corner of the User Accounts window to edit the page. - Choose the Username you want to change and set the Access Level to the desired role.
- To complete the process, click the checkmark (
) in the upper right corner of the User Accounts window to save your work.
VNFs🔗
This section of the map focuses on the management of the virtual machine installations of the vNetc and SDLC. This includes the ACS, GuiA and DHCP server. Device Controller settings are also in this section. To access VNFs got to Admin/VNFs.
vNetC Commander🔗
This section is composed of important processes working within the vNetC virtual machine. 
System Applications🔗
System applications are ACS and GuiA. Create a new system application:
- Click the Add a System Application button. (
) 
GuiA🔗
GuiA stands for UI Acceleration and is a system application that increases UI performance. To add GuiA to your application:
- Go to Admin/VNFs/System Applications.
- In the window, click the create button ()
. - Choose GuiA from the prompt that appears.
- In the window that appears enable the application and fill out the fields with the relevant IP information.
- Save your work by clicking the checkbox icon(
). - The yellow Status box text reads Awaiting Status. When it changes to Connected, the process is complete.
