Skip to content

Administration🔗

Administration🔗

To access the Administration section click the administration icon.

Administrative Operations🔗

Routing🔗

Routing includes the following WAN IP information. Routing is available in Administration / Network.

  • Hostname (fully qualified domain name)
  • RAT Port Range
  • WAN IP Source (DHCP or Static)
  • WAN Default Route
  • WAN IP Address
  • DNS Server

NTP🔗

NTP administration is currently not supported via the Admin panels and if changes are required they are done from the vNetC console. The default NTP settings are using generally available public internet NTP servers. In the event the vNetC does not have internet access please follow these steps:

  1. Copy the file /usr/ns/etc/ntp-lead-servers.conf to /var/ns/etc/ntp-local.conf
  2. Edit /var/ns/etc/ntp-local.conf to add/remove NTP servers
  3. Edit /etc/ntp.conf to include the new file (remove comment on line where it is referenced.)
  4. Enter the command service ntpd onerestart (there may be an error that says /etc/rc.d/ntpd: WARNING: failed to start ntpd - this can be ignored)
  5. Check the status with ntpq -p to make sure the server is added to the ntp report.

Software Packages and Licensing🔗

System software updates are imported in Software Packages from Administration/Software Packages.

Once your license is uploaded License Usage and Physical Port Usage bar graphs are viewable in Administration/License. Here, the user can see the date of licensing expiration, contact information for support, and reports of license and physical port usage.

Certificates🔗

To import a Certificate, go to the Administration section and select Certificates.

The Certificates section is where you work with SSL certificates, certificate chains and certificate revocations.

Double-click the tile that describes the certificate you want to upload. You can either drag the certificate to the drag and drop section or click the browse button and select your certificate file to upload it .

For the "vNetC Server Certificate" panel, certificate files must be in PEM format. The vNetC Server Certificate should include

  • Private Key File
  • Certificate File
  • Optional CA Intermediate Certificate

These should all be in PEM format, concatenated in that order. The CA Root Certificate should not be included.

Once uploaded, the vNetC Server Certificate is automatically added to the backend web path. Although this does reconfigure the backend process, this is done so that new connections will be handled using the new certificate but old connections will continue the operate as before, so there is no outage of the web service during a certificate update.

Information

Verity can be configured to support client certificate authentication. This operates in a "lockdown" mode that meets US DoD requirements. It does impose strict access requirements on all transports in the systems and demands client certificates for all users, devices, and external application access.

Branding🔗

Branding is where you apply custom business branding to your Verity application as it is shown in the browser. The Branding section is available in Administration/Branding

Settings🔗

Settings is accessed from Administration/Network/Settings and lets you configure the following:

  • vNetc Address on Management VLAN
  • Permissible IP Address Ranges on Managed Devices
  • Customized Download Address/FQDN

How to Access Feature Flags🔗

In Administration/Network/Feature Flags, the feature flag options are presented as a collection of checkboxes. The feature flags are generally used to enable or disable visibility of options in the UI and other system wide behaviors. Please consult with BE Networks regarding the usage of these settings beyond the defaults that are set upon installation.

Report🔗

Reports is available from the world view by clicking the Reports button.

Report lets you run scheduled service reports and export the data as a CSV file. This feature is available in Reports/MAC Export.

The options and fields for the report are:

Field Description
Run Daily Run the MAC address search every day
Report Name Filename output by the system. Recommend using CSV extension
Last Modified Indicates last time report was run
Services List of Services on the system. Check box indicates that the service should be included in the report

RADIUS🔗

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. RADIUS is a client/server protocol that runs in the application layer and can use either TCP or UDP as transport. The devices associated with Endpoints control access to a network as they contain a RADIUS client component that communicates with the RADIUS server. RADIUS is often the back end of choice for 802.1X authentication as well.

To access the RADIUS Logins settings:

  1. Navigate to Admin/Users.
  2. In the window that appears double-click the tile named "RADIUS Logins".

RADIUS Login Secure Deployments🔗

The Verity platform provides the option for RADIUS integration iVN-Authorization/Server IP/Port/Shared secret are required inputs. User permission level will be passed down according to the following levels:

Vendor IDs are assigned by IANA

| VENDOR | iPhotonix | 49683 |

RADIUS dictionary for Verity remote authentication provides the initial authorization level. Once authenticated, accounts are automatically created and updated with the iVN-Auth level. The "superuser" user does not actually exist within Verity, it is mapped to (same as) the "admin" user. The "authenticated" value indicates that the user is authenticated but that the authorization is based on internal records as managed by the Verity Admin page. The initial level is readonly. An authentication returned with no iVN-Auth entry will be ignored. Only the first iVN-Auth will be honored.

ATTRIBUTE iVN-Auth
VALUE iVN-Auth superuser
VALUE iVN-Auth admin
VALUE iVN-Auth readwrite
VALUE iVN-Auth readonly
VALUE iVN-Auth authenticated

Optional authorization modifier

This instructs the Verity Web UI to modify the operations and results available to the user. For example, the value "tech" modifies the web behavior for "admin" and "superusers" to include more technically-oriented features.

ATTRIBUTE iVN-Auth-Modifier string
VALUE iVN-Auth-Modifier tech

SSH Access (SSH Keys)🔗

Go to Administration/Users/SSH Access

How to access SYSLOG🔗

  1. Go to Administration/External APIs.
  2. Click the window titled "SYSLOG".

How to Automate Backups🔗

  1. Select Administration from the Main Navigation Bar.
  2. Select the External APIs tab.
  3. Select the DB Backups tile.

  4. Enter the required information:

    • BWLimit(kbps): Bandwidth Limit
    • User: Username on the remove server
    • Server: Remote server name (can be IP address or hostname)
    • Port: IP port of the remote server
    • Filepath: Path on the remote server

  5. Enable the Enabled and Host Subdir boxes

  6. Once Enabled, click the Auth Key button to copy the authorization key.
  7. In the the database server, paste the key into: .ssh/authorized_keys
  8. Save

Users and Permissions🔗

Verity supports role based access (RBAC) permissions scheme to partition the various workflows to operational personnel.

Permission Parameters Role
[DEV] Device Management Add device controller, Edit device controller, Delete device controller, Swap switchpoints, Set read only mode, Capture device snapshot, Trigger a full device rescan by ACS, Open a remote access tunnel, Reboot switch, Mark device out of service. Device Operations
[NW] Network Edit POD name, Add a new preprovisioned switch Designate LAN TORs (Management Network), Lock switch Edit site, Create switch pairs, Create a static connection, Site Settings (DHCP snooping, Aggressive Reporting, CRC Failure Threshold) , Underlay Fabric Configuration Network Operations
[SEP] Switch Endpoint Edit Switch Name and type (spine/leaf) Delete Switch Edit switch Note, Port Provisioning Day-Day Service Management
[BP] Base Provisioning Manage Tenants, Gateways, LAGS, Route map assignments Infrastructure
[GBL] Globals Manage badges, RADIUS servers for 802.1x Security
[IE] Import Import snapshots, Clear system Global Provisioning
[ADM] Admin The Admin Role grants access to edit all features in the GUI User Administration
[SVC] Services Manage services, Change assigned tenant Service Creator
[SET] Sets Manage Firmware Update Sets Software Manager
[VIEW] Views Manage Views Monitoring

Roles🔗

The Roles window (Administration/Users/Roles) lets you assign feature access to roles. To access this feature you must first enable Granular Permissions in feature flags..

The Roles window contains a collection of checkboxes with each user role listed as a column item and each feature listed as a row item. You enable and disable checkboxes to determine what features are accessible to each role.

In Accounts, each user is then assigned a role.

Assigning User Roles in Accounts🔗

This feature lets you grant or restrict features to selected user roles.

Assigning Users to Roles🔗

  1. From the Administration window select the Users/Accounts item box.
  2. In the window that appears, click the Access Level menu item twice for the chosen user. You can also select the edit icon () in the upper right corner of the User Accounts window to edit the page.
  3. Choose the Username you want to change and set the Access Level to the desired role.
  4. To complete the process, click the checkmark ( ) in the upper right corner of the User Accounts window to save your work.

VNFs🔗

This section of the page focuses on the management of the virtual machine installations of the vNetc and SDLC. This includes the ACS, GuiA and DHCP server. Device Controller settings are also in this section. To access VNFs got to Administration/VNFs.

vNetC Commander🔗

The vNetC commander contains information about the vNetC VM.

How to Install or Update vNetC🔗

  1. Click on Administration on the Landing page.
  2. Click on Software Packages tab. 3, Click on vNetC Packages tile.
  3. Import the vNetC Core Upgrade file provided by BE Networks using the Browse Files icon or by dragging and dropping the file into the designated field.
  4. Once upload is completed, click on the Deploy arrow.
  5. The file will auto-load, followed by a reboot of the vNetC.

SDLCs🔗

This section of the page contains information about the SDLCs.

How to Install or Update SDLC🔗

  1. Click on Administration from the landing page.
  2. Click on Software Packages tab.
  3. Click on Image Packages tile.
  4. Import the Firmware .tar file provided by BE Networks using the Browse Files icon or by dragging and dropping the file into the designated field.
  5. Once upload is complete, click on Deploy arrow.
  6. Click on the VNFs tab.
  7. Find and click on the SDLC SW Version tile .
  8. Click on the Target Package drop-down menu.
  9. Select the target version.
  10. Click on the check-mark in the upper-right corner.
  11. The file will auto-load followed by a reboot of the SDLC.
  12. Repeat steps 7-10 if more than one SDLC is equipped.

vNetC Commander🔗

This section is composed of important processes working within the vNetC virtual machine.

System Applications🔗

System Applications are:

  • ACS

  • DHCP Server

  • GuiA

  • SensAI

How to Install System Applications🔗

To begin the installation process click Add a System Application button () . In the window that appears, click the desired System Application .

The example below demonstrates how to install GuiA; the steps are applicable to the other System Applications.

How to Install or Update GuiA🔗

GuiA stands for Graphic UI Acceleration and is a System Application that increases UI performance. To add GuiA to your application do the following:

  1. Go to Administration/VNFs and navigate to the section of the window titled System Applications () .
  2. Click the create button () .
  3. Choose GuiA from the prompt .
  4. In the window that appears, enable the application by clicking the enable button ()and fill out the fields with the relevant IP information.
  5. Save your work by clicking the checkbox icon().
  6. The yellow Status box text will read Awaiting Status. When it changes to Connected, the process is complete.

How to Install or Update SensAI🔗

SensAI is Verity's AI-powered messaging assistant. To add SensAI to your application do the following:

  1. Go to Administration/VNFs and navigate to the section of the window titled System Applications ().
  2. Click the create button () .
  3. Choose SensAI from the prompt .
  4. In the window that appears, enable the application by clicking the enable button ()and fill out the fields with the relevant IP information.
  5. Save your work by clicking the checkbox icon().
  6. The yellow Status box text will read Awaiting Status. When it changes to Connected, the process is complete.