More success, thanks to Enterasys IAM

We’ve just started the Fall semester here at UNI, and we’re happy to report our most successful start to the semester yet. We launched the year with wireless in the halls for the first time, along with smaller building subnets and a faster backbone and core.

What are some devices stats we were able to gather thanks to IAM?:

•    50% Windows
•    20% iOS
•    15% Mac
•    5% Game Consoles
•    5% Android
•    5% Other

About two-thirds of registrations were wireless.

It wasn’t a flawless start, and we still have some issues we’re diagnosing between our campus network and ResNet, but overall things have gone very well due to Enterasys’ robust IAM and networking solutions.

Posted in Uncategorized | Tagged , , , | Leave a comment

Tacacs and Entersasys

I really need to configure a tacacs server. Here’s how to configure enterasys switches to auth with tacacs. I wish netsight supported tacacs.

Posted in Uncategorized | Leave a comment

Cisco vs. Enterasys

Interesting thread comparing cisco vs enterasys.

Posted in Uncategorized | Leave a comment

Distributing NAC/Identity and Access Management among non-centralized departments

The challenge: How do you allow non-central IT staff manage their own devices (and only those) in a NAC solution while still keeping control centralized? Enterasys’ NAC was initially designed for centralized management. However, as NAC adoption increases, more IT staff outside of central IT need to know the status of their devices within NAC. Hmmm….

Enterasys has anticipated the above scenario, and in 4.3 they’ve created Zones to help with the management of this challenge. Different Zones can be created with a variety of different criteria, the two major components being usergroups (to which groups does the user belong?)  and rules (what’s the IP, switch, time, etc. that should trigger this rule?).

Get in the Zone!

Through Zones we’ll be able to create a Zone for each logical department that might need access to see the devices they manage in their areas of responsbility. What are the benefits to allowing non-central IT access into NAC?

  • Increased information awareness. IAM (Identity and Access Manager) provides a LOT of network and device data that will help them and central IT with troubleshooting, from switch and jack info, to PortView, to custom information/device details.
  • Getting info direct from the source. No need to create/build a separate database of device statuses when you can get it right from the authoritative repository.
  • Less administrative overhead. Central IT won’t need to constantly request changes when they can make them on their own.

While we’re still exploring Zones’ use, its capabilities seem to align with how we’d like to leverage IAM’s capabilities. More on Zones as we delve into using it further.

Posted in Uncategorized | Tagged , , , | Leave a comment

OneView Usability Enhancements in 4.3

Enterasys’ focus on usability and polish have continued in their 4.3 release of Netsight. Most significantly, the focus on OneView and incorporating NAC as Identity and Access is a very encouraging step toward a unified, refined application that is useful both for a Netsight administrator to directors/managers and IT helpdesks. Case in point:

Improved visuals for the Dashboard

The new charts break out, allowing you to view some very high-level information easily. The chart tracking authentication types over time is interesting/helpful, as well.

Because not all IT shops are identical (and UNI tends to be non-mainstream at times), I’d love to be able to customize which charts and information are shown on the Dashboard. Adding the ability to further filter on a particular chart/graph would also be helpful. For instance, if I’m only looking at Registered Users, how many of those are the various device families? Or of those devices that are disconnected, how many have the Registered Profile? The new charts provide a great first step toward information awareness about what is happening within Identity and Access and I look forward to its continued evolution.

Usability enhancements continue with the integration of other features. One that will be helpful for troubleshooting in the future is the PortView feature, which was added a version back but continues to be more closely integrated:

Right-clicking on an end-system reveals the PortView feature.

Choosing the PortView option, you get presented with the following screen:

PortView info

It shows the path your device takes across the network, as well as the link state across there (this takes some time to show the link, which is why one link is green and the other isn’t yet green). You can’t see it here, but when you highlight each device in the path, there’s a very tiny dot beside each device that will reveal different information (IP, uptime, date seen, etc.). I’d love to see the information displayed here continue to be refined. For instance, swapping out the dots for icons that display something meaningful for each grouping of data. Or possibly allowing additional info to be showing as a highlighted overlay on each device. I’m still amazed at this level of detail Enterasys has provided.

Finally, sometimes it’s the little things that make a big difference. Before, if I wanted to search for a MAC, it had to be in this format:

12:34:56:78:90:AB

Now I can also search for this as:

1234567890AB
12-34-56-78-90-AB

and get the same results! Of course, partial matches still apply, but it’s a nice improvement for usability.

Enterasys’ team has really done a great job of adding value to the tools they provide and making them more accessible. From high-level details (charts/graphs) to tighter integration (PortView) down to little details like searching for devices in various ways, refinements continue to our benefit and those of our users.

Posted in Uncategorized | Tagged , , , , | 2 Comments

Netsight certificate installation requires pkcs#8 format key

I installed a new digicert on our netsight server. The process requires uploading a pkcs#8 format key. By default openssl doesn’t create a pkcs#8 private key, it needs to be converted with the pkcs tool

I found all the relevant information in netsight documentation under “How to Update the NetSight Server Certificate”

Generate rsa key and csr
openssl genrsa 4096 | openssl pkcs8 -topk8 -out server.key

openssl req -new -key server.key -out server.csr

Posted in Uncategorized | Leave a comment

Enterasys Netsight Migration from windows to Ubuntu 64bit appliance

I’m told there’s a appliance migration guide in the works. After I deployed the .ova, I logged in using the default password. I was asked if netsight should run as root or another user. I opted to create another user. I was pleased to discover that even after I restored the backup of my database the netsight server user was able to authenticate to the portal. This is important as all the users I imported had a domain associated with them and the linux netsight doesn’t use domain in the login prompt which used to create problems. I simply enabled an LDAP configuration under the user configuration after my first login and all the AD accounts worked. I wish this was addressed in the documentation

I Used Enterasys GTAC support articles:

Moving the NetSight Server to a New System Article ID: 13209

I did run into an issue rehosting my netsight key, I used an eval key as temporary workaround. I turns out the problem is I need upgrade aka re-buy netsight license.

Syslog Event View not Showing Entries After Restoring Windows Database on Linux Article ID: 13979
Solution steps 3 and 4 should be modified
3. Change the Log Directory to /var/log/syslog
4. Change the Pattern to Ubuntu LINUX Syslog Pattern

NetSight Inventory Manager – Unable to Open Archived Configuration Files After Restoring Database from Windows Server to Linux Article ID: 13983

NetSight – Trap Event View not Showing Entries After Restoring Windows Database on Linux Article ID: 14036

Other issues

DB Backup failure
Initially I couldn’t backup the database, but found there were a few files in the backup directory there weren’t readable by the netsight user. I didn’t expect the backup function to backup the backup directory.

Posted in Uncategorized | Leave a comment

Standard student employee IT training

For many years our Residential Technology Support Coordinator Todd Thomas has refined an excellent training program for his ResNet Consulting Center student employees. This year he’s partnered with Ben Arnold who has previously lead an IT training course at U. Iowa for college credit. The program will cover many subject matters including security policy awareness and network troubleshooting as well as an obstacle course where students are required complete troubleshooting challenges on their own.

Posted in Uncategorized | Leave a comment

New Project Management System

We’ve had a number of discussions regarding project management among our team. We implemented a new ticket system Kayako about a year ago. We’ve made some custom improvements, but I’ve struggled with how do we track projects vs tasks. We decided we didn’t yet warrant the overhead of a PM system. We have new plan to place project descriptions and development in our wiki. As projects are assigned and split into tasks each task will generate a ticket linked from the wiki. Tasks will be tracked as tickets. Active projects in the wiki will generate bi-monthly updates and proportional completion completed tasks / total tasks. Unassigned projects will be ranked by priority.

Posted in Uncategorized | Leave a comment

Enterasys How To Videos

Recently I found some fantastic videos for working with Enterasys products. We were working on a large vlan grooming project and I needed a refresher on the vlan model editor tool. It turns out Enterasys has lots of task based videos. Finally I’ll have some non-cisco training material to watch while I’m on the treadmill. I heard from Enterasys they have a huge commitment to creating a large how to video library.

Posted in Uncategorized | Leave a comment