NAA Starter Guide

First time Login NAA and Change Default Login Password

To change NAA default login passwords, follow these steps.

Login to NAA as admin user

Open a browser to https://<NAA IP>

user: admin
password: admin
Change default admin user's login passwords.

Click on the "admin" name at the top header to change its password.
Done. Goto Update NAA Software

Update NAA Software

Please update NAA version immediately after installation.

Goto

System > Update
Enable Daily Auto Update

See Method 1, enable Auto Update and select the hour of the day to check for updates so that your NAA is always uptodate.
Update NAA Now

See Method 2, if your NAA is outdated, update NAA now.
NAA will restart after update. You need to re-login NAA after update.
Done. Goto Add the First Device

Add the first Device

To add the first device to NAA, follow these steps.

Setup Device Login Credentials
1. Goto Setup > Credentials
2. Add a credential for device login.
Add new Devices

Add a new Devices Entry and a list of similar devices into it. Similar devices share the same vendor OS, access methods, credential, Snapshots Cmds, etc.
1. Goto Setup > Devices
2. Add a new Devices Entry and list of devices.
  Also see how to Setup Auto Discovery.
3. Select the appropriate attributes (Vendor OS, Access Method, Device Credential, Snapshots Cmds) for this Devices Entry.
  If the Vendor OS is not listed, you can Create new Vendors OS.
  If the Snapshots Cmds is not defined yet, create it in Setup Snapshots Commands.
Done. Goto Taking and Scheduling Snapshots

Run Task

To issue bulk command to one or more devices, follow these steps.

Create and Run Task
1. Goto "Create Task" to create a new task.
2. Enter the commands to be issued on the devices. Note the preceeding "cmd:" which tells NAA to send a command.
3. Select the desire device or devices. Then follow through the rest of confirmation pages and "Submit"
See Task results

After the task is submited, you will see the Tasks listed in the "Task Results" page.
1. Click on the task to see result when it is "Done". If not done, then "Refresh" to update status.
2. Click "ALL" to view all results on one page, or select individual device result.

Taking and Scheduling Snapshots

You can take Snapshot on demand or by schedule.

Snapshot use the commands defined in the Snapshots Commands. If Snapshots Commands are not defined yet, create them in Setup Snapshots Commands.

Taking Snapshots On Demand

You can take Snapshots on any devices on demand.
1. Goto Snapshots > Take Snapshots
2. Select desire devices or group of devices. You can filter on the device name.
Schedule Snapshots

You can schedule Snapshots. Scheduled Snapshots will be taken for all devices.
1. Check the time for taking the Snapshot.
2. Save and Activate Snapshots schedule.
Done. Goto View Snapshots and Changes History

View Snapshots and Changes History

You can view Snapshots and the Changes History.

View Snapshots
1. Goto Snapshots > View Snapshots
2. Click on the device to see the latest Snapshot.
View Changes History
1. Goto Snapshots > View Changes History
2. Change the time period to list different history.
3. Click on the device to see detail changes.

Create Vendors OS

Vendors OS defines how NAA interact with devices running on such OS.
You can add new Vendors OS when you have devices running on an OS that is not currently available in NAA.

Create new Vendors OS
1. Goto Setup > Vendors OS
2. Create a new Vendors OS
Define how to interact with the OS.
1. Enter regex to detect device prompt. Be sure to cover all possible prompts that you expect NAA will encounter on the device (such as the privilege, non-privilege, and configuration modes).
2. Enter the first and last commands to send to the device.
3. If there are sensitive information, use the Hide Command Outputs to hide such information.

Setup Snapshots Commands

Setup Snapshots Commands

Snapshots Commands defines what information is captured in the Snapshot. They are commands to be issued to the devices.
1. Goto Snapshots > Snapshots Commands
2. Select the Snapshots Command name. Or Create one if not yet exists.
3. Enter commands to be issued on the device

Setup/Run/Schedule Compliance Audit

Compliance Auditing compares devices commands outputs to the given Standard Rules expected output.

To setup, run, and schedule Compliance Auditing, follow these steps.

Create Rules
1. Goto "Edit Rules"
2. Click on the plus icon to create a new Rule.
3. Enter commands and the expected output.
4. Save the new Rule.
Create Standard
1. Goto "Edit Standards"
2. Click on the plus icon to create a new Standard.
3. Select the new Standard.
4. Drag and Drop the new Rules to the appropriate Categories.
5. Save the new Standard.
Assign Standard to Devices
1. Goto "Edit Devices".
2. Click on the pencil icon to edit the desire "Devices Set".
3. Assign the Standard.
4. Save the "Device Set".
Test run Audit
1. Goto "Run Audit Now".
2. Select one or few devcies that belong to the "Device Set" with the new Standard.
3. Click "Run Now".
4. After "Run Audit Now" is done, goto "See Report".
5. Click on the device audited.
6. Verify the device is audited successfully.
Schedule Compliance Audit
1. Goto "Schedule Audit".
2. Select how frequent to perform the Audit.
3. Save and Activate.

Setup Auto Discovery

Setup SNMP Credentials

Enter SNMPv2 and SNMPv3 credentials used in discovery.
1. Goto Setup > Credentials
2. Add all the SNMP credentials.
3. Try the SNMP credential with a known devices to confirm SNMP access.
Setup Auto Discovery

Enter Auto Discovery day/time and the IP address networks to be covered in the discovery.
1. Goto Setup > Discovery
View Discovered Devices

After the Auto Discovery is executed, view all the discovered devices.
1. Goto Discovery > Discovered devices
2. Auto Discovery should discover the sysName, sysDescr, and the DNS name if the IP address have reverse DNS lookup.
Assign Discovered Devices

Assign discovered devices to Device Set
1. Goto Setup > Devices
2. Expand the Device Set.
  Click on the "Discovered devices" to see unAssigned discovered devices.
3. Select the devices and assign them to the Device Set.

System Users

Add Local Users

System local users are authenticated locally. You must be admin user (privilege level 3) to edit system users.
The default local user password is "ironwood".
1. Goto System > Users
2. Add (or Delete) user name in the "Local Users" text box of the appropriate privilege level.
Modify User Password

System local user password should be changed. The user can change the password as shown below.
1. Login to NAA with the local user name.
2. Click the name at the top right corner.
3. Change the password.
4. Done.
Add System LDAP users

System LDAP users are authenticated by their LDAP accounts. You must be admin user (privilege level 3) to edit system users.
1. Goto System > Users
2. Add (or Delete) user name in the "LDAP Users" text box of the appropriate privilege level.
3. Goto System > Settings
4. Enter LDAP server info.
Add System AD Groups

System users can be authenticated by their AD Group membership. You must be admin user (privilege level 3) to edit it.
1. Goto System > Users
2. Enter "Base DN" to search for the AD Groups.
3. Add (or Delete) group names in the "AD Groups" text box of the appropriate privilege level.
4. Note that LDAP setup is required
  Goto System > Settings
  Enter LDAP server info.
Enable One-Time-Passcode

Optinally, you can enable One-Time-Passcode (OTP). OTP only works for LDAP users. Users will receive an one-time-passcode in their email during login.
1. Goto System > Settings > Email Server
2. Enter email server info.
3. Enable the One-Time-Passcode checkbox.

Setup Jumpbox

Add Jumpbox

If you need to SSH to a jumpbox server first and then SSH to the target devices, you can setup jumpbox as shown below.
1. Goto Setup > Jumpbox
2. Enter the jumpbox server info.
Use Jumpbox

Now you can use the jumpbox as the Access Method for the devices.
1. Goto Setup > Device
2. Select the Jumpbox as the Access Method.

Enable Email Notification

Enable email notification

To receive email notification when changes are detected, setup notification as below.
1. Goto System > Settings > Notification
2. Enable Email checkbox. Note that the "Email Server" setup is required.
3. Enter recipents email names or full email addresses separated by comma.
4. Enter default email domain.

Using API

With API, it is possible to integrate other systems with NAA. Such as updating NAA Devices with 3rd party source-of-true CMDB inventory.

Setup User API Passcode

To create an API passcode, follow these steps.
Note that the user must have an user account created on NAA (ie. not an AD Group user).
1. Login to NAA as the user
2. Goto the user icon at the upper right
3. Generate the API passcode
4. Save it
Access API

Available API routes are listed in API UI.
1. Goto https://<NAA IP>/docs
2. Authorize with username and API passcode
3. Try the API via UI
4. Examine the API routes information and utilize them from your external automation scripts
API Example

For example, you can update devices from existing Device Sets using API calls "get_devices" and "save_devices".

Note that this example uses linux curl command for simplicity. You can integrate to your automation script or make API calls from a 3rd party device discovery management application.
1. Get the devices in JSON format and save to local devices file.
  curl -k -XGET -u "<username>:<api passcode>" "https://<NAA IP>/api/get_devices" | jq . > naa-devices.json
  cat naa-devices.json
```
{
  "devices": {
    "Cisco IOS switches": [
      "router-1",
      "router-2"
    ],
    "NAA server": [
      "192.168.86.10"
    ]
  }
}
                        
```
2. Modify the devices in the file. Verify the file is valid JSON format such as using this JSON validation website.
3. Upload the new devices file to NAA.
  curl -k -XPOST -u "<username>:<api passcode>" "https://<NAA IP>/api/save_devices" -H "Content-Type: application/json" -d @naa-devices.json

Ironwood Networks NAA Starter Guide