Server Setup Tasks
Task |
See |
---|---|
Verify the backup settings |
|
Install any required product licenses and software updates |
|
For software updates:
|
|
Set up HTTPS on the server for secure interactions between the server and browser-based GUI client (you can use HTTP but HTTPS is recommended) |
|
Configure high availability |
|
Adjust data retention and purging |
|
For server-related traps that signal system problems, customize the threshold settings and severities, and forward the traps as SNMP trap notifications to configured receivers |
|
Set up NTP (Network Time Protocol) so that time is synchronized between the server and network devices |
|
Configure FTP/TFTP on the server for file transfers between the server and network devices |
|
Configure a proxy for the Cisco EPN Manager server |
|
Configure the email server |
|
Enable the Compliance feature if you plan to use it to identify device configuration deviations |
Enable and Disable Compliance Auditing |
Enable the Service Discovery feature so that Cisco EPN Manager discovers the services that are existing in the network and the services that are provisioned using the Provisioning Wizard. |
|
Configure product feedback to help Cisco improve its products |
|
Configure product feedback to help Cisco improve its products |
Configure Cisco Product Feedback Settings |
Configure and use LDAP/Active Directory Servers
Add an LDAP Server to Cisco EPN Manager
Note |
You can also use the Cisco Identity Services Engine (ISE) for authenticating users. See Use Cisco ISE With RADIUS or TACACS+ for External Authentication for more information. |
To add an LDAP server:
Note |
Use the same procedure as below to add an Active Directory server. |
Procedure
Step 1 |
Choose and choose LDAP Servers.
|
||
Step 2 |
Select the LDAP server and then in the right pane, click the +icon to create LDAP server details that you want to add. |
||
Step 3 |
Enter the required LDAP Server Details—Server Address, Server Port, Password, IP address, DNS Name, and so forth. |
||
Step 4 |
If you want to use the SSL communication channel, then check the Use Secure Auth check box. For more information about Installing LDAP certificates, see how to install the LDAP certificate in Cisco EPN Manager.
|
||
Step 5 |
Enter the Admin DN string. |
||
Step 6 |
Enter the Password and the Confirmation Password details.
|
||
Step 7 |
Enter the schemas in the following fields: typically every LDAP server has its own configuration of users and groups and concatenated certificate file: |
||
Step 8 |
In the Retries field, enter the number of times that the LDAP authentication of source file can be run. |
||
Step 9 |
Click Save. |
Configure LDAP Servers on the Cisco EPN Manager
Before you begin
Make sure to install the LDAP certificate to Cisco EPN Manager:
-
Get the root and intermediate certificates for the SSL certificate for the LDAP server, which is owned by the customer.
-
Log in as CLI admin user using ssh as mentioned in Establish an SSH Session With the Cisco EPN Manager Server.
-
Copy the CA root/intermediate certificate(s) for the LDAP server certificate to the local directory of Cisco EPN Manager. For example, copy your rootCA.pem to /localdisk/defaultRepo.
-
In the Cisco EPN Manager Admin CLI, run the command to import this CA root certificate in Cisco EPN Manager as -
EPNMServer/admin# ncs certvalidation trusted-ca-store importcacert alias <ALIAS> repository <Repository-name> <certificate-file> truststore {devicemgmt | pubnet | system | user}
(for example,EPNMServer/admin# ncs certvalidation trusted-ca-store importcacert alias epnm40 repository defaultRepo certnew.cer truststore system
). This imports the LDAP certificate in the Java import trust store. -
Restart Cisco EPN Manager.
Note |
If you have two LDAP servers and two Cisco EPN Manager servers (HA mode), install the root/intermediate certificate for each LDAP server and restart each Cisco EPN Manager server based on HA guidelines. |
Procedure
Step 1 |
Choose AAA Mode. , then choose |
||
Step 2 |
Choose the LDAP radio button. |
||
Step 3 |
Check the Enable Fallback to Local check box to enable the use of the local database when the external AAA server is down. |
||
Step 4 |
If you want to revert to local authentication if the external LDAP server goes down, perform the following steps:
|
||
Step 5 |
Click Save.
|
Cisco WAN Automation Engine Integration with Cisco EPN Manager
The Cisco WAN Automation Engine (WAE) platform is an open, programmable framework that interconnects software modules, communicates with the network, and provides APIs to interface with external applications.
Cisco WAE provides the tools to create and maintain a model of the current network through continuous monitoring and analysis of the network and based on traffic demands that are placed on it. This network model contains all relevant information about a network at a given time, including topology, configuration, and traffic information. You can use this information as a basis for analyzing the impact on the network due to changes in traffic demands, paths, node and link failures, network optimizations, or other changes.
Note |
For details, refer to the latest Cisco WAN Automation Engine (WAE) Installation Guide and Cisco WAN Automation Engine (WAE) User Guide. |
In Cisco EPN Manager, when you create an unidirectional or a Bidirectional tunnel with an explicit path, the WAN Automation Engine (WAE) integration provides you the explicit path using a REST call from Cisco EPN Manager automatically. Thus, you can avoid manually entering the explicit paths. WAE provides you a list of possible network paths to review and allows you to select an appropriate path.
Configure WAE Parameters
Before you begin
Ensure to set the WAE parameters:
-
Choose
-
Expand Circuit VCs and then choose WAE Server Settings.
-
Enter the relevant WAE Details (version 7.1.3 and above) and field details such as WAE Server IP, WAE Port Address, WAE Server User Name, and WAE Server Password.
-
Click Save to save the WAE server settings or click Reset to Defaults to clear all the entries.
Procedure
Step 1 |
Create a Unidirectional or Bidirectional tunnel with necessary parameters. For more information, see Create and Provision an MPLS TE Tunnel. |
Step 2 |
In the Path Constraints Details area, choose the path type either as Working or Protected. See Field References for Path Constraint Details—MPLS TE Tunnel for descriptions of the fields and attributes. |
Step 3 |
Check the New Path check box if you want to enable the Choose Path from WAE server check box. |
Step 4 |
Check the Choose Path from WAE server checkbox. EPNM manager sends a REST request to WAE to obtain WAE networks. |
Step 5 |
From the Select WAE Network drop-down list, choose a network. |
Step 6 |
From the Select WAE Path drop-down list, choose the appropriate paths returned. |
Step 7 |
Enter the name of the path in the Path Name field. |