Manage the NetQ UI
As an administrator, you can manage access to and various application-wide settings for the NetQ UI from a single location.
Individual users have the ability to set preferences specific to their workspaces. You can read about that in Set User Preferences.
NetQ Management Workbench
You access the NetQ Management workbench from the main menu. For users responsible for maintaining the application, this is a good place to start each day.
To open the workbench, click , and select Management under Admin. The cards available vary slightly between the on-premises and cloud deployments. The on-premises management dashboard has an LDAP Server Info card, which the cloud version does not. The cloud management dashboard has an SSO Config card, which the on-premises version does not.
Manage User Accounts
From the NetQ Management workbench, you can view the number of users with accounts in the system. As an administrator, you can also add, modify, and delete user accounts using the User Accounts card.
Add New User Account
For each user that monitors at least one aspect of your data center network, a user account is needed. Adding a local user is described here. Refer to Integrate NetQ with Your LDAP server for instructions for adding LDAP users.
To add a new user account:
-
Click Manage on the User Accounts card to open the User Accounts tab.
-
Click Add User.
-
Enter the user’s email address, along with their first and last name.
Be especially careful entering the email address as you cannot change it once you save the account. If you save a mistyped email address, you must delete the account and create a new one.
-
Select the user type: Admin or User.
-
Enter your password in the Admin Password field (only users with administrative permissions can add users).
-
Create a password for the user.
- Enter a password for the user.
- Re-enter the user password. If you do not enter a matching password, it will be underlined in red.
-
Click Save to create the user account, or Cancel to discard the user account.
By default the User Accounts table is sorted by Role.
-
Repeat these steps to add all of your users.
Edit a User Name
If a user’s first or last name was incorrectly entered, you can fix them easily.
To change a user name:
-
Click Manage on the User Accounts card to open the User Accounts tab.
-
Click the checkbox next to the account you want to edit.
-
Click above the account list.
-
Modify the first and/or last name as needed.
-
Enter your admin password.
-
Click Save to commit the changes or Cancel to discard them.
Change a User’s Password
Should a user forget his password or for security reasons, you can change a password for a particular user account.
To change a password:
-
Click Manage on the User Accounts card to open the User Accounts tab.
-
Click the checkbox next to the account you want to edit.
-
Click above the account list.
-
Click Reset Password.
-
Enter your admin password.
-
Enter a new password for the user.
-
Re-enter the user password. Tip: If the password you enter does not match, Save is gray (not activated).
-
Click Save to commit the change, or Cancel to discard the change.
Change a User’s Access Permissions
If a particular user has only standard user permissions and they need administrator permissions to perform their job (or the opposite, they have administrator permissions, but only need user permissions), you can modify their access rights.
To change access permissions:
-
Click Manage on the User Accounts card to open the User Accounts tab.
-
Click the checkbox next to the account you want to edit.
-
Click above the account list.
-
Select the appropriate user type from the dropdown list.
-
Enter your admin password.
-
Click Save to commit the change, or Cancel to discard the change.
Correct a Mistyped User ID (Email Address)
You cannot edit a user’s email address, because this is the identifier the system uses for authentication. If you need to change an email address, you must create a new one for this user. Refer to Add New User Account. You should delete the incorrect user account. Select the user account, and click .
Export a List of User Accounts
You can export user account information at any time using the User Accounts tab.
To export information for one or more user accounts:
-
Click Manage on the User Accounts card to open the User Accounts tab.
-
Select one or more accounts that you want to export by clicking the checkbox next to them. Alternately select all accounts by clicking .
-
Click to export the selected user accounts.
Delete a User Account
NetQ application administrators should remove user accounts associated with users that are no longer using the application.
To delete one or more user accounts:
-
Click Manage on the User Accounts card to open the User Accounts tab.
-
Select one or more accounts that you want to remove by clicking the checkbox next to them.
-
Click to remove the accounts.
Manage User Login Policies
NetQ application administrators can configure a session expiration time and the number of times users can refresh before requiring users to re-login to the NetQ application.
To configure these login policies:
-
Click (main menu), and select Management under the Admin column.
-
Locate the Login Management card.
-
Click Manage.
-
Select how long a user can be logged in before logging in again; 30 minutes, 1, 3, 5, 6, or 8 hours. Default for on-premises deployments is 6 hours. Default for cloud deployments is 30 minutes.
-
Indicate the amount of time in seconds the application can be refreshed before the user must log in again. Default is 1440 seconds (1 day).
-
Enter your admin password.
-
Click Update to save the changes, or click Cancel to discard them.
The Login Management card shows the configuration.
Monitor User Activity
NetQ application administrators can audit user activity in the application using the Activity Log.
To view the log, click (main menu), then click Activity Log under the Admin column.
Click to filter the log by username, action, resource, and time period.
Click to export the log a page at a time.
Manage Scheduled Traces
From the NetQ Management workbench, you can view the number of traces scheduled to run in the system. A set of default traces are provided with the NetQ GUI. As an administrator, you can run one or more scheduled traces, add new scheduled traces, and edit or delete existing traces.
Add a Scheduled Trace
You can create a scheduled trace to provide regular status about a particularly important connection between a pair of devices in your network or for temporary troubleshooting.
To add a trace:
-
Click Manage on the Scheduled Traces card to open the Scheduled Traces tab.
-
Click Add Trace to open the large New Trace Request card.
-
Enter source and destination addresses.
For layer 2 traces, the source must be a hostname and the destination must be a MAC address. For layer 3 traces, the source can be a hostname or IP address, and the destination must be an IP address.
-
Specify a VLAN for a layer 2 trace or (optionally) a VRF for a layer 3 trace.
-
Set the schedule for the trace, by selecting how often to run the trace and when to start it the first time.
-
Click Save As New to add the trace. You are prompted to enter a name for the trace in the Name field.
If you want to run the new trace right away for a baseline, select the trace you just added from the dropdown list, and click Run Now.
Delete a Scheduled Trace
If you do not want to run a given scheduled trace any longer, you can remove it.
To delete a scheduled trace:
-
Click Manage on the Scheduled Trace card to open the Scheduled Traces tab.
-
Select at least one trace by clicking on the checkbox next to the trace.
-
Click .
Export a Scheduled Trace
You can export a scheduled trace configuration at any time using the Scheduled Traces tab.
To export one or more scheduled trace configurations:
-
Click Manage on the Scheduled Trace card to open the Scheduled Traces tab.
-
Select one or more traces by clicking on the checkbox next to the trace. Alternately, click to select all traces.
-
Click to export the selected traces.
Manage Scheduled Validations
From the NetQ Management workbench, you can view the total number of validations scheduled to run in the system. A set of default scheduled validations are provided and pre-configured with the NetQ UI. These are not included in the total count. As an administrator, you can view and export the configurations for all scheduled validations, or add a new validation.
View Scheduled Validation Configurations
You can view the configuration of a scheduled validation at any time. This can be useful when you are trying to determine if the validation request needs to be modified to produce a slightly different set of results (editing or cloning) or if it would be best to create a new one.
To view the configurations:
-
Click Manage on the Scheduled Validations card to open the Scheduled Validations tab.
-
Click in the top right to return to your NetQ Management cards.
Add a Scheduled Validation
You can add a scheduled validation at any time using the Scheduled Validations tab.
To add a scheduled validation:
-
Click Manage on the Scheduled Validations card to open the Scheduled Validations tab.
-
Click Add Validation to open the large Validation Request card.
-
Configure the request. Refer to Validate Network Protocol and Service Operations for details.
Delete Scheduled Validations
You can remove a scheduled validation that you created (one of the 15 allowed) at any time. You cannot remove the default scheduled validations included with NetQ.
To remove a scheduled validation:
-
Click Manage on the Scheduled Validations card to open the Scheduled Validations tab.
-
Select one or more validations that you want to delete.
-
Click above the validations list.
Export Scheduled Validation Configurations
You can export one or more scheduled validation configurations at any time using the Scheduled Validations tab.
To export a scheduled validation:
-
Click Manage on the Scheduled Validations card to open the Scheduled Validations tab.
-
Select one or more validations by clicking the checkbox next to the validation. Alternately, click to select all validations.
-
Click to export selected validations.
Manage Threshold Crossing Rules
NetQ supports a set of events that are triggered by crossing a user-defined threshold, called TCA events. These events allow detection and prevention of network failures for selected ACL resources, digital optics, forwarding resources, interface errors and statistics, link flaps, resource utilization, RoCE (RDMA over converged Ethernet), sensor and WJH events. A complete list of supported events can be found in the TCA Event Messages Reference.
Instructions for managing these rules can be found in Manage Threshold-based Event Notifications.
Manage Notification Channels
NetQ supports Slack, PagerDuty, and syslog notification channels for reporting system and threshold-based events. You can access channel configuration in one of two ways:
-
Click Manage on the Channels card
-
Click , and then click Channels in the Notifications column
In either case, the Channels view is opened.
Determine the type of channel you want to add and follow the instructions for the selected type in Configure System Event Notifications. Refer to Remove a Channel to remove a channel you no longer need.
Manage Premises
Managing premises involves renaming existing premises or creating multiple premises.
Configure Multiple Premises
The NetQ Management dashboard provides the ability to configure a single NetQ UI and CLI for monitoring data from multiple premises. This eliminates the need to log in to each premises to view the data.
There are two ways to implement a multi-site on-premises deployment.
-
Full NetQ deployment at each premises
- NetQ appliance or VM running NetQ Platform software with a database
- Each premises has its own NetQ UI and CLI and operates independently
- The NetQ appliance or VM at one of the deployments acts as the primary premises for the premises in the other deployments (similar to a proxy)
- A list of these secondary premises is stored with the primary deployment
-
Full NetQ deployment at primary site and smaller deployment at secondary sites
- The NetQ appliance or VM at one of the deployments acts as the primary premises for the premises in the other deployments (similar to a proxy)
- The primary premises runs the NetQ Platform software (including the NetQ UI and CLI) and houses the database
- All other deployments are secondary premises; they run the NetQ Controller software and send their data to the primary premises for storage and processing
- A list of these secondary premises is stored with the primary deployment
After the multiple premises are configured, you can view this list of premises in the NetQ UI at the primary premises, change the name of premises on the list, and delete premises from the list.
To configure secondary premises so that you can view their data using the primary site NetQ UI, follow the instructions for the relevant deployment type of the secondary premises.
In this deployment model, each NetQ deployment can be installed separately. The data is stored and can be viewed from the NetQ UI at each premises.
To configure a these premises so that their data can be viewed from one premises:
-
On the workbench, under Premises, click .
-
Click Manage Premises.
-
Click External Premises.
- Click Add External Premises.
-
Enter the IP address for the API gateway on the NetQ appliance or VM for one of the secondary premises.
-
Enter the access credentials for this host.
-
Click Next.
-
Select the premises you want to connect.
-
Click Finish.
-
Add more secondary premises by clicking and repeating Steps 8-12.
In this deployment model, the data is stored and can be viewed only from the NetQ UI at the primary premises.
The primary NetQ premises must be installed before the secondary premises can be added. For the secondary premises, create the premises here, then install them.
-
On the workbench, under Premises, click .
-
Click Manage Premises. Your primary premises (OPID0) is shown by default.
-
Click (Add Premises).
-
Enter the name of one of the secondary premises you want to add.
-
Click Done.
-
Select the premises you just created.
-
Click to generate a configuration key.
-
Click Copy to save the key to a safe place, or click e-mail to send it to yourself or other administrator as appropriate.
-
Click Done.
-
Repeat steps 6-11 to add more secondary premises.
-
Follow the steps in the Admin UI to install and complete the configuration of these secondary premises, using these keys to activate and connect these premises to the primary NetQ premises.
Rename a Premises
To rename an existing premises:
-
On the workbench, under Premises, click , then click Manage Premises.
-
To rename an external premises, click External Premises.
-
On the right side of the screen, select a premises to rename, then click .
-
Enter the new name for the premises, then click Done.
System Server Information
You can easily view the configuration of the physical server or VM from the NetQ Management dashboard.
To view the server information:
-
Click .
-
Select Management from the Admin column.
-
Locate the System Server Info card.
If no data is present on this card, it is likely that the NetQ Agent on your server or VM is not running properly or the underlying streaming services are impaired.
Integrate with Your LDAP Server
For on-premises deployments you can integrate your LDAP server with NetQ to provide access to NetQ using LDAP user accounts instead of ,or in addition to, the NetQ user accounts. Refer to Integrate NetQ with Your LDAP Server for more detail.
Integrate with Your Microsoft Azure or Google Cloud for SSO
You can integrate your NetQ Cloud deployment with a Microsoft Azure Active Directory (AD) or Google Cloud authentication server to support single sign-on (SSO) to NetQ. NetQ supports integration with SAML (Security Assertion Markup Language) or OAuth (Open Authorization). Multi-factor authentication (MFA) is also supported. Only one SSO configuration can be configured at a time. You must enable the configuration for the configuration to take effect.
Configure Support
To integrate your authentication server:
-
Click .
-
Select Management from the Admin column.
-
Locate the SSO Config card.
-
Click Manage.
-
Click the type of SSO to be integrated:
- Open ID: Choose this option to integrate using OAuth with OpenID Connect
- SAML: Choose this option to integrate using SAML
-
Specify the required parameters.
You need several pieces of data from your Microsoft Azure or Google account and authentication server to complete the integration. Open your account for easy cut and paste of this data into the NetQ form.
-
Enter your administrator password. This is required when creating a new configuration.
-
Enter a unique name for the SSO configuration.
-
Copy the identifier for your Resource Server into the Client ID field.
-
Copy the secret key for your Resource Server into the Client Secret field.
-
Copy the URL of the authorization application into the Authorization Endpoint field.
-
Copy the URL of the authorization token into the Token Endpoint field.
This example shows a Microsoft Azure AD integration.
- Click Add.
-
As indicated, copy the redirect URL https://api.netq.cumulusnetworks.com/netq/auth/v1/sso-callback into your OpenID Connect configuration.
-
Click Test to verify you are sent to the right place and can login. If it is not working, you are logged out. Check your specification and retest the configuration until it is working properly.
-
Click Close. The SSO Config card reflects the configuration.
-
To require users to log in to NetQ using this SSO configuration, click change under the current Disabled status.
-
Enter your administrator password.
-
Click Submit to enable the configuration. The SSO card reflects this new status.
-
Enter your administrator password.
-
Enter a unique name for the SSO configuration.
-
Copy the URL for the authorization server login page into the Login URL field.
-
Copy the name of the authorization server into the Identity Provider Identifier field.
-
Copy the name of the application server into the Service Provider Identifier field.
-
Optionally, copy a claim into the Email Claim Key field. When left blank, the user email address is captured.
This example shows a Google Cloud integration.
- Click Add.
-
As indicated, copy the redirect URL https://api.netq.cumulusnetworks.com/netq/auth/v1/sso-callback into your identity provider configuration.
-
Click Test to verify you are sent to the right place and can login. If it is not working, you are logged out. Check your specification and retest the configuration until it is working properly.
-
Click Close. The SSO Config card reflects the configuration.
-
To require users to log in to NetQ using this SSO configuration, click change under the current Disabled status.
-
Enter your administrator password.
-
Click Submit to enable the configuration. The SSO card reflects this new status.
-
Modify Integrations
You can change the specifications for SSO integration with your authentication server at any time, including changing to an alternate SSO type, disabling the existing configuration, or reconfiguring the current configuration.
Change SSO Type
To choose a different SSO type:
-
Click .
-
Select Management from the Admin column.
-
Locate the SSO Config card.
-
Click Disable.
-
Click Yes.
-
Click Manage.
-
Select the desired SSO type and complete the form with the relevant data for that SSO type.
-
copy the redirect URL on the success dialog into your identity provider configuration.
-
Click Test to verify proper login operation. Modify your specification and retest the configuration until it is working properly.
-
Click Update.
Disable SSO Configuration
To disable the existing SSO configuration:
-
Click .
-
Select Management from the Admin column.
-
Locate the SSO Config card.
-
Click Disable.
-
Click Yes to disable the configuration, or Cancel to keep it enabled.
Edit the SSO Configuration
To edit the existing SSO configuration:
-
Click .
-
Select Management from the Admin column.
-
Locate the SSO Config card.
-
Modify any of the fields as needed.
-
Click Test to verify proper login operation. Modify your specification and retest the configuration until it is working properly.
-
Click Update.