Lumeta can now provide/exchange data with a BlueCat Address Manager (BAM) connected to a BlueCat Gateway. (BG)
Prerequisites
- A BlueCat Gateway server has already been installed at your workplace.
- You have set credentials and server information for this integration and clicked "Retrieve Configurations." This enables Lumeta to retrieve a list of configuration names and their IDs <from where . . . BG?>.
About Integration
- Lumeta authenticates against the BlueCat Gateway (BC) and retrieves all results via this gateway. Lumeta does not communicate directly with the BlueCat Address Manager (BAM) server
- Address blocks with /30 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
- Network blocks with /32 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
High Level Flow Design
- Lumeta will pull list of networks from BAM
- For each configured network, Lumeta will call REST APIs against Gateway to retrieve list of IPv4 addresses and ingest it into external table
API details:
Purpose | API | Payload | Response |
---|---|---|---|
Authentication | http://bluecat/Services/REST/v1/login?username=apiuser&password=apiuser curl -k 'http://bluecat/Services/REST/v1/login?username=apiuser&password=apiuser' | None | "Session Token-> BAMAuthToken: B3Bm8MTU3MTQxMDY5MzkzNTphcGl1c2Vy <- for User : apiuser" |
Get list of networks | Services/REST/v1/getEntities?parentId=0&type=Configuration&start=0&count=10 curl -X GET 'http://bluecat/Services/REST/v1/getEntities?parentId=0&type=Configuration&start=0&count=10' -H 'authorization: BAMAuthToken: GkprMMTU3MTQyOTgzODMyMTphcGl1c2Vy' -H 'cache-control: no-cache' -H 'content-type: application/json' | None | [{"id":100880,"name":"Somerset","type":"Configuration","properties":null}] |
Get list of devices | <Gateway end point>/REST/getDevices?name=<networkname> If no name is given, it will retrieve devices for all networks | ||
User Stories
- We need to create configuration page similar to Qualys. When user enters BlueCat server credentials, Lumeta will make API call to get a list of networks and display in the list next to zone name. User can then select zone mapping for network and save it
API changes
Implementation Details
UI
Configuration
- Create configuration screen under Integrations for BlueCat -
- A new page will be created under Settings→Integration for BlueCat Integration
- Configuration page will be added under "Other Solutions" and include below details
- Feed Interval
- Server IP/DNS name
- User name
- Password
- Option to select mapping for network name to Zone
- Just like Qualys integration, when user enters credential for BlueCat server, an API call would be made to retrieve list of networks. Network name would be displayed against zone where user can map a particular zone to a particular Network. If a Zone is enabled, but no network name is selected, it would get devices for all the networks
Reporting:
- New Dashboard "BlueCat Management" would be added under Dashboards→Integrations
- This dashboard would contain standard integration widgets and would display deltas between both systems as well as what the systems have in common
- IPs Unmanaged by BlueCat
- IPs Unmanaged by Lumeta
- BlueCat and Lumeta Managed IPs
CLI
- Create configuration option to configure BlueCat
- Create configuration option to configure BlueCat
API
- Add feed class for Meraki Integration
- call REST API against gateway to get a list of devices
- Ingest response into x15 table
- Write queries to support dashboards
Create address on BlueCat
Attribute | value | Data Point in Lumeta | Note | Sample Value |
---|---|---|---|---|
Data point that Lumeta has
- mac address
- os
- open ports
- community string that the device responded on
Questions
Question | |||
---|---|---|---|
We plan on using getIP4Address API to get list of ipv4 addresses that BlueCat is aware of. If we use object ID of individual block, we do get ip addresses for that address block, however most of our deployments would have a list of networks and within each network they would have different address blocks. We would like to know the standard flow to use this API. Do we first get a list of network container Ids (We would need a REST call to get it), then get a list of address block container IDs and then use this API against those container Ids? | |||
an API that would return a list of all address blocks across all the networks. We can iterate through this list and make a REST call for each of these object IDs to get a complete list of IPv4 addresses | |||
an API that would return a list of all networks. We will need another API to iterate through these list of networks and get all blocks within these networks. Finally we can make a REST call for each of these object IDs to get a complete list of IPv4 addresses | |||
Goals
- Use API Integration to communicate with BlueCat address manager (IPAM) to share bi-directional support information:
- network
- device
- etc...
Background and strategic fit
ManuLife has identified this integration as a business need. Other customers have asked in the past, but we now have a point of contact to work with from BlueCat.
Assumptions
- Customers will provide information as needed for the integration and build out detailed use case
- Lumeta will have access to the credentials needed to communicate with the BlueCat server
- The APIs available will return the data we are looking to surface
Requirements
# | Title | User Story | Importance | Notes |
---|
Connect to the management server | Use Lumeta to retrieve information from the server via API | Must Have |
|
Configuration | Configuration will be implemented in Integrations section of the application. | Must Have |
Configuration screen | This screen will allow the user to input needed configuration values to connect to and poll the BlueCat management server (server, credentials, polling interval) | Must Have |
Configuration form input validation | All fields need to perform input validation to ensure proper input types. Form fields need to be able to support input as required and allowed by BlueCat management server in terms of characters allowed/disallowed, string size limits, etc. | Must Have |
Connection Status UI | Visual indicator showing connection status (connected / Disconnected). | Must Have |
Test Connection Status UI | There will be a "Test Configuration" button to verify connectivity on demand. This button should return either a a positive result or the the best available error message to help the user trouble shoot the connection. | Must Have |
CLI configuration commands | BlueCat connection must be able to be configured, tested, and enabled via the CLI | Must Have |
Discovery | Use the BlueCat API capability to retrieve information from the management station (network, device, interface) | May be possible Phase II effort |
Logging | At log level "info" system should log successful poll or error message, time of poll, At log level "debug: system should log successful poll or error message, time of poll, size of response in bytes | Must Have |
Dashboard | New dashboard will be created for this feature and added to the Integrations category | Must Have |
Widget | Standard implementation :
| Must Have |
Data Management | Each polled response, when not an error or empty response, will replace the previous existing set of devices/information. |
Epic
- LUM-662Getting issue details... STATUS
Key | Summary | T | Assignee | Status | Resolution | qa assignee |
---|
Milestones
Milestone | Date Complete | Notes |
---|---|---|
SPIKE Requirements:
| ||
QA Review:
| ||
QA Meeting:
| ||
Feature Demo for Product owner |
User interaction and design
Questions
Below is a list of questions to be addressed as a result of this requirements document:
Question | Outcome |
---|---|