Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Lumeta can now provide/exchange data with a BlueCat Address Manager (BAM) connected to a BlueCat Gateway. (BG) 

Prerequisites

  • A BlueCat Gateway server has already been installed at your workplace.
  • You have set credentials and server information for this integration and clicked "Retrieve Configurations." This enables Lumeta to retrieve a list of configuration names and their IDs from BAM. 

About Integration

  1. Lumeta authenticates against the BlueCat Gateway (BC) and retrieves all results via this gateway.  Lumeta does not communicate directly with the BlueCat Address Manager (BAM) server 
  2. Address blocks with /30 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
  3. Network blocks with /32 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.

Importing Lumeta Workflow to BC Server

High Level Flow Design

  1. Lumeta will pull list of networks from BAM
  2. For each configured network, Lumeta will call REST APIs against Gateway to retrieve list of IPv4 addresses and ingest it into external table
  3. Lumeta will perform analysis and identify devices for each selected zone (if asset mapping by zone is selected) and call Gateway API to create these devices in BAM under selected configuration

Logic to create assets in BAM

Gateway Workflow API details:

PurposeAPIPayloadResponse
Gateway Authentication

https://172.18.1.123/rest_login

curl -v -H "Accept: application/json" -H 'Content-type: 
application/json' -d@creds.json -k -X POST 'https://172.18.1.123/rest_login'
{ 

"username" : "gateway",
"password" : "admin"
}

{
"access_token": "BAMAuthToken: cdnGuMTU3Mjk5MDkyODI0OTpnYXRld2F5"
}

Get list of networks/configurations

lumeta/getnetworklist

curl -X GET \
https://172.18.1.123/lumeta/getnetworklist \
  -H 'Accept: application/json' \
-H 'Auth: Basic  I6vp7MTU3Mjg4MjM2NzU5NjpnYXRld2F5'
None

[{"id":100880,"name":"Somerset","type":"Configuration","properties":null}]

Get list of devices
lumeta/getiplist \

It retrieves devices for all networks

curl -X GET \
https://172.18.1.123/lumeta/getiplist \
-H 'Accept: application/json' \
-H 'Auth: Basic  O2MsBMTU3Mjg4NTI2MDUwMDpnYXRld2F5' \
None

[{"config_id":100880,"config_name":"Somerset","id":100895,"ip_address":"172.18.1.1","properties":{"address":"172.18.1.1","locationCode":"US MOO","locationInherited":"true","state":"GATEWAY"}},{"config_id":100880,"config_name":"Somerset","id":100901,"ip_address":"172.18.1.37","properties":{"address":"172.18.1.37","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}},{"config_id":100880,"config_name":"Somerset","id":100902,"ip_address":"172.18.1.42","properties":{"address":"172.18.1.42","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}}]

Add list of devices
http://172.18.1.123/lumeta/addiplist
curl -X POST \
http://172.18.1.123/lumeta/addiplist \
-H 'Accept: application/json' \
-H 'Accept-Encoding: gzip, deflate' \
-H 'Authorization: Basic AFJ9RMTU3NDQ0NjEzMDY0NjpnYXRld2F5'

array of configuration with each configuration containing list of devices that need to be added

[{"config_name": "Somerset",
"add_network_block": true,
"deviceList": [
{
"ip": "10.28.1.14",
"mac": "00:20:58:ae:05:a5",
"family": "4"
},
{
"ip": "10.28.1.39",
"mac": "",
"family": "4"
}
]
},{
"config_name": "Dallas",
"add_network_block": true,
"deviceList": [
{
"ip": "10.28.1.21",
"mac": "00:20:59:ab:05:a5",
"family": "4"
},
{
"ip": "10.28.1.59",
"mac": "",
"family": "4"
}
]
}
]

{
"Dallas": {
"added_ips": 0,
"dup_ips": 2
},
"Somerset": {
"added_ips": 0,
"dup_ips": 2
}
}


Implementation Details

UI

Configuration

  • Create configuration screen under Integrations for BlueCat - 

    • A new page will be created under Settings→Integration for BlueCat Integration

    • Configuration page will be added under "Other Solutions" and include below details

      • Feed Interval

      • Server IP/DNS name

      • User name

      • Password

      • Option to add unmanaged devices with no network block defined

    • Just like Qualys integration, when user enters credential for BlueCat server, an API call would be made to retrieve list of configurations. Configuration name would be displayed against zone where user can map a particular zone to a particular configuration. If a Zone is enabled, but no configuration name is selected, it would get devices for all the configurations

    • Add unmanaged devices with no network block defined

      If selected, this option would create block and network for devices that are not in any of the existing blocks. If not selected, it would not create devices in BAM where there is no container block existing for this device

    • Select asset mapping by configuration

      Option

      Behavior

      No zones are enabled

      No assets will be pushed to BAM

      One zone is enabled however, no configuration is selected under BlueCat Configuration Name

      User has to select a configuration in order to push assets to BAM. No assets will be pushed to BAM

      One zone and one configuration is selected

      Lumeta would identify all ip addresses discovered under selected zone and add ip addresses under selected configuration

      Two zones and two configurations are selectedLumeta would identify all ip addresses discovered under selected zones and add ip addresses under selected configuration for the ip address that don't exist in selected configuration for that zone

    Wire frame for this configuration

Reporting:

  • New Dashboard "BlueCat Management" would be added under Dashboards→Integrations
  • This dashboard would contain standard integration widgets and would display deltas between both systems as well as what the systems have in common
    • IPs Unmanaged by BlueCat
    • IPs Unmanaged by Lumeta
    • BlueCat and Lumeta Managed IPs

CLI

    • Create configuration option to configure BlueCat

API

    • Add feed class for BlueCat Integration
    • call REST API against gateway to get a list of devices
    • Ingest response into x15 table
    • Write queries to support dashboards
Create address on BlueCat
AttributevalueData Point in LumetaNoteSample Value





Data point that Lumeta has 

      • mac address
      • os
      • open ports
      • community string that the device responded on

Goals

  • Use API Integration to communicate with BlueCat address manager (IPAM) to share bi-directional support information:
    • network
    • device
    • etc...

Background and strategic fit

ManuLife has identified this integration as a business need.  Other customers have asked in the past, but we now have a point of contact to work with from BlueCat.


Server  - https://bluecat 

admin/admin

Assumptions

  • Customers will provide information as needed for the integration and build out detailed use case
  • Lumeta will have access to the credentials needed to communicate with the BlueCat server
  • The APIs available will return the data we are looking to surface

Requirements


#TitleUser StoryImportanceNotes


Connect to the management serverUse Lumeta to retrieve information from the server via APIMust Have
  • Need to have proper credentials and achieve handshake
ConfigurationConfiguration will be implemented in Integrations section of the application. Must Have
Configuration screenThis screen will allow the user to input needed configuration values to connect to and poll the BlueCat management server (server, credentials, polling interval)Must Have
Configuration form input validationAll fields need to perform input validation to ensure proper input types.  Form fields need to be able to support input as required and allowed by BlueCat management server in terms of characters allowed/disallowed, string size limits, etc.Must Have
Connection Status UIVisual indicator showing connection status (connected / Disconnected).Must Have
Test Connection Status UIThere will be a "Test Configuration" button to verify connectivity on demand.  This button should return either a a positive result or the the best available error message to help the user trouble shoot the connection.Must Have
CLI configuration commandsBlueCat connection must be able to be configured, tested, and enabled via the CLIMust Have
DiscoveryUse the BlueCat API capability to retrieve information from the management station (network, device, interface)
May be possible Phase II effort
Logging

At log level "info" system should log successful poll or error message, time of poll,

At log level "debug: system should log successful poll or error message, time of poll, size of response in bytes

Must Have
DashboardNew dashboard will be created for this feature and added to the Integrations categoryMust Have
Widget

Standard implementation :

  • What Lumeta knows
  • What BlueCat knows
  • What both platforms are managing
Must Have


Data ManagementEach polled response, when not an error or empty response, will replace the previous existing set of devices/information.

Epic


LUM-662 - Getting issue details... STATUS



KeySummaryTAssigneeStatusResolutionqa assignee


Loading...

Refresh



PDF

Milestones

MilestoneDate CompleteNotes

SPIKE Requirements:

  1. Design Document
  2. Architecture Document
  3. Tasks / Tickets that have values less that 13 Points
  4. Review meeting with Engineering and QA


QA Review:

  1. Review All documentation and artifacts
  2. Prepare initial test plan


QA Meeting:

  • Attendees are Product Owner, Engineering and QA
  • Question and Answer session
  • Review Test Plan


Feature Demo for Product owner

User interaction and design


Questions

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcome




  • No labels