Lumeta can now provide/exchange data with a BlueCat Address Manager (BAM) connected to a BlueCat Gateway. (BG)
Prerequisites
- A BlueCat Gateway server has already been installed at your workplace.
- You have set credentials and server information for this integration and clicked "Retrieve Configurations." This enables Lumeta to retrieve a list of configuration names and their IDs from the BAM.
About Integration
- Lumeta authenticates against the BlueCat Gateway (BC) and retrieves all results via this gateway. Lumeta does not communicate directly with the BlueCat Address Manager (BAM) server
- Address blocks with /30 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
- Network blocks with /32 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
Importing Lumeta Workflow to BC Server
High Level Flow Design
- Lumeta will pull list of networks from BAM
- For each configured network, Lumeta will call REST APIs against Gateway to retrieve list of IPv4 addresses and ingest it into external table
- Lumeta will perform analysis and identify devices for each selected zone (if asset mapping by zone is selected) and call Gateway API to create these devices in BAM under selected configuration
Logic to create assets in BAM
Gateway Workflow API details:
Purpose | API | Payload | Response |
---|---|---|---|
Gateway Authentication | https://172.18.1.123/rest_login curl -v -H "Accept: application/json" -H 'Content-type: | { "username" : "gateway", | { |
Get list of networks/configurations | lumeta/getnetworklist curl -X GET \ -H 'Accept: application/json' \ -H 'Auth: Basic I6vp7MTU3Mjg4MjM2NzU5NjpnYXRld2F5' | None | [{"id":100880,"name":"Somerset","type":"Configuration","properties":null}] |
Get list of devices | lumeta/getiplist \ It retrieves devices for all networks curl -X GET \ -H 'Auth: Basic O2MsBMTU3Mjg4NTI2MDUwMDpnYXRld2F5' \ | None | [{"config_id":100880,"config_name":"Somerset","id":100895,"ip_address":"172.18.1.1","properties":{"address":"172.18.1.1","locationCode":"US MOO","locationInherited":"true","state":"GATEWAY"}},{"config_id":100880,"config_name":"Somerset","id":100901,"ip_address":"172.18.1.37","properties":{"address":"172.18.1.37","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}},{"config_id":100880,"config_name":"Somerset","id":100902,"ip_address":"172.18.1.42","properties":{"address":"172.18.1.42","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}}] |
Add list of devices | http://172.18.1.123/lumeta/addiplist curl -X POST \ | array of configuration with each configuration containing list of devices that need to be added [{"config_name": "Somerset", | { |
Implementation Details
UI
Configuration
Create configuration screen under Integrations for BlueCat -
A new page will be created under Settings→Integration for BlueCat Integration
Configuration page will be added under "Other Solutions" and include below details
Feed Interval
Server IP/DNS name
User name
Password
Option to add unmanaged devices with no network block defined
Just like Qualys integration, when user enters credential for BlueCat server, an API call would be made to retrieve list of configurations. Configuration name would be displayed against zone where user can map a particular zone to a particular configuration. If a Zone is enabled, but no configuration name is selected, it would get devices for all the configurations
Add unmanaged devices with no network block defined
If selected, this option would create block and network for devices that are not in any of the existing blocks. If not selected, it would not create devices in BAM where there is no container block existing for this device
Select asset mapping by configuration
Option
Behavior
No zones are enabled
No assets will be pushed to BAM
One zone is enabled however, no configuration is selected under BlueCat Configuration Name
User has to select a configuration in order to push assets to BAM. No assets will be pushed to BAM
One zone and one configuration is selected
Lumeta would identify all ip addresses discovered under selected zone and add ip addresses under selected configuration
Two zones and two configurations are selected Lumeta would identify all ip addresses discovered under selected zones and add ip addresses under selected configuration for the ip address that don't exist in selected configuration for that zone
Wire frame for this configuration
Reporting:
- New Dashboard "BlueCat Management" would be added under Dashboards→Integrations
- This dashboard would contain standard integration widgets and would display deltas between both systems as well as what the systems have in common
- IPs Unmanaged by BlueCat
- IPs Unmanaged by Lumeta
- BlueCat and Lumeta Managed IPs
CLI
- Create configuration option to configure BlueCat
- Create configuration option to configure BlueCat
API
- Add feed class for BlueCat Integration
- call REST API against gateway to get a list of devices
- Ingest response into x15 table
- Write queries to support dashboards
Create address on BlueCat
Attribute | value | Data Point in Lumeta | Note | Sample Value |
---|---|---|---|---|
Data point that Lumeta has
- mac address
- os
- open ports
- community string that the device responded on
Goals
- Use API Integration to communicate with BlueCat address manager (IPAM) to share bi-directional support information:
- network
- device
- etc...
Background and strategic fit
ManuLife has identified this integration as a business need. Other customers have asked in the past, but we now have a point of contact to work with from BlueCat.
Assumptions
- Customers will provide information as needed for the integration and build out detailed use case
- Lumeta will have access to the credentials needed to communicate with the BlueCat server
- The APIs available will return the data we are looking to surface
Requirements
# | Title | User Story | Importance | Notes |
---|
Connect to the management server | Use Lumeta to retrieve information from the server via API | Must Have |
|
Configuration | Configuration will be implemented in Integrations section of the application. | Must Have |
Configuration screen | This screen will allow the user to input needed configuration values to connect to and poll the BlueCat management server (server, credentials, polling interval) | Must Have |
Configuration form input validation | All fields need to perform input validation to ensure proper input types. Form fields need to be able to support input as required and allowed by BlueCat management server in terms of characters allowed/disallowed, string size limits, etc. | Must Have |
Connection Status UI | Visual indicator showing connection status (connected / Disconnected). | Must Have |
Test Connection Status UI | There will be a "Test Configuration" button to verify connectivity on demand. This button should return either a a positive result or the the best available error message to help the user trouble shoot the connection. | Must Have |
CLI configuration commands | BlueCat connection must be able to be configured, tested, and enabled via the CLI | Must Have |
Discovery | Use the BlueCat API capability to retrieve information from the management station (network, device, interface) | May be possible Phase II effort |
Logging | At log level "info" system should log successful poll or error message, time of poll, At log level "debug: system should log successful poll or error message, time of poll, size of response in bytes | Must Have |
Dashboard | New dashboard will be created for this feature and added to the Integrations category | Must Have |
Widget | Standard implementation :
| Must Have |
Data Management | Each polled response, when not an error or empty response, will replace the previous existing set of devices/information. |
Epic
- LUM-662Getting issue details... STATUS
Key | Summary | T | Assignee | Status | Resolution | qa assignee |
---|
Milestones
Milestone | Date Complete | Notes |
---|---|---|
SPIKE Requirements:
| ||
QA Review:
| ||
QA Meeting:
| ||
Feature Demo for Product owner |
User interaction and design
Questions
Below is a list of questions to be addressed as a result of this requirements document:
Question | Outcome |
---|---|