FireMon Asset Manager
Page tree

Versions Compared

Old Version 12

changes.mady.by.user user-05670

Saved on

compared with

New Version Current

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Lumeta Asset Manager can now provide/ exchange data with a BlueCat Address Manager (BAM) connected to a BlueCat Gateway . (BG) .

...

Prerequisite

A BlueCat Gateway server has already been installed at your workplace.

...

Process

  1. Configure the BlueCat Integration in Asset Manager
  2. Install the Asset Manager plug-in on the BlueCat gateway server
  3. Review the results on the BlueCat Management dashboard

About Integration

  1. Lumeta Asset Manager authenticates against the BlueCat Gateway (BC) BG and retrieves all results via this gateway.   Lumeta  Asset Manager does not communicate directly with the BlueCat Address Manager (BAM) server BAM server.
  2. Address blocks with /30 (for IPv4) and /32 are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
  3. Network blocks with /32 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined"   option has been selected and BAM does not already have an address block containing the IP address.

Importing Lumeta Workflow to BC Server

High Level Flow Design

  1. Lumeta will pull Asset Manager pulls list of networks from BAM
  2. For each configured network, Lumeta will call Asset Manager calls REST APIs against Gateway to retrieve list of IPv4 addresses and ingest it into external tableLumeta will perform analysis and identify devices for each selected zone (if asset mapping by zone is selected) and call Gateway . Those addresses are ingested into a managed primary table on Asset Manager called bluecat_managed_hosts
  3. Asset Manager analyzes the data and identifies devices in each selected zone (provided the Asset Mapping by Zone checkbox is selected).
  4. Asset Manager populates the BlueCat Management dashboard. 
  5. Asset Manager calls the BG API to create these devices in BAM under a selected configuration.

Logic to

...

Create Assets in BAM

Gateway Workflow API details:

PurposeAPIPayloadResponse
Gateway Authentication

https://172.18.1.123/rest_login

curl -v -H "Accept: application/json" -H 'Content-type: 
application/json'  -d@creds.json -k -X POST 'https://172.18.1.123/rest_login'
{

"username" : "gateway",
"password" : "admin"
}

{
"access_token": "BAMAuthToken: cdnGuMTU3Mjk5MDkyODI0OTpnYXRld2F5"
}

Get list of networks/configurations

lumetaAsset Manager/getnetworklist

curl -X GET \
  https://172.18.1.123/lumetaAsset Manager/getnetworklist \
  -H 'Accept: application/json' \
-H 'Auth: Basic  I6vp7MTU3Mjg4MjM2NzU5NjpnYXRld2F5'
None

[{"id":100880,"name":"Somerset","type":"Configuration","properties":null}]

Get list of devices
lumetaAsset Manager/getiplist \

It retrieves devices for all networks

curl -X GET \
  https://172.18.1.123/lumetaAsset Manager/getiplist \
  -H 'Accept: application/json' \
-H 'Auth: Basic  O2MsBMTU3Mjg4NTI2MDUwMDpnYXRld2F5' \
None

[{"config_id":100880,"config_name":"Somerset","id":100895,"ip_address":"172.18.1.1","properties":{"address":"172.18.1.1","locationCode":"US MOO","locationInherited":"true","state":"GATEWAY"}},{"config_id":100880,"config_name":"Somerset","id":100901,"ip_address":"172.18.1.37","properties":{"address":"172.18.1.37","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}},{"config_id":100880,"config_name":"Somerset","id":100902,"ip_address":"172.18.1.42","properties":{"address":"172.18.1.42","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}}]

Add list of devices
http://172.18.1.123/lumetaAsset Manager/addiplist
curl -X POST \
  http://172.18.1.123/lumetaAsset Manager/addiplist \
  -H 'Accept: application/json' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Authorization: Basic AFJ9RMTU3NDQ0NjEzMDY0NjpnYXRld2F5'

array of configuration with each configuration containing list of devices that need to be added

[{"config_name": "Somerset",
  "add_network_block": true,
  "deviceList": [
    {
      "ip": "10.28.1.14",
      "mac": "00:20:58:ae:05:a5",
      "family": "4"
    },
    {
      "ip": "10.28.1.39",
      "mac": "",
      "family": "4"
    }
    ]
},{
  "config_name": "Dallas",
  "add_network_block": true,
  "deviceList": [
    {
      "ip": "10.28.1.21",
      "mac": "00:20:59:ab:05:a5",
      "family": "4"
    },
    {
      "ip": "10.28.1.59",
      "mac": "",
      "family": "4"
    }
    ]
}
]

{
"Dallas": {
"added_ips": 0,
"dup_ips": 2
},
"Somerset": {
"added_ips": 0,
"dup_ips": 2
}
}

Implementation Details

UI

Configuration

Create configuration screen under Integrations for BlueCat - 

...

A new page will be created under Settings→Integration for BlueCat Integration

...

Configuration page will be added under "Other Solutions" and include below details

  • Feed Interval

  • Server IP/DNS name

  • User name

  • Password

  • Option to add unmanaged devices with no network block defined

...

Just like Qualys integration, when user enters credential for BlueCat server, an API call would be made to retrieve list of configurations. Configuration name would be displayed against zone where user can map a particular zone to a particular configuration. If a Zone is enabled, but no configuration name is selected, it would get devices for all the configurations

...

Add unmanaged devices with no network block defined

If selected, this option would create block and network for devices that are not in any of the existing blocks. If not selected, it would not create devices in BAM where there is no container block existing for this device

Select asset mapping by configuration

...

Option

...

Behavior

...

No zones are enabled

...

No assets will be pushed to BAM

...

One zone is enabled however, no configuration is selected under BlueCat Configuration Name

...

User has to select a configuration in order to push assets to BAM. No assets will be pushed to BAM

...

One zone and one configuration is selected

...

Lumeta would identify all ip addresses discovered under selected zone and add ip addresses under selected configuration

...

Wire frame for this configuration

Reporting:

  • New Dashboard "BlueCat Management" would be added under Dashboards→Integrations
  • This dashboard would contain standard integration widgets and would display deltas between both systems as well as what the systems have in common
    • IPs Unmanaged by BlueCat
    • IPs Unmanaged by Lumeta
    • BlueCat and Lumeta Managed IPs

CLI

...

API

    • Add feed class for BlueCat Integration
    • call REST API against gateway to get a list of devices
    • Ingest response into x15 table
    • Write queries to support dashboards
Create address on BlueCat

...

Data point that Lumeta has 

      • mac address
      • os
      • open ports
      • community string that the device responded on

Goals

  • Use API Integration to communicate with BlueCat address manager (IPAM) to share bi-directional support information:
    • network
    • device
    • etc...

Background and strategic fit

ManuLife has identified this integration as a business need.  Other customers have asked in the past, but we now have a point of contact to work with from BlueCat.

Server  - https://bluecat 

...

Assumptions

  • Customers will provide information as needed for the integration and build out detailed use case
  • Lumeta will have access to the credentials needed to communicate with the BlueCat server
  • The APIs available will return the data we are looking to surface

Requirements

...

Connect to the management serverUse Lumeta to retrieve information from the server via APIMust Have
  • Need to have proper credentials and achieve handshake

...

At log level "info" system should log successful poll or error message, time of poll,

At log level "debug: system should log successful poll or error message, time of poll, size of response in bytes

...

Standard implementation :

  • What Lumeta knows
  • What BlueCat knows
  • What both platforms are managing

...

Epic

...

KeySummaryTAssigneeStatusResolutionqa assignee

Loading...

...

Image Removed PDF

Milestones

...

SPIKE Requirements:

  1. Design Document
  2. Architecture Document
  3. Tasks / Tickets that have values less that 13 Points
  4. Review meeting with Engineering and QA

...

QA Review:

  1. Review All documentation and artifacts
  2. Prepare initial test plan

...

QA Meeting:

  • Attendees are Product Owner, Engineering and QA
  • Question and Answer session
  • Review Test Plan

...

User interaction and design

Questions

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcome