FireMon Asset Manager
Page tree

Versions Compared

Old Version 5

changes.mady.by.user user-05670

Saved on

compared with

New Version Current

changes.mady.by.user Dong Pak

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Lumeta Asset Manager can now communicate to Blue Cat exchange data with a BlueCat Address Manager (BAM) connect to a Blue Cat plug-in such that Assumptions

  • Gateway is installed at customer site
  • List of networks will be retrieved by directly calling API against BAM, however, list of devices will be retrieve by using Gatway APIs
  • User will first need to set credentials and server information for this integration before selecting option 'Asset mapping by zone'. This will enable Spectre to retrieve list of network names and IDs. 
  • No assets/ip addresses will be pushed to BAM or gateway as part of this integration

High Level Flow Design

...

connected to a BlueCat Gateway (BG).

Prerequisite

A BlueCat Gateway server has already been installed at your workplace.

Process

  1. Configure the BlueCat Integration in Asset Manager
  2. Install the Asset Manager plug-in on the BlueCat gateway server
  3. Review the results on the BlueCat Management dashboard. 

About Integration

  1. Asset Manager authenticates against the BG and retrieves all results via this gateway.  Asset Manager does not communicate directly with the BAM server.
  2. Address blocks with /30 (for IPv4) and /32 are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.
  3. Network blocks with /32 (for IPv4) are added to BAM when the "add unmanaged devices with no network block defined" option has been selected and BAM does not already have an address block containing the IP address.

High Level Flow Design

Image Added

  1. Asset Manager pulls list of networks from BAM
  2. For each configured network,

...

  1. Asset Manager calls REST APIs against Gateway to retrieve list of IPv4 addresses

...

  1. . Those addresses are ingested into a managed primary table on Asset Manager called bluecat_managed_hosts
  2. Asset Manager analyzes the data and identifies devices in each selected zone (provided the Asset Mapping by Zone checkbox is selected).
  3. Asset Manager populates the BlueCat Management dashboard. 
  4. Asset Manager calls the BG API to create these devices in BAM under a selected configuration.

Logic to Create Assets in BAM

Image Added

Gateway Workflow API details:

...

Image Removed PDF

Milestones

...

SPIKE Requirements:

  1. Design Document
  2. Architecture Document
  3. Tasks / Tickets that have values less that 13 Points
  4. Review meeting with Engineering and QA

...

QA Review:

  1. Review All documentation and artifacts
  2. Prepare initial test plan

...

QA Meeting:

  • Attendees are Product Owner, Engineering and QA
  • Question and Answer session
  • Review Test Plan

...

User interaction and design

Questions

Below is a list of questions to be addressed as a result of this requirements document:

QuestionOutcomehttpbluecat/Services/REST/v1/login?username=apiuser&password=apiuser

curl -k 'http://bluecat/Services/REST/v1/login?username=apiuser&password=apiuser'

Services/REST/v1/getEntities?parentId=0&type=Configuration&start=0&count=10

curl -X GET  'http://bluecat/Services/REST/v1/getEntities?parentId=0&type=Configuration&start=0&count=10'  -H 'authorization: BAMAuthToken: GkprMMTU3MTQyOTgzODMyMTphcGl1c2Vy' -H 'cache-control: no-cache' -H 'content-type: application/json
PurposeAPIPayloadResponse
Gateway Authentication

https://

None

"Session Token-> BAMAuthToken: B3Bm8MTU3MTQxMDY5MzkzNTphcGl1c2Vy <- for User : apiuser"

Get list of networks

172.18.1.123/rest_login

curl -v -H "Accept: application/json" -H 'Content-type: 
application/json'  -d@creds.json -k -X POST 'https://172.18.1.123/rest_login'
{

"username" : "gateway",
"password" : "admin"
}

{
"access_token": "BAMAuthToken: cdnGuMTU3Mjk5MDkyODI0OTpnYXRld2F5"
}

Get list of networks/configurations

Asset Manager/getnetworklist

curl -X GET \
  https://172.18.1.123/Asset Manager/getnetworklist \
  -H 'Accept: application/json' \
-H 'Auth: Basic  I6vp7MTU3Mjg4MjM2NzU5NjpnYXRld2F5'
None

[{"id":100880,"name":"Somerset","type":"Configuration","properties":null}]

Get list of devices

<Gateway end point>/REST/getDevices?name=<networkname>

If no name is given, it will retrieve 
Asset Manager/getiplist \

It retrieves devices for all networks

User Stories

...

API changes 

Implementation Details

UI

Configuration

  • Create configuration screen under Integrations for BlueCat - 
    • A new page will be created under Settings→Integration for BlueCat Integration
    • Configuration page will be added under "Other Solutions" and include below details
      • Feed Interval
      • Server IP/DNS name
      • User name
      • Password
      • Option to select mapping for network name to Zone
    • Just like Qualys integration, when user enters credential for BlueCat server, an API call would be made to retrieve list of networks. Network name would be displayed against zone where user can map a particular zone to a particular Network. If a Zone is enabled, but no network name is selected, it would get devices for all the networks
    Wire frame for this configuration
    Image Removed

Reporting:

  • New Dashboard "BlueCat Management" would be added under Dashboards→Integrations
  • This dashboard would contain standard integration widgets and would display deltas between both systems as well as what the systems have in common
    • IPs Unmanaged by BlueCat
    • IPs Unmanaged by Lumeta
    • BlueCat and Lumeta Managed IPs

CLI

...

API

    • Add feed class for Meraki Integration
    • call REST API against gateway to get a list of devices
    • Ingest response into x15 table
    • Write queries to support dashboards
Create address on BlueCat

...

Data point that Lumeta has 

      • mac address
      • os
      • open ports
      • community string that the device responded on

Questions

...

Goals

  • Use API Integration to communicate with BlueCat address manager (IPAM) to share bi-directional support information:
    • network
    • device
    • etc...

Background and strategic fit

ManuLife has identified this integration as a business need.  Other customers have asked in the past, but we now have a point of contact to work with from BlueCat.

Server  - https://bluecat 

...

Assumptions

  • Customers will provide information as needed for the integration and build out detailed use case
  • Lumeta will have access to the credentials needed to communicate with the BlueCat server
  • The APIs available will return the data we are looking to surface

Requirements

...

Connect to the management serverUse Lumeta to retrieve information from the server via APIMust Have
  • Need to have proper credentials and achieve handshake

...

At log level "info" system should log successful poll or error message, time of poll,

At log level "debug: system should log successful poll or error message, time of poll, size of response in bytes

...

Standard implementation :

  • What Lumeta knows
  • What BlueCat knows
  • What both platforms are managing

...

Epic

...

KeySummaryTAssigneeStatusResolutionqa assignee

Loading...

...

curl -X GET \
  https://172.18.1.123/Asset Manager/getiplist \
  -H 'Accept: application/json' \
-H 'Auth: Basic  O2MsBMTU3Mjg4NTI2MDUwMDpnYXRld2F5' \
None

[{"config_id":100880,"config_name":"Somerset","id":100895,"ip_address":"172.18.1.1","properties":{"address":"172.18.1.1","locationCode":"US MOO","locationInherited":"true","state":"GATEWAY"}},{"config_id":100880,"config_name":"Somerset","id":100901,"ip_address":"172.18.1.37","properties":{"address":"172.18.1.37","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}},{"config_id":100880,"config_name":"Somerset","id":100902,"ip_address":"172.18.1.42","properties":{"address":"172.18.1.42","locationCode":"US MOO","locationInherited":"true","state":"STATIC"}}]

Add list of devices
http://172.18.1.123/Asset Manager/addiplist
curl -X POST \
  http://172.18.1.123/Asset Manager/addiplist \
  -H 'Accept: application/json' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Authorization: Basic AFJ9RMTU3NDQ0NjEzMDY0NjpnYXRld2F5'

array of configuration with each configuration containing list of devices that need to be added

[{"config_name": "Somerset",
  "add_network_block": true,
  "deviceList": [
    {
      "ip": "10.28.1.14",
      "mac": "00:20:58:ae:05:a5",
      "family": "4"
    },
    {
      "ip": "10.28.1.39",
      "mac": "",
      "family": "4"
    }
    ]
},{
  "config_name": "Dallas",
  "add_network_block": true,
  "deviceList": [
    {
      "ip": "10.28.1.21",
      "mac": "00:20:59:ab:05:a5",
      "family": "4"
    },
    {
      "ip": "10.28.1.59",
      "mac": "",
      "family": "4"
    }
    ]
}
]

{
"Dallas": {
"added_ips": 0,
"dup_ips": 2
},
"Somerset": {
"added_ips": 0,
"dup_ips": 2
}
}