netbrain setup & maintenance

NetBrain Technologies

15 Network Drive

Burlington, MA 01803

+1 800.605.7964

[email protected]

www.netbraintech.com


15 Network Drive


NetBrain Setup & MaintenanceNB110

2 | © Copyright NetBrain®

Course Agenda

o Class Part I: System Management

» Users and Roles

» LDAP/AD and TACACs authentication

» API Plug-ins

» Task Manager

» Class Part II: Tenant Management

» MVS

» Platform Management

» GDR

o Class Part III: Domain Management

» Discovery and Device Manager

» MPLS Cloud Objects

» System Benchmarks

» Site Manager

» Class IV: Domain Maintenance

» Tuning

» Removing Devices


IE 8.0 System Management

System

Tenant1 Tenant2 Tenant(n)

Domain1 Domain2 Domain(n)

Domain Admin• Share Policy (assign roles and privileges)

• Create Domain (discover/network settings/tune…)

• Schedule Tasks

• Site Management

• Topology Management

• System options

Tenant Admin• Enable or disable the privilege of creating domains

• Domain Management

• MVS Configuration

• Misc Configuration

• Others (GDR data/API server/interface type)

System Admin• User Management (add/delete/external authentication…)

• Tenant Management (add/delete/assign users/set tenant admin…)

• License Management

• Others (Email Settings/API Adapters/Task Manager)

• Front Server Controller/Front Server Management


Three-Tier System Architecture


o NetBrain Integrated Edition 8.0 is deployed in a completely new BS (Browser/Server) architecture:

» Apply distributed computing technologies with horizontal scalability and high availability.

» Support large network (refer to System Requirements for more details).

» Browser-based Thin Client, easy to use and collaborate.

» Store data at server-end to ensure data accuracy and up-to-date.

System Architecture

https://www.netbraintech.com/docs/ie80/help/index.html?system-requirement.htm


System Security

o Data Security

» Encryption Algorithm – 3DES, AES, RSA, etc.

» Encryption Data – Network Settings, Device Settings, User Passwords, etc.

» Data Security – adopts MongoDB replica set technology to ensure data will not be lost or damaged

o Authentication Security – adopts OAuth 2.0 protocol to make sure that each API call is secure

o Communication Security – the communication between every two components is secureSource Destination Protocol and Port Number

1)

Thin ClientService Monitor Agent

Web ServerWeb API Server

HTTP/HTTPS (80/443)

Web API ServerWorker ServerTask EngineFront Server Controller

MongoDBLicense AgentElasticsearchRabbitMQ

TCP 27017TCP 27654TCP 9200TCP 5672

Web API ServerWorker ServerFront Server Controller

Redis TCP 6379 (non-ssl)TCP 7000 (ssl)

Worker ServerTask EngineFront Server

Front Server Controller TCP 9095

Web Server Knowledge Cloud Domain (https://knowledgecloud.netbraintech.com/) HTTP/HTTPS (80/443)

Front Server Live Network ICMP/SNMP/Telnet/SSH/REST API

Front Server Ansible Agent TCP 50051

Full Details: https://www.netbraintech.com/docs/ie80/help/index.html?system-requirement.htm

https://knowledgecloud.netbraintech.com/

https://www.netbraintech.com/docs/ie80/help/index.html?system-requirement.htm


15 Network Drive


+1 800.605.7964

[email protected]



15 Network Drive


System Management


Where to Start

o Point your browser to the domain of the Web Server and select Administrator Login

» Login as a user with System Admin user privileges


Activate License

o Go to the License tab and click Activate to activate your license.

o After you activate your license successfully, you can check the license information on this page, including license ID, license type, license validity, node count and seat count.


System Management Overview

o Home: Current active users and usage reports

o License: View licensing details

o Tenants: Create and edit tenant details (node side, server locations, user tenant access and roles)

o User Accounts: All user administration including roles, external Authentication and Password Policies

o Front Server Controllers: Manage/add/remove Front Server Controllers and Front Servers

o Email Settings: Email server settings for all generated emails from the system, and auto-approve domains

o Advanced Settings: Set global session timeout, Audit Log, Login Banner and manage KVAP

o Resource Update: Manage resource update settings and schedule

o Task Manager: End-user and Scheduled task status and control

o API Adapters: Manage API code to enable 3rd party integration

o Script Manager: Manage Built-in and user added scripts for plugins

o Deployment Status: View currently deployment type (Standalone, HA, DR)

o Service Monitor: Open NetBrain Service Monitor


Front Server Controller

o Front Server Controllers co-ordinate and communicate with the Front Servers in NetBrain

o Front Server Controllers are allocated per NetBrain instance and support an Active/Standby group


Front Server Controller

o The Front Server Controller can either be standalone or part of failover group

o Only a single Front Server Controller will be active at a time

o To register a Front Server Controller:

» Select Deployment Mode

» Enter Front Server Controller’s desired name

» Enter IP address

» Select Port (only change if you changed it during the installation)

» Enter username/password created during installation

» Select SSL Settings if configured

» Select Tenant(s) to register FSC with

» Select Test to verify and OK to save

13 | NetBrain® Integrated Edition 7.0

Adding Front Servers

o The Front Server package is available for both Windows Server and Linux

o Front Servers are added at the Tenant level and can only be associated with a single tenant

o Front Servers can be standalone or added to a Front Server Group for load balancing

o To add a Front Server:

» Add a New Front Server to the desired Tenant

» Create a Front Server ID and Authentication Key

» Select/Create a Front Server Group if desired

» On the Front Server, register the Front Server to the Front Server Controller(s)

o Once added Front Servers should show as Connected when the page is refreshed


Service Monitor

o NetBrain Service Monitor provides a portal for administrators to observe the health of deployed Windows and Linux servers, with operations management of related services

o It collects various types of metrics data from these deployed servers and visualizes them in tables or line charts

o Use either external authentication system management users or default admin/admin account

o The Service Monitor Agent must be installed on all NetBrain servers that you want to monitor

o Service Monitor Agent must have HTTP/HTTPS access to the NetBrain Web Server in order to report in


Service Monitor Dashboard

o The main page provides and overview dashboard of the NetBrain instance including:

» Database size and historical size

» Elasticsearch Index Size and historical size

» Count of currently active web connections

» List of NetBrain Servers and status of associated services

» OS version

» CPU and Memory Utilization


Service Monitor Server Metrics

o Each Server has individual metrics for each service running

o Select the Server Hostname from the dashboard to open the detailed reports

o Refer to https://www.netbraintech.com/docs/ie80/help/index.html?monitored-services-and-metrics.htm for a list of all metrics collected

https://www.netbraintech.com/docs/ie80/help/index.html?monitored-services-and-metrics.htm


Service Monitor MongoDB Disk Alerts

o MongoDB Disk alerts can be configured through the Service Monitor

o These alerts depend on the E-Mail Server Settings being configured at the System level

o It is highly recommended to enable these alerts to prevent any issues due to disk utilization reaching 100%


Service Monitor Log Collection

o Service Monitor can help to collect support logs from multiple servers

o Select the Server, Component Type and date range to display and collect logs


Add a Local User Account

o Click the User Accounts page

o Verify roles meet the needs of the user

o Click + Add and complete information


Adding a New Role

o Create and edit Roles to set granular permissions in the Roles Tab

» Click + Add

» Select the desired privileges for this role

https://www.netbraintech.com/docs/ie80/help/index.html?roles-and-privileges.htm

https://www.netbraintech.com/docs/ie80/help/index.html?roles-and-privileges.htm


External Authentication

o NetBrain can authenticate users using external LDAP/AD, TACACS+ or SSO in addition to local users

» Enable External Authentication and select the type (LDAP/AD, TACACS+, SSO)

» Fill in the appropriate Authentication source details

o Synchronize users from external sources under the User Tab

» This is not required for users to login

o Note:

» TACACS+/SSO assigns all users to the same Role

» LDAP/AD groups can be assigned to match NetBrain roles


External Authentication AD/LDAP

Assigning Roles to AD/LDAP Groups:

1. Enable the external authentication and connect to your server in the system

2. Select the groups you would like add to NetBrain

3. Click Next


External Authentication AD/LDAP

4. For each group added to NetBrain, assign Tenant and Domain Access as well as the Role for group for each Domain they will have access to

5. Save and confirm your AD credentials

Selecting “Apply this setting to existing users” will apply the Tenant/Domain access to any users that have already been synchronized to NetBrain


External Authentication Management

» Synchronize user list with external servers.

» For LDAP/AD authentication, click Synchronize With LDAP/AD Server to import users from LDAP/AD server to the system.

For TACACS+ authentication, users can only be added to the user list after they log in to the system.

o The Initial Tenant Access options you select when configuring external authentication are shown in the existing user

list. And the accessible tenants for each user can be configured.

o If existing users have the same name with external users, they will be overwritten by the external users, except

admin.


External Authentication SSO

o The system supports Security Assertion Markup Language (SAML) 2.0 based SSO and integrates with federation servers or individual identity providers to share session information across different security domains.

o SAML SSO works by transfer the user’s identity through an exchange of digitally signed XML documents.

o For more details see: https://www.netbraintech.com/docs/ie80/help/index.html?sso-authentication.htm

https://www.netbraintech.com/docs/ie80/help/index.html?sso-authentication.htm


The Task Manager

o View the status and end the process for end-user and scheduled tasks


KVAP - KeyVault Administration Passphrase

o KVAP (KeyVault Administration Passphrase) is used to authorize admin to initialize and manage the system KeyVault with a passphrase. KVAP is configured during the installation of Web API Server, Worker Server and Front Server Controller, and requires the access to the KeyStore (a repository in MongoDB to store and manage all encryption keys to enhance data security).

o Once configured, KVAP is required for validation when you perform Key Vault administration tasks, such as configuring key rotation or adding new servers to scale the system.


Knowledge Cloud

o Knowledge Cloud is a centralized resource base housing various types of regular/customized NetBrain resources

o Resources include:

» Qapp/Gapp» Runbook Template/Data View Template» Parser Library» Driver/Device Type/Vendor Model Table» Device Icon/Image/Media Type/Topology Link Type (IPv4, IPv6, etc.)» GDR Properties» Tech Spec/Schema/Visual Space» API Adapter» Platform Plugin» SPOG URL» Device Group» Global Python Scripts (including Path Scripts)» Variable Mapping/Global Variable» Golden Baseline Dynamic Analysis Logic


Knowledge Cloud

Auto-updating resources via Knowledge Cloud is aiming to provide support for the following scenarios:

1. Auto update varieties of resources (including DVT, Runbook, Platform Plugin, New Tech, Device Type, Driver, etc.) that apply to user’s specific IE version constantly.

2. Auto update patches for built-in resources. Customized resources (Driver/Path Scripts/Platform Plugin) that are dedicated to customers’ specific usage can be reapplied automatically after the system upgrade.

3. Auto update customized resources (DVT, Runbook) according to the request.


15 Network Drive


+1 800.605.7964

[email protected]



15 Network Drive


Tenant Management


Tenant Management Overview

o User Authorization: Enable domain creation inside the tenant for users

o Domain List: Details for each domain inside the tenant

o Multi-Vendor Support: Manage device types, drivers, and vendor models

o Misc Configuration: Manage OUI Information and Protocol Port definitions

o GDR Data Configuration: Manage Global Data Repository attributes in the NetBrain DB

o API Manager: Manage API configuration (Usernames, Endpoint)

o Interface Type: Add new interface types and meta data used for topology

o Platform Management: Manage data models, views and visual spaces for the Tenant

o Topology Link Style: Customize the visuals of topology links

o Advanced Settings: Upload Visio Templates


o Associates the SNMP sysobjectID with a driver facilitating deep discovery

» Add a vendor model to NetBrain when a new model of a device is released by a vendor

» Drivers and Device Types are typically managed by NetBrain

» Note: Set Device Type to expose the Drivers available

» Model, CPU and Memory OID are optional

Multi-Vendor Support


GDR Data Configuration

o Create new fields in the NetBrain database, and set how and when they are used

» Qapps can be written to maintain the data in these new custom fields

» Fields can be limited to specific device types


15 Network Drive


+1 800.605.7964

[email protected]



15 Network Drive


Domain Management

o Discover: Enter all credentials required to perform a discovery, and start on-demand discovery tasks

o Domain Manager: Review discovery results and create cloud objects

o Schedule Task: Manage scheduled tasks like Discovery and Benchmarking

o Site Manager: Build the site hierarchy used for mapping and report filtering

o Share Policy: Configure cross-domain privileges to users

» Supports different roles in each domain if needed

Domain Management


Where to Start

o Login as an end-user

o Click the Domain name in the “bar” and then Manage Domain

» This option will only be available for users with the proper permissions


Domain Management – Login and User Interface

o If you have the role of domain administrator, you can access to the Domain Management

page from the quick access toolbar.

o Live network settings include username/password pairs, enable passwords, SNMP RO strings, Jumpboxes and Network Servers.

Live Network Settings

» Username/password pairs and enable passwords are used to Telnet or SSH into devices and retrieve live data

» SNMP RO strings are used to access devices via SNMP

» NetBrain also supports telnet/SSH to the devices via a Jumpbox


Discovery

o Enter Credentials, Discovery Options, and start an on-demand discovery


Discovery Process

o If 10.10.10.10/23 is input, it will be taken as 10.10.10.10 to discover devices.

o The supported file formats for importing IP list are .txt, .csv and .xls.

o Discovery depths only control the depths of the discovery via seed router. After the discovery via seed router, the system will scan the discovered devices to continue to discover new devices (even though the discovery depth is set as 0).

o After the discovery is finished, the system will automatically build IPv4 L3 topology for all devices, update BGP MPLS cloud list and rebuild sites (excluding device groups). The rebuilding IPv4 L3 topology process is triggered only when there are new devices discovered.

o One user can only execute one discovery task in one domain. But multiple discovery tasks can be scheduled, and the task count is not limited.

o When the discovered node count reaches the maximum value, the discovery will still continue. But the devices discovered later will not be added into your domain, except the devices that do not occupy nodes.

o Discovery Methods: select all in most cases.

o Discovery Depth: define how deep you want to discover (starting from the seed devices, how many layers/hops of neighbors to try)

o Scan subnets after discovery via seed devices is done

» Scan destination subnets: the destination subnets in the route table

» Scan all connected subnets: the subnet directly connected to the device interfaces

» This can be really time consuming if the subnet includes a large number of IP addresses. You can define the minimum mask to narrow it down. For example, 30

o Define Do-NOT-Scan IP or device types such as IP phones

Live Discovery Options: Discovery Process


Discovery Process Overview and Comparison

Seed Discovery

» Ping Seed Device(s)

» Pull SNMP sysobjectID from reachable addresses

o Check do-not-scan

o Look up in the vendor table and determine driver to collect data

» Collect configuration through CLI

» Collect routing table and neighbor discovery data

o Add discovered neighbors to discovery table

» Loop to step 1 using de-duped discovery table until max depth reached

» Follow Scan IP Range process with all discovered subnets and routing prefixes (if enabled)

Scan IP Range

» Ping all devices in the range

» Pull SNMP sysobjectID from all reachable addresses

o Check do-not-scan

o Look up in the vendor table and determine driver to collect data

» Collect configuration through CLI

» Collect routing table

» Stop

NetBrain IP Range Discovery Process

Start Ping Address

SNMP Access

Response?

End

Credentials Associated

Success?

CLI(Default Driver)

Data Pull

sysObjectID String

CLI(Indicated Driver)

String Associated

Config File

Success? L3 Topology

Yes No

Yes

No

No

Yes

1

– This check may be disabled

NetBrain Seed Discovery Process

Start Ping Address

Neighbor Address Table

Discovery Depth Reached?

Response

SNMP Access?

End

Success?

CLI(Default Driver)

Success?

Data PullString Associated

sysObjectID String Routing Neighbors Config File

CLI(Indicated Driver

L3 Topology

Credentials Associated

Data Pull

NDP Neighbors

Routing Table

Recalculate Neighbor Table

Yes

No

Yes

No

No

Yes Yes

Yes

1

– This check may be disabled


Create Domain – Discovery Results

o Supports to view result of last discovery, including discovery report.

o Supports to view execution log of the last/current discovery.


Domain Manager

o View devices known to the domain, how they were discovery, and discovery issues

» Automatically groups to assist with correcting any discovery issues

» Rediscover device directly from the Domain Manager


Resolve Domain Manager Issues

o Domain Manager organizes discovery results

» Unknown IPs - are typically incorrect password/SNMP community-related issues

» Discovered by SNMP - are typically due to incorrect password/SNMP or ACLs blocking CLI access

» Unknown SNMP SysObjectID - requires an update to the Vendor Model Table to associate a proper driver

» Unclassified Network Devices - the devices whose types are not supported, or not recognized due to unknown sysObjectIDs.

o Right-click and click Discover Selected IPs to launch rediscovery

» Auto-populates the Scan IP Range.

» Adjust your Shared Settings and start discovery

» See more details on Domain Management here:

» https://www.netbraintech.com/docs/ie80/help/index.html?building-domain.htm

https://www.netbraintech.com/docs/ie80/help/index.html?building-domain.htm

o Missed Devices in the Discovery benchmark are listed in the Domain Manager

o There may be a reachability issue with the device (do not automatically remove)

o If the device has been decommissioned, it should be removed from the Workspace to free-up node licenses

Domain Manager Missed Devices


Domain Manager – MPLS Cloud Creation

o Used to enable A-B path across a Vendor supplied MPLS network

» Statically define Interface and Protocol used

» Dynamically define based on remote ASN and VRF name (optional)


Internet Cloud

o Internet Cloud refers to the Internet Connection that the boundary device connects to

o With the Internet Cloud, you can view the path between the Internet and boundary device on a map

o Add an Internet Cloud for each ISP and assign the proper interface on the edge router to the cloud


Share Policy

o Assign domain access to the users in the tenant, including domain access and user rights.

o There are two alternative ways to assign user rights, by role or by specific privilege. It is supported to select multiple roles or privileges for one user.


Share Policy

o One user can manage more than one domain with different roles. For example, a user may be a Power User in domain A and an Engineer in domain B.

o Both System admin and tenant admin have the domain admin rights by default. And their privileges cannot be changed.

o Domain admin cannot change the domain privileges for himself/herself.

o If you select multiple users including the ones whose privileges cannot be changed (such as system admin, tenant admin and domain admin), the privilege assignment is only applied to the users whose permissions can be changed.

o What is a Benchmark

» Benchmark process collects live data for all network devices in the workspace.

» Baseline data is updated as well as the network model.

o What data is benchmarked?

» Configuration files

» Route tables

» L2 data, ARP/CDP/MAC tables

» STP table

» Inventory data of device/module/interface

» NCT tables: procedures to retrieve and parse any show commands

o Why benchmark?

» Benchmarked data is used to build/update the network model.

» Benchmarked data is used in comparison analysis to find data changes.

» Update maps automatically.

System Benchmark

In the Schedule Task tab, select the Enable check box for the Basic System Benchmark entry

o Basic System Benchmark - regularly collects live data as baselines to build topology, calculate paths, recalculate device groups, sites, and MPLS Virtual Route Tables

o Scheduled System Discovery - discovers new devices in your network and adds them to your domain automatically

Scheduling Basic System Benchmark Task


Schedule Benchmark Task

o Frequency: Date, Time, and reoccurrence settings

o Device Scope: Limit the devices by Type, Group or Site

o Retrieve Live Data: Collect required data for historical A-B Path, Compare Functions, and update baselines

o CLI Commands: Add custom CLI commands to be used for historical comparison

o Additional Operations after Benchmark:

» Update Topology, Sites, Device Groups, MPLS Virtual Tables, and Data Views

» Run Qapps to create custom data views and reports

o Plugins

» Plugins allow customization of the benchmark process at various execution points

o Click Basic System Benchmark and specify the execution frequency for the task in the Frequency tab

o You can also view or change the settings predefined in the other tabs of the workflow

Schedule Benchmark Task Continued


Schedule Task: Discovery Task

o Frequency: Date, Time, and reoccurrence settings

o Network Settings: Set network access attributes (Passwords, Proxy Servers, SNMP Strings)

o Discovery Seed: Set which devices are used to start discovery (Discovered Devices, New Seed Device, List)

o Discovery tasks can be scheduled regularly to discover new devices from live network and automatically add the newly discovered devices into your domain. By default, the task will take all devices in your current domain as seed devices to expand the discovery. You need to enable the task, schedule the execution time and configure the proxies and credentials as follows.

» Click Schedule Task on the Start Page or select Operations > Schedule Task from the quick access toolbar

» In the Schedule Task tab, select the Enable check box for the Scheduled System Discovery entry

» Click Scheduled System Discovery. Then edit the discovery task by following the workflow

Scheduling System Discovery Task

o Schedule Data View Template/Parser

» Visualize the values of concerned parser variables in a data view template, you can schedule a Data View Template/Parser task to retrieve and parse network data on a regular basis

o Schedule Qapp

» Flexibly schedule Qapp/Gapp execution against the area where network issues previously occurred, and leave it unattended for continuous monitoring

o Schedule Plugin

» A set of Python scripts that can be executed in the system for data acquisition, update, and revision. Can be scheduled independently of the benchmark

Additional Scheduled Tasks

https://www.netbraintech.com/docs/ie80/help/qapp_group.htm

o The Plugin function aims to correct or fix up the inaccurate data and topology model calculated by the system.

o A Plugin is essentially a set of Python scripts that can be executed in the system for data acquisition, update, and revision.

o Plugins can be used to:

o Complete the underlying data of NetBrain

o Correct and Complement the Data to Calculate the Topology

o Manage and Operate Underlying System Data in an automated fashion

Plugins


Site Manager

o Builds a logical grouping of devices to be used as device scopes, asset filters, maps and topology views

» Container Site: Site folders used to build hierarchy and can include other Container Sites or Leaf Sites

» Leaf Site: Contains Static or Dynamic definitions for devices


Configuration - Site Management Privilege

o The user role determines whether a user can manage sites in a domain or remove devices from a domain.

o Revelated privileges:

o Site Management – the privilege to manage site.

o Device Management - the privilege to remove devices from a domain.

o The users without the site management privilege can view site architecture, overview map, and site map in the Site pane.


o Site Overview Map» Shows the overall network architecture of your domain. It has the following two views:

o Hierarchy View - Hierarchy View illustrates the parent-child relationships of all sites

o Topology View - Topology View illustrates the topology of all leaf sites

Site Overview Map

Hierarchical View

Topology View


Site Map

o Site Map» A shared map visible to all users in this domain. It has the following two types:

o Container Site Map - Illustrates how the sites under a container site are connected, including L3 page (default page) and neighbor page

o Leaf Site Map - Shows the topology of devices and sites under a leaf site, including L3 page (default page), L2 page, and neighbor page

Container Site

Leaf Site

Container Site Map Leaf Site Map


Configuration - Site Manager

o By default, only Domain Admin and Power User can add, edit, delete, import, or export a site in the site manager on the domain management page.

o Two ways to add devices into a site:

o Click Add to select devices manually.

o Dynamically search for devices by setting conditions and Boolean expression.

o You can also click Exclude to exclude some devices from the site.

o Click Site Manager on the Start Page or select Operations > Site Manager from the quick access toolbar

o In the Site Manager, move your mouse pointer over the My Network root node in the site tree and click Add Site > Add Container Site

Adding a Container Site

o Click Site Manager on the Start Page or select Operations > Site Manager from the quick access toolbar

o In the Site Manager, move your mouse pointer over the container site in the site tree and click Add Site > Add Leaf Site at the lower area

o On the Site Definition tab, enter the leaf site name and click Site Properties to set the site properties

o Add devices into the leaf site. The devices contained in a leaf site can be viewed under the Site Member tab

» Manually Add: Click Add and pick out devices from a device group, a site, or a device type group

» Dynamic Search: Specify search criteria and a boolean expression and click Search. See Dynamic Search for more details

o Tip: A device only can belong to one leaf site. When you add a device that has already been assigned to a site, a site definition conflict occurs

o Click OK to move the device to the current site. To keep it in its original site, select the Keep in Original Site check box

Adding a Leaf Site


Site Maps

o Select ‘Site’ from the task bar

o Navigate the hierarchy to find the site of interest, or use Search

o ‘Open Site Map’ to view the existing map

o All users view the same map


View Site Details

o Select View Detail from the drop-down menu of a site in the site tree to view the details of the site, including site properties, thumbnail of site map, and so on.

o The site details are the same with those from the site search results.


API Manager

o Used to configure the username and server address for any 3rd party tools enabled in System Management

» Endpoint is the url hosting the 3rd party application

» Select the plugin from the drop-down list and test


15 Network Drive


+1 800.605.7964

[email protected]



15 Network Drive


Maintenance Operations


Tuning

o Verify NetBrain ability to collect and analyze data from devices

1 2

3


Duplicate IP Management

o Move Devices to Zones when duplicate addressing is required

» Zones are based on VRFs or Statically Defined Zones

1

3

4

2


Duplicate IP Management

3

4


Remove Missed Devices as Needed

o Missed Devices in the Discovery benchmark are listed in the Workspace Manager

» There may be a reachability issue with the device (do not automatically remove)

» If the device has been decommissioned, it should be removed from the Workspace to free up node licenses


System Maintenance Best Practices

o Schedule recurring Discovery (e.g. weekly)

» Discover newly added devices

» Update Qmaps (export to MS Visio as needed)

» Manually remove decommissioned devices (Missed devices in Domain Manager)

o Schedule Benchmark (e.g. daily, every 2-3 days)

» Update the baseline data, including configurations and L2 data

» Rebuild L3 and L2 topologies

» Update sites, dynamic device groups, and link groups

o Run Tune Live Access if device credentials or hostnames have changed


System Maintenance Global Data Clean Settings

Training Catalog

Ready to learn more? Check our Live Web Training Catalog for all classes and dates. Course preview below:

Deep-Dive Training Videos can be found in the NBU Now system:

Go to: https://nbu.netbraintech.com/

Questions about anything NetBrain?

Email us at: [email protected]

NB100 – Getting Started with Using NetBrain EVERY TUESDAYDescription: Learn the main workflows to get you started with using and creating NetBrain Automation.Who should take this class: This is the first class that all end users and administrators of the NetBrain platform should take to familiarize themselves with the core functions and framework included with NetBrain.

NB200 – Achieving Automation Success Level-1 EVERY WEDNESDAYDescription: Learn how to build custom NetBrain automation for your environment, specifically: Parsers, Companion Runbooks, Data View Templates, and the Golden Baseline.

NB201 – Achieving Automation Success Level-2 EVERY WEDNESDAYDescription: Learn how to build custom NetBrain automation for your environment, specifically: Qapps, Runbook Templates.Who should take these classes: Any users of the platform that will be required to setup, install, customize, or maintain the NetBrain platform.

NB110 - NetBrain Setup and Maintenance EVERY THURSDAYDescription: Learn how to administer the NetBrain platform, including learning the ongoing maintenance best practices to ensure data is accurate, and the platform performs smoothly.Who should take this class: Any users of the platform that will be required to setup or maintain the NetBrain platform.

https://www.netbraintech.com/resources/live-training/

https://nbu.netbraintech.com/

mailto:[email protected]


15 Network Drive


+1 800.605.7964

[email protected]



15 Network Drive


Further Reference Slides


Workstation GUI Sections (Reference Slide)

Start Menu

Taskbar

Visual Search Bar Path Bar Quick Access Toolbar

Map Toolbar

Dataview & Runbook Management

Work Pane


Admin Framework

o Multi-tenant admin framework allows for flexible access and administration of NetBrain

8.0 System

System Admin

User A User B User C

Tenant BTenant A

Domain 1(User A,B create, share to all)



Domain 4(User A,C create, share to all)

Domain 5(User A,C create, share to all)

Domain 6(User C create, share to all)


o Front End

» Thin Client – provides front-end user interface for end users to access the system (recommended Google Chrome 51 or higher)

» Web Server – serves static content such as HTML, JavaScript and CSS resources, and also renders the user interface of the Thin Client

» Web API Server – provides the front-end web applications to support the browser-based Thin Clients, and also serves RESTful API calls from third-party applications for integration

o Middleware

» MongoDB Server – system data repository with scalability, that includes Devices, cofigs, and network topology

» Task Engine - coordinates computing tasks

» Message Server (RabbitMQ) – prioritizes and forwards requested tasks

» Cache Server (Redis) – provides memory cache for the system

o Backend

» Worker Server – serves as a resource manager with system back-end business logic and infrastructures to support the distributed task processing. It relies on both Cache Server and Message Server to work

» Front Server Controller - serves to coordinate and communicate with Front Servers and other components

» Front Server– polling server to collect live network data

» Each Front Server can manage up to 5000 device efficiently

NetBrain IE 8.0 System Architecture


Fault Tolerant & High Availability

o NetBrain IE 7.0 servers are designed with fault tolerant and high availability, to provide redundancy and fault recovery to increase the availability of applications.

Server Type High Availability (HA)

MongoDB Server MongoDB replica set implements master-slave replication and supports auto-failover

Elasticsearch Server Supports high availability with master/master-only nodes

Worker Server HA is supported with Active/Active servers

Message Server HA is supported with Master/Slave servers

Cache Server Redis Custer for HA: 1 Master, 1 Slave, 1 Sentinel

Web/WebAPI Server HA is supported with Active/Active mode behind a load balancer

Task Engine HA is supported with Active/Standby servers

Front Server Controller HA is supported with Active/Standby servers


API Integration Overview

NetBrain IE8.0 system integration solution includes the following three methods:

o Single Pane of Glass - integrate with different data sources within an enterprise to use NetBrain map and Qapp for data correlation and analysis.

o API Triggered Diagnosis - provide APIs for third-party systems to integrate with NetBrain to create maps upon alerts and invoke NetBrain automation features

(such as Runbook) for effective troubleshooting.

o Single Source of Truth - serves as a central CMDB by providing RESTful APIs for a management tool chain to query data stored in NetBrain, as well as synchronize

with existing CMDB or inventory systems to stay consistent with the central inventory.

o API Adapter is a set of python scripts defining how to log on to an API server, as well as how to retrieve, parse and export data from the API server

o To add an API plugin in IE8.0 system:

1. Log in to the System Management page as an admin

2. Select the API Adapter tab and click Add

3. Enter the basic information, such as name, description, etc.

4. Enter the API script in the Script field

6. Click Save

Define API Adapter

o After defining API Adapters, you need to define the required parameters for third-party API servers so that plugins can interact with API servers.

1. Log in to the Domain Management page as an admin

2. Select the API Server Manager tab and click Add

3. Enter the basic information, such as name, description, etc.

4. Define the server settings:

o Endpoint - the address of the third-party API server

o Username and Password to access the third-party API sever

o Plugin - select an API plugin for the API serverThe API functions predefined in the plugin will be listed

5. Click Test to check whether your server settings work

Define Third-Party API Server

netbrain setup & maintenance

Documents