4 Replies Latest reply on Jul 30, 2018 10:48 AM by jxchappell

    NCM jumphost

    ddsdmf1

      is there a what to have NCM use a jumphost server for SSH and telnet access to devices to download and upload configs?

       

      We use HPNA(HP Network Automation) with a bastion host configuration to do it today but want to move to NCM to replace HPNA

        • Re: NCM jumphost
          Mark Roberts

          Could you deploy Putty and configure to act as an SSH Tunnel solution to proxy your connections? Other SSH tunnelling options exist, but Putty is free and includes this functionality. Each device would just need a specific port assigned to determine which destination address is used to connect on to

            • Re: NCM jumphost
              ddsdmf1

              I have a Linux server setup with ssh and telnet already. My problem is that the ACLs on all the network devices only allow ssh or telnet from the IP address of my Linux server. I am not able to make changes to the 6000+ devices that I need to add to NCM. My HPNA server is able to ssh to my Linux server then ssh to all my network devices to get the running and startup configs. I need to be able to do the same with NCM.

                • Re: NCM jumphost
                  Mark Roberts

                  That is the suggestion I make; configure the SSH application to run as an SSH Tunnel (Proxy), which takes the connection from Orion NCM and tunnels it through to the end point. The following is one of many guides on line - How to Use SSH Tunneling to Access Restricted Servers and Browse Securely

                  • Re: NCM jumphost
                    jxchappell

                    We do this exact process using an NCM job that executes a script off of one of our jumphosts

                     

                    1. We create a job that selects our jumphost specifically

                    2. NCM connects to the host and executes a shell script on the host (using a special user outside of normal NCM users so it can access certain files and execute scripts)

                    3.  This shell script then runs through some parameters and fires off a python script

                     

                    All of this is pretty easy considering Linux has all of the necessary capabilities installed by default