diff --git a/docs/auto-discovery/network-auto-discovery.mdx b/docs/auto-discovery/network-auto-discovery.mdx index 9b8827ba..dc8cf93c 100644 --- a/docs/auto-discovery/network-auto-discovery.mdx +++ b/docs/auto-discovery/network-auto-discovery.mdx @@ -16,6 +16,8 @@ SNMP is a widely supported protocol and standard for managing network-connected SNMP is typically used in a read-only capacity, but it can support read and write permissions. By default, it uses port 161. SNMP exposes management data in the form of variables, which are organized in a Management Information Base (MIB). An MIB essentially describes the variables available on a given system, each of which can be remotely queried via SNMP. +Network devices can be discovered by Device42 using SNMP v1, v2c, or v3. If you're looking to do [Storage discovery](storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) via SNMP, you may want to visit the dedicated [SNMP SAN/Server Auto-Discovery](storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) page. SNMP discovery will pull in CDP/LLDP neighbors as long as SNMP credentials are the same across all neighbors. Should the credentials \*not\* be the same, you may instead add devices using different credentials separately, as their own discovery job. + :::Note SNMP autodiscovery supports IPv6 addresses for device discovery. ::: diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.md b/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.md index 1d666fb4..985ab664 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.md +++ b/docs/auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.md @@ -13,104 +13,106 @@ Follow the steps in the sections below to set up users or roles with minimum rea ### Infinidat -1. Log into the Infinidat console. -2. Select _Settings_ from left panel. -3. Click on _Users_ from the tab. -4. Click the _Create User_ button to open create user panel. -5. Create a user and assign one of the available roles: +1. Log in to the Infinidat console. +2. Select **Settings** from the left panel. +3. Click on **Users** from the tab. +4. Click the **Create User** button to open the Create User panel. +5. Create a user and assign it one of the available roles: - ADMIN - POOL\_ADMIN - READ\_ONLY - - Select the minimum _**READ\_ONLY**_ role -6. Click _OK_ and save the user. + +6. Select the minimum **READ\_ONLY** role +7. Click **OK** and save the user. ### Netapp Filers - Connect to your Netapp via SSH. - Create a monitoring role with the necessary permissions. -_useradmin role add -a api-system-get-version,login-http-admin,security-api-vfiler,api-system-get-info,api-fcp-adapter-list-info,api-iscsi-initiator-list-info,api-iscsi-adapter-list-info,api-disk-list-info,api-aggr-list-info,api-volume-list-info,api-lun-list-info,api-qtree-list,api-quota-list-entries,api-cifs-share-list-iter-start,api-perf-object-get-instances,api-lun-map-list-info,api-cifs-share-list-iter-next,api-lun-get-serial-number_ - -**Permissions contained in the above command:** - -api-system-get-version -login-http-admin -security-api-vfiler -api-system-get-info -api-fcp-adapter-list-info -api-iscsi-initiator-list-info -api-iscsi-adapter-list-info -api-disk-list-info -api-aggr-list-info -api-volume-list-info -api-lun-list-info -api-qtree-list -api-quota-list-entries -api-cifs-share-list-iter-start -api-perf-object-get-instances -api-lun-map-list-info -api-cifs-share-list-iter-next -api-lun-get-serial-number + ```shell + _useradmin role add -a api-system-get-version,login-http-admin,security-api-vfiler,api-system-get-info,api-fcp-adapter-list-info,api-iscsi-initiator-list-info,api-iscsi-adapter-list-info,api-disk-list-info,api-aggr-list-info,api-volume-list-info,api-lun-list-info,api-qtree-list,api-quota-list-entries,api-cifs-share-list-iter-start,api-perf-object-get-instances,api-lun-map-list-info,api-cifs-share-list-iter-next,api-lun-get-serial-number_ + ``` + + **Permissions contained in the above command:** + + - `api-system-get-version` + - `login-http-admin + - `security-api-vfiler + - `api-system-get-info + - `api-fcp-adapter-list-info + - `api-iscsi-initiator-list-info + - `api-iscsi-adapter-list-info + - `api-disk-list-info + - `api-aggr-list-info + - `api-volume-list-info + - `api-lun-list-info + - `api-qtree-list + - `api-quota-list-entries + - `api-cifs-share-list-iter-start + - `api-perf-object-get-instances + - `api-lun-map-list-info + - `api-cifs-share-list-iter-next + - `api-lun-get-serial-number - Create a monitoring group, attaching the monitoring role created above. -``` -useradmin group add -r -``` + ``` + useradmin group add -r + ``` - Create a monitoring user and assign it to the monitoring group created in the step above. -``` -useradmin user add -g -``` + ``` + useradmin user add -g + ``` **Cluster Mode** 1. Connect to your NetApp cluster via SSH. 2. Create a user with the following config: -- VServer to discover: `` -- Discovery User name: `` -- Role: readonly (existing system role) -- Application: ontapi -- Auth Method: Password + - **VServer to discover:** `` + - **Discovery User name:** `` + - **Role:** readonly (existing system role) + - **Application:** ontapi + - **Auth Method:** Password -``` -security login create -vserver -user-or-group-name -application ontapi -authentication-method password -role readonly -``` + ``` + security login create -vserver -user-or-group-name -application ontapi -authentication-method password -role readonly + ``` ### Nutanix -1. Log into the Nutanix console. -2. Click the gear icon or select _Settings_ from main menu. -3. Select _Local User Management_ under Users and Groups. -4. Click on the _\+ New User_ button. -5. Do not click on any roles and this will give the user a viewer role. -6. Click _OK_ and save the user. +1. Log in to the Nutanix console. +2. Click the gear icon or select **Settings** from the main menu. +3. Select **Local User Management** under **Users and Groups**. +4. Click on the **+ New User** button. +5. Do not select any roles, so that the user is assigned a viewer role by default. +6. Click **OK** and save the user. ### Oracle ZFS -1. Log into the Oracle ZFS console. -2. Select _Configuration_ from main menu. -3. Click on the + button next to _Roles_ to create a new role. +1. Log in to the Oracle ZFS console. +2. Select **Configuration** from the main menu. +3. Click on the **+** button next to **Roles** to create a new role. - Add the following Authorizations to the role (leave Domain as “\*”): - - Analytics: Read - - Worksheet: Read -4. Click on the + button next to _Users_ to create a new user + - **Analytics:** Read + - **Worksheet:** Read +4. Click on the **+** button next to **Users** to create a new user. - Select the Role created in step 3 for the user. - “Kiosk User” must **NOT** be selected. -5\. Click on _Finish_ to save the user. +5. Click **Finish** to save the user. ### Pure Storage -Pure Storage does not allow for multiple local users, relying on an LDAP provider to supply user authentication and group membership for a non-root user. +Pure Storage does not allow for multiple local users, and relies on an LDAP provider to supply user authentication and group membership for a non-root user. -1. Log into the Pure Storage console. -2. Click on _System Menu_. -3. Click on _Configuration_. -4. Click on Directory Service. +1. Log in to the Pure Storage console. +2. Click on **System Menu**. +3. Click on **Configuration**. +4. Click on **Directory Service**. 5. Connect your Pure Array to your LDAP provider, making sure to map the Read Only Group to the appropriate OU within your LDAP environment. 6. Create a discovery user account in your LDAP environment. -7. Add that LDAP user account to the OU associated with the Pure’s Read Only Group. +7. Add that LDAP user account to the OU associated with the Pure Storage Read Only Group. diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.md b/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.md index 958324b3..4269ca2f 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.md +++ b/docs/auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.md @@ -15,31 +15,32 @@ Follow the steps in the sections below to set up users or roles with minimum rea Compellent discovery requires use of an associated Dell Storage Manager appliance. -1. Log into your DSM deployment’s web UI. -2. Select Data Collector settings. -3. Go to the Users tab. -4. Go to the Users & User Groups tab. +1. Log in to your DSM deployment’s web UI. +2. Select **Data Collector** settings. +3. Go to the **Users** tab. +4. Go to the **Users & User Groups** tab. 5. Create a user and assign it the **Reporter** role. -6. Select your new user and connect it to your target Storage Center via the “Select Storage Center Mappings” menu. +6. Select your new user and connect it to your target **Storage Center** via the **Select Storage Center Mappings** menu. -### VNX or VMAX using EMC SMIS Provider +### VNX or VMAX Using EMC SMIS Provider -Login to SMIS provider using `http://:5988/ECOMConfig` or `https://:5989/ECOMConfig`. +Log in to SMIS provider using `http://:5988/ECOMConfig` or `https://:5989/ECOMConfig`. -- Click on _Add User_ and create a user with the **monitor** role. +- Click **Add User** and create a user with the **monitor** role. ![Add User](/assets/images/dell-emc-autodiscovery/smis-add-user.png) -- Use the Dynamic Settings shown below. +- Use the **Dynamic Settings** shown below. ![Dynamic Settings](/assets/images/dell-emc-autodiscovery/smis-dynamic-settings.png) ### EMC Data Domain -1. Log into the Data Domain console. -2. Select _Administration → Access_ from the left panel. -3. Go to the _Local Users_ tab. +1. Log in to the Data Domain console. +2. Select **Administration → Access** on the left panel. +3. Go to the **Local Users** tab. 4. Create a user and assign one of the available roles: + - admin - limited-admin - security @@ -47,25 +48,26 @@ Login to SMIS provider using `http://:5988/ECOMConfig` or ` - back-operator - none - Select the minimum _**user**_ role. -5. Click _OK_ and save the user. +6. Select the minimum **user** role. +7. Click **OK** and save the user. ### EMC Unity -1. Log into the EMC Unity Console console. -2. Click on the gear icon in the tool bar to open the Settings window. -3. Click on _Users and Groups_ tab. -4. Click on the + button to add a User. This will launch the Create User Wizard. -5. Select type of user on first page, and click _Next_. -6. Enter username and password, and click _Next_. +1. Log in to the EMC Unity Console console. +2. Click on the gear icon in the tool bar to open the **Settings** window. +3. Click on the **Users and Groups** tab. +4. Click on the **+** button to add a user. This will launch the **Create User** wizard. +5. Select type of user on first page, and click **Next**. +6. Enter username and password, and click **Next**. 7. Assign one of the available roles: + - Administrator - Storage Administrator - Operator - VM Administrator - Select the minimum _**Operator**_ role -8. Click _Finish_ and save the user. +8. Select the minimum **Operator** role. +9. Click **Finish** and save the user. ### Isilon @@ -95,64 +97,74 @@ Create a new role and add the following read-only permissions: - ISI_PRIV_SMB - ISI_PRIV_STATISTICS +**You can also use CLI commands to create such roles:** -You can also use CLI commands to create such roles. - -1. Login to the cluster using SSH. +1. Log in to the cluster using SSH. 2. Run the following commands: - To create a read-only role: + ``` isi auth roles create –name readonly_role –description “Read-only role for D42” ``` + - To give permissions to this role add all the permissions from above: + ``` isi auth roles modify readonly_role –add-priv-ro=ISI_PRIV_LOGIN_PAPI ``` - - Create a USER: - ``` + + - To create a USER: + + ``` isi auth users create readonly_user –enabled yes –password xxxxxx ``` - - Add user to the role: + + - To add a user to the role: + ``` isi auth roles modify readonly_role –add-user=readonly_user ``` -**Creating the Role/User via Web UI** - -1. Login to the Cluster Web UI. -2. Select _Access Tab → Membership & Roles_. -3. Select the _Users Tab_. -4. Select Provider “LOCAL: System” -5. Create User - - Set user name and password - - Select primary group “Users” - - Enable the account -6. Select the _Roles Tab_. -7. Create a role - - Set Role Name - - Add member (User created above) - - Add the following privileges as Read only - _Console - Platform API - SSH - Shutdown - Support - Auth - Audit - Cluster - Devices - FTP - HDFS - HTTP - Monitoring - NDMP - Network - NFS - Remote Support - SmartPools - SMB - Statistics - Namespace Traverse - Namespace Acces_s +**Alternatively, you can create the Role/User via the web UI** + +1. Log in to the cluster web UI. +2. Select **Access Tab → Membership & Roles**. +3. Select the **Users** tab. +4. Select **LOCAL: System** for the provider. +5. Create user: + + - Set the username and password. + - Select **Users** as the primary group. + - Enable the account. + +7. Select the **Roles** tab. +8. Create a role: + + - Set the **Role Name**. + - Add the member (the user created above). + - Add the following privileges as read-only: + + - Console + - Platform API + - SSH + - Shutdown + - Support + - Auth + - Audit + - Cluster + - Devices + - FTP + - HDFS + - HTTP + - Monitoring + - NDMP + - Network + - NFS + - Remote Support + - SmartPools + - SMB + - Statistics + - Namespace Traverse + - Namespace Acces_s diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.md b/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.md index 6d70090a..173a6e47 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.md +++ b/docs/auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.md @@ -11,22 +11,23 @@ Follow the steps below to set up read-only users for HP Storage Array autodiscov ## Minimum Permissions for Storage Array Autodiscovery -Follow the steps in the sections below to set up users or roles with minimum read-only permissions that you can use when you create storage array autodiscovery jobs. +The sections below guide you through how to set up users or roles with minimum read-only permissions that you can use when you create storage array autodiscovery jobs. ### HP Nimble -1. Log into the Nimble console. -2. Select _Administration → Security_ from the menu. -3. Click on _Users and Groups_ from the left panel. -4. Click on the _+USER_ button to open the Create User panel. -5. Create a user and assign one of the available roles: +1. Log in to the Nimble console. +2. Select **Administration → Security** from the menu. +3. Click on **Users and Groups** in the left panel. +4. Click on the **+USER** button to open the Create User panel. +5. Create a user and assign them one of the available roles: + - administrator - power-user - operator - guest - - Select the minimum _**operator**_ role. -6. Click _OK_ and save the user. + +6. Select the minimum **operator** role. +8. Click **OK** and save the user. ### HPE StoreEasy @@ -37,15 +38,15 @@ The StoreEasy platform relies on local users created at the server level. Curren ### HP 3PAR -1. Log into HP 3PAR Management Console. -2. Click on the _Actions_ menu. -3. Select the _Security & Domains_ submenu -4. Select _Users_ and then _Create User_. -5. Enter user name and password and click _Next_. -6. Grant the user the “browse” role on the appropriate domain. -7. Click _Finish_ and save the user +1. Log in to the HP 3PAR Management Console. +2. Click on the **Actions** menu. +3. Select the **Security & Domains** submenu +4. Select **Users** and then **Create User**. +5. Enter a username and password and click **Next**. +6. Grant the user the **browse** role on the appropriate domain. +7. Click **Finish** and save the user. -**Example CLI user creation** +**Example CLI user creation:** ``` createuser d42discovery all browse diff --git a/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx b/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx index f5edbb4d..6fc192c2 100644 --- a/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx +++ b/docs/auto-discovery/storage-arrays-autodiscovery/index.mdx @@ -20,7 +20,7 @@ Click the **Platform** dropdown to view and select the available storage array }} /> -The "(Preview)" tag in the **Platform** list indicates that these arrays have not been fully tested due to a lack of access to testing equipment, and full functionality cannot be guaranteed at this time. Additional versions and configurations may or may not be discovered but we cannot guarantee support at this time. The list will be updated as more testing is completed. +The "(Preview)" tag in the **Platform** list indicates that these arrays have not been fully tested due to a lack of access to testing equipment, and full functionality cannot be guaranteed at this time. Additional versions and configurations may or may not be discovered, but we cannot guarantee support for them at this time. The list will be updated as more testing is completed. As of Device42 v19.01, we have support for the following platforms: | | | | @@ -39,11 +39,11 @@ As of Device42 v19.01, we have support for the following platforms: ## Additional Storage Array Autodiscovery Information -Use the links below for additional information about access protocols and minimum permissions for storage array autodiscovery. +Use the links below to access additional information about access protocols and minimum permissions for storage array autodiscovery. ### Dell/EMC Arrays -[See Dell/EMC Autodiscovery](auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.md) for more information about the following storage arrays: +See the [Dell/EMC Autodiscovery](auto-discovery/storage-arrays-autodiscovery/dell-emc-autodiscovery.md) page for more information about the following storage arrays: - Dell Compellent - Dell PowerStore @@ -54,7 +54,7 @@ Use the links below for additional information about access protocols and minimu ### HP Arrays -[See HP Autodiscovery](auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.md) for more information about the following storage arrays: +See the [HP Autodiscovery](auto-discovery/storage-arrays-autodiscovery/hp-autodiscovery.md) page for more information about the following storage arrays: - HP Nimble - HPE StoreEasy @@ -62,13 +62,13 @@ Use the links below for additional information about access protocols and minimu ### IBM Arrays -[See IBM Autodiscovery](auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.md) for more information about the following storage array: +See the [IBM Autodiscovery](auto-discovery/storage-arrays-autodiscovery/ibm-autodiscovery.md) page for more information about the following storage array: - IBM V7000/Storwize ### Lenovo Arrays -[See Lenovo Autodiscovery](auto-discovery/storage-arrays-autodiscovery/lenovo-autodiscovery.md) for more information about the following storage arrays: +See the [Lenovo Autodiscovery](auto-discovery/storage-arrays-autodiscovery/lenovo-autodiscovery.md) page for more information about the following storage arrays: - ThinkSystem DE2000 - ThinkSystem DE4000 @@ -77,7 +77,7 @@ Use the links below for additional information about access protocols and minimu ### All Other Storage Arrays -[See All Other Storage Autodiscovery](auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.md) for more information about the following storage arrays: +See the [All Other Storage Autodiscovery](auto-discovery/storage-arrays-autodiscovery/all-other-storage-autodiscovery.md) page for more information about the following storage arrays: - Infinidat - Netapp Filers @@ -87,7 +87,7 @@ Use the links below for additional information about access protocols and minimu ## Add a Storage Array Autodiscovery Job -Select **Discovery > Storage Arrays** in the Device42 menu to display the Storage Arrays discovery list page, and then click **Add Storage Arrays for Autodiscovery** to create a new discovery job.  +Select **Discovery > Storage Arrays** in the Device42 menu to display the **Storage Arrays** discovery list page, and then click **Add Storage Arrays for Autodiscovery** to create a new discovery job.  Storage Arrays** in the Device42 menu to display the Stora }} /> -Enter or select the information to create the autodiscovery job: +Enter or select the following information to create the autodiscovery job: -**Job Name** – Enter a unique name for the job. - -**Remote Collector** – Select the RC to use for the job. An RC is **required** for Storage Arrays discovery. - -**Platform** – Select the storage array platform or vendor. - -**Discovery Targets** – FQDN or IPs of the servers or CIDR or ranges. - -**Target Type** – Select Filer, DFM, or OCUM (_displayed depending on Platform selected_). - -**Protocol Type** – Select https, http, or insecure-https (_displayed_ _depending on Platform selected_). - -**Enable Performance Data Collection** – Yes/No. - -**Performance Data Sampling Interval** – Select the time interval for data sampling (if selected). - -**Action for Storage Array not found** – Choose how to handle Storage Array not found in subsequent discovery: Keep Array Resource or Delete Array Resource. - -**Discovery Target(s) Credential(s)** – Enter or select the username and password for the discovery job. +* **Job Name**: Enter a unique name for the job. +* **Remote Collector**: Select the RC to use for the job. An RC is **required** for Storage Arrays discovery. +* **Platform**: Select the storage array platform or vendor. +* **Discovery Targets**: Select the FQDN or IPs of the servers or CIDR or ranges. +* **Target Type**: Select Filer, DFM, or OCUM (displayed depending on the Platform selected). +* **Protocol Type**: Select HTTPS, HTTP, or insecure-HTTPS (displayed depending on the Platform selected). +* **Enable Performance Data Collection**: Yes/No. +* **Performance Data Sampling Interval**: Select the time interval for data sampling (if selected). +* **Action for Storage Array not found**: Choose how to handle unfound Storage Arrays in subsequent discovery — **Keep Array Resource** or **Delete Array Resource**. +* **Discovery Target(s) Credential(s)**: Enter or select the username and password for the discovery job. ### Schedule the Job -Use the Auto Discovery Schedule section of the page to schedule when your job runs. You can create multiple schedules for each job. Select the days of the week and the time to run the job.  When you are done, click **Save** to save the discovery job. Device42 adds the job to the Storage Arrays discovery list page. You can run the job immediately from this page.  +Use the **Autodiscovery Schedule** section of the page to schedule when your job runs. You can create multiple schedules for each job. Select the days of the week and the time to run the job.  When you are done, click **Save** to save the discovery job. Device42 adds the job to the **Storage Arrays** discovery list page. You can run the job immediately from this page.  -A note on autodiscovery scheduling behavior: Newly created jobs will not run on the first day they are created, to prevent an excessive number of jobs from running simultaneously. If you would like to run a job after its initial creation, click the **Run Now** button next to the job after creation. +:::note +Autodiscovery scheduling behavior: Newly created jobs will not run on the first day they are created, to prevent an excessive number of jobs from running simultaneously. If you would like to run a job after its initial creation, click the **Run Now** button next to the job after creation. +::: SNMP** and click **+ Add Jobs**. + + + +The autodiscovery job specification takes the FQDN or IP addresses of the servers to be discovered and ignored as input. You can also list any OIDs and operating systems that should be ignored in the autodiscovery process. + +Under **Credential(s)**, select the **SNMP Version** and add a **Community String:** + + + +The job can also be scheduled like other autodiscovery jobs. + +## Run Now or Schedule + +Click **Add another Autodiscovery Schedule** from the **Autodiscovery Schedule** section when editing the job to create a run schedule for the job. + + + +Select **Run Now** from the list page to run the job right away. + + + +:::note +To prevent a large amount of jobs from running initially, newly created jobs will not run on the first day they are made. If you would like to run a job after its initial creation, simply select the **Run Now** button next to the job after creation. +::: diff --git a/docs/integration/external-integrations/cyberark-integration.md b/docs/integration/external-integrations/cyberark-integration.md deleted file mode 100644 index 266363b8..00000000 --- a/docs/integration/external-integrations/cyberark-integration.md +++ /dev/null @@ -1,55 +0,0 @@ ---- -title: "CyberArk Integration" -sidebar_position: 8 ---- - -Each Device42 Autodiscovery job is configured to use one (or more) sets of system credentials. If you already use CyberArk to manage passwords and other secrets or simply don't want to use Device42 for this purpose, the Device42 CyberArk integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution. - -CyberArk offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines. - -**Note: Passwords retrieved from CyberArk are not viewable in Device42!** - -## Configuring the CyberArk Integration - -**Configuring CyberArk:** - -- Login to CyberArk as an Administrator. -- Select the _Applications_ tab, then click _Add Application_. -- Create an account for Device42. - -![create account for d42 cyberark](/assets/images/create_account_for_d42_cyberark.png) - -- Click _Add_. -- Check the box to _Allow extended authentication restrictions_. - -![allow extended auth restrictions](/assets/images/allow_extended_auth_restrictions.png) - -### **Configuring Device42:** - -- Select _Tools > Integrations > CyberArk_ from the Device42 menu. - -![](/assets/images/WEB-811_1.jpg) - -- Select the checkbox to _Enable CyberArk_ and enter your CyberArk RESTful API information. - -![](/assets/images/WEB-811_2.jpg) - -- Verify connectivity by clicking _Test_ and entering a managed account name. - -![](/assets/images/WEB-811_3.jpg) ![test success](/assets/images/account_OS_found.png) - -- Select _Save_. - -![cyberark config updated](/assets/images/Cyberark_config_updated.png) - -If you run into configuration errors related to SSL errors, you may need to select the _Skip HTTPS Certificate Verification_ option on the CyberArk configuration page before trying again. - -![](/assets/images/WEB-811_4.jpg) - -## Using the Device42 CyberArk Integration for Discovery - -To create a new password object using CyberArk, simply select _CyberArk_ from the _Password Storage_ drop-down menu: - -![](/assets/images/WEB-811_5.jpg) - -**Note**: By default, passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided, then the username will be matched directly. If a Label is used, it must match the Username in Cyberark. You may also customize the folder or safe the password is retrieved from by utilizing _Password Custom fields_ named _Folder_ and _Safe_. diff --git a/docs/integration/external-integrations/cyberark-integration.mdx b/docs/integration/external-integrations/cyberark-integration.mdx new file mode 100644 index 00000000..da4e6bc4 --- /dev/null +++ b/docs/integration/external-integrations/cyberark-integration.mdx @@ -0,0 +1,89 @@ +--- +title: "CyberArk Integration" +sidebar_position: 8 +--- + +import ThemedImage from '@theme/ThemedImage' +import useBaseUrl from '@docusaurus/useBaseUrl' +import account from '/assets/images/cyberark-integration/create_account_for_d42_cyberark.png' + +Each Device42 autodiscovery job is configured to use one or more sets of system credentials. If you already use CyberArk to manage passwords and other secrets, or simply don't want to use Device42 for this purpose, the Device42 CyberArk integration allows Device42 to securely store and retrieve these credentials externally as your primary secret management solution. + +CyberArk offers useful features such as automatic password rotation, which can be configured to rotate secrets per your specific corporate policies and industry guidelines. + +:::note +Passwords retrieved from CyberArk are not viewable in Device42. +::: + +## Configure CyberArk + +The CyberArk AIMWebService API is needed for the integration. To use the API, purchase and install the [Central Credential Provider (CCP) plugin](https://docs.cyberark.com/credential-providers/latest/en/content/ccp/installation.htm) on CyberArk. + +**Configuring CyberArk:** + +- Log in to CyberArk as an administrator. +- Select the **Applications** tab, then click **Add Application**. +- Create an account for Device42. + +Create an account for Device42 CyberArk + +- Click **Add**. +- Check the box to **Allow extended authentication restrictions**. + +![allow extended auth restrictions](/assets/images/cyberark-integration/allow_extended_auth_restrictions.png) + +## Configure the Device42 CyberArk Integration + +Navigate to **Tools > Integrations > CyberArk** from the Device42 main menu. + + + +Select the **Enable CyberArk** checkbox and enter your CyberArk RESTful API information. + + + +Click **Test** and enter the managed account name to verify connectivity. + + + +On confirmation of success, click **Save**. + +![Test success notice](/assets/images/cyberark-integration/account_OS_found.png) + +![CyberArk config updated notice](/assets/images/cyberark-integration/Cyberark_config_updated.png) + +If you run into configuration errors related to SSL errors, you may need to select the **Skip HTTPS Certificate Verification** option on the CyberArk configuration page before trying again. + + + +## Note on Password Matching + +The following note in the UI describes how passwords are retrieved and matched between CyberArk and Device42 systems: + +> By default passwords are looked up by name in CyberArk by matching the Password label in Device42. If no label is provided then the username will be matched directly. +You may also customize the Folder or Safe from which the password is retrieved by utilizing the Password Custom fields named Folder and Safe. diff --git a/docs/reports/reports/relutech-for-aws-migration.md b/docs/reports/reports/relutech-for-aws-migration.md index b28ce6c7..e656f98c 100644 --- a/docs/reports/reports/relutech-for-aws-migration.md +++ b/docs/reports/reports/relutech-for-aws-migration.md @@ -31,7 +31,7 @@ The initial recommended approach starts by performing Operating System level sca ## SNMP Job Creation -For the [SNMP](auto-discovery/storage-arrays-autodiscovery/snmp-san-server-auto-discovery.md) autodiscovery job: +For the [SNMP](auto-discovery/storage-arrays-autodiscovery/snmp-san-server-auto-discovery.mdx) autodiscovery job: - First enter the IP/FQDN of all the devices that the credentials and access apply to under "servers". diff --git a/static/assets/images/Cyberark_config_updated.png b/static/assets/images/cyberark-integration/Cyberark_config_updated.png similarity index 100% rename from static/assets/images/Cyberark_config_updated.png rename to static/assets/images/cyberark-integration/Cyberark_config_updated.png diff --git a/static/assets/images/account_OS_found.png b/static/assets/images/cyberark-integration/account_OS_found.png similarity index 100% rename from static/assets/images/account_OS_found.png rename to static/assets/images/cyberark-integration/account_OS_found.png diff --git a/static/assets/images/allow_extended_auth_restrictions.png b/static/assets/images/cyberark-integration/allow_extended_auth_restrictions.png similarity index 100% rename from static/assets/images/allow_extended_auth_restrictions.png rename to static/assets/images/cyberark-integration/allow_extended_auth_restrictions.png diff --git a/static/assets/images/create_account_for_d42_cyberark.png b/static/assets/images/cyberark-integration/create_account_for_d42_cyberark.png similarity index 100% rename from static/assets/images/create_account_for_d42_cyberark.png rename to static/assets/images/cyberark-integration/create_account_for_d42_cyberark.png diff --git a/static/assets/images/cyberark-integration/enable-cyberark-dark.png b/static/assets/images/cyberark-integration/enable-cyberark-dark.png new file mode 100644 index 00000000..44252070 Binary files /dev/null and b/static/assets/images/cyberark-integration/enable-cyberark-dark.png differ diff --git a/static/assets/images/cyberark-integration/enable-cyberark-light.png b/static/assets/images/cyberark-integration/enable-cyberark-light.png new file mode 100644 index 00000000..766acca7 Binary files /dev/null and b/static/assets/images/cyberark-integration/enable-cyberark-light.png differ diff --git a/static/assets/images/cyberark-integration/menu-location-dark.png b/static/assets/images/cyberark-integration/menu-location-dark.png new file mode 100644 index 00000000..92e51eec Binary files /dev/null and b/static/assets/images/cyberark-integration/menu-location-dark.png differ diff --git a/static/assets/images/cyberark-integration/menu-location-light.png b/static/assets/images/cyberark-integration/menu-location-light.png new file mode 100644 index 00000000..19ae31de Binary files /dev/null and b/static/assets/images/cyberark-integration/menu-location-light.png differ diff --git a/static/assets/images/cyberark-integration/skip-verification-dark.png b/static/assets/images/cyberark-integration/skip-verification-dark.png new file mode 100644 index 00000000..c45273c1 Binary files /dev/null and b/static/assets/images/cyberark-integration/skip-verification-dark.png differ diff --git a/static/assets/images/cyberark-integration/skip-verification-light.png b/static/assets/images/cyberark-integration/skip-verification-light.png new file mode 100644 index 00000000..b5b83681 Binary files /dev/null and b/static/assets/images/cyberark-integration/skip-verification-light.png differ diff --git a/static/assets/images/cyberark-integration/test-name-dark.png b/static/assets/images/cyberark-integration/test-name-dark.png new file mode 100644 index 00000000..c86fd0b5 Binary files /dev/null and b/static/assets/images/cyberark-integration/test-name-dark.png differ diff --git a/static/assets/images/cyberark-integration/test-name-light.png b/static/assets/images/cyberark-integration/test-name-light.png new file mode 100644 index 00000000..b5950505 Binary files /dev/null and b/static/assets/images/cyberark-integration/test-name-light.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/credentials-dark.png b/static/assets/images/snmp-san-server-auto-discovery/credentials-dark.png new file mode 100644 index 00000000..7c2d25bd Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/credentials-dark.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/credentials-light.png b/static/assets/images/snmp-san-server-auto-discovery/credentials-light.png new file mode 100644 index 00000000..38db1921 Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/credentials-light.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/snmp-job-dark.png b/static/assets/images/snmp-san-server-auto-discovery/snmp-job-dark.png new file mode 100644 index 00000000..46fba15f Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/snmp-job-dark.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/snmp-job-light.png b/static/assets/images/snmp-san-server-auto-discovery/snmp-job-light.png new file mode 100644 index 00000000..e5c3b1ed Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/snmp-job-light.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/snmp-run-now-dark.png b/static/assets/images/snmp-san-server-auto-discovery/snmp-run-now-dark.png new file mode 100644 index 00000000..765cd666 Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/snmp-run-now-dark.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/snmp-run-now-light.png b/static/assets/images/snmp-san-server-auto-discovery/snmp-run-now-light.png new file mode 100644 index 00000000..91637caa Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/snmp-run-now-light.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/snmp-schedule-dark.png b/static/assets/images/snmp-san-server-auto-discovery/snmp-schedule-dark.png new file mode 100644 index 00000000..1fe911f7 Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/snmp-schedule-dark.png differ diff --git a/static/assets/images/snmp-san-server-auto-discovery/snmp-schedule-light.png b/static/assets/images/snmp-san-server-auto-discovery/snmp-schedule-light.png new file mode 100644 index 00000000..51b730fd Binary files /dev/null and b/static/assets/images/snmp-san-server-auto-discovery/snmp-schedule-light.png differ