After you have created an Indeni user for the device you want to add, (1) click on Credential Sets. Once you do, (2) it would be good to name it immediately because once you click out of it, it will save the name as is. If that should happen, simply select the credential set you want to rename and (3) click Edit, and you should be able to rename it.
After you have added the Set name in the List, you should then add the device credentials by clicking on New, which can be found in 3 places.
After you have added the credentials, and the connection type, add the subnet you want to associate with the credentials.
Please Note: Privileges Password is required for the following Vendors/Products:
Please Note: If you have created the same Indeni credential across all device vendors you want to add to the system, we recommend using 0.0.0.0/0 subnet with SSH + HTTP (API) selected. This way you do not have to enter multiple credential sets with relevant connection types and the related IP subnet for every cluster you may have. This will greatly reduce complexity and time required when adding devices to the system.
Please Note: If you have devices that are not on the same subnet, but share the same credentials, we would recommend that you add the additional subnets in list, NOT create a user for each device. For ease of use it is always better to limit the number of credentials being used and instead leverage the subnet feature.
Credential Set by a Sort Order
In 8.2, Indeni uses credential sets by a sort order where it sorts by the bitmask of the subnets. For example, /32 will come before /28.
You can create multiple credential sets as follows:
- Default (0.0.0.0/0) using indeni user
- Narrower (/24) using indeni user
- Even narrower (/32) using indeni-admin
In this example, the system will use the credential in #3 with the username indeni-admin as a preference when connecting to a device. If the system cannot connect to the device using the credential in #3, it will try #2, then #1.
Configuring SSH Keys
While you can use a username/password to authenticate to a device, it is not the most secure. Instead, you can use SSH keys for authentication when connecting to a device. SSH keys not only improve security but also enable the automation of connected processes.
The Private Key should be pasted in plaintext PEM format (typically starting with a line similar to “–BEGIN PRIVATE KEY–“). The Private Key data is kept on Indeni in a highly confidential encrypted data store.
Configuring SNMP Credentials
Refer to the ‘2.1 Creating Users on Vendor Devices’ chapter for the specific vendor.
For example, go to Palo Alto Networks NGFW for instructions on how to add the credential sets.