Use the Settings screen to configure your organization name, vBond orchestrator's DNS/IP address, certificate authorization settings, and to install a web server certificate.
The Settings screen has the following elements:
- Title bar.
- Organization Name bar—Click View to view the organization name or Edit to edit the name.
- vBond bar—Click View to view the vBond DNS/IP address or Edit to enter new values.
- Certificate Authorization bar—Click View to view the certificate authorization settings or Edit to edit the settings.
- Web Server Certificate bar—Click CSR to generate a Certificate Signing Request (CSR) for a web server certificate or Certificate to install the certificate.
- Enforce Software Version bar—Click View to view the software version enforced on a vEdge router or Edit to enforce a software version on the router.
- Banner bar—Click View to view the custom banner on the vManage login screen or Edit to edit or create a custom banner.
- Statistics Setting bar—Click View to view the current settings for collecting statistics or Edit to edit the settings.
Configure Organization Name
Before you can generate a CSR, you must configure the name of your organization. The organization name is included in the CSR.
To configure the organization name:
- Click the Edit button to the right of the Organization Name bar.
- In the Organization Name field, enter the name of your organization. The organization name must be identical to the name that is configured on the vBond orchestrator.
- In the Confirm Organization Name field, re-enter and confirm your organization name.
- Click Save.
Note that once the control connections are up and running, the organization name bar is not editable.
Configure vBond DNS Name or IP Address
- Click the Edit button to the right of the vBond bar.
- In the vBond DNS/IP Address: Port field, enter the DNS name that points to the vBond orchestrator or the IP address of the vBond orchestrator and the port number to use to connect to it.
- Click Save.
Configure Certificate Authorization Settings
Signed certificates are used to authenticate devices in the overlay network. Once authenticated, devices can establish secure sessions between each other. It is from the vManage NMS that you generate these certificates and install them on the controller devices—vManage NMSs, vBond orchestrators, and vSmart controllers.
To configure certification authorization settings:
- Click the Edit button to the right of the Certificate Authorization bar.
- In Certificate Signing by Symantec, select Automated to have the Symantec signing server automatically generate, sign, and install certificates on each controller device. If not, select Manual.
- Enter the first and last name of the requestor of the certificate.
- Enter the email address of the requestor of the certificate. If you selected Manual in Step 1, the signed certificate and a confirmation email are sent to the requestor via email and are also made available though the customer portal.
- Specify the validity period for the certificate.
- Click the Edit Challenge Phrase checkbox to enter a challenge phrase. The challenge phrase is your certificate password and is required when you renew or revoke a certificate.
- Confirm your challenge phrase.
- In the Certificate Retrieve Interval field, specify how often the vManage server checks if the Symantec signing server has sent the certificate.
- Click Save.
You need to select the certificate-generation method only once. The method you select is automatically used each time you add a device to the overlay network.
Generate Web Server Certificate
To establish a secure connection between your web browser and the vManage server using authentic certificates, generate a CSR to create a certificate, have it signed by a root CA, and then install it. To do so:
- Click the CSR button to the right of the Web Server Certificate bar.
- In the Common Name field, enter the domain name or IP address of the vManage server. For example, the fully-qualified domain name of vManage could be vmanage.org.local.
- In the Organizational Unit field, enter the unit name within your organization, for example, Network Engineering.
- In the Organization field, enter the exact name of your organization as specified by your root CA, for example, Viptela Inc.
- In the City field, enter the name of the city where your organization is located, for example, San Jose.
- In the State field, enter the state in which your city is located, for example, California.
- In the 2-Letter Country Code field, enter the two-letter code for the country in which your state is located. For example, the two-letter country code for the United States of America is US.
- From the Validity drop-down, select the validity period for the certificate.
- Click Generate to generate the CSR.
- Send the CSR to Symantec or a root CA ;for signing.
- When you receive the signed certificate, click the Certificate button to the right of the Web Server Certificate bar to install the new certificate. The View box displays the current certificate on the vManage server.
- Copy and paste the new certificate in the box. Or click the Import button, click Select a File to download the new certificate file, and click Import.
- Once the certificate is installed, reboot the vManage server.
Below is an example of a certificate generated with the above configuration. Note that the certificate is truncated in this example.
Enforce Software Version on vEdge Routers
If you are using the Viptela ZTP hosted service, you can enforce a version of the Viptela software to run on a vEdge router when it first joins the overlay network. To do so:
- Click the Edit button to the right of the Enforce Software Version (ZTP) bar.
- In the Enforce Software Version field, click Enabled.
- From the Software Version drop-down, select the version of the software to enforce on vEdge routers when they join the network.
- Click Save.
If you enabled this feature on the vManage NMS, any vEdge router joining the network is configured with the version of the software specified in the Enforce Software Version field regardless of whether the router was running a higher or lower version of Viptela software.
Create a Custom Banner
To create a custom banner that is displayed after you log in to the vManage NMS:
- Click the Edit button to the right of the Banner bar.
- In the Enable Banner field, click Enabled.
- In the Banner Info text box, enter the text string for the login banner or click Select a File to download a file that contains the text string.
- Click Save.
Collect Device Statistics
To enable or disable the collection of statistics for devices in the overlay network:
- Click the Edit button to the right of the Statistics Settings bar. By default, all statistics collection settings are enabled for all Viptela devices.
- To set statistics collection parameters for all devices in the network, click Disable All for the parameter you wish to disable statistics collection for.
To return to the saved settings during an edit operation, click Reset.
To return the saved settings to the factory-default settings, click Restore Factory Default
- To set statistics collection parameters for individual devices in the network, click Custom to select devices on which to enable or disable statistics collection. The Select Devices popup screen opens listing the hostname and device IP of all devices in the network. Select one or more devices from the Enabled Devices column on the left and click the arrow pointing right to move the device to the Disabled Devices column on the right. To move devices from the Disabled Devices to the Enabled Devices column, select one or more devices and click the arrow pointing left. To select all devices in the Select Devices popup screen, click the Select All checkbox in either window. Click Done when all selections are made.
- Click Save.