Alcatel-Lucent OMNIVISTA SAFEGUARD MANAGER User Manual
OmniVista SafeGuard
Manager
Release 3.0
Administration Guide
PART NUMBER: 005-0034 REV A1
UBLISHED: MARCH 2007
P
A
LCATEL-LUCENT
26801 WEST AGOURA ROAD
CALABASAS, CA 91301 USA
(818) 880-3500
WWW.ALCATEL-LUCENT.COM
Alcatel-Lucent Proprietary
Copyright © 2007 Alcatel-Lucent. All rights reserved. This document may not be reproduced in whole
or in part without the expressed written permission Alcatel-Lucent. Alcatel-Lucent ® and the AlcatelLucent logo are registered trademarks of Alcatel-Lucent. All other trademarks are the property of their
respective owners.
2
OmniVista SafeGuard Manager Administration Guide
Contents
Preface
About This Guide. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Guide Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Conventions Used in This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Chapter 1: Getting Started
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Key Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
OmniVista SafeGuard Manager Client Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Starting the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Installing the Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Logging In to the Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Navigation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Dashboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Menus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Page Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Action Bar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Viewing Tips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
Modifying Your Password. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Adding a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Chapter 2: Installation and Setup
Installing the OmniVista SafeGuard Manager Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
Upgrading the OmniVista SafeGuard Manager Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Pre-Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Uninstalling the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Starting the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Shutting Down the Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
OmniVista SafeGuard Manager Administration Guide
3
Contents
Installing the OmniVista SafeGuard Manager Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .37
Logging into the OmniVista SafeGuard Manager Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Connecting Over Firewall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41
Chapter 3: General Navigation
Viewing Visualization Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44
Viewing Table Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Navigating between Different Table Views. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .47
Choosing Columns in a Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48
Searching and Sorting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Searching Table Data Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Sorting Table Data Locally. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .51
Searching and Sorting Data in the Entire Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Exporting and Printing Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53
Using the Status Bar. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54
Chapter 4: Visualization
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .57
Security Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
User Sessions with Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62
Network Awareness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Configuring Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Defining Modules within a Dashboard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69
Defining Bars within a Module. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76
Viewing Visualization Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Viewing Policy Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79
Viewing Malware Incidents. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Viewing Posture Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84
Viewing User Sessions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85
Viewing Application Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Viewing Application Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Viewing Application Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Creating Policy Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91
Viewing Time-based Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Additional Time-based Filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
Viewing Active Data Against Historical Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
4
OmniVista SafeGuard Manager Administration Guide
Chapter 5: Device Configuration
Managing Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Checking a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Adding a New Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .98
Configuring Device Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .103
Application Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Application Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Network Zones . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .107
Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Role Derivations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .119
Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122
LDAP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125
Editing Device Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127
Editing Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Creating a New Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133
Importing Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
Contents
Deleting an Existing Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Polling a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Synchronizing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137
Manually Synchronizing a Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Device Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138
Manage Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
Manage Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .144
Reboot Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .149
Refresh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .150
Other Actions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .152
Execute Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .153
ICS Admin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Delete Visualization Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .154
Update Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .155
Discard Non-template Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .156
Understanding Device Management Display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Recommended Device Management Workflow. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .159
Chapter 6: Query and Reports
Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .162
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Defining a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .166
Scheduling a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169
Generating a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
OmniVista SafeGuard Manager Administration Guide
5
Contents
Chapter 7: Managing the Server
User Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174
Authentication Guidelines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Adding a New User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Enabling Dual-Admin or 4-Eye Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178
File Repository . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182
Server Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Setting Visualization Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183
Exporting the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186
Purging the Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188
Backing Up the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189
Restoring the Database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
Mailing Malware and Report Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192
Periodic Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .194
General . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195
Chapter 8: Audit Logs and Statistics
Audit Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198
OmniVista SafeGuard Manager Log Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .199
Device Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .201
Viewing Device Health Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .202
Server Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .204
Viewing Server Health Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .205
Index
6
OmniVista SafeGuard Manager Administration Guide
Preface
In this preface:
■ About This Guide
■ Conventions Used in This Guide
■ Related Documentation
Preface
About This Guide
This guide describes the OmniVista SafeGuard Manager command center features,
including how to use and navigate through different views. This guide also provides
detailed installation procedures for the server and client.
Intended Audience
The OmniVista SafeGuard Manager Administration Guide is for experienced network
administrators who are responsible for installing, configuring, and maintaining the
Alcatel-Lucent devices and OmniVista SafeGuard Manager command center.
Guide Overview
The information in this guide is separated into several chapters to make it easy for you to
find exactly what you are looking for.
Chapter Description
Chapter 1, Getting Started Provides installation procedures and a brief overview
of the key features of the OmniVista SafeGuard
Manager command center.
Chapter 2, Installation and
Setup
Chapter 3, General
Navigation
Chapter 4, Visualization Describes the configuration of dashboards and the
Chapter 5, Device
Configuration
Chapter 6, Query and Reports Describes the creation, printing, and viewing of
Chapter 7, Managing the
Server
Provides detailed installation and setup instructions.
Describes different navigation techniques such as,
search and sorting.
checking of user activity, health of the host system,
violation histories, and other network activity.
Provides instructions for configuring device objects
and templates.
reports on network traffic and incidents.
Describes client settings, user accounts, and user
authentication. Additionally, it describes server
settings: how to restore, purge, or back up the
database and set up the OmniVista SafeGuard
Manager mailer so email notifications can be sent
on Malware events and reports.
Chapter 8, Audit Logs and
Statistics
8
Provides audit log information and device and
server health and statistics.
OmniVista SafeGuard Manager Administration Guide
Conventions Used in This Guide
This document uses the following conventions:
Italic Italics are used the first time a glossary term is introduced,
for the titles of books, and for menu items.
■ Bulleted lists Bulleted lists designate items of equal importance.
1 Numbered lists Numbered lists designate a specific sequence of steps
required to complete a procedure.
Boldface type Boldface type is used for button names.
Code Code excerpts and command line sequences are
shown in this type face.
Ellipsis.... Is used in code and argument syntax to indicate that
inconsequential information is not shown.
Preface
NOTE: Means readers pay special attention to the information. Notes contain
helpful suggestions or references to materials covered in the guide.
CAUTION: Informs users to be careful of situation described in
Cautions. In this situation, you could do something that could result
in deletion of information or damage of equipment.
WARNING: Informs users of safety conditions. In this situation, you
could do something that could result in bodily injury or electric
shock.
OmniVista SafeGuard Manager Administration Guide
9
Preface
Related Documentation
■
OmniAccess SafeGuard Controller Installation Guide
Describes the OmniAccess SafeGuard Controller. The guide provides detailed
installation instructions and technical specifications for the OmniAccess
SafeGuard Controller.
■
OmniAccess SafeGuard OS Administration Guide
Provides concepts and configuration instructions for the major features of
OmniAccess SafeGuard OS and its supported products, which includes End Point
Validation (EPV) the integral component for using ICS.
■
ICS Dissolvable Agent for SafeGuard Administration Guide
Describes how to configure the Integrity Clientless Security (ICS) module of the
Alcatel-Lucent Network Admission Control (NAC).
Additional Resources
Alcatel-Lucent publishes documents for Alcatel-Lucent customers at:
www.Alcatel-Lucent.com
10
OmniVista SafeGuard Manager Administration Guide
chapter
Getting Started
1
This section includes the following:
■ Overview
■ Key Features
■ Getting Started
■ Navigation
■ Viewing Tips
■ Modifying Your Password
■ Adding a Device
Chapter 1: Getting Started
Overview
The OmniVista SafeGuard Manager command center provides centralized and easy-touse management of one or more Alcatel-Lucent devices, enabling network administrators
to perform basic configuration, management, and monitoring of several devices in a
single interface. OmniVista SafeGuard Manager provides the foundation for gaining
usage awareness and flagging network security incidents by users; it also enables global
policy configuration with the ability to take real-time action from the control panel.
Powerful predefined reports provide clear views on enterprise network health and user
actions.
Unlike traditional network management systems that report at the MAC or IP level,
OmniVista SafeGuard Manager maps events to the network users. A user is identified by
the SafeGuard Controller enforcement devices during the authentication phase. This user
ID is then bound to the MAC and IP addresses of the computer, such that, that any future
communication from that machine is bound to the user ID. This allows an administrator
to identify any user incidents or identify the location of the violating machine.
User-based features combined with drillable data navigation enable OmniVista
SafeGuard Manager to communicate business information simply at a top level, yet the
details are only a click away. This real-time correlation of network incident or awareness
events to the user saves hours of manual association and custom scripting.
OmniVista SafeGuard Manager 3.0 supports the following:
■ Devices: OAG 1000, OAG 2400, OAG 4048x
■ SafeGuard platform: SafeGuard software release 3.0
Key Features
The OmniVista SafeGuard Manager command center Release 3.0 supports the following
features:
■ Device Configuration—Allows you to manage devices with detailed views of
devices and physical ports. Also keeps your network under a single management
system allowing you to select actions on the canned policies and push down to
devices.
■ User Authentication—In addition to local database authentication, OmniVista
SafeGuard Manager users can be authenticated using an external RADIUS server.
12
■ Visualization Filters—Allows you to set up visualization filters such that you can
selectively view events based on VLAN ID, application type, or user role.
■ VLAN Filters—Allows you set up visualization filters based on VLAN IDs.
■ Drillable Database Query—Allows you to execute pre-defined and custom
queries.
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
■ Policy Creation Using Flows—Allows you to create policy filters from data
available in an application flow.
■ CSV/HTML Report Generator—Allows you to create customized reports with
server-side Scheduler; these reports can be e-mailed and printed easily.
■ Real-time Incident Dashboard—Displays total number of users, authenticated
and unauthenticated, device health, and policy, posture, and malware incidents.
Also displays incidents for unauthenticated users and top user roles with
incidents/incident counts. Administrators can remove offending machines off the
network and revoke user privileges by de-authenticating users.
■ Real-time User Incident Dashboard—Displays authentication failures by users,
users with policy, posture, and malware incidents, and top user roles with
incidents.
■ Real-time Awareness Dashboard—Displays top 10 user sessions by bandwidth,
top 10 destinations, top 10 Web Sites, top 10 applications by flow count, bottom 10
applications by flow count, or top 10 applications by bandwidth.
■ Audit Logs—Provides logs that indicate who did what and when and on which
device. These logs are for user and device operations and can be helpful for
auditing purposes.
■ Device and Server Health—Allows you to collect, view, and store statistics
relating to device or server health. These statistics are helpful in analyzing each
device’s performance and its current connections.
■ Software Upgrade—Allows you to upgrade the software version on the device.
■ File Distribution—Allows you to manage files in a repository and distribute as
necessary.
■ Reboot—This feature allows you to reboot the selected device(s).
■ Online Help—The online help feature is available using the F1 function key.
OmniVista SafeGuard Manager Administration Guide
13
Chapter 1: Getting Started
Getting Started
The OmniVista SafeGuard Manager command center has client and server components.
The server runs on a Windows server system, and the client runs on a Windows client
system using Internet Explorer. The client can be deployed directly from the server using
the Java Web Start technology.
To quickly get started with OmniVista SafeGuard Manager, you need the following:
■ System Requirements
■ OmniVista SafeGuard Manager Client Requirements
■ Starting the Server
■ Starting the Server
■ Installing the Client
■ Logging In to the Client
■ Dashboards
■ Menus
■ Adding a Device
System Requirements
The following requirements are for OmniVista SafeGuard Manager server installation.
The software installation enforces these requirements, and exits you out of the
installation if the minimum requirements are not met. For more installation information,
see Installing the OmniVista SafeGuard Manager Server.
■ 2-GB RAM
■ 60-GB free disk space
NOTE: The disk space is allocated as 5GB for installation and 55GB for
data. Installation needs to be performed using the C drive and this
drive should have a minimum of 5GB free space; however, data can be
saved to the D drive that should have a minimum of 55GB space.
■ Microsoft Windows Server 2003 (Enterprise, Standard, or Web Edition)
14
NOTE: Microsoft Windows Server 2003 should have SP1 installed.
Alcatel-Lucent supports 32 bit versions only.
OmniVista SafeGuard Manager Administration Guide
■ 2.8-GHz processor speed
■ 2 processors
NOTE: The appliance that ships from Alcatel-Lucent meets all these
requirements.
OmniVista SafeGuard Manager Client Requirements
The OmniVista SafeGuard Manager client can be run on most Windows systems.
Minimum requirements are:
■ One of the following Windows platforms:
— Microsoft Windows Server 2000
— Microsoft Windows Server 2003 (Enterprise or Standard)
Chapter 1: Getting Started
— Microsoft Windows XP Professional
■ 2.8-GHz single CPU
■ 512-MB RAM
■ 2-GB hard disk
■ Internet Explorer 6.0 or higher
■ Screen resolution of 1024 x 768 pixels
■ Internet connectivity to install Java Web Start
OmniVista SafeGuard Manager Administration Guide
15
Chapter 1: Getting Started
Starting the Server
When you boot up the OmniVista SafeGuard Manager appliance, the OmniVista
SafeGuard Manager server is started automatically. However, if you upgraded the
software version or re-installed the software, you must manually start the server. For
more information on installing, upgrading, or uninstalling, see Installation and Setup.
To manually start the server:
1 Use the Windows shortcut from the Start menu, Programs > OmniVista SafeGuard
Manager > Start Server.
A GUI window displays. This window performs checks to verify that all ports
needed for the server are available, starts all the server components as Windows
services, and informs you when the server is ready.
2 Click OK to close the window.
The OmniVista SafeGuard Manager server runs in the background. If you now
reboot the system, the server should come up automatically.
Installing the Client
The OmniVista SafeGuard Manager client is based on Java Web Start technology,
allowing you to install the client automatically with a single click over the network. For
more information on client installation, see Installation and Setup.
To install the client:
1 Launch Internet Explorer.
2 Access the OmniVista SafeGuard Manager system by typing the following URL:
http://<server-ip-address>
If the client does not have Java Web Start already installed, you are prompted to
install Java Runtime Environment (JRE). Follow the on-screen prompts using the
default options to install JRE. Java Web Start is included with JRE.
NOTE: The automatic installation of JRE requires ActiveX controls to be
enabled on your Internet Explorer. If ActiveX controls are not enabled, a
“download Java Web Start” link displays. Internet Explorer also alerts you if
ActiveX controls are not enabled and gives you an option to enable ActiveX
controls. You can choose to enable ActiveX controls for automatic installation
of Java Web Start, or you can download JRE version 1.5.0 by going to the
download link. If you manually install Java Web Start, repeat Step 2.
16
After Java Web Start is installed, the OmniVista SafeGuard Manager client code is
downloaded and installed. Java Web Start displays a dialog box informing you
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
that the application is authored by Alcatel-Lucent and needs some privileges on
your client system (Figure 1).
Figure 1 Security Warning
3 Click Start. A prompt appears asking if you want to create a shortcut on the
desktop.
4 Select Yes to create a shortcut. If you select No, you can still launch the client
using the URL from Step 2.
The client launches. See Logging In to the Client for information on logging
procedures.
NOTE: Every time the OmniVista SafeGuard Manager client is launched, it
compares its version with the OmniVista SafeGuard Manager server. If the
client version is different than that of the server, the client automatically
updates itself from the new version of the server.
OmniVista SafeGuard Manager Administration Guide
17
Chapter 1: Getting Started
Logging In to the Client
To log in to the client:
1 Launch the client using either of the following methods:
— Double-click on the shortcut that was created on your desktop when you first
installed the client.
— Invoke from Internet Explorer by typing the URL (http://ip-address-of-
OmniVistaSafeGuardManager-server).
— Launch from the start menu using start menu > OmniVista SafeGuard
Manager > Client
NOTE: If you are launching the client from the server for the first
time, you might be prompted to install certain applications. See
Installing the Client for more information.
The Login screen appears (Figure 2).
Figure 2 OmniVista SafeGuard Manager Client Login Screen
2 In the Username field, type
admin as the default user.
18
3 In the Password field, type
password.
OmniVista SafeGuard Manager Administration Guide
4 Click Login. If you are logging in for the first time to the OmniVista SafeGuard
Manager server, the Alcatel-Lucent License Agreement will be displayed. You
must accept it to use OmniVista SafeGuard Manager.
NOTE: The license agreement is a one-time acknowledgement for
each server and is not displayed for this client or any other client or
this server.
The client is successfully launched, and the OmniVista SafeGuard Manager
command center panel displays (Figure 3).
Figure 3 OmniVista SafeGuard Manager Dashboard
Chapter 1: Getting Started
OmniVista SafeGuard Manager Administration Guide
19
Menu Bar
Page Bar
Action Bar
Chapter 1: Getting Started
Navigation
When you log into the OmniVista SafeGuard Manager command center, a navigation
panel displays that allows you to access the various features by simply clicking a button
or using a menu item. You can navigate the OmniVista SafeGuard Manager command
center using the following:
■ Dashboards
■ Menu Bar
■ Page Bar
■ Action Bar
Figure 4 OmniVista SafeGuard Manager Navigation Elements
Dashboards
The OmniVista SafeGuard Manager command center has three dashboards that provide a
high-level network summary. These dashboards can be used to further investigate either
actionable user incidents or informational and user traffic patterns. For more information
on how to use the visualization features of the dashboard, see Visualization. The three
dashboards are:
■ Incidents—Displays total number of users, authenticated and unauthenticated,
■ User Incidents—Displays authentication failures by users, users with policy,
■ Network Awareness—Displays various application usage patterns and statistics
device health, and policy, posture, and malware incidents. Administrators can
remove offending machines off the network and revoke user privileges by deauthenticating users.
posture, and malware incidents, and top user roles with incidents.
for active users, such as top 10 user sessions by bandwidth, top 10 user sessions
with most blocked incidents, top 10 destinations, top 10 Web Sites, and so forth.
The modules are automatically refreshed every 5 minutes.
20
OmniVista SafeGuard Manager Administration Guide
Menus
You can access the OmniVista SafeGuard Manager features by selecting menu commands
that are located in the menu bar, which is the toolbar located at the top of the screen
(Figure 4).
Page Bar
The OmniVista SafeGuard Manager Page Bar icons allow you to access the various
features of OmniVista SafeGuard Manager while retaining the context as much as
possible. The Page Bar icons provide a quick single-click action that is synonymous with
the menu items:
Table 1 Navigating within OmniVista SafeGuard Manager
Chapter 1: Getting Started
Page Bar
Icon
Menu Sequence
View > Go To >
Dashboard
View > Go To >
Policy Incidents
View > Go To >
Malware Incidents
View > Go To >
Posture Incidents
View > Go To >
Users
View > Go To >
Applications
View > Go To >
Application
Instances
Key
Sequence
Ctrl + 0 Dashboards Displays Incidents, User Incidents,
Ctrl + 1 Policy
Ctrl + 2 Malware
Ctrl + 3 Posture
Ctrl + 4 Users Displays network activity per user.
Ctrl + 5 Applications Displays network activity per
Ctrl + 6 Application
Displays View Description
and Global Awareness
dashboards.
Displays all policy incidents.
Incidents
Displays all malware incidents.
Incidents
Displays all posture Incidents.
Incidents
application.
Displays the user bandwidth
Instances
usage for each user, application
type, destination port, and
destination IP address.
View > Go To >
Application Flows
View > Go To >
Reports
OmniVista SafeGuard Manager Administration Guide
Ctrl + 7 Application
Ctrl + 9 Reports Allows you to create and view
Flows
Displays application flows for all
application.
reports on network traffic
patterns and anomalies.
21
Chapter 1: Getting Started
Table 1 Navigating within OmniVista SafeGuard Manager (continued)
Page Bar
Icon
Menu Sequence
View > Go To >
Config
Management
View > Go To >
Audit Logs
View > Go To >
Statistics
When you click on any of the Page Bar icons, a table view is displayed that shows the
Navigation Tree on the left-side, the contents in the upper-half of the screen and details
for the selected object in the lower-half of the screen. The Navigation Tree and the Action
Bar change based on the action task selected in the Page Bar.
Action Bar
Key
Sequence
Shift + 1 Config
Shift + 2 Audit Logs Displays log entries that are
Shift + 3 Statistics Displays device and server health
Displays View Description
Enables you to manage Alcatel-
Management
Lucent devices, view inventory,
and perform minimal
configuration of the device
system and ports.
relevant for auditing purposes.
statistics.
The Action Bar allows you to access commands, as you need them, by a simple click of a
button.
To use the Action Bar, do any of the following:
■ To choose a command from the bar, click the command button or Actions >
command
■ To view what a command does, position the mouse over the command button to
see its tooltip.
■ To close the Action Bar, choose View > Toolbars > Actions.
22
OmniVista SafeGuard Manager Administration Guide
Viewing Tips
The following tips expedite your navigation through the OmniVista SafeGuard Manager
Manager panels and windows:
■ Buttons in the Action Bar are used to execute actions. Select a row and then click
the action button. If an action is not applicable for the selected row, the
corresponding button is disabled.
■ In the table views, some information about the table size is displayed above the
table (the number of rows) and the alarm and infection status is displayed in the
status bar below the table.
■ You can search the data from the visualization database using filters. To view
filters, click Find in the Action Bar. A free-form search field is displayed where
you can type keywords to search data displayed in table views. To search the data
from the database, click Database Search. A new search and sort header opens at
the top of the table header. Click on the search bar of the column to specify the
filtering criteria for that column. Click on the sort bar for the column to specify the
sort criteria for that column. You can select multi-column sort order. After you
have finished setting filters for one or more columns, click Refresh to see the new
results. To clear all filters, click Clear. For more information on how to use the
search and sort features, see General Navigation.
Chapter 1: Getting Started
■ Select a row to view detailed information on the selected row.
■ Right-click on a row to display applicable actions.
OmniVista SafeGuard Manager Administration Guide
23
Chapter 1: Getting Started
Modifying Your Password
The Account Management feature of OmniVista SafeGuard Manager allows an
administrator to perform basic modifications to user accounts, such as adding users,
changing passwords, and configuring dual-admin.
To modify your password:
1 Select Tools > OmniVista SafeGuard Manager Users > User Accounts... The Account
Management window (Figure 5) displays.
Figure 5 Account Management Window
2 Select one of the following Admin Login Setting:
■ Standard—requires a single login and password
■ Dual-admin—requires two logins and passwords
3 Click Apply to apply the login setting.
NOTE: The Enabled checkbox shows the status of the user account.
This is used to indicate whether the user can log in or not. For all user
accounts, except admin, when an authentication method is changed
from Radius to local, the account is set to “disabled”. The account
remains in a disabled state until the administrator resets the password
for the account.
4 Select the “admin” user and click Modify to change the password for the “admin”
user. The Modify User Account dialog box (Figure 6) displays.
24
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
Figure 6 Modify User Account Dialog Box
5 Modify the password, as needed, and click Modify Password.
6 Click Modify Account if you are changing the admin role or user information.
NOTE: For more information on adding a new user or the different
types of user roles, see User Accounts.
Adding a Device
Before you can visualize any data, you need to add a device. For more information on
device management, see Device Configuration.
To add a single device:
1 Select the Device Configuration icon from the Page Bar or select the View > Go To >
Config Management menu item.
2 Click the New icon from the Action Bar.
3 Select Single Device. The New Device (Figure 7) dialog box displays.
OmniVista SafeGuard Manager Administration Guide
25
Chapter 1: Getting Started
Figure 7 New Device Dialog Box
4 Enter the following device attributes:
Table 2 Add Device Attributes
Attribute Description
IP Address The Management IP address of the device.
SNMP Community
String (Read)
SNMP Community
(Read/Write)
Name Device name.
Region Name of the region in which the device is located.
Building Name of the building in which the device is located.
Enable Application
Flow Collection
Associated Template Select a template from the pull-down list that you
Simple Network Management Protocol (SNMP) read
community name that was configured when the
device was initially set up.
SNMP read/write community name that was
configured when the device was initially set up.
Click this box if you want to collect application flow
data.
want to associate with the device. For more
information on templates, see Templates.
26
OmniVista SafeGuard Manager Administration Guide
Chapter 1: Getting Started
NOTE: Make sure that the attributes are specified correctly; otherwise,
adding a device fails producing one of the following error messages,
“Device unreachable,” or “Device is not a Alcatel-Lucent device,” or “Unable
to communicate with IP Address.”
5 Click OK to add the device. The add process reads the system configuration and
the list of outstanding visualization events from the device using a combination of
SNMP and Alcatel-Lucent proprietary OmniVista SafeGuard Manager
Visualization Channel.
NOTE:
some of the events may be lost by the time you add the device.
The device displays in the All Devices panel and the device objects display in the
Device Hierarchy navigation tree.
NOTE:
strings for the device to be added.
To add multiple devices:
1 Select the Device Configuration icon from the Page Bar or select the View > Go To >
Config Management menu item.
2 Click the New icon from the Action Bar.
3 Select Multi Device. The Create Devices (Figure 8) dialog box displays. You can
populate this table using either the Import From File or the Add Entry option.
Figure 8 Add Multiple Devices
The device periodically ages out the visualization data; therefore,
The device must be reachable with appropriate community
OmniVista SafeGuard Manager Administration Guide
27
Chapter 1: Getting Started
4 Click Import From File to import a list of devices written in a specific format. For
example:
#########################################################################
Name: Device List File #Purpose: For bulk device addition into OmniVista
SafeGuard Manager Syntax of each line: #
ip,read,readwrite,name,region,building,enable-flow-collection-in-truefalse # # Example: 172.16.3.125,public,private,controller,R1,B1,true
#########################################################################
172.16.3.125,public,private,controller,R1,B1,true
172.16.1.53,public,private,switch,R1,B2,true
5 Click Add Entry to add another entry in the table. This can be used to create a list.
6 The following device attributes are displayed:
Table 3 Add Device Attributes
Attribute Description
Select Device Select the Select Device checkbox to select all
devices in the list.
Device Show the device name with its IP address.
IP Address The Management IP address of the device.
SNMP Community
String (Read)
Simple Network Management Protocol (SNMP) read
community name that was configured when the
device was initially set up.
SNMP Community
(Read/Write)
SNMP read/write community name that was
configured when the device was initially set up.
Device Name Device name.
Action Status Status of the action you selected.
7 Click Clear Entries to clear all entries from the table.
8 Click Execute. The server schedules and processes each entry and provides
feedback and action detail in the Action Status column.
28
OmniVista SafeGuard Manager Administration Guide
chapter
Installation and Setup
2
This section includes the following:
■ Installing the OmniVista SafeGuard Manager Server
■ Upgrading the OmniVista SafeGuard Manager Server
■ Uninstalling the Server
■ Starting the Server
■ Shutting Down the Server
■ Installing the OmniVista SafeGuard Manager Client
■ Installing the OmniVista SafeGuard Manager Client
■ Logging into the OmniVista SafeGuard Manager Client
■ Connecting Over Firewall
Chapter 2: Installation and Setup
Installing the OmniVista SafeGuard Manager Server
To install the OmniVista SafeGuard Manager server:
1 Double-click the executable file (
The Installation Wizard prepares Java Virtual Machine (JVM) and initializes the
installation wizard. This could take a few seconds.
After the initialization process is completed, the Welcome screen displays
(Figure 9).
Figure 9 Installation Welcome Screen
omnivista-safeguard-<version>.exe).
30
2 Click Next. The Alcatel-Lucent license agreement displays (Figure 10).
OmniVista SafeGuard Manager Administration Guide
Loading...