Skip to main content

4. Configuring NP-Live

You are here:
< All Topics

Configuration Steps

Once NP-Live is installed, the application will start automatically.  If the Linux Administrator wishes to start and stop the application, two helper scripts have been included to aid in these tasks:

  • Stop : /opt/np-live/stop_NP-Live.sh
  • Start : /opt/np-live/start_NP-Live.sh
NP-Live Docker IP Conflict
If NP-Live Docker is using IP addresses that conflict with addresses used on the local area network, the IP addresses used by Docker can be changed as follows:

  • Create a new network that will place hosts on an appropriate subnet
  • Configure NP-Live to use the new network

To create the network, log into the Docker host and run the following command (the example subnet can be replaced by any suitable value):

docker network create --driver overlay --subnet 10.10.10.0/24
NP-Live_external

To configure NP-Live, navigate to the directory where NP-Live is installed and create a file named “local-settings.yml” with the following contents:
'#' Local settings for NP-Live
version: '3.1'
networks:
external:
name: NP-Live_external

Next, modify the file start_NP-Live.sh by changing the last line to read:
     docker stack deploy -c docker-compose.yml -c local-settings.yml
     NP-Live
After the two files have been updated, re-start NP-Live and verify that the monitor container is using an IP address from the correct subnet.

Version mismatched between two compose files : 3.4 and 3.1
When starting NP-Live, if this error is received, the version number in /opt/np-live/local-settings.yml needs to be at “version: ‘3.4’”. If not at version 3.4, please replace the contents of the local-settings.yml file with the code listed in the Setting the NP-Live Virtual Appliance Time Zone section and set your application time zone accordingly. This file is sticky and will remain after future upgrades. After the update, start the server using the above command.

Upon initial start, the Welcome screen shows the configuration wizard to guide the Administrator through the remaining configuration steps which include:

  • Authentication
  • Licensing
  • Users

Configure Authentication

The following authentication options are available in NP-Live.

  • Active Directory / LDAP
  • Radius
  • Local

Active Directory or LDAP

For Active Directory or LDAP authentication we use LDAPv3 TLS over port 389.  If the communication returns an exception, we attempt unencrypted communication. We do not support LDAPS.  Before starting, note that setup requires a dedicated Credential Binding Account. The Credentials Binding Account must be included in at lease one of the system groups for NP-Live to query and link the users.

The setup page will allow for the definition of three system groups using a Distinguished Name.  A Distinguished Name (often referred to as a DN or FDN) is a string that uniquely identifies an entry in the Directory Information Tree. The format of a DN is: CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com.  Your domain needs to match the DC specified in your DN. For an example DN like above, the domain would be: ‘subdomain.example.com’.

For example:

ldap_group_admin = 'CN=NP-Live Admin, OU=Permissions, DC=ad, DC=np, DC=test'
ldap_group_write = 'CN=NP-Live WorkspaceAdmin, OU=Permissions, DC=ad, DC=np, DC=test'
ldap_group_read = 'CN=NP-Live Viewer, OU=Permissions, DC=ad, DC=np, DC=test'
group_translation = {'Administrator' : ldap_group_admin,
'WorkspaceAdmin' : ldap_group_write,
'Viewer' : ldap_group_read}

To find the DN on Windows, open a Windows command prompt and type the command: dsquery group -name {known group name}.  Industry best practice suggest using different names for each of the user groups.  If the same user group is used for one or more of the entries, the high level of permissions will be assigned to each user.

Troubleshooting Active Directory Setup

If an error is returned when configuring Active Directory, the steps to troubleshoot are:

Step 1: From your Active Directory server, type the command below in a terminal after replacing the “CN=…” portion with the Distinguished Name of the group you’d like to check:

dsget group "CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com" -members

Verify that the output shows the expected list of user(s) in that group. If it doesn’t, check your Active Directory group and user configuration.

Step 2: From your Active Directory server, type the command below in a terminal after replacing the “CN=…” portion with the Distinguished Name of the group you’d like to check, and also replacing USERNAME with your actual username:

dsquery * -Filter "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com)(sAMAccountName=USERNAME))"

If the output is empty, verify that your user in Active Directory has the attribute sAMAccountName set. If not, set it and try the command again. Verify also that the sAMAccountName value matches your AD username value. You can also try to enter the username in the NP-Live Active Directory configuration form with the format USERNAME@DOMAIN.

If the output shows the expected list of groups for that user, but NP-Live still generates an error, then contact the NP support team.

Radius

Radius authentication requires your server address, secret, once input, the user can test their connection using their personal login credentials for verification.  Note that for Radius authentication, all users are assigned to the Administrator group.

Local Authentication

NP-Live provides an internal mechanism for the administration of users.  During setup, the screen will require the user to setup the Administration account by inputting a user ID and password.  This account will be assigned to the Administrator role within NP-Live and will have access to all system features.

NP-Live provides a User Management function to add users to the system.  The user ID should be the users email address (this will be used for notifications) and an administrator-defined password.  Each user will need to be assigned to a group which will provide the user with system wide access.

  1. Administrator – Has access to all users, workspace and system administration functions including managing users and license functions.
  2. WorkspaceAdmin – Has access to all user and workspace administration functions
  3. Viewer – Has access to all user functions

Authentication Reset

The Administrator can reset the authentication method by selecting the “Reset authentication system” link that is available under the User Management function (the top-right menu). “Reset authentication” only resets the authentication and does not remove any workspaces or data.  Note that workspaces are assigned to user id’s.  If the authentication method (or user id format) is changed, the workspaces will no longer be available to users.  The administrator or workspace admin must utilize the transfer workspace function to assign the legacy workspace to the new user id’s.

Configure License Key

After the authentication, the Welcome screen will guide the Administrator through reviewing the EULA and adding the license key. The license key should have been sent to you by email and also posted on the Portal website at https://portal.network-perception.com. If you haven’t received a key, please send a request to support@network-perception.com.

Renewed or upgraded license keys can only be installed from the home screen (not from within a workspace) by members of the Administrator group.

Additional Configuration Features

Configure Automatic Updates

NP-Live can automatically download new releases and update itself if you select “Automatically check for updates”. Alternatively, you can select “Update NP-Live” from the system menu or update  offline using the following steps:

  1. Download the latest release from the Network Perception portal.
  2. Copy the release file to the NP-Live server using SCP or WinSCP
  3. Connect to the NP-Live shell using SSH and execute the release file with the command sh NP-Live_server_installer.sh

Configure Path Analysis

To speed performance, path analysis defaults to analyzing mapped devices and networks. NP-Live can be extended to also analyze unmapped devices and networks.

To change the configuration,

  • stop the NP-Live application.
  • in the docker-compose.yml file for the manager service, change extendedAnalysis=False to extendedAnalysis=True
  • start the NP-Live application.

Note that extended analysis can take considerable time to complete for cases when there is a large number of unmapped objects.  In extreme cases, system resources may be exceeded and path analysis may terminate with exceptions prior to completion.

Configure Devices within a Custom View

To speed performance, custom views are limited to 15 devices. NP-Live can be extended to allow for more devices within a custom view.

To change the configuration,

  • stop the NP-Live application.
  • in the docker-compose.yml file for the manager and webserver service, change devCountLimit=15 to devCountLimit=Xwhere X is the value of your choice.
  • start the NP-Live application.

Note that increasing the number of devices within a custom view can take considerable time to analyze and may exceed the available system resources causing a system error and abrupt termination of the service.

Configure Shutdown and Startup Options

To speed performance on startup, NP-Live terminates background processes that are running when the system is gracefully shutdown and clears out all tasks and jobs.  If any process remains upon startup, they are also terminated.

To change the configuration,

  • stop the NP-Live application.
  • in the docker-compose.yml file for the manager change cancelTasksStartup=True to cancelTasksStartup=False
  • in the docker-compose.yml file for the manager change clearRqStartup=True to clearRqStartup=False Note that the previous setting must also be set to True for this operation to work.
  • start the NP-Live application.

Password Reset

Workspace Admin or Viewer user groups:  Contact your Administrator who can manually reset your password through the User management function on the system menu (upper right corner).

If you have an Administrator account, connect through SSH to the NP-Live server and remove the file db/auth_provider.cfg inside the NP-Live application folder (by default: /opt/np-live).

Refresh the NP-Live web page to show the Welcome screen and reconfigure the authentication.

License and Terms

The Administrator can Show, Add or Upgrade / Downgrade system licensing. Licensing terms and legal disclosures are available from this function.

Next: Training and Workspaces

Once configured, please proceed to the training section of the Knowledge Base to learn how to use NP-Live.  After training, please proceed to the Workspaces section to learn how to use workspaces.   If you have any question, please don’t hesitate to contact support@network-perception.com.

Table of Contents