4. Configuring NP-Live

You are here:
< All Topics

Configuration Steps

Once NP-Live is installed, the application will start automatically.  If the Administrator wishes to start and stop the application, two helper scripts have been included to aid in these tasks:

  • Stop : /opt/np-live/stop_NP-Live.sh
  • Start : /opt/np-live/start_NP-Live.sh
NP-Live Docker IP Conflict
If NP-Live Docker is using IP addresses that conflict with addresses used on the local area network, the IP addresses used by Docker can be changed as follows:

  • Create a new network that will place hosts on an appropriate subnet
  • Configure NP-Live to use the new network

To create the network, log into the Docker host and run the following command (the example subnet can be replaced by any suitable value):

docker network create --driver overlay --subnet 10.10.10.0/24
NP-Live_external

To configure NP-Live, navigate to the directory where NP-Live is installed and create a file named “local-settings.yml” with the following contents:
'#' Local settings for NP-Live
version: '3.1'
networks:
external:
name: NP-Live_external

Next, modify the file start_NP-Live.sh by changing the last line to read:
     docker stack deploy -c docker-compose.yml -c local-settings.yml
     NP-Live
After the two files have been updated, re-start NP-Live and verify that the monitor container is using an IP address from the correct subnet.

Version mismatched between two composefiles : 3.4 and 3.1
When starting NP-Live, if this error is received, the version number in /opt/np-live/local-settings.yml needs to be at “version: ‘3.4’”. If not at version 3.4, please replace the contents of the local-settings.yml file with the code listed in the Setting the NP-Live Virtual Appliance Time Zone section and set your application time zone accordingly. This file is sticky and will remain after future upgrades. After the update, start the server using the above command.

Upon initial start, the Welcome screen shows the configuration wizard to guide the Administrator through the remaining configuration steps which include:

  • Configure authentication
  • Configure license key
  • Configure automatic updates
  • Configure users

Configure Authentication

The following authentication options are available in NP-Live.  Follow the wizard to setup any of the below options.  Note:  NP-View only uses local authentication.

  • Local: to create local accounts inside the NP-Live database with local user groups.
  • Active Directory / LDAP: to use active directory or LDAP for single sign on.
  • Radius: to connect NP-Live to your Radius authentication service.

The Administrator can reset the authentication method by selecting the “Reset authentication system” link that is available under the User Management function (the top-right menu).

Note that workspaces are assigned to user id’s.  If the authentication method is changed, the workspaces will no longer be available as the user id will likely change.  The administrator or workspace admin must utilize the transfer workspace function to assign the legacy workspace to the new user id’s.

Configure License Key

After the authentication, the Welcome screen will guide the Administrator through reviewing the EULA and adding the license key. The license key should have been sent to you by email and also posted on the Portal website at https://portal.network-perception.com. If you haven’t received a key, please send a request to support@network-perception.com.

Renewed or upgraded license keys can only be installed from the home screen (not from within a workspace) by members of the Administrator group.

Configure Automatic Updates

NP-Live can automatically download new releases and update itself if you select “Automatically check for updates”. Alternatively, you can select “Update NP-Live” from the system menu or update  offline using the following steps:

  1. Download the latest release from the Network Perception portal.
  2. Copy the release file to the NP-Live server using SCP or WinSCP
  3. Connect to the NP-Live shell using SSH and execute the release file with the command sh NP-Live_server_installer.sh

Configure Users and  Groups

For local authentication, NP-Live provides a User Management function to add users to the system.  The user ID should be the users email address (this will be used for notifications) and an administrator-defined password.  Each user will need to be assigned to a group which will provide the user with system wide access.

  1. Administrator – Has access to all users, workspace and system administration functions including managing users and license functions.
  2. WorkspaceAdmin – Has access to all user and workspace administration functions
  3. Viewer – Has access to all user functions

Connecting NP-Live to Active Directory or LDAP

For Active directory or LDAP authentication, the setup page will allow for the definition of three system groups using a Distinguished Name.  A Distinguished Name (often referred to as a DN or FDN) is a string that uniquely identifies an entry in the Directory Information Tree.

The format of a DN is: CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com.

For example:

ldap_group_admin = 'CN=NP-Live Admin, OU=Permissions, DC=ad, DC=np, DC=test'
ldap_group_write = 'CN=NP-Live WorkspaceAdmin, OU=Permissions, DC=ad, DC=np, DC=test'
ldap_group_read = 'CN=NP-Live Viewer, OU=Permissions, DC=ad, DC=np, DC=test'
group_translation = {'Administrator' : ldap_group_admin,
'WorkspaceAdmin' : ldap_group_write,
'Viewer' : ldap_group_read}

To find the DN on Windows, open a Windows command prompt and type the command: dsquery group -name {known group name}.  Industry best practice suggest using different names for each of the user groups.  If the same user group is used for one or more of the entries, the high level of permissions will be assigned to each user.

Troubleshooting Active Directory Configuration

If an error is returned when configuring Active Directory, the steps to troubleshoot are:

Step 1: From your Active Directory server, type the command below in a terminal after replacing the “CN=…” portion with the Distinguished Name of the group you’d like to check:

dsget group "CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com" -members

Verify that the output shows the expected list of user(s) in that group. If it doesn’t, check your Active Directory group and user configuration.

Step 2: From your Active Directory server, type the command below in a terminal after replacing the “CN=…” portion with the Distinguished Name of the group you’d like to check, and also replacing USERNAME with your actual username:

dsquery * -Filter "(&(objectClass=user)(memberOf:1.2.840.113556.1.4.1941:=CN=groupname,OU=grouptype,DC=subdomain,DC=example,DC=com)(sAMAccountName=USERNAME))"

If the output is empty, verify that your user in Active Directory has the attribute sAMAccountName set. If not, set it and try the command again. Verify also that the sAMAccountName value matches your AD username value. You can also try to enter the username in the NP-Live Active Directory configuration form with the format USERNAME@DOMAIN.

If the output shows the expected list of groups for that user, but NP-Live still generates an error, then contact the NP support team.

Connecting NP-Live to Radius

For Radius authentication, all users are assigned to the Administrator group.

Additional Configuration Features

Configure Path Analysis

To speed performance, path analysis defaults to analyzing mapped devices and networks. NP-Live can be extended to also analyze unmapped devices and networks.

To change the configuration,

  • stop the NP-Live application.
  • in the docker-compose.yml file for the manager service, change extendedAnalysis=False to extendedAnalysis=True
  • start the NP-Live application.

Note that extended analysis can take considerable time to complete for cases when there is a large number of unmapped objects.  In extreme cases, system resources may be exceeded and path analysis may terminate with exceptions prior to completion.

Configure Devices within a Custom View

To speed performance, custom views are limited to 15 devices. NP-Live can be extended to allow for more devices within a custom view.

To change the configuration,

  • stop the NP-Live application.
  • in the docker-compose.yml file for the manager and webserver service, change devCountLimit=15 to devCountLimit=Xwhere X is the value of your choice.
  • start the NP-Live application.

Note that increasing the number of devices within a custom view can take considerable time to analyze and may exceed the available system resources causing a system error and abrupt termination of the service.

Password Reset

Workspace Admin or Viewer user groups:  Contact your Administrator who can manually reset your password through the User management function on the system menu (upper right corner).

If you have an Administrator account, connect through SSH to the NP-Live server and remove the file db/auth_provider.cfg inside the NP-Live application folder (by default: /opt/np-live).

Refresh the NP-Live web page to show the Welcome screen and reconfigure the authentication.

License and Terms

The Administrator can Show, Add or Upgrade / Downgrade system licensing. Licensing terms and legal disclosures are available from this function.

Next: Training, NP-Connect and Notification Manager

Once configured, please proceed to the training section of the Knowledge Base to learn how to use NP-Live.  After training, please proceed to the NP-Connect Configuration section to configure automated data collection.  If you have any question, please don’t hesitate to contact support@network-perception.com.

Table of Contents