ZyXEL SecuManager Installation guide

Type
Installation guide
Default Login Details
Installation Guide
Cloud CNM
SecuManager
Copyright © 2017 Zyxel Communications Corporation
myZyxel.com URL http://portal.myzyxel.com
Cloud CNM
SecuManager ID
CNM-ID from myZyxel.com
Cloud CNM
SecuManager
URL
https://Your-Server-IP
Username secu_manager
Password 1234
Version 3.00 Edition 1, 11/2017
Cloud CNM SecuManager User’s Guide
2
IMPORTANT!
READ CAREFULLY BEFORE USE.
KEEP THIS GUIDE FOR FUTURE REFERENCE.
This is a User’s Guide for a series of products. Not all products support all firmware features. Screenshots
and graphics in this book may differ slightly from your product due to differences in your product
firmware or your computer operating system. Every effort has been made to ensure that the information
in this manual is accurate.
Related Documentation
User Guide
The User Guide shows how to connect the Cloud CNM SecuManager and access the Web
Configurator.
•More Information
Go to support.zyxel.com to find other information on the Cloud CNM SecuManager.
Cloud CNM SecuManager User’s Guide
3
CHAPTER 1
Installation
1.1 Installation Overview
The following guide describes how to install and configure your SecuManager. From now on we refer to
Cloud CNM SecuManager as SecuManager.
To set up SecuManager and begin managing and monitoring your devices use the following
procedure:
1 Install SecuManager Server
2 Register the SecuManager License
3 Logging into SecuManager
4 Register Managed Zyxel Devices
5 Import Devices into SecuManager Server
6 Configure Managed Devices
7 Import Certificate into SecuManager
8 Enable HTTPS Authentication in a Zyxel Device
9 Register/Activate SecuManager License on myZyxel
You can perform network management via SecuManager using an Internet browser. Browsers
supported are:
Mozilla Firefox 48 or later
Google Chrome 55 or later
Microsoft Edge 14 or later
Apple Safari 9 or later
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
4
1.2 Install SecuManager Server
To install SecuManager download the SecuManager VM Image from Support > Download at Zyxel’s
global website.
Before installing SecuManager you will need a virtual machine (VM) server. Servers supported are:
VMware ESXi Server (v5.10 or later)
Windows Hyper-V 3.0 (Hyper-V Server 2012, Windows Server 2012 or later)
1.2.1 Deploy to VMware ESXi Server
Follow these steps to install SecuManager using VMware ESXi Server.
1 Go to File in the navigation panel and click Deploy OVF Template...
2 The Deploy OVF Template window will display. Click Browse to search for the SecuManager VM image
and click Next.
Table 1 System Requirements
PER VIRTUAL MACHINE
UP TO 50
NODES
UP TO 250
NODES
UP TO 500
NODES
UP TO 1000
NODES
CPU Cores 2 2 4 8
RAM (GB) 8 16 24 32
Hard Disk Drive (HDD) size on the Storage Area
Network (SAN)
50 GB 50 GB 100 GB 200 GB
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
5
3 After SecuManager appears in the panel on the left, right-click on Cloud CNM SecuManager and select
Edit Settings... to view or change the SecuManager settings.
4 The Virtual Machine Properties window will display. Use the following screens to change any of the
SecuManager features. It is recommended to increase the Memory Size for SecuManager to have the
capacity to control a higher number of devices. Refer to Table 1 on page 4 to view your system’s
requirements.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
6
5 To access the SecuManager’s command line screen, select Cloud CNM SecuManager on the left and
then click the icon in the top panel. In the command line screen go to VM > Power and click Power
On to activate the virtual machine. The virtual machine will then begin to run.
6 Enter secu_manager to log into SecuManager. The default password is 1234. Then the system requires
you to change the password.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
7
7 To give SecuManager a public, static IP address enter the following command.
Note: To change Linux configuration use the ‘su’ command and change the root user.
8 To change the DNS Server Address enter the following command:
9 Enter the following commands to change the SecuManager system’s time zone to where the server is
located:
~# vi /etc/network/interfaces
#allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
~# vi /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
8
10 SecuManager uses a Zyxel HTTPs certificate by default. You can upload a different HTTPs certificate by
entering the following commands and then importing this HTTPs certificate to the managed Zyxel
devices.
1.2.2 Deploy to Microsoft Hyper-V Server
Follow these steps to install SecuManager using Hyper-V Server.
1 Select your server and right-click it then select Import Virtual Machine...
~# vi /etc/timezone
~# dpkg-reconfigure --frontend Noninteractive tzdata
~# date
~# chroot /opt/axess
axess root@chopin:/# vi /etc/timezone
axess root@chopin:/# dpkg-reconfigure --frontend Noninteractive tzdata
axess root@chopin:/# date
axess root@chopin:/# exit
~# chroot /opt/mysql
mysql root@chopin:/# vi /etc/timezone
mysql root@chopin:/# dpkg-reconfigure --frontend Noninteractive tzdata
mysql root@chopin:/# date
mysql root@chopin:/# exit
~# chroot /opt/production_xmpp
xmpp root@chopin:/# vi /etc/timezone
xmpp root@chopin:/# dpkg-reconfigure --frontend Noninteractive tzdata
xmpp root@chopin:/# date
xmpp root@chopin:/# exit
~# chroot /opt/axess
~# vi /etc/apache2/sites-enabled/axess_default_host
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/axess_dummy.crt
SSLCertificateKeyFile /etc/apache2/ssl/axess_dummy.key
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/axess_dummy.crt
SSLCertificateKeyFile /etc/apache2/ssl/axess_dummy.key
~# exit
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
9
2 The Import Virtual Machine window will appear. Click Browse to search for SecuManager, then click
Next. Make sure the folder contains both Virtual Hard Disks and Virtual Machines folder.
3 After selecting a folder to input, click Next and choose the type of import to perform:
Use Register the virtual machine in-place if you want Hyper-V to run SecuManager in the Hyper-V
default storage folder.
Use Restore the virtual machine if you want to store the SecuManager files in a specific folder. Then
the Hyper-V moves the files to this folder and runs SecuManager.
Use Copy the virtual machine if you want to store the SecuManager files in a specific folder, and you
want to import it multiple times.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
10
4 Choose the location to store the virtual machine files. Then click Next.
5 Click Browse to choose the location to create the virtual hard disks for SecuManager.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
11
6 Review the Summary screen. If there everything is OK click Finish to complete the SecuManager import
process.
7 SecuManager appears in your list of virtual machines. You can right click on it and select Settings... to
modify any of its features. It is recommended to increase the Memory size for SecuManager to have the
capacity to control a higher number of devices. Refer to Table 1 on page 4 to view your system’s
requirements.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
12
Note: To modify all of the SecuManager settings, make sure the virtual machine is shut down,
before you access this window.
1.3 Register the SecuManager License
myZyxel.com is Zyxel’s online services center where you can register your SecuManager and manage
subscription services available for SecuManager. To use a subscription service, you have to register
SecuManager and activate the corresponding service at myZyxel.com (through SecuManager).
Note: You need to create a myZyxel.com account before you can register your device and
activate the services at myZyxel.com.
Go to http://portal.myZyxel.com with the SecuManager’s serial number and LAN MAC address to
register it. Refer to the web site’s on-line help for details.
1 Buy a license to get a SecuManager license key and CNM-ID. Choices of license are:
Table 2 SecuManager Licenses
MODEL DESCRIPTION
CNM-Start SecuManager Start-up Package with 10 nodes, 1 year, VM (Virtual Appliance)
License
CNM-Node
SecuManager add 10 nodes, VM License
CNM-Node SecuManager add 50 nodes, VM License
CNM-Node SecuManager add 200 nodes, VM License
CNM-Annual SecuManager-annual maintenance for 2 years, VM License
CNM-Annual SecuManager-annual maintenance for 1 year, VM License
Trial Good for up to 10 nodes for up to 45 days.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
13
2 Go to myzyxel.com (https://portal.myzyxel.com) and log in with your account. Click Not a Member Yet if
you haven’t got a myzyxel.com account.
3 Click Device Registration in the navigation panel on the left. Select SecuManager and type the License
Key and CNM-ID from the license. 7547 is for HTTPS access to the server. For HTTP access, use 7549. Site
Name is optional and is used for identification purposes. Click Submit.
4 Now go to Device Management > CloudCNM Information. You should see your registration information.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
14
5 Click the Linked Services tab. Click Activate. The license is valid for a period of time defined by the
license type you purchased. The license time begins when you click Activate.
1.4 Logging into SecuManager
1 Type https://IP in a supported web browser. IP is the IP address of the VM server where you installed the
SecuManager VM image. Click Administrator, and then login to log into SecuManager with your
username and password. (You can create new login accounts at Device Management > Account
Management.)
Note: It is recommended you use Google Chrome version 50 or later, Firefox version 48 or
later. SecuManager is not compatible with Internet Explorer.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
15
2 You are redirected to myzyxel.com. Log in using the same account as the one you used to register the
SecuManager license.
3 You now go back to SecuManager. Click create organization for the CNMID registered above.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
16
4 Select the CNM-ID. For the Organization Name, use a minimum of four alpha-numeric characters. You
may also use underline characters, but not spaces. Click submit.
5 After the organization is created, click login.
6 You can now access the SecuManager menus.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
17
7 If you want other people to manage this organization, create an account in Device Management >
Account Management.
1.5 Register Managed Zyxel Devices
Follow the procedure to register managed Zyxel devices that will be monitored by your SecuManager.
1 Go to myzyxel.com (https://portal.myzyxel.com) and log in with your account. Click Not a Member Yet if
you haven’t got a myzyxel.com account.
2 Click Device Registration in the navigation panel on the left. Select a managed Zyxel device and type
its MAC Address and Serial Number. Click Submit.
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
18
3 Now go to Device Management to activate the managed Zyxel device’s license. You can select it using
its MAC Address or Serial Number. Click Activate. The license is valid for a period of time defined by the
license type you purchased. The license time begins when you click Activate.
1.6 Import Devices into SecuManager Server
1 Prepare a CSV file for the managed Zyxel devices to be managed by SecuManager. Devices should
already be registered in myzyxel.com. Create the CSV file with the following criteria separated by
commas (no spaces)
CPEID (unique per device, for example MAC Address)
Latitude (optional if you want the device to appear on the map)
Longitude (optional if you want the device to appear on the map)
Address (spaces allowed, but no commas; optional if you want the device to appear on the map)
List of managers (enter at least one; put multiple managers in quotes, no spaces, maximum 100
characters total)
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
19
Device name (optional)
Group Management (optional)
Filter Path (optional): define a hierarchical filter to organize and reflect your topology. Use commas (,)
to separate multiple layers of a hierarchy. For example, a geographical hierarchy can be <Country,
City, Zone>. Alternatively, it can also be defined according to the organizational or managerial
needs.
Note: Special characters (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~) are not allowed in any of the
fields on these screens.
Not all fields are mandatory, but the comma separating fields is. If you don’t enter the location of the
device, the location can still be determined by its IP address (GeoIP). See the product label for the
serial number and MAC address. A device may be considered an ‘illegal device’ if the serial number
or MAC address is absent. If you don’t enter a user ID, then only the administrator can see that
device(s).
Use a period (.) to separate multiple layers in a filter path. The filter layers should be inputted from the
highest hierarchy to the lowest. For example: Asia.East.Taiwan.Taipei.
The following table shows a CSV File Sample uploaded as an excel file.
The following shows the same CSV File Sample uploaded as a text file.
2 In SecuManager use File Import/Export > Device Import to import a managed Zyxel device information
into SecuManager.
<mac>,<latitude>,<longitude>,<address>,”<user1>,..<user#>”,<device-name>,<serial-no>,<group-
name>,<filter-path>
CSV File template
DEVICE
MAC
ADDRESS
LATITUDE LONGITUDE ADDRESS USER 1 USER N
DEVICE
NAME
SERIAL
NUMBER
GROUP
NAME
FILTER
PATH
MAC latitude longitude address Mgr 1 Mgr N Example
USG310
S132L282
60001
Group 1 Country,
City,
Zone
Table 3 CSV File Sample
DEVICE
MAC
ADDRESS
LATITUDE LONGITUDE ADDRESS USER 1,...,USER N
DEVICE
NAME
SERIAL
NUMBER
GROUP
NAME
FILTER
PATH
11aa22bb
33cc
0.1278 51.5074 London Alicia,Amanda,A
ndrea
USG310 S1234567
89
TestGro
up1
Europe.
West.UK.
London
ee44ff55g
g66
121.5654 25.0330 Taipei John,Peter,David USG60W S9876543
21
TestGro
up2
Asia.East
.Taiwan.T
aipei
11aa22bb33cc,0.1278,51.5074,London,"Alicia,Amanda,Andrea",USG310,S123456789,TestGr
oup1,Europe.West.UK.London
ee44ff55gg66,121.5654,25.0330,Taipei,"John,Peter,David",USG60W,S987654321,TestGrou
p2,Asia.East.Taiwan.Taipei
Chapter 1 Installation
Cloud CNM SecuManager User’s Guide
20
3 Wait for the devices to be imported and then go to Summary menu to see if all are online under Device
Status. You can also check more details about each imported device in the Device Management >
Device Maintenance > CPEs Overview screen.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26

ZyXEL SecuManager Installation guide

Type
Installation guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI