Device Discovery Profiles Overview
You use the device discovery profile to add devices to Junos Space Network Management Platform from the Devices workspace. Discovery is the process of finding a device and then synchronizing the device inventory and configuration with the Junos Space Network Management Platform database. To use device discovery, you must be able to connect Junos Space Network Management Platform to the device.
A device discovery profile contains preferences used to discover devices, such as discovery targets, probes used to discover devices, mode and details for authentication, SSH fingerprints of devices, and the schedule to use this discovery profile. You can start the discovery process using a discovery profile in the following ways: scheduling a discovery after creating a discovery profile, or selecting a discovery profile and clicking Run Now.
Executing or running a discovery profile discovers, authenticates, and manages the device on Junos Space Network Management Platform. With appropriate privileges for discovering devices, you can create multiple discovery profiles with different combinations of targets, probes, and authentication modes on your Junos Space setup. You can clone, modify, and delete the device discovery profiles from Junos Space Network Management Platform. You can also choose whether to share device discovery profiles with other users with device discovery permissions.
To discover network devices using a device discovery profile, Junos Space Network Management Platform uses the SSH, ICMP Ping, and SNMP protocols. When the device is discovered, device authentication is handled through the administrator login SSH v2 credentials and SNMP v1, SNMP v2c, or SNMP v3 settings, keys generated from Junos Space Network Management Platform (RSA, DSS, or ECDSA keys), or custom keys. You can optionally enter the SSH fingerprint for each device and let Junos Space Network Management Platform save the fingerprint in the database during the discovery process and validate the fingerprint when the device connects to Junos Space Network Management Platform. Fingerprint validation is available only for SSH-enabled Juniper Networks devices and not for ww Junos OS devices and modeled devices. For more information about device authentication in Junos Space, see Device Authentication in Junos Space Overview.
For device targets, you can specify a single IP address, a DNS hostname, an IP range, or an IP subnet to discover devices on a network. When a device discovery profile is executed or run (either instantly or based on a schedule), Junos Space Network Management Platform connects to the physical device and retrieves the running configuration and the status information of the device. To connect with and configure devices, Junos Space Network Management Platform uses the Device Management Interface (DMI) of Juniper Networks devices, which is an extension of the NETCONF network configuration protocol.
Connections Initiated by Junos Space or the Device
When a device is discovered , Junos Space Network Management Platform creates an object in the Junos Space Network Management Platform database to represent the physical device and maintains a connection between the object and the physical device so that their information is linked.
Junos Space can manage devices in either of the following ways:
Junos Space initiates and maintains a connection to the device.
The device initiates and maintains a connection to Junos Space.
By default, Junos Space manages devices by initiating and maintaining a connection to the device. When Junos Space initiates the connection to the device, you can discover and manage devices irrespective of whether the management system is behind a Network Address Translation (NAT) server. For ww Junos OS devices, Junos Space uses SSH with an adapter to manage the devices.
For Junos Space-initiated connection, it configures the following Junos OS CLI commands on the device during device discovery:
Standalone SRX Series Devices
set system services ssh max-sessions-per-connection 32 set system syslog file default-log-messages any info set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES|(AIS_DATA_AVAILABLE)" set system syslog file default-log-messages structured-data set snmp trap-group space targets <space-ip-address>
Cluster SRX
set groups node0 system services ssh max-sessions-per-connection 32 set groups node0 system syslog file default-log-messages any info set groups node0 system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES|(AIS_DATA_AVAILABLE)" set groups node0 system syslog file default-log-messages structured-data set groups node1 system services ssh max-sessions-per-connection 32 set groups node1 system syslog file default-log-messages any info set groups node1 system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|GRES|(AIS_DATA_AVAILABLE)" set groups node1 system syslog file default-log-messages structured-data set snmp trap-group space targets <space-ip-address>
EX Series
set system services ssh max-sessions-per-connection 32 set system syslog file default-log-messages any any set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|cm_device|(Primary Unchanged, Members Changed)|(Primary Changed, Members Changed)|(Primary Detected, Members Changed)|(vc add)|(vc delete)|(Primary detected)|(Primary changed)|(Backup detected)|(Backup changed)|(interface vcp-)|(AIS_DATA_AVAILABLE)" set system syslog file default-log-messages structured-data set snmp trap-group space targets <space-ip-address>
QFX Series
set system services ssh max-sessions-per-connection 32 set system syslog file default-log-messages any any set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|QF_NODE|QF_SERVER_NODE_GROUP|QF_INTERCONNECT|QF_DIRECTOR|QF_NETWORK_NODE_GROUP|(Primary Unchanged, Members Changed)|(Primary Changed, Members Changed)|(Primary Detected, Members Changed)|(vc add)|(vc delete)|(Primary detected)|(Primary changed)|(Backup detected)|(Backup changed)|(interface vcp-)|(AIS_DATA_AVAILABLE)" set system syslog file default-log-messages structured-data set snmp trap-group space targets <space-ip-address>
MX Series
set system services ssh max-sessions-per-connection 32 set system syslog file default-log-messages any info set system syslog file default-log-messages match "(requested 'commit' operation)|(copying configuration to juniper.save)|(commit complete)|ifAdminStatus|(FRU power)|(FRU removal)|(FRU insertion)|(link UP)|transitioned|Transferred|transfer-file|(license add)|(license delete)|(package -X update)|(package -X delete)|(FRU Online)|(FRU Offline)|(plugged in)|(unplugged)|CFMD_CCM_DEFECT| LFMD_3AH | RPD_MPLS_PATH_BFD|(Primary Unchanged, Members Changed)|(Primary Changed, Members Changed)|(Primary Detected, Members Changed)|(vc add)|(vc delete)|(Primary detected)|(Primary changed)|(Backup detected)|(Backup changed)|(interface vcp-)|(AIS_DATA_AVAILABLE)" set system syslog file default-log-messages structured-data set snmp trap-group space targets <space-ip-address>
If a device-initiated connection to Junos Space is enabled, the DMI channel and port 7804 are used and the following (sample) configuration is added on the device to establish the connection to Junos Space:
set system services outbound-ssh client 00111DOCEFAC device-id 7CE5FE set system services outbound-ssh client 00111DOCEFAC secret “$ABC123” set system services outbound-ssh client 00111DOCEFAC services netconf set system services outbound-ssh client 00111DOCEFAC 172.22.199.10 port 7804
To discover and manage devices through a device-initiated connection, clear the Junos Space initiated connection to device check box on the Modify Application Settings page in the Administration workspace. For information about configuring connections initiated by Junos Space by a device, see Modifying Junos Space Network Management Platform Settings.
You can configure a NAT server to route connections between the Junos Space setup and managed devices. Both device-initiated connections to a Junos Space setup and connections initiated by Junos Space to managed devices, when the Junos Space setup is behind the NAT server, are supported on Junos Space Network Management Platform. If a NAT server is used, the managed devices connect to Junos Space Network Management Platform through the IP address of Junos Space Network Management Platform translated by NAT. For more information about using a NAT server on a Junos Space setup, see NAT Configuration for Junos Space Network Management Platform Overview.
When configuration changes are made in Junos Space Network Management Platform—for example, when you deploy service orders to activate a service on your network devices—the configuration is pushed to the physical device.
If the network is the system of record (NSOR), when configuration changes are made on the physical device (out-of-band CLI commits and change-request updates), Junos Space Network Management Platform automatically resynchronizes with the device so that the device inventory information in the Junos Space Network Management Platform database matches the current device inventory and configuration information. If Junos Space Network Management Platform is the system of record (SSOR), this resynchronization does not occur and the database is unchanged.
Device Information Fetched During Device Discovery
The following device inventory and configuration data are captured and stored in relational tables in the Junos Space Network Management Platform database:
Devices—Hostname, IP address, credentials
Physical Inventory—Chassis, FPM board, power entry module (PEM), Routing Engine, Control Board (CB), Flexible PIC Concentrator (FPC), CPU, PIC, transceiver, fan tray
Junos Space Network Management Platform displays the model number, part number, serial number, and description for each inventory component, when applicable.
Logical Inventory—Subinterfaces, encapsulation (link-level), type, speed, maximum transmission unit (MTU), VLAN ID
License information:
License usage summary—License feature name, feature description, licensed count, used count, given count, needed count
Licensed feature information—Original time allowed, time remaining
License SKU information—Start date, end date, and time remaining
Loopback interface
Other device configuration data is stored in the Junos Space Network Management Platform database as binary large objects and is available only to northbound interface (NBI) users.