- play_arrow Overview
- play_arrow Introduction
-
- play_arrow Devices
- play_arrow Device Management
- play_arrow Systems of Record
- play_arrow Device Discovery Profiles
- play_arrow Modeling Devices
- Rapid Deployment Overview
- Zero Touch Deployment Using Autoinstallation and Junos Space Network Management Platform on ACX Series and SRX Series Devices
- Model Devices Overview
- Creating a Connection Profile
- Creating a Modeled Instance
- Activating a Modeled or Cloned Device in Junos Space Network Management Platform
- Downloading a Configlet
- Viewing and Copying Configlet Data
- Activating Devices by Using Configlets
- Viewing a Modeled Instance
- Adding More Devices to an Existing Modeled Instance
- Viewing the Status of Modeled Devices
- Deleting Modeled Instances
- Viewing a Connection Profile
- Cloning a Connection Profile
- Modifying a Connection Profile
- Deleting Connection Profiles
- play_arrow Device Authentication in Junos Space
- play_arrow Viewing Device Inventory
- play_arrow Exporting Device Inventory
- play_arrow Configuring Juniper Networks Devices
- Modifying the Configuration on the Device
- Reviewing and Deploying the Device Configuration
- Junos OS Releases Supported in Junos Space Network Management Platform
- Configuration Guides Overview
- Saving the Configuration Created using the Configuration Guides
- Previewing the Configuration Created using the Configuration Guides
- Deploying the Configuration Created using the Configuration Guides
- Viewing and Assigning Shared Objects
- Applying a CLI Configlet to Devices
- Applying a CLI Configlet to a Physical Inventory Element
- Applying a CLI Configlet to a Physical Interface
- Applying a CLI Configlet to a Logical Interface
- Executing a Script on the Devices
- Executing a Script on a Physical Inventory Component
- Executing a Script on a Logical Interface
- Executing a Script on the Physical Interfaces
- play_arrow Device Adapter
- play_arrow Device Configuration Management
- play_arrow Adding and Managing Non Juniper Networks Devices
- play_arrow Accessing Devices
- Launching a Device’s Web User Interface
- Looking Glass Overview
- Executing Commands by Using Looking Glass
- Exporting Looking Glass Results in Junos Space Network Management Platform
- Secure Console Overview
- Connecting to a Device by Using Secure Console
- Configuring SRX Device Clusters in Junos Space using Secure Console
- play_arrow Logical Systems (LSYS)
- play_arrow Tenant System (TSYS)
- play_arrow Device Partitions
- play_arrow Custom Labels
- play_arrow Verifying Template, Image Deployment, Script Execution, and Staged Images on Devices
- play_arrow Device Monitoring
- play_arrow Device Maintenance
- Viewing Device Statistics
- Viewing Devices and Logical Systems with QuickView
- Resynchronizing Managed Devices with the Network
- Putting a Device in RMA State and Reactivating Its Replacement
- Modifying the Target IP Address of a Device
- Modifying the Serial Number of a Device
- Rebooting Devices
- Deleting Staged Images on a Device
- Cloning a Device in Junos Space Network Management Platform
- Deleting Devices
-
- play_arrow Device Templates
- play_arrow Overview
- play_arrow Template Definitions
- Creating a Template Definition
- Finding Configuration Options in a Template Definition
- Working with Rules in a Template Definition
- Specifying Device-Specific Values in Template Definitions
- Managing CSV Files for a Template Definition
- Publishing a Template Definition
- Viewing a Template Definition
- Modifying a Template Definition
- Cloning a Template Definition
- Importing a Template Definition
- Exporting a Template Definition
- Unpublishing a Template Definition
- Deleting a Template Definition
- play_arrow Configuring Devices using Device Templates
- play_arrow Configuring Devices using Quick Templates
- play_arrow Device Template Administration
- Viewing Template Details
- Viewing the Device-Template Association (Device Templates)
- Viewing Template Definition Statistics
- Viewing Device Template Statistics
- Comparing Templates or Template Versions
- Comparing a Device Template Configuration with a Device Configuration
- Cloning a Template in Junos Space Network Management Platform
- Exporting and Importing a Quick Template in Junos Space Network Management Platform
- Deleting Device Templates from Junos Space Network Management Platform
-
- play_arrow CLI Configlets
- play_arrow Overview
- play_arrow CLI Configlets
- Creating a CLI Configlet
- Modifying a CLI Configlet
- Viewing CLI Configlet Statistics
- Viewing a CLI Configlet
- Exporting CLI Configlets
- CLI Configlet Examples
- Deleting CLI configlets
- Cloning a CLI Configlet
- Importing CLI Configlets
- Applying a CLI Configlet to Devices
- Comparing CLI Configet Versions
- Marking and Unmarking CLI Configlets as Favorite
- play_arrow Configuration Views
- Configuration Views Overview
- Configuration View Variables
- Configuration View Workflow
- XML Extensions
- Creating a Configuration View
- Viewing a Configuration View
- Modifying a Configuration View
- Deleting Configuration Views
- Exporting and Importing Configuration Views
- Viewing Configuration Views Statistics
- Default Configuration Views Examples
- play_arrow XPath and Regular Expressions
- play_arrow Configuration Filters
-
- play_arrow Images and Scripts
- play_arrow Overview
- play_arrow Managing Device Images
- Device Images Overview
- Importing Device Images to Junos Space
- Viewing Device Images
- Modifying Device Image Details
- Staging Device Images
- Staging Satellite Software Packages on Aggregation Devices
- Verifying the Checksum
- Viewing and Deleting MD5 Validation Results
- Deploying Device Images
- Deploying Satellite Software Packages on Aggregation and Satellite Devices
- Viewing Device Image Deployment Results
- Viewing Device Association of Images
- Undeploying JAM Packages from Devices
- Removing Device Images from Devices
- Deleting Device Images
- play_arrow Managing Scripts
- Scripts Overview
- Promoting Scripts Overview
- Importing Scripts to Junos Space
- Viewing Script Details
- Modifying Scripts
- Modifying Script Types
- Comparing Script Versions
- Staging Scripts on Devices
- Verifying the Checksum of Scripts on Devices
- Viewing Verification Results
- Enabling Scripts on Devices
- Executing Scripts on Devices
- Executing Scripts on Devices Locally with JUISE
- Viewing Execution Results
- Exporting Scripts in .tar Format
- Viewing Device Association of Scripts
- Marking and Unmarking Scripts as Favorite
- Disabling Scripts on Devices
- Removing Scripts from Devices
- Deleting Scripts
- Script Annotations
- Script Example
- play_arrow Managing Operations
- play_arrow Managing Script Bundles
- Script Bundles Overview
- Creating a Script Bundle
- Viewing Script Bundles
- Modifying a Script Bundle
- Staging Script Bundles on Devices
- Enabling Scripts in Script Bundles on Devices
- Executing Script Bundles on Devices
- Disabling Scripts in Script Bundles on Devices
- Viewing Device Associations of Scripts in Script Bundles
- Deleting Script Bundles
-
- play_arrow Reports
- play_arrow Reports Overview
- play_arrow Report Definitions
- play_arrow Reports
-
- play_arrow Network Monitoring
- play_arrow Overview
- play_arrow Managing Nodes
- play_arrow Searching for Nodes and Assets
- play_arrow Managing Outages
- play_arrow Using the Network Monitoring Dashboard
- play_arrow Managing and Configuring Events
- play_arrow Managing and Configuring Alarms
- play_arrow Managing and Configuring Notifications
- play_arrow Managing Reports and Charts
- play_arrow Network Monitoring Topology
- play_arrow Network Monitoring Administration
- Configuring Network Monitoring System Settings
- Updating Network Monitoring After Upgrading the Junos Space Network Management Platform
- Configuring SNMP Community Names by IP
- Configuring SNMP Data Collection per Interface
- Managing Thresholds
- Compiling SNMP MIBs
- Managing SNMP Collections
- Managing SNMPv3 Trap Configuration
- Managing Data Collection Groups
- Managing and Unmanaging Interfaces and Services
- Starting, Stopping, and Restarting Services
-
- play_arrow Configuration Files
- play_arrow Overview
- play_arrow Managing Configuration Files
-
- play_arrow Jobs
- play_arrow Overview
- play_arrow Managing Jobs
- Viewing Statistics for Jobs
- Viewing Your Jobs
- Viewing Jobs
- Viewing Objects on Which a Job is Executed
- Viewing Job Recurrence
- Rescheduling and Modifying the Recurrence Settings of Jobs
- Retrying a Job on Failed Devices
- Reassigning Jobs
- Canceling Jobs
- Clearing Your Jobs
- Archiving and Purging Jobs
- Common Error Messages in Device-Related Operations
-
- play_arrow Audit Logs
- play_arrow Administration
- play_arrow Overview
- play_arrow Managing Nodes in the Junos Space Fabric
- Fabric Management Overview
- Overall System Condition and Fabric Load History Overview
- Junos Space Nodes and FMPM Nodes in the Junos Space Fabric Overview
- Dedicated Database Nodes in the Junos Space Fabric Overview
- Adding a Node to an Existing Junos Space Fabric
- Viewing Nodes in the Fabric
- Monitoring Nodes in the Fabric
- Viewing Alarms from a Fabric Node
- Shutting Down or Rebooting Nodes in the Junos Space Fabric
- Deleting a Node from the Junos Space Fabric
- Resetting MySQL Replication
- Modifying the Network Settings of a Node in the Junos Space Fabric
- Load-Balancing Devices Across Junos Space Nodes
- Replacing a Failed Junos Space Node
- Generating and Uploading Authentication Keys to Devices
- Configuring the ESX or ESXi Server Parameters on a Node in the Junos Space Fabric
- Creating a System Snapshot
- Deleting a System Snapshot
- Restoring the System to a Snapshot
- NAT Configuration for Junos Space Network Management Platform Overview
- Configuring the NAT IP Addresses and Ports on Junos Space Platform
- Modifying the NAT IP Addresses and Ports on Junos Space Platform
- Disabling the NAT Configuration on Junos Space Platform
- play_arrow Backing up and Restoring the Junos Space Platform Database
- play_arrow Managing Licenses
- play_arrow Managing Junos Space Platform and Applications
- Managing Junos Space Applications Overview
- Upgrading Junos Space Network Management Platform Overview
- Junos Space Store Overview
- Configuring and Managing Junos Space Store
- Running Applications in Separate Server Instances
- Managing Junos Space Applications
- Modifying Settings of Junos Space Applications
- Modifying Junos Space Network Management Platform Settings
- Managing File Integrity Check
- Starting, Stopping, and Restarting Services
- Adding a Junos Space Application
- Upgrading a Junos Space Application
- Upgrading Junos Space Network Management Platform
- Synchronizing Time Across Junos Space Nodes
- Upgrading to Junos Space Network Management Platform Release 21.1R1
- Uninstalling a Junos Space Application
- play_arrow Managing Troubleshooting Log Files
- System Status Log File Overview
- Customizing Node System Status Log Checking
- Customizing Node Log Files to Download
- Configuring JBoss and OpenNMS Logs in Junos Space
- Generating JBoss Thread Dump for Junos Space Nodes
- Downloading the Troubleshooting Log File in Server Mode
- Downloading the Troubleshooting Log File in Maintenance Mode
- Downloading Troubleshooting System Log Files Through the Junos Space CLI
- play_arrow Managing Certificates
- Certificate Management Overview
- Changing User Authentication Modes
- Installing a Custom SSL Certificate on the Junos Space Server
- Uploading a User Certificate
- Uploading a CA Certificate and Certificate Revocation List
- Deleting a CA Certificate or Certificate Revocation List
- Adding and Activating X.509 Certificate Parameters for X.509 Certificate Parameter Authentication
- Modifying an X.509 Certificate Parameter
- Deleting X.509 Certificate Parameters
- play_arrow Configuring Authentication Servers
- Remote Authentication Overview
- Junos Space Authentication Modes Overview
- Junos Space Login Behavior with Remote Authentication Enabled
- Managing Remote Authentication Servers
- Creating a Remote Authentication Server
- Modifying Authentication Settings
- Configuring a RADIUS Server for Authentication and Authorization
- Configuring a TACACS+ Server for Authentication and Authorization
- play_arrow Managing SMTP Servers
- play_arrow Email Listeners
- play_arrow Managing Git Repositories
- play_arrow Audit Log Forwarding
- Audit Log Forwarding in Junos Space Overview
- Viewing Audit Log Forwarding Criterion
- Adding Audit Log Forwarding Criterion
- Modifying Audit Log Forwarding Criterion
- Deleting Audit Log Forwarding Criterion
- Enabling Audit Log Forwarding Criterion
- Testing the System Log Server Connection for Audit Log Forwarding
- play_arrow Configuring a Proxy Server
- play_arrow Managing Tags
- Tags Overview
- Creating a Tag
- Managing Tags
- Managing Hierarchical Tags
- Sharing a Tag
- Renaming Tags
- Deleting Tags
- Tagging an Object
- Untagging Objects
- Filtering the Inventory by Using Tags
- Viewing Tagged Objects
- Viewing Tags for a Managed Object
- Exporting Tags from Junos Space Network Management Platform
- play_arrow Managing DMI Schemas
- DMI Schema Management Overview
- Viewing and Managing DMI Schemas
- Viewing Missing DMI Schemas
- Setting a Default DMI Schema
- Configuring Access to Juniper Networks DMI Schema Repository by Using the Configure Juniper Repository Action
- Adding Missing DMI Schemas or Updating Outdated DMI Schemas in Junos Space Network Management Platform
- Creating a Compressed TAR File for Updating DMI Schema
- Viewing and Deleting Unused DMI Schemas
- play_arrow Managing Hardware Catalog
- play_arrow Managing the Purging Policy
- play_arrow Disaster Recovery
-
- play_arrow Troubleshooting
- play_arrow Knowledge Base
-
Domains Overview
In Junos Space Network Management Platform, a domain is a logical mapping of objects, such as devices, device templates, and CLI Configlets, to users who access and manage the network by using these objects. Junos Space Platform allows a hierarchal structure for domains. The top-level domain is called the Global domain. You can create a hierarchy of up to five levels of subdomains under the Global domain, with each subdomain associated with only one parent domain. You can use these subdomains to create easily manageable sections of your network. When you assign objects and users to these subdomains, users can manage these objects partially or completely based on the roles assigned to them. Objects created in a domain are assigned to the same domain.
Using Junos Space Platform, you can create objects with the same name across domains; however, domains at the same hierarchy level cannot share the same name. The domain association is displayed in fully qualified domain name (FQDN) format in the Domain column of all workspaces.
You can create the following objects with the same name across domains:
Templates and template definitions
CLI Configlets, configuration views, XPath, regular expressions, and configuration filters
Report definitions
Images, script bundles, and operations
Users can be assigned to multiple domains. Objects are assigned to the domain to which the user is logged in currently. Junos Space Platform lets you assign multiple objects from the same workspace to a domain simultaneously. The domain to which an object is assigned is displayed in the Domain column on the inventory page of the workspace. This is displayed as an absolute path.
The default Super Administrator “super”’ has full permissions to all subdomains. You need not manually assign new subdomains to this Super Administrator. You need to assign the Global domain to all users who are added to the Junos Space Platform database with the Super Administrator role.
You cannot delete the Global domain from Junos Space Platform. Junos Space Platform also does not allow you to delete a domain if subdomains are associated with that domain.
You can view predefined objects in a Junos Space Platform or Junos Space application workspace in addition to the objects that are assigned to the domain in which you are currently operating. To access workspaces on a Junos Space application that is installed on Junos Space Platform, the workspaces must be domain aware. Only domain-aware workspaces of an application can be accessed from the subdomains. When you switch between domains, you could lose access to workspaces if the application is not domain aware.
If you access the Junos Space Platform UI in two tabs of the same browser with two different domains selected and access the same page in both tabs, the information displayed on the page is based on the latest domain selected. To view pages that are accessible only in the Global domain, ensure that you are in the Global domain in the most recent tab in which you are accessing the UI.
The following sections explain the rules to access objects across domains and how device partitions are used to manage subdomains:
Accessing Objects In and Across Domains
Junos Space Platform allows you to access objects across domains based on the roles you are assigned and the domains you are assigned to.
The following rules apply while accessing objects across domains in Junos Space Platform:
Objects can be assigned to only one domain.
Objects can be moved from one domain to another.
Objects across domains can share the same name.
You can view objects from the parent domain only in read-only mode and only if the parent domain allows its objects to be viewed by its subdomains.
You can view and execute tasks on objects in a subdomain if the object is provided with appropriate permissions.
You cannot modify or delete objects in a parent domain if you have read-only access, even if you have the necessary permissions to modify those objects.
You can view and perform actions only on the objects assigned to the domain to which you are currently logged in. You can view objects from other accessible domains if the "Manage objects from all assigned domains” flag is set as a user preference. To set this flag, click the User Settings icon on the Junos Space banner.
If you have read/write privileges to objects in a subdomain, you can perform read/write operations on the objects in the subdomain even if the subdomain is not explicitly assigned to you.
If you have read-only privileges to objects in a subdomain, you can perform only read operations on the objects in the subdomain.
If you have read-only access to objects in the parent domain, you cannot perform write operations even if you have read/write privileges on these objects by virtue of the roles assigned to you.
If you do not have read-only access to objects in the parent domain, the objects in the parent domain are not visible to you in the subdomain.
In addition to the default rules to access objects assigned to domains, you can also use the “Allow users of this domain to have read and execute access to parent domain objects” flag to provide read permissions to all users in the domain when you create a domain. This flag provides both read and execute access to the objects in the parent domain.
If you use this flag, you can access the following objects that have read and execute permissions:
Device templates and template definitions
CLI Configlets, configuration views, configuration filters, XPath, and regular expressions
Images, scripts, operations, and script bundles
Report definitions
Device Partitions
Use device partitions to share physical interfaces, logical interfaces, and physical inventory of devices among multiple subdomains. Device partitions are supported only on M Series and MX Series routers.
Consider the following restrictions when working with device partitions:
You can assign only one partition of a device to a subdomain; you cannot assign multiple partitions of the same device to a subdomain.
You can assign one partition each from multiple devices to a subdomain.
You can partition a device only if the device is currently assigned to the Global domain.
To assign a partition to a subdomain, the root device should be part of the Global domain.
For example, consider device D1 with partitions P1, P2, and P3; device D2 with partitions P1a and P2a; and Global, dom1, and dom2 to be the available domains in Junos Space. The following assignments of partitions are valid:
P1 to dom1
P1a to dom1
P2 to dom2
P2a to dom2
P3 to Global (default)
The following assignments are invalid: P1 and P2 to dom1 or P1a and P2a to dom2.
To assign a partition to a subdomain, the root device must be part of the Global domain.
Table 1 lists the actions that you can or cannot perform on a device partition:
Task Group | Task Name | Device Partition Support | Notes |
|---|---|---|---|
Device Configuration | Review/Deploy Configuration | No | – |
View/Edit Configuration | No | – | |
View Active Configuration | Yes | Configuration details are not filtered on the basis of the partitioning. | |
Resolve Out-of-band Changes | No | – | |
View/Assign Shared Objects | No | – | |
View Configuration Change Log | Yes | Configuration details are not filtered on the basis of the partitioning. | |
View Template Deployment | No | – | |
View/Edit Unmanaged Device Configuration | No | – | |
Device Inventory | Export Physical Inventory | No | – |
View Associated Scripts | Yes | – | |
View License Inventory | No | – | |
View Logical Interfaces | Yes | – | |
View Physical Interfaces | Yes | – | |
View Physical Inventories | Yes | – | |
View Script Execution | Yes | – | |
View Inventory Change | Yes | – | |
View Software Inventory | No | – | |
Device Operations | Create LSYS | No | LSYS should be managed only on the root device. |
Delete Devices | No | You cannot delete a device partition from the subdomain. | |
Looking Glass | No | – | |
Put in RMA State | No | This action can be performed only on the root device. | |
Reactivate from RMA | No | This action can be performed only on the root device. | |
Synchronize with Network | No | This action can be performed only on the root device. | |
Execute Script | Yes | – | |
Apply CLI Configlet | Yes | – | |
Device Access | Modify Authentication | No | This action can be performed only on the root device. |
Launch Device WebUI | No | This action can be performed only on the root device. | |
SSH to Device | No | This action can be performed only on the root device. | |
Resolve Key Conflict | No | This action can be performed only on the root device. | |
Managed Customized Attribute | No | – | |
Delete Private Tags | No | – | |
Tag It | No | – | |
Un Tag It | No | – | |
View Tags | No | – | |
Filter by CSV | Yes | – | |
Clear All Selection | Yes | – |
You can assign device partitions to a domain or move the device partition from one domain to another. To assign a device partition to a domain or move a device partition from one domain to another, right-click the device partition and select Assign Partition to Domain.
You can assign devices to a domain. To do so, right-click the device and select the Assign Device to Domain task. You cannot move devices with partitions to a subdomain. If you do so, the Assign Device to Domain job fails.
Assignment of Objects to Domains
Objects in Junos Space Platform workspaces are assigned to at least one of the available domains.
The following rules apply while managing objects in the various workspaces:
Templates—Templates and template definitions are created in the domain that you are currently operating in. When you create a template, you can select a template definition from the same domain or a parent domain if you have access to the parent domain. You can deploy templates on devices if they are in the same domain or if devices belong to other accessible domains and the “Manage objects from all assigned domains” flag is set as a user preference. To set this flag, click the User Settings icon on the Junos Space banner. Also, you can deploy templates that are inherited from the parent domain to the devices in the accessible domains.
CLI Configlets—CLI Configlets are assigned to the domain that you are currently operating in. You can apply CLI Configlets to devices if they belong to the same domain or if the devices belong to other accessible domains and the “Manage objects from all assigned domains” flag is set as a user preference. You can assign and deploy CLI Configlets that are inherited from the parent domain to the devices in the current domain.
Images and Scripts—Images and scripts are assigned to the domain that you are currently operating in. You can stage, deploy, or perform any action on images and scripts for only those devices that belong to the same domain or if the devices belong to other accessible domains and the “Manage objects from all assigned domains” flag is set as a user preference. You can also inherit images and scripts from the parent domain and perform some actions such as staging on devices in the current domain and other accessible domains.
Configuration Files—Configuration files are created in the domain to which the device is currently assigned. If a device is moved from one domain to another, configuration files are also automatically moved to the respective domain. This workspace does not display objects inherited from the parent domain if the “Manage objects from all assigned domains” flag is set as a user preference.
Jobs—Jobs are associated with the domain from which you initiate jobs. You can view jobs from other domains that are assigned to you if the “Manage objects from all assigned domains” flag is set as a user preference.
Audit Logs—Audit logs are generated in the domain from which the user initiated the actions. You can view audit logs from other domains that are assigned to you if the “Manage objects from all assigned domains” flag is set as a user preference.
Role Based Access Control—The Roles page is not available in the subdomains. You can create users only when you are logged in to the Global domain. You can assign users to a domain when or after you create user accounts.
Administration—You can access the complete Administration workspace only if you are logged in to the Global domain.
Reports—Report definitions are assigned to the domain in which they are created. You can generate reports by using the definition in the inherited domain or the current domain.
Global search displays objects that match the search query from the current domain, child domains, and parent domain (if the user has read-only access to the parent domain). If an object in the search results is in a different domain than the one the user is currently in, the hyperlink to the object in the search results is disabled.
