Configure a Secure Data Connection for Paragon Insights Devices
Paragon Insights (formerly HealthBot) supports the following authentication methods to provide a secure data connection for Paragon Insights devices:
Authentication Method |
Sensor Type |
Description |
Required Paragon Insights Security Parameters |
|---|---|---|---|
Mutual SSL |
OpenConfig |
Client authenticates itself with the server and the server authenticates itself with the client. |
|
Server-side SSL |
OpenConfig |
Server authenticates itself with the client. |
|
Public key SSH |
iAgent |
Authenticates users with password-protected SSH key files. |
|
Password |
All |
Authenticates users with a password. |
|
You can associate SSL or SSH certificates and keys with Paragon Insights devices through user-defined security profiles:
Configure Security Profiles for SSL and SSH Authentication
To configure security profiles for SSL and SSH authentication:
Click the Settings > Security option in the left-nav bar.
Click the add profile button for one of the following profiles and enter the required information:
Security Profile
Description of Parameters
CA
Name Enter profile name.
Upload Certificate Choose the CA certificate file and then click Open. The supported file extension is CRT.
Local Certificates
Name Enter profile name.
Upload Certificate Choose the client certificate file and then click Open. The supported file extension is CRT.
Upload Key Choose the client key file and then click Open. The supported file extension is KEY.
SSH Keys
Name Enter profile name.
Upload Key File Choose the private key file generated by ssh-keygen and then click Open.
Passphrase Enter the authentication passphrase.
Click Save to save the configuration or click Save and Deploy to save and deploy the configuration.
Repeat Steps 4 and 5, as needed.
Apply the security profiles to a specific device or device group. For more details, see Configure Security Authentication for a Specific Device or Device Group.
Configure Security Authentication for a Specific Device or Device Group
Click the Dashboard option in the left-nav bar.
Click the name of the device or device group for which you want to configure security authentication. The device or device group profile pane appears, respectively.
Under Authentication, enter the required parameters for each applicable authentication method: Password, SSL, or SSH. All methods can be configured together on a single device or device group profile.
Authentication Method
Description of Parameters
Password
Username Enter the authentication username.
Password Enter the authentication password.
SSL
Server Common Name Enter the server name protected by the SSL certificate.
CA Profile* Choose the applicable CA profile(s) from the drop-down list.
Local Certificate* Choose the applicable local certificate profile(s) from the drop-down list.
SSH
SSH Key Profile* Choose the applicable SSH key profile(s) from the drop-down list.
Username Enter the authentication username.
*To edit or view details about saved security profiles, go to the Settings > Security page in the left-nav bar.
The following guidelines apply to the Authentication configuration:
Paragon Insights decides which authentication method to apply to a device or device group based on which of the required security parameters are configured.
When more than one method is valid, Paragon Insights prioritizes SSL and SSH authentication over password-based authentication.
Paragon Insights prioritizes device-level settings over device group-level settings.
Click Save to save the configuration or click Save and Deploy to save and deploy the configuration.