Third Party Device Support in ExtremeCompliance (Legacy)

Introduction

ExtremeCompliance now provides the framework required to enable writing the audit tests for the non-Extreme devices that can be discovered in ExtremeCloud IQ Site Engine and Inventory Manager. With this capability you can define your own audit tests for non-Extreme devices.

Prerequisite

Third party devices are identified by their SysOIDs. The user must know the System Object ID (SysOID) of the third-party devices in the network. “1.3.6.1.4.1.9.1.1745” is a sample SysOID display.

Steps

1. Login to ExtremeCloud IQ Site Engine server as a user with write permissions on the installation.
2. Edit the following file:  <Installation_Directory>/GovernanceEngine/thirdPartyDevices.properties
3. Follow the instructions given in the file to add SysOIDs. Multiple SysOIDs can be mapped to one user-defined Device Type (for example, 1.3.6.1.4.1.9.1.1745=XYZ, where 1.3.6.1.4.1.9.1.1745 is the SysOID and XYZ is the device type).
4. After defining all the mappings, run the script- “operationsOnThirdparty-properties.sh” present in the same directory. This imports the user defined SysOIDs and Device types into ExtremeCompliance. T\Use the same script to perform operations like read, delete and reimport. Instructions and examples of various available arguments display after running the script.  
5. Log into ExtremeCloud IQ Site Engine, create new audit tests or copy and edit existing audit tests into a newly created custom regime or an existing regime. When creating/editing audit tests, you are able to select the device types defined above in the Device Type drop-down list, thereby defining audit tests for the third-party device. Look at the next section for details on how to create new audit tests.
6. Run the required regime in the location in which you added the audit tests.
   
   
   
   All the audit tests applicable to the 3rd party device run and score displays in the dashboard.

Adding a new audit test and verifying that the ExtremeCompliance audit was run successfully

1. Add a new device and verify it is discovered (skip this step if you already have a 3^rd party device discovered in ExtremeCloud IQ Site Engine).
   1. Connect to the ExtremeCloud IQ Site Engine server: https://<Server_IP>:8443.
   2. Enter your credentials to logi n to the server.
   3. Access the Network > Devices tab.
   4. Select Site in the left-panel drop-down list.
   5. Select the World site.
   6. In the right-panel, right-click and select Device > Add Device.
   7. Enter the IP Address of the device, select a profile based on the SNMP profile configured on the device, enter a device nickname, and select OK
   8. Select on the Operations tab at the bottom of the window, which indicates the status of the discovery.
2. Copy an existing audit test or adding a new audit test in a custom Regime.
   
   
   1. Select the Compliance > Audit Tests tab.
   2. Right-click the regime and select Add Regime....
      
      The Create Regime window displays.
   3. Enter a Regime Name (e.g. Third party), a description of the new regime, and select whether to Test Wireless Events.
   4. Select Save.
   5. Select one the existing regimes (e.g. PCI, HIPPA, or GDPR).
   6. Select Access Control Lists (ACLs).
   7. Right-click a device type (e.g. BOSS, E200, EOS, and VOSS/Fabric Engine) and select Copy Audit Test.
      
      The Copy Audit Test window displays.
   8. Select the Regime from the drop-down list and select Copy.
   9. Open the regime to which you copied the test to verify the audit test displays.
   10. Expand the new regime.
   11. Select the Arrow icon to expand the Audit test (e.g., Access Control Lists (ACLs)).
   12. Right-click the device type and select Edit Audit Test.
       
       The Edit Audit Test window displays.
   13. Change the Device Type to the device type the new regime is testing (e.g., Aruba, Cisco).
   14. Change the Regex depending on the device type the new regime is testing (Aruba or Cisco).
3. Run the Regime
   1. Right-click your regime and select Run Regime.
      
      The Run Regime window displays.
   2. Select the devices on which you are running the regime.
      
      A window displays to indicate the regime is running.
   3. Open the Operations panel.
   4. Verify the panel displays an Inventory Audit entry.
   5. Expand the Inventory Audit and verify the devices you selected display.
      
      ExtremeCloud IQ Site Engine is performing an archive and save on each device.
      
      The event looks similar to the following:
      
      Governance_$REGIME_$TIMESTAMP - Configuration Retrieved
      

See Sample regex for audit tests for Aruba devices.

See Sample regex for audit tests for Cisco devices.