Configure ExtremeXOS/Switch Engine Identity Manager to Send Events to ExtremeCloud IQ Site Engine

This chapter describes how to use the Identity Management — Configuration script on a Summit series or Black Diamond series switch to send events to ExtremeCloud IQ Site Engine.

In order to run the Identity Management — Configuration script on a device, you must be a member of an authorization group assigned the ExtremeCloud IQ Site Engine Suite > Common Web Services > Web Services APIs Read/Write Access capability.

To run the Identity Management — Configuration script on a device:

  1. Open the Network > Devices tab in ExtremeCloud IQ Site Engine.
  2. Right-click a Summit series or Black Diamond series switch in the Devices table or in the Device Groups left-hand panel.
  3. Select the Identity Management — Configuration script in the Scripts > ExtremeControl menu. The Run Script window opens.
  4. On the Device Selection tab, the selected device is automatically included. Use the arrows to add additional devices or remove devices and to control the order of the selected devices.
  5. Select Next.
  6. On the Overview tab of the Device Settings tab, set the configuration properties for the script. If desired, select the Description tab to view the description defined for the script.
    • Stop on error? — Indicates whether the script stops if an error occurs.
    • Target Server IP Address — The IP address to which notifications are sent.
      • Entering a value of $serverIP automatically enters the IP address of the ExtremeCloud IQ Site Engine server IP.
      • Enter the IP address of the ExtremeControl engine if using the Extreme Networks ExtremeControl solution.
    • Target Server Type — Selecting netsight monitors the IP, username, and port of the user accessing the device. Users with the Extreme Networks ExtremeControl solution can select nac, which provides you with the ability to run Kerberos authentication (if enabled) on the device.
      •  NOTE:In order to give elevated access to users when using the Kerberos authentication type on the device, the Target Server Type must be nac to allow the Access Control engine to learn the Kerberos traffic.
    • Target Server Username — The username of the user to which the web service request is made.
    • Target Server Password — The password of the user to which the web service request is made.
    • Target Server HTTPs Port — The port that the ExtremeCloud IQ Site Engine server or Access Control engine uses for HTTPS communication. The default port is 8443, but if the port was changed when configuring the ExtremeCloud IQ Site Engine server or Access Control engine, enter the custom port used.
    • XML Target Name — The name of the targets on the switch to which IDM events are sent. Using the default predefined XML Target Name creates a unique name for each server.
    • Choose Action — The action that occurs on the device when the script is run.
      • Enable ID Monitoring — This option sets up the XML notification, configures ports for Identity Management (if specified), and enables or disables ports for devices you can use with Identity Management.
      • Manage Ports — This option only configures ports for Identity Management (if specified).
  7. On the Run-Time Settings tab, set the run-time settings for the script (for more information about defining run-time variables when creating a script, see Specifying Run-Time Settings for a Script).
    • Save configuration in the background after running script successfully — Device configuration is saved after the script is run.
    • Timeout if script is not completed on each device (in seconds) — The amount of time in seconds before a timeout occurs if a device does not respond.
    • Run now, don’t save as a task — Select to run the script now and do not save the script as a task.
    • Save as a task and run now — Select to run the script now and save it as a task. Type a name for the task in the Task Name box below. The task appears on the Script Tasks tab (see "Save Script as a Task").
    • Save as task. I’ll run later — Select to save running the script as a task. The script does not run at this time. Type a name for the task in the Task Name box below. The task appears on the Script Tasks tab (see "Save Script as a Task").
  8. Select Next. On the Verify Run Script tab, verify your script selections, and then select Next.
  9. Select Next.
  10. On the Results tab, you see the results of the script including any errors.
  11. Select Close.