- 31 May 2023
- 4 Minutes to read
- Print
- DarkLight
- PDF
Device Authentication Credentials Management
- Updated on 31 May 2023
- 4 Minutes to read
- Print
- DarkLight
- PDF
Working authentication credentials are required by Netreo for every device on your network that you wish to monitor.
Device Discovery Wizard
Your first opportunity to provide authentication credentials for your devices comes when Netreo is first run. After you are taken through the initial Netreo Setup Wizard, the Device Discovery Wizard will start. In the System Authentication section of the wizard, you will be asked to provide any SNMP community strings required to access your devices, as well as the credentials for a Windows service account.
When the wizard is complete, Netreo then begins a scan of your network and looks for devices it can manage.
As Netreo discovers devices that are candidates to be monitored, it test communicates with these devices (via SNMP and Windows networking) by trying all of the credentials provided in the Device Discovery Wizard, in the order in which they are provided, until it finds a working set for the device being tested. (Later, as part of Netreo's regularly scheduled device discovery scans, any additional credentials provided in user-configured device templates will also be tried.)
If any of the credentials work for a given device, and Netreo can identify that device as a type of device that is manageable, the device is added to Netreo. If Netreo is not able to successfully authenticate with a device, that device will not be added to Netreo. (See Overview of Automated Device Onboarding for more information.)
Device Templates
Your next opportunity to provide authentication credentials for your devices comes from Netreo's device template system. Device templates are a way to simultaneously apply standardized configuration settings to any number of devices managed by Netreo. Devices may have multiple device templates applied to them in a strict hierarchy. (See Device Template for more information about device templates and how they work.)
All device templates include an Authentication Credentials section. Any credentials entered into this section will be applied to the Netreo configuration settings of any managed devices to which that template is applied. If multiple device templates containing authentication credentials are applied to a device, each template applied will overwrite the credentials applied by the previous template. So, the last template containing authentication credentials to be applied to a device will be the one whose credentials are added to the configuration settings of that device.
When discussing authentication credentials, there are two pre-made device templates included with Netreo that are helpful to know about; these are the "Default" and "Windows Default" device templates. The Default device template is the base device template for applying configuration settings to all devices managed by Netreo. The Windows Default device template is for applying configuration settings to all Windows devices managed by Netreo. These templates are automatically applied to newly discovered devices when they are added to Netreo. (For Windows devices, the Windows Default template is applied at the "device type" hierarchy level, after the Default template is applied.)
The Default and Windows Default templates have their Authentication Credentials section automatically populated by the information provided in the Device Discovery Wizard (SNMP string into the Default template and Windows service account info into the Windows Default template). If more than one SNMP community string is provided, Netreo will create additional device templates to store each additional community string after the first. These other templates will be empty except for the Authentication Credentials section. Storing the additional SNMP strings in this way allows them to be used by Netreo when it tries to authenticate with newly discovered devices, as mentioned earlier.
Device Monitoring Settings
Your final opportunity to provide authentication credentials for your devices comes from the Netreo device monitoring settings for each device. These settings include an Authentication section, which is directly accessible through the Device Administration page of the respective device. The credentials stored in this section are the credentials actually used by Netreo to authenticate with the device when attempting to collect data.
However, since Netreo device monitoring settings are usually controlled by device templates, any authentication credentials entered here manually will likely be overwritten during Netreo's next discovery poll (when device templates are re-applied to their respective devices). So, you will have to turn device template usage completely off for a device (on its Device Administration page) if you wish to control its authentication credentials from within its device monitoring settings (not recommended).
If you choose to use Netreo's device template system (on by default), the Authentication section of a device's monitoring settings will initially be automatically populated by, at least, the Netreo "Default" device template (for all devices), and then (if applicable) the "Windows Default" template. Other device templates, applied later in the hierarchy, may overwrite some or all of these initial settings.
Once a device is added to Netreo, the authentication credentials stored in that device's configuration are the only credentials Netreo tries to use to collect data from that device.
Sometimes you might find that a device that has been added to Netreo doesn't seem to be reporting correctly, or indeed at all. This can be due to incorrect credentials having been added to its device monitoring settings after it was added to Netreo (typically, through a misconfigured device template). Remember that Netreo will initially authenticate with a device using any credentials it can find, potentially allowing the device to be added to the list of managed devices. But, once added, the device templates applied to that device during automatic monitoring configuration may then overwrite its settings with a different set of credentials—ones that won't allow Netreo to properly access the device.
If this happens, you can either change the credentials in the last device template that applies authentication settings to the device, or, if that's not practical, create a special device template just for that device and apply it at the "device" hierarchy level. However, device-specific templates should only be used as a last resort. Generally, a good device template strategy will avoid this problem. (See Device Template for more information.)