Applies To:
Show VersionsBIG-IQ Centralized Management
- 4.6.0
Defining DNS and NTP servers for the BIG-IQ system
Changing the default password for the administrator user
- Log in to BIG-IQ System with your administrator user name and password.
- At the top of the screen, click Access Control.
- On the Users panel, for Admin User, click the gear icon and then Properties.
- In the Old Password field, type the password.
- In the Password and Confirm Password fields, type a new password.
- Click Save.
Setting the time zone on a BIG-IQ system
Overview: SNMP and SMTP alerts
You can easily manage the health of your network by configuring the BIG-IQ® system to alert you when specific events occur for your managed devices. You can receive notifications by having the BIG-IQ system send traps to your SNMP manager and you can also configure the BIG-IQ system to send alerts for certain events to a specified individual. SNMP is an industry standard protocol for monitoring devices on IP networks. BIG-IQ Device integrates easily with your SNMP manager, allowing you to centrally manage collected data. Once configured, the SNMP agent sends data collected from BIG-IQ Device to your third-party SNMP manager. BIG-IQ Device is compatible with SNMPv1, SNMPv2c, and SNMPv3. Additionally, you can specify SNMP events to also trigger SMTP alerts.
Configuring SNMP version 3 for alerts
You configure the SNMP agent and provide specific access to BIG-IQ® Device so that the SNMP manager can collect data.
Configuring SNMP version 1 or 2 for alerts
You configure the SNMP agent and provide specific access to BIG-IQ® Device so that the SNMP manager can collect data.
Configuring SMTP for alerts
Before you define an SMTP server, you must first configure a DNS server.
Specifying alert conditions
- Log in to BIG-IQ System with your administrator user name and password.
- At the top of the screen, click Configuration.
- Click the gear icon next to the group for which you want to specify alert conditions, and then click Properties.
- Click Alert Conditions.
- Select the check box next to each event that should trigger an alert email.
- If a threshold is associated with the condition, in the adjacent Threshold field, type a value on which you want to trigger an alert email.
- Click Save.
About authentication integration
Integrating BIG-IQ® systems with your authentication server allows you to remotely manage user access based on specific BIG-IQ system roles and associated permissions.
The BIG-IQ system is compatible with RADIUS and LDAP protocols.
Configuring authentication with RADIUS
When you configure the BIG-IQ® system for user authentication through your company's RADIUS service, you can associate existing and new users added to the RADIUS service with specific BIG-IQ roles. The permissions associated with those roles are based on the user credentials. You can add two additional backup RADIUS servers in case the primary server is not available for authentication.
Configuring BIG-IQ system to to use pre-defined RADIUS groups
Some RADIUS deployments include non-standard, vendor-specific attributes in the dictionary files. For these deployments, you must update the BIG-IQ system's default dictionary. Use this procedure if you are using pre-defined RADIUS groups to define user groups on the BIG-IQ system.
- Copy the TinyRadius .jar file from the BIG-IQ system.
- Extract the contents of the TinyRadius .jar file.
- Update the file org/tinyradius/dictionary/default_dictionary file, by adding the vendor-specific attributes.
- Repack the contents into a new .jar file.
- Replace the old TinyRadius .jar on each BIG-IQ system with the new TinyRadius .jar file you created in step 4.
For example:
Before configuring LDAP authentication
Before integrating LDAP authentication with the BIG-IQ® system, you must first perform the following tasks:
- Use an LDAP browser to familiarize yourself with the groups and users in your directory's structure and their position in the hierarchy of organizational units (OUs).
- Decide how you want to map user names. The first option is to map users directly to their Distinguished Name (DN) in the directory with a user bind template in the form of uid=<username>, ou=people,o=sevenSeas. For example, when you map John Smith's user name with his DN as uid=<jsmith>, ou=people,o=sevenSeas and he logs in as jsmith, he is properly authenticated with his user name in the directory through his DN. The second option is to allow users to log in with names that do not map directly to their DN, by specifying a userSearchFilter in the form of (&(uid=%s)) when creating the provider. For example, if John Smith's DN is cn=John Smith,ou=people,o=sevenSeas, but you would like him to be able to log in with jsmith, specify a userSearchFilter in the form of (&(jsmith=%s)). If your directory does not allow anonymous binds, you must also specify a bindUser and bindPassword so that the BIG-IQ system can validate the user's credentials.
- Determine which groups in your directory to map into BIG-IQ groups. If you configured a bindUser and bindPassword for users, the BIG-IQ system displays a list of groups from which to choose. If you have not, you must know the DN for each group.
- Identify the DN under which all users and groups can be found. This is the root bind DN for your directory and is expressed as rootDN when you create a provider. The BIG-IQ system uses the root bind DN as a starting point when searching for users and groups.
- Determine the host IP address for the LDAP server. The default port is 389, if not specified otherwise.
Configuring authentication with LDAP
When you configure the BIG-IQ system for user authentication through your company's LDAP service, you can associate existing and new users added to the LDAP service with specific BIG-IQ roles. The permissions associated with those roles are based on the user credentials. The BIG-IQ system integration is compatible with LDAP server versions 2 and 3, and OpenLDAP directory, Apache Directory Server, and Active Directory. You can add multiple LDAP servers.