Skip to main content
Matrix42 Self-Service Help Center

Credentials

Using credentials from various sources to aid in accessing and querying target resources within your network.

Overview

Credentials are used to discover additional information within your environment. Credentials also allow a Configuration Item to gather information from your environment without loading or enabling additional agents and services. Depending on your environment, valid Credentials may be required.

Use the Credentials Management page to add and update Credentials.

In order for FireScope to connect to or collect data from your infrastructure, an SNMP community string or username and password may be required.  This includes APIs such as VMware, NetApp, Cisco UCS, Amazon AWS and others. These credentials are also used by Discovery to collect details regarding a discovered asset, such as configuration information and potential Attributes for monitoring. To simplify configuration, all credential configuration is centralized in the Credentials section of the Configuration menu.  From here you can create or edit any Credentials that FireScope SDDM may need.

Note:  Credentials are Edge Device specific. This allows you to designate shared Credentials (such as SNMP) per environment with a dedicated Edge Device.

SNMP Credentials

SNMP credentials are utilized by the following:

CI/Attributes – SNMP attributes within a CI will utilize the SNMP credential linked to the CI to establish connection and access

Network Discovery Jobs – Network discovery jobs will utilize SNMP credentials on a ‘first-match’ basis. If you want to create and configure CIs with discovery profiles, order your SNMP credentials with the setting that can the most access first. NOTE: All credentials are associated to an Edge Device to better support multiple environments that may have different settings for community or authentication. Discovery jobs and CIs can only utilize credentials that have the same Edge Device.

Click on Configuration > Connection Credentials > Create. The New Credential page will be displayed.

clipboard_ecfbe0b42352a53b129664c396d104b75.png
  1. Click on Credential Type and select SNMP, and the SNMP Connection Settings page will be displayed.
clipboard_e454ea2038ecf7902c63623aa001483b8.png
  1. Edge Device: Select an Edge Device to designate the data collection or operation target.
  2. Name: Enter a descriptive name for this item.
  3. Description: Enter description
  4. Port: Enter port number. NOTE: The common UDP port for SNMP is 161
  5. SNMP Connection Settings:

SNMP Version: Select the appropriate SNMP version:

SNMP V1:

clipboard_ed784dfa3baf04234916dd2c1a7601de1.png
  1. Requirement: Device must be SNMPv1 compatible or have an SNMP Agent installed. This includes most networked assets.
  2. Information: The SNMPv1 SMI specifies the use of a number of SMI-specific data types, which are divided into two categories: Simple data types and Application-wide data types
  3. Access Requirement: Community for e.g. most devices have a setting for public

SNMP V2: 

clipboard_ebaad16f41bab51a757b4a0547dfb7e5f.png
  • Requirement: Device must be SNMPv2 compatible or have an SNMP Agent installed.  
  • Information: The SNMPv2 SMI is described in RFC 2578. It makes certain additions and enhancements to the SNMPv1 SMI-specific data types, such as including bit strings, network addresses, and counters. Bit strings are defined only in SNMPv2 and comprise zero or more named bits that specify a value. Network addresses represent an address from a particular protocol family. SNMPv1 supports only 32-bit IP addresses, but SNMPv2 can support other types of addresses as well. Counters are non-negative integers that increase until they reach a maximum value and then return to zero. In SNMPv1, a 32-bit counter size is specified. In SNMPv2, 32-bit and 64-bit counters are defined. Additionally, SNMPv2 also specifies information modules, which specify a group of related definitions. Three types of  SMI information modules exist: MIB modules, compliance statements, and capability statements. MIB modules contain definitions of interrelated managed objects. Compliance statements provide a systematic way to describe a group of managed objects that must be implemented for conformance to a standard. Capability statements are used to indicate the precise level of support that an agent claims with respect to a MIB group. An NMS can adjust its behavior toward agents according to the capability’s statements associated with each agent.
  • Access Requirement: Community for e.g. most devices have a setting for public

SNMP V3: 

clipboard_e8a4ea685890de639781a0b4a978e9630.png
  • Requirement: Device must be SNMPv3 compatible or have an SNMP Agent installed.
  • Information: Essentially offers the same information as SNMPv2, with the addition of 3 important security features:
    • Message integrity to ensure that a packet has not been tampered with in transit.
    • Authentication to verify that the message is from a valid source.
    • Encryption of packets to prevent snooping by an unauthorized source.
  • Access Requirement: SNMPv3 has several variations of access control. You will need to provide some of the following values based on the type of authentication required by the device’s settings.
    • security name
    • security level
    • authentication type
    • authentication passphrase
    • authentication type
    • privacy passphrase

LDAP

FireScope SDDM can perform queries against LDAP servers such as Microsoft Active Directory, identifying user privilege escalation, changes in group policy and more.  In order to perform these queries, proper authentication information will need to be provided by adding an LDAP credential.

LDAP credentials allow you to add LDAP connections which can be associated with a CI to collect data. LDAP credentials will need to be specified.

To Create LDAP credentials, Click on Configuration > Connection Credentials > Create and the New Credential page will be displayed.

clipboard_e233d7507f24f62d2cafa8f57b47c408f.png
  1. Click on Credential Type and select LDAP credentials and the LDAP Connection Settings form will be displayed.
clipboard_e322814b3237c85a284effc193c987497.png
  1. Name: Enter a name that will be used to identify these credentials.
  2. Description: Enter a helpful description that will help to understand these credentials.
  3. LDAP URL: Enter a path to an LDAP server. For e.g. Enter the path as LDAP://<server dns or IP>. Note: Do not put a trailing / at the end of the path.
  4. LDAP Port: Enter a port LDAP server will respond to. Mostly it is port 389
  5. Bind DN: Enter the container name of the account to be used. For e.g Bind DN: CN=Test
  6. Bind Password: Enter the password for the account.
  7. Base DN: Enter the entire container path for the account. For e.g. CN=Users,DC=firescope,DC=com In the following example, the account to be used is “Test” and the full LDAP path to this account is CN=Test,CN=User,DC=firescope,DC=com.

Click the Save button.

Notes:

  • Once an LDAP credential has been defined, a CI can be associated with a single LDAP credential, via the CI Form.
  • Now that you have working LDAP credentials attached to the CI, you can create the LDAP check attributes. Only attributes of CI’s associated to an LDAP credentials will be able to collect LDAP data.
  • Attributes will need to be created with a type of LDAP check. Attributes of CI’s associated to an LDAP connection will be able to collect LDAP data. Data can be viewed by clicking on data history icon

NetApp ONTAP Credentials

Net App ONTAP Credentials are used to discover additional information within your environment. It also allows FireScope to gather information from your environment without loading or enabling additional agents and services. Depending on your environment, valid credentials may be required. Use the Credentials page to add and update credentials. Credentials are Edge Device specific. This allows you to designate shared credentials (such as SNMP) per environment with a dedicated Edge device.

To Create NetApp ONTAP credentials, Click on Configuration > Connection Credentials > Create and New Credential page will be displayed.

clipboard_e5a4f0bf7deda2bad0bac1e0f0b5187b4.png
  1. Click on Credential Type and select NetAPP ONTAP and the NetApp ONTAP Connection Settings form will be displayed.
clipboard_e9b116aa4af8c419373a49aca982d37e0.png
  1. Edge Device: Select an Edge Device to designate the data collection or operation target.
  2. Name: Enter a descriptive name for this item.
  3. Description: Enter description
  4. Server Type: Select Server Type from the drop down list.
  5. Transport Type: Select Server Type from the drop down list.
  6. Authentication Style: Select Server Type from the drop down list.
  7. Username: Enter the user name.
  8. Password: Enter the password.
  9. Click on the Save button.

VMware Virtual Center Credentials

VMware Virtual Center Credentials are used to discover additional information within your environment. To establish a connection to a Virtual Center or ESX server, we must first enter the connection settings, including account credentials for a valid user account on the VMWare server. We recommend creating an account that will only be used by FireScope SDDM.

To Create VMware Virtual Center Credentials, Click on Configuration > Connection Credentials > Create and the New Credential page will be displayed.

clipboard_e03df2f3c9ed3073718c81d705b5e691c.png
  1. Edge Device: Select an Edge Device to designate the data collection or operation target.
  2. Credential Type: Select Virtual Center
  3. Name: Enter a name that will be used to identify these credentials.
  4. Description: Enter helpful description that will help to understand these credentials.
  5. Virtual Center Address: Enter IP address
  6. Port: Enter a port Vmware server will respond to.
  7. Username: Enter the Username for the account.
  8. Password: Enter the password for the account.
  9. Click on the Save button.

WMI Credentials

Agentless WMI setup:

These steps are required to be performed on a Domain Controller by a Windows Admin in order for the WMI features to work. * Create a FireScope WMI Credential using a domain user that is a member of ‘Domain Admins’

  • This grants access to the WMI CIMV2 namespace where device data is queried from. 
  • It’s recommended that a dedicated WMI user be created (as member of ‘Domain Admins’) for this purpose. Create the dedicated user via Administrative Tools > Active Directory Users and Computers. For a visual reference to most of the remaining steps below, refer to the following instructional link: https://www.infrasightlabs.com/how-to-enable-winrm-on-windows-servers-clients 

Once the settings from above are complete access the WMI credentials form in FireScope:

To Create WMI Credentials, Click on Configuration > Connection Credentials > Create and the New Credential page will be displayed.

clipboard_e9bf13574d7de514b15e5bf1e2129c680.png

Click on Credential Type and select WMI, and the WMI Connection Settings form will be displayed.

  1. Edge Device: Select an Edge Device to designate the data collection or operation target.
  2. Credential Type: Select WMI
  3. Name: Enter a name that will be used to identify these credentials.
  4. Description: Enter a helpful description that will help to understand these credentials.
  5. Username: Enter the Active Directory Username with WMI permissions.
  6. Password: Enter the password for the WMI account.
  7. Click on the Save button.

Then make sure to use your new WMI Credentials in Configuration > Discovery Jobs > Create when creating network discovery jobs.

clipboard_eed97b2114b2368032d82d6963f52184a.png

Amazon AWS Credentials

In order for FireScope to access your Amazon Web Services (AWS) account automatically, the Access Key and the Secret Access Key are required. The Access Key and the Secret Access Key are special tokens that allow FireScope services to communicate with your AWS account by making secure REST or Query protocol requests to the AWS service API. Follow the steps below.

  1. Log in to your AWS Management Console.
  2. Click on your user name at the top right of the page.
  3. Click on the Security Credentials link from the drop-down menu.
  4. Find the Access Credentials section, and copy the latest Access Key ID.
  5. Click on the Show link in the same row, and copy the Secret Access Key.

To Create Amazon AWS Credentials, Click on Configuration > Connection Credentials > Create and the New Credential page will be displayed.

clipboard_eb44d33c237d511b87ec9f5e76f38704a.png

Click on Credential Type and select Amazon AWS, and the Amazon AWS Connection Settings form will be displayed.

clipboard_edbd6827a1ca0706c69c2e1887dc9d1aa.png
  1. Edge Device: Select an Edge Device to designate the data collection or operation target.
  2. Credential Type: Select Amazon AWS
  3. Name: Enter a name that will be used to identify these credentials.
  4. Description: Enter a helpful description that will help to understand these credentials.
  5. Region Endpoint: Select the AWS region you would like to discover.
  6. Access Key ID: Enter the access key ID for the AWS account.
  7. Secret Access Key: Enter the secret access key for the AWS account.
  8. Click on the Save button.

SSH Credentials

FireScope uses Secure Shell (SSH) a cryptographic network protocol to run remote command-line operations to gather operating system information and monitor the performance of Linux and Unix-based servers. You have two options, Password or Public Key Authentication. SSH keys provide a more secure way for FireScope to log into a Linux and Unix-based server.

Steps to set up a Public Key authentication type:

  1. Create the ssh key pair using ssh-keygen command.
  2. Copy and install the public ssh key using ssh-copy-id command on a Linux or Unix server.
  3. Add yourself to sudo or wheel group admin account.
  4. Disable the password login for root account.
  5. Test your password less ssh keys login using ssh user@server-name command.

To Create SSH Credentials, Click on Configuration > Connection Credentials > Create and the New Credential page will be displayed.

clipboard_e3a08c9f14816854ce59225012c0e7391.png
  1. Edge Device: Select an Edge Device to designate the data collection or operation target.
  2. Credential Type: Select Amazon AWS
  3. Name: Enter a name that will be used to identify these credentials.
  4. Description: Enter a helpful description that will help to understand these credentials.
  5. Username: Enter the username.
  6. Authentication Type: Choose authentication type, Password or Public key.
    1. Password: Enter the Password in the Passphrase field.
    2. Public Key: Enter the Password in the Passphrase field and enter the Private Key in the Private Key field.
  7. Passphrase: Enter the passphrase for both Password or Public Key authentication.
  8. Click on the Save button.

What's Next

The User Guide may be accessed in any order, but the next logical step is to review the procedures and requirements involved in the Discovery process.

  • Was this article helpful?