Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 22

Configuring Secure Access Devices Guide
4
NetConf (for inventory management, XML-based configuration, text-based
configuration, alarm monitoring, and device specific commands).
Structured syslog.
Threat flow for network profiling.
DMI supports third-party network management systems that incorporate the DMI
standard; however, only one DMI-based agent per device is supported.
The Secure Access device configuration is represented as a hierarchical tree of
configuration items. This structure is expressed in XML and can be manipulated with
NetConf. NetConf is a network management protocol that uses XML. DMI uses NetConf's
generic configuration management capability to allow remote configuration of the device.
To allow NSM to manage the Secure Access device using the DMI protocol, NSM must
import the schema and metadata files from the Juniper Networks Schema Repository,
a publicly accessible resource that is updated with each device release. In addition to
downloading the Secure Access device current schema, NSM may also download
upgraded software.
The Schema Repository enables access to XSD and XML files defined for each device,
model, and software version.
Before attempting to communicate with NSM, you must first complete the initial
configuration of the Secure Access device. Initial configuration includes network interface
settings, DNS settings, licensing, and password administration.
If you have several Secure Access devices that will be configured in a clustering
environment, the cluster abstraction must first be created in the NSM Cluster Manager.
Then you can add individual nodes.
After you have completed the initial network configuration, you can configure the Secure
Access device to communicate with NSM using the appropriate network information.
Once the Secure Access device has been configured to communicate with NSM, the
Secure Access device contacts NSM and establishes a DMI session through an initial TCP
handshake.
All communications between the Secure Access device and NSM occur over SSH to
ensure data integrity.
After the Secure Access device initially contacts NSM and a TCP session is established,
interaction between the Secure Access device and NSM is driven from NSM, which issues
commands to get hardware, software, and license details of the Secure Access device.
NSM connects to the Schema Repository to download the configuration schema that is
specific to the Secure Access device.
NSM then issues a command to retrieve configuration information from the Secure Access
device. If NSM is contacted by more than one Secure Access device as a member of a
cluster, information from only one of the cluster devices is gathered. NSM attempts to
validate the configuration received from the Secure Access device against the schema
from Juniper Networks.
Copyright © 2010, Juniper Networks, Inc.