Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3303
Views
2
Helpful
3
Replies

RADKit case study: Passwordless RADKit Service GUI Access Guide

lindawa
Cisco Employee
Cisco Employee

‎04-07-2024 06:45 PM - edited ‎12-18-2024 09:52 PM

Introduction

 

In this document, we will discuss a typical radkit use case and how to enable password-less access to the RADKit service GUI through HTTP proxy by incorporating the RADKit service as an device within the RADKit device inventory.

 

Problem

Consider the scenario where a partner is responsible for managed services across various customers. The partner's objective is

to administer and operate the RADKit service on their customers' behalf. A question arises: how can they efficiently onboard  new network devices from customer's network into the RADKit device inventory or facilitate RADKit remote user provisions remotely when working with TAC, without the reliance on VPN, in order to access the RADKit service GUI for configuration and management?

 

Solution

We will now outline the proposed solution and the procedure to address this challenge. 

In my lab setup where the RADKit service is running and operational, connection to the corporate VPN is a prerequisite for access initially. 

(Lab RADKit version was 1.6.5 when I wrote this doc, FYI.)

Then, the following steps will enable you to access RADKit service GUI without the need for VPN connectivity:

  1. Navigate to the "Devices" section and select the "Add Device" option.

    radkit-add deviceradkit-add device



























    2. Input the necessary information, ensuring that "RADKit Service" is chosen from the device type dropdown list. Enter the host management IP as 127.0.0.1, which denotes the localhost. Appropriate Role-Based Access Control (RBAC) labels should be selected. Tick the HTTP option under management protocols, and remember to alter the default port to 8081. Here we recommend use other admin users other than superadmin for security considerations. Conclude by clicking "Add & Close."
    onboarding RADKit serviceonboarding RADKit service






































    3. Next, activate the HTTP proxy feature via the RADKit network console or the RADKit client application. We can leverage http proxy for password-less GUI access (e.g. DNAC, WLC, ISE, APIC and more). Here are the steps to Enable HTTP Proxy: 

1). From Radkit Network Console, enter proxy start http 4002 (RADKit Network Console) or client.start_http_proxy(4002) via Radkit Client (You can define different ports which is not in use from your laptop, note that ports 1-1023 may require extra privileges.)

Following example output is from RADKit network console: 

 

[lindawa@s2ld-twxy-gsa5] 696786054> proxy start http 4002
HTTP proxy is NOT PROTECTED by username/password
[RUNNING] <radkit_client.sync.port_forwarding.ProxyPortForwarder object at 0x1305342b0>
----------  -------
status      RUNNING
local_port  4002   
#active     0      
#failed     0      
#closed     0      
#total      0      
protocol    HTTP   
bytes up    0      
bytes down  0      
exception   None   
----------  -------

Use this PAC URL for proxy auto-configuration: https://prod.radkit-cloud.cisco.com/pac?port=4002&protocol=HTTP
Then navigate to: https://index.proxy/

[lindawa@s2ld-twxy-gsa5] 696786054>

 

2). Copy the returned PAC URL and make sure you follow the instruction below for browser's proxy configuration. 

a. If you are using Chrome browser, you can click on three dots on top > "Settings" > "System" > "Open your computer's proxy settings" > (("Automatic proxy setup" (turn on) > "Use setup script" >  Add the PACL URL in "script address")) OR (("Automatic Proxy Configuration > Add URL"))  > click save

b. if you are using Firefox browser, you can click on burger ion on top, Go to "Settings" > "Network Settings" >  "Automatic Proxy Configuration URL" and add the PAC URL here. 

3).  Now let's open  https://index.proxy/ and start to access to my RADKit service without vpn (see in the screenshots, VPN is disconnected. )

No VPN connectedNo VPN connectedhttp index proxy pagehttp index proxy page


























 

Known caveats:

Symptom:

Some times, when you click on "Go to web page", it may take you to login page(as shown in screenshot below). 
password-less brokenpassword-less broken

























Workaround:

Please go back to the index.proxy page, select the service, and click on "Reset" button to reset the session. Then click on "Go to web page" the password-less GUI access should work. 

This defect will be fixed in upcoming releases. 
Screenshot 2024-03-27 at 11.44.11 pm.png




















In summary, In this use case, we demonstrated that partner engineers can access RADKit service GUI in order to onboard more devices to RADKit, or provision new remote users wen needed via http proxy feature. Partners don't have to physically go on site in order to operate or manage RADKit service, also no VPN is required. 


accessing radkit service gui without vpn, in password less wayaccessing radkit service gui without vpn, in password less way

0 Helpful
3 Replies 3

andriio
Level 1
Level 1

‎04-11-2024 07:58 AM

we have this after upgrade to freshest release

andriio_0-1712847501229.png

 

0 Helpful

antchris
Cisco Employee
Cisco Employee
In response to andriio

‎04-11-2024 08:56 AM - edited ‎04-11-2024 09:02 AM

Hello andriio,

I will be assisting you with the reported issue however I will reach out via PM as I will need to request details and logs. When/if issue is identified, I will post on here for posterity.

antchris
Cisco Employee
Cisco Employee
In response to antchris

‎04-11-2024 09:03 AM

@andriio - PM has been sent.

Customers Also Viewed These Support Documents