Our community includes Cisco experts to answer your questions about the Smart Net Total Care (SNTC) portal and CSP-Collector. Click the navigation links below to access materials for using our service and supported collectors.
Require automatic collection, not 3rd party or import. Security requires that management on the switches be accessed only via an SSH through a jump host. Is there any way to write a script to customize the collection?
With increasing concerns and focus on network security by most network operators, such restrictions on accessing networks are becoming the norm. The current abilities of the CSPC collector solution don't quite meet the demands of such operators; in fact I represent one such operator ;-)
Such security aspects can be categorised into two areas:
Security/confidentially of the information collected
Network access security
For the first one, Information Security, assurance of this can be managed using the following:
Ensure that the collection profile is only collecting data for aspects that you want/need to upload to Cisco
Now in the case of the second one, Network Security, this directly relates to the issue you have in that 'security' require separation between the collector and the network.
There are workarounds to the current constraints that the collector; can only poll/communicate with the devices itself directly (it needs to be a trusted entity within the network, it won't accept data via 3rd party collection; and for automatic upload it needs to have connectivity to the internet (albeit via an optional proxy).
WRT accessing the devices, accessing them via SSH isn't (IMO) preferable over RO rights using SNMPv3.
So if we have the collector in the trusted zone of the network, how do we maintain separation between the network and the internet, if uploading via a proxy is not deemed acceptable by security teams?
Well one way is to upload via intermediate device in a demarcation zone (DMZ) and then from there to Cisco. To do this you configure the collection upload job to 'file system', so the inventory archive is created on the local machine. This can be transferred (via SCP using shared keys) to the first host in the DMZ (there may be a 2nd transfer to another 'internet facing' DMZ host). Then the archive can be uploaded to Cisco; to do this take a look at the entitlement package that you will have for the collector - if you are familiar with PKI & x.509 certificates then this should be straightforward to figure out how, as I'll not be posting up the details here. ;-)
Dear all.If I open the "Sioftware Update" Tab in my collector I get an "http status 404 - not found"In Administration -> Miscellaneous -> Manage Add-on Process I see status "Process has exited"I try to start the process but it is not starting.I did ...
Hi guys. Our customer is trying to access its Smart Portal for the first time (services.cisco.com) in order to register a collector, but the page "jump" to another page (attached). He tried to use another browser without success. Do you have an idea ...
Does anyone know how long it takes to add a new administrator to the Cisco Services Access Management tool, so that this administrator can start using the SNTC portal? I am the Delegated Administrator and have added a colleague in the Cisco...