Onboarding Procedures

This section contains:
  • Onboarding Authentication Providers
  • Onboarding Devices: Token-Based Authentication
  • Subscribing to CloudVision as-a-Service updates

Onboarding Authentication Providers

 

Once the CloudVision as-a-Service instance is set up, use the following procedure to add a preferred authentication provider.

To add a preferred authentication provider:

  1. Navigate to Settings using the gear icon.Verify under the Features section OAuth Providers is toggled on.
    Figure 1. OAuth Providers
  2. Navigate to Access Control and then Providers. To add a new authentication provider, click the 'Add Provider' button.
    Figure 2. Add Provider
  3. Select a provider that your organization uses.
    Figure 3. Shared Provider

    Note that currently Google and Microsoft are supported as a Shared Providers. Shared Providers use an Arista-provided set of credentials so no other information is required from the customer for the onboarding.

    Other providers are currently supported as non-shared providers. Additional required form fields will appear upon selecting these providers. These fields will need to be filled out with credentials specific to your account with that provider.

    Figure 4. Non-shared Provider
  4. Saving the provider will send a registration request to the CloudVision Service backend along with the related information.
  5. Once the authentication provider is set up, make sure to add the admin email address and verify the login process before the Invitation URL expires. To add a user account navigate to Users and then the Add Userscreen.
    Figure 5. Add User

Onboarding Devices: Token-Based Authentication

 

To onboard the devices using token-based authentication.

 

  1. To onboard the devices navigate to Devices and then Inventory and thenAdd Devicesand thenOnboard Devices.
    Figure 6. Onboarding Devices
  2. Details on how to create a token, and using that token to onboard the devices are listed under the Onboard Devices. Please follow the directions to create a token and onboard your devices to CloudVision Service.
    Note: You can use the same token to onboard multiple devices. CloudVision Service will use the device serial number to identify a device.
    Figure 7. Onboarding Devices
  3. Once you successfully onboard the devices you should be able to see them under the Devices tab.
    Figure 8. Device Inventory Screen
  4. Click on the wrench icon (#) to provision the device. This will take you to the device-specific page. Select the. Device Overview tab and then select Provision Device to provision the device in CloudVision Service.
    Figure 9. Device Overview
    Note: Prior to Provision Device make sure the user account exists in the EOS device. For example:
    Assuming john.smith@company.com is the email address used for OAuth authentication you need to have john.smith as a user (for Arista Demo you will need to use
    username@arista.com): 
    sw(config)#username john.smith privilege 15 <nopassword/secret>

    If you have TACACS+ configured for authentication, in order for CloudVision as-a-Service to properly provision the device, the exact user account should already exist in the TACACS+ Server.

    If you have a Radius server for EOS authentication, you need to add the --disableaaa argument into the TerminaAttr config.

    For additional information on migrating an EOS device with a TACACS+/Radius authentication to the CloudVision Service, please refer to Authentication Prerequisites.

Subscribing to CloudVision as-a-Service updates

 

You can monitor CloudVision Service live status through https://status.arista.io . You can also subscribe to CloudVision Service notification via email/text using Subscribe to CloudVision.

Following are informational and disruption notification examples you would get after subscribing to CloudVision Service updates:
Figure 10. Informational Notification