This section covers the setup of the yarngate application
This section assumes that that Yarngate access has been configured and the user can login to Yarngate using LDAP credentials
This section assumes that Customers/Clusters/Interfaces have been added either manually via the administration application or via Bulk import of Customers/Cluster/Interfaces
Yarngate Access Profiles and Access rules
Access to the yarngate application and the various roles is controlled by the Authentication policy that matches LDAP groups to Yarnman Role
Once a user has access to Yarngate their system access is determined by
Entitlement Group
The entitlement profile defines what systems can be accessed. To access Entitlements Group setup - from Yarngate menu, select Access Rules->Entitlements Group, then select New Entitlement Group. Access can be added using Customers, Clusters or specific interfaces.
Note that the add Customer/Cluster/Interface button needs to be pressed for each entry
Entitlement Group bulk Import
There is an option to bulk import using excel
Download the template and setup as necessary and upload
Matching Group
The match group defines match of LDAP groups or users for access
For access testing you can also add a unique username that can be used with the test access function
Access Profile
The access profile defines the configuration of the access - note that screenshot below show screen after General Settings first saved
CUCM - there is additional template configuration required
UCXN - there is additional template configuration required
CUCM Template
CUCM Roles (Custom)
If custom CUCM roles are required they can be created, Go Access Profiles->CUCM Templates->Roles then select New Role Template
The roles will need to be imported from a test CUCM use the latest version of CUCM in scope to import the latest roles - Yarngate handles backward compatibility for roles
Select the interface to import the role
Select the required Roles
CUCM Credential Policy
Create the credential policy with the required settings - Go System Templates → CUCM Templates → Credential Policies, then select New Credential Policy
CUCM Access Control Group
Create the Access Control profile - Go System Templates → CUCM Templates → Access Control Groups, then select New Access Control Group Template
CUCM default Roles
To view the list of system default roles refer to CUCM System Default roles or via SSH run the following command
run sql select name from functionrole where isstandard ="t"
Custom role template
Refer to Cisco documentation for the capabilities of the various role resource privileges
Note that Yarngate will assert the role resource privileges to check if that resource privilege exists in the target system, if it does not exist that resource privilege will not be used, this permits backwards compatibility with the custom role templates
Its recommended where possible to use the inbuilt cucm roles, as using a custom roles incurs a slight performance penalty with having to check/validate no changes have been made to the target system(s) when creating a session.
UCXN Templates
Authentication Rule
Create the required Authentication rule - Go System Templates → UCXN Templates → Authentication Rule, then select New Authentication Rule Template
User template
Note that the user template must exist
Access Rule
The access rule links all of the configuration together - Go Access Rules → Rules, then select New Access Rule
Test Access
The test access tool can be used to check what access users have
Note that the User key needs to be defined in matching groups