SaaS Paragon Automation

Product Information

Specifications

• Product Name: Paragon Automation (SaaS)
• Publisher: Juniper Networks, Inc.
• Published Date: 2023-08-03
• Website: https://www.juniper.net
• Trademark: Juniper Networks, Junos
• Year 2000 Compliance: Yes

Introduction

The Paragon Automation (SaaS) is a software product provided by
Juniper Networks. It offers automation capabilities for managing
network devices and configurations. This user guide provides
detailed instructions on how to use the Paragon Automation
service.

Paragon Automation as a Service Overview

The Paragon Automation service is offered as a
Software-as-a-Service (SaaS) solution. It allows users to access
and manage their network automation tasks through a graphical user
interface (GUI). The service provides features for device
onboarding, lifecycle management, and administration.

Licensing Overview

The licensing for Paragon Automation is not specified in the
user manual extract. Please refer to the official documentation or
contact Juniper Networks for more information on licensing.

GUI Overview

The Paragon Automation GUI is the main interface for interacting
with the service. It provides a visual representation of network
devices, configurations, and automation workflows. The GUI allows
users to perform various tasks such as device onboarding,
configuration management, and monitoring.

GUI Menu Overview

The GUI menu in Paragon Automation provides access to different
sections and functionalities of the service. It allows users to
navigate between different pages and perform specific actions
related to administration, device management, and configuration
tasks.

Personas Overview

The Personas feature in Paragon Automation allows users to
define and manage different roles within their organization. Each
persona has specific permissions and capabilities within the
service. This feature enables efficient delegation of tasks and
access control for different users.

Access and Manage Paragon Automation Account

This section provides instructions on how to access and manage
your Paragon Automation account.

Access the Paragon Automation GUI

To access the Paragon Automation GUI, follow these steps:

1. Open a web browser and go to the Paragon Automation
   website.

2. Click on the “Login” button to access the login page.

3. Enter your username and password in the provided fields.

4. Click on the “Login” button to log into your account.

User Activation and Login

To activate and log into your Paragon Automation account, follow
these steps:

1. After receiving your account credentials, open the Paragon
   Automation login page.

2. Enter your username and temporary password provided by your
   system administrator.

3. Follow the on-screen instructions to set a new password for
   your account.

4. Once your password is set, click on the “Login” button to log
   into your account.

Reset Your Password

If you need to reset your Paragon Automation account password,
follow these steps:

1. On the Paragon Automation login page, click on the “Forgot
   Password” link.

2. Enter your registered email address and click on the “Reset
   Password” button.

3. Check your email for a password reset link.

4. Click on the link and follow the instructions to set a new
   password for your account.

About the Cloud Status Page

The Cloud Status page in Paragon Automation provides real-time
information about the status and health of the service. It displays
any ongoing maintenance activities, service disruptions, or
performance issues. Users can refer to this page for updates and
notifications regarding the availability of the service.

Administration

The Administration section of Paragon Automation allows users to
manage organizational settings, authentication methods, and device
assignments.

Administration Overview

The Administration section provides a centralized interface for
managing various administrative tasks in Paragon Automation.

Administration Workflow

The administration workflow in Paragon Automation involves the
following steps:

1. Access the Administration section in the Paragon Automation
   GUI.

2. Manage organization settings, including adding or deleting
   organizations, and configuring organization-specific settings.

3. Configure authentication methods and manage identity providers
   for user authentication.

4. Assign devices to specific sites within the organization.

5. View and manage audit logs for tracking administrative
   activities.

Organization Management

The Organization Management feature allows users to create,
delete, and configure settings for different organizations within
Paragon Automation.

Organization and Sites Overview

In Paragon Automation, organizations represent distinct entities
or divisions within a company. Each organization can have multiple
sites, which correspond to physical locations or network
segments.

Add an Organization

To add a new organization in Paragon Automation, follow these
steps:

1. Go to the Organization Management page in the Administration
   section.

2. Click on the “Add Organization” button.

3. Enter the required information, such as organization name and
   contact details.

4. Click on the “Save” button to create the organization.

Delete an Organization

To delete an organization in Paragon Automation, follow these
steps:

1. Go to the Organization Management page in the Administration
   section.

2. Select the organization you want to delete.

3. Click on the “Delete” button.

4. Confirm the deletion by clicking on the “Yes” button.

Manage Organization Settings

Paragon Automation allows users to configure various settings
specific to each organization. To manage organization settings,
follow these steps:

1. Go to the Organization Management page in the Administration
   section.

2. Select the organization for which you want to configure
   settings.

3. Click on the “Manage Settings” button.

4. Modify the desired settings and click on the “Save” button to
   apply the changes.

Authentication Methods Overview

Paragon Automation supports multiple authentication methods for
user login. This feature allows organizations to choose the most
appropriate authentication method based on their security
requirements and infrastructure.

Manage Identity Providers

In Paragon Automation, identity providers are used for user
authentication. Users can configure and manage different identity
providers based on their organization’s requirements. To manage
identity providers, follow these steps:

1. Go to the Authentication Methods page in the Administration
   section.

2. Click on the “Manage Identity Providers” button.

3. Add, edit, or delete identity providers as needed.

4. Configure the necessary settings for each identity
   provider.

5. Save the changes to apply the updated identity provider
   settings.

Assign a Device to a Site

In Paragon Automation, devices can be assigned to specific sites
within an organization. This allows for better organization and
management of network resources. To assign a device to a site,
follow these steps:

1. Go to the Device Life Cycle Management section in the GUI.
2. Select the device you want to assign to a site.
3. Click on the “Assign to Site” button.
4. Select the desired site from the available options.
5. Save the changes to assign the device to the selected
   site.

Audit Logs

The Audit Logs feature in Paragon Automation allows users to
track and monitor administrative activities. It provides a record
of changes made to organizational settings, device assignments, and
other relevant actions.

Audit Logs Overview

The Audit Logs page displays a chronological list of
administrative activities performed in Paragon Automation. It
includes details such as the user who made the change, the
timestamp of the action, and a description of the activity.

About the Audit Logs Page

The Audit Logs page provides filters and search options to help
users find specific activities or track changes made within a
certain timeframe. Users can also export the audit logs for further
analysis or reporting purposes.

Device Life Cycle Management

The Device Life Cycle Management section in Paragon Automation
provides features for managing the life cycle of network devices,
including device onboarding, adoption, and configuration.

Device Life Cycle Management Overview

Device Life Cycle Management in Paragon Automation encompasses
the processes and tasks involved in managing network devices from
initial onboarding to production deployment and ongoing
maintenance.

Device Onboarding Overview

Device onboarding is the process of adding and configuring
network devices in Paragon Automation. It involves preparing the
device, connecting it to the network, and provisioning necessary
configurations.

Supported Devices

Paragon Automation supports a wide range of network devices from
various vendors. The supported devices list includes routers,
switches, firewalls, and other network equipment. Refer to the
official documentation or contact Juniper Networks for the complete
list of supported devices.

Device Onboarding Workflow

The device onboarding workflow in Paragon Automation consists of
the following steps:

Paragon Automation (SaaS) User Guide
Published
2023-08-03

ii
Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
Paragon Automation (SaaS) User Guide Copyright © 2023 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through the year 2038. However, the NTP application is known to have some difficulty in the year 2036.
END USER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networks software. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted at https://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions of that EULA.

iii

Table of Contents

About This Guide | xi

1

Introduction

Overview | 2

Paragon Automation as a Service Overview | 2

Licensing Overview | 4

GUI Overview | 4

GUI Menu Overview | 23

Personas Overview | 28

Access and Manage Paragon Automation Account | 31 Access the Paragon Automation GUI | 31

User Activation and Login | 32

Reset Your Password | 34

About the Cloud Status Page | 35

2

Administration

Introduction | 38

Administration Overview | 38

Administration Workflow | 40

Organization Management | 43 Organization and Sites Overview | 43

Add an Organization | 44

Delete an Organization | 45

Manage Organization Settings | 45

Authentication Methods Overview | 50

Manage Identity Providers | 51

iv
Add an Identity Provider | 52 Edit an Identity Provider | 53 Delete an Identity Provider | 53 Manage Roles | 53 Add a User-Defined Role | 54 Edit a User-Defined Role | 54 Delete a User-Defined Role | 55 Manage API Tokens | 55 Add an API Token | 56 Edit an API Token | 56 Delete an API Token | 57 Configure Webhooks to Receive Event Notifications in Slack Channels | 57 Link Your Juniper Account to Your Organization | 60 Site Management | 62 About the Sites Page | 62 Manage Sites | 63 User Management | 66 About the Users Page | 66 Predefined User Roles Overview | 68 Add Users to an Organization | 71 Invite Users | 72 Manage Users and Invites | 74 Edit User Role | 75 Reinvite a User | 75 Cancel an Invitation | 76 Revoke a User | 76 Manage Your Juniper Cloud Account | 77 Inventory Management | 80 About the Inventory Page | 80

v

Assign a Device to a Site | 84

Audit Logs | 86 Audit Logs Overview | 86

About the Audit Logs Page | 87

3

Device Life Cycle Management

Introduction | 90

Device Life Cycle Management Overview | 90

Device Onboarding Overview | 93

Supported Devices | 96

Device Onboarding Workflow | 96

Day-Wise Activities for Device Life Cycle Management | 99 Add Network Resource Pools and Profiles (Day -2 Activities) | 99

Prepare for Device Onboarding (Day -1 Activities) | 100

Install and Onboard the Device (Day 0 Activities) | 101

Adopt a Device | 109

Move Device to Production (Day 1 and Day 2 Activities) | 111

Field Technician User Interface | 113 Field Technician UI Overview | 113

Working with Field Technician UI Pages | 114 Onboard a Device Page | 115 Device List Page | 115

Onboarding Profiles | 116 Device and Interface Profiles Overview | 116

About the Device and Interface Profiles Page | 117

Add Labels | 119

Add a Device Profile | 120

Add an Interface Profile | 130

vi
Edit and Delete a Label or Profile | 134 Edit a Label or Profile | 134 Delete a Label or a Profile | 135
Plan Device Onboarding | 136 Network Implementation Plan Overview | 136
About the Network Implementation Plan Page | 138
Add Network Resource Pools | 141 Add Network Resource Pools by Using the UI | 142 Add Network Resource Pools by Using REST APIs | 142 Sample Files | 144
Add a Network Implementation Plan | 158
Publish a Network Implementation Plan | 165
Offboard a Network Implementation Plan | 166
Edit a Network Implementation Plan | 167
View Network Resources | 168
View Device Onboarding | 170 About the Put Devices into Service Page | 170
Move a Device to Production | 174
View Results of Automated Device Tests | 174 Identity and Location Data of a Device | 176 Remote Management Data and Test Results | 178 Hardware Data and Test Results | 183 Overview | 183 Hardware Details for Device-Name Page | 186 Interfaces Data and Test Results | 190 Overview | 191 Pluggables Details for Device-Name Page | 193 Input Traffic Details for Device-Name Page | 196 Output Traffic Details for Device-Name Page | 201 Interfaces Details for Device-Name Page | 205 Software Data and Test Results | 208

vii

Configuration Data and Test Results | 210 Routing Data and Test Results | 212
Overview | 212 Device Connectivity Data and Tests Results | 214
Connectivity Accordion | 215 Connectivity Details Page | 218 View Connectivity Test Results | 220

Device Management | 225 Device Management Workflow | 225

Device Licenses Overview | 227

About the Licenses Tab | 228

About the Features Tab | 230

Manage Device Licenses | 232 Add a Device License | 232 Delete a Device License | 233

About the Software Images Page | 233

Upload a Software Image | 236

Delete a Software Image | 238

About the Configuration Backups Page | 239

Configuration Templates Overview | 241

About the Configuration Templates Page | 242

Add a Configuration Template | 245

Edit and Delete a Configuration Template | 252 Edit a Configuration Template | 252 Delete a Configuration Template | 252

Preview a Configuration Template | 253

Deploy a Configuration Template to a Device | 254

4

Observability

Introduction | 257

viii
Observability Overview | 257 Troubleshoot Devices | 261 Troubleshoot Using Alerts and Alarms | 261 About the Troubleshoot Devices Page | 265 About the Device-Name Page | 271 About the Chassis Tab | 274 About the Interfaces Tab | 276 About the Events Page | 278
Alerts Tab | 279 Alarms Tab | 283 Device Logs Tab | 286 Manage Event Templates | 289 Create an Event Template | 290 Edit Event Template Configuration | 293 Clone an Event Template | 293 Delete an Event Template | 294 Manage Network Topology | 295 Network Topology Visualization Overview | 295 Network Visualization Options | 297 View Live Network Topology | 301 Topology Map | 301 Topology Menu Bar | 304 Network Information Table Overview | 306 About the Device Tab | 307 About the Link Tab | 310 About the Site Tab | 312 Monitor Devices | 315 Automatically Detect Bad Cables | 315 Bad Cable Detection Overview | 315

ix

Bad Cable Notifications in the GUI | 316

Automatically Monitor Device Health and Detect Anomalies | 319 Device Health Monitoring and Anomaly Detection Overview | 319 Device Health Anomalies in the GUI | 321

5

Trust and Compliance

Introduction | 325

Trust and Compliance Overview | 325

Perform Compliance Scan and Manage Checklists | 326

Manage Trust Settings and Trust Scores | 328 Compliance Standards Overview | 328

About the Compliance Benchmarks Page | 329

About the Compliance Tailorings Page | 330

Example: Create a Tailoring Document for NTP Settings | 332

About the Compliance Checklist Page | 333

Add a Checklist Template | 335

Add Checklist for a Device | 335

Import Scans and Update Rule Results in a Checklist | 336

Trust Plans Overview | 337

About the Network Score Formula Page | 339

Trust Score Overview | 340

About the Network Score Page | 342

Manage Compliance Scans | 343 Compliance Scans Overview | 343

About the Compliance Page | 344

Perform Custom Compliance Scans | 346

Analyze Scan Results | 348

About the Snapshots Page | 348

x
Add a Snapshot for a Target | 350 Manage Vulnerabilities | 352 Vulnerabilities Overview | 352 About the Vulnerabilities Page | 353 Monitor Integrity | 355 Integrity of the Hardware and Software on the Network | 355 About the Software End of Life Page | 356 About the Hardware End of Life Page | 358

xi
About This Guide
Use this guide to understand the various use cases in Paragon Automation (SaaS). This guide provides overviews, workflows, and procedures that help you understand the use cases and perform various tasks in Paragon Automation (SaaS).

1 PART
Introduction
Overview | 2 Access and Manage Paragon Automation Account | 31

2
CHAPTER 1
Overview
IN THIS CHAPTER Paragon Automation as a Service Overview | 2 Licensing Overview | 4 GUI Overview | 4 GUI Menu Overview | 23 Personas Overview | 28
Paragon Automation as a Service Overview
IN THIS SECTION Benefits | 3
Network operators are experiencing an unprecedented increase in network traffic, and growth in network scale and complexity. In addition, 5G and cloud-based applications and services, which require specific service-level agreements (SLAs), are triggering the demand for better experiences from customers. Furthermore, the acceleration of 5G, Internet of Things (IoT), and edge services means that service delivery is shifting from the provider edge (PE) into the metro network. Consequently, metro networks, which aggregate services from the access to multiple service edges, data centers, cloud, and the core, are facing an increase in the volume, velocity, and types of traffic. As the metro network becomes the new edge, it creates both unique challenges (increased user expectations and expanded security threats) and fresh opportunities (new generation of 5G, IoT, distributed edge services) for network operators. Juniper’s Cloud Metro solution enables service provider and enterprise networks to meet these challenges and capitalize on these opportunities. Juniper’s solution delivers an experience-first and

3
automation-driven network that provides a high-quality experience to network operators. A key component of the Cloud Metro solution is Paragon Automation as a Service.
Paragon Automation as a Service is a cloud-delivered, WAN automation solution that is based on a modern microservices architecture with open APIs. Paragon Automation is designed with an easy to use, persona-based UI that provides a superior operational and user experience. For example, Paragon Automation uses different personas (such as network architect, network planner, field technician, and Network Operations Center [NOC] engineer) to enable operators to understand the different activities in the device life-cycle management (LCM) process. For details, see “Personas Overview” on page 28.
Paragon Automation supports the following use cases (explained at a high- level):
· Device life-cycle management (LCM)–Allows you to onboard, provision, and then manage a device. Paragon Automation automates the device onboarding experience, from shipment through service provisioning, thus enabling the device to be ready to accept production traffic.
· Observability–Allows you to visualize the network topology, and monitor the devices and the network. You can also view the device and network health and drill down into the details. In addition, Paragon Automation notifies you about network issues using alerts and alarms, which you can use to troubleshoot issues affecting your network.
Paragon Automation uses AI/ML (artificial intelligence [AI] and machine learning [ML]) techniques to automatically detect faulty (bad) optical and copper cables, and monitor device health Key Performance Indicators (KPIs) and detect anomalies.
· Trust and compliance–Enables you to automatically check the compliance of configuration, integrity, and performance of a device and its components. Paragon Automation then generates a trust score that determines the trustworthiness of a device.
NOTE: Paragon Automation supports newer models in the ACX7000 and ACX7500 series of devices. Because these supported devices are new and run the latest versions of Junos OS Evolved, no end of life (EOL) information is currently available for these devices.
For details about these use cases and other features of Paragon Automation, refer to the corresponding sections in the Paragon Automation User Guide.
Benefits
· Automate the onboarding and provisioning of devices
· Simplify and accelerate service delivery
· Reduce manual effort and timelines by using automation

4
RELATED DOCUMENTATION Access the Paragon Automation GUI | 31 GUI Menu Overview | 23
Licensing Overview
To use Paragon Automation and its features, you need: · Product Entitlement–To use Paragon Automation and its use cases.
For more information, see Juniper Licensing User Guide. · Device License–To use the features on a device that you onboarded.
For more information about licenses for ACX Series devices, see Flex Software License for ACX. For more information on how to add a device license in Paragon Automation, see “Device Licenses Overview” on page 227. To purchase a product entitlement or a device license, you can contact your Juniper Sales Representative or Business Partner. After you complete your purchase, you can download the license file and manage the license by using the Juniper Agile Licensing (JAL) portal. You can also choose to receive the license file over an email.
RELATED DOCUMENTATION Juniper Agile Licensing Overview
GUI Overview
IN THIS SECTION Menu and Banner | 5 Breadcrumbs and GUI Elements in Landing Pages | 9 Sort, Resize, Filter, and Search Icons, and Related GUI Elements | 10 Page Display, Navigation, and Related GUI Elements | 13

5
View, Add, and Remove Favorite Pages | 15 Filter Data in a Table | 17

The Paragon Automation GUI provides an easy to use, single pane of glass experience that allows you to access the different use cases and features.
To access the Paragon Automation GUI, you must log in using your Juniper Cloud account. For more information, see “Access the Paragon Automation GUI” on page 31. After you log in successfully to the Paragon Automation GUI, you are taken to the Troubleshoot Devices page, which displays the devices belonging to your organization and enables you to manage the devices. For more information, see “About the Troubleshoot Devices Page” on page 265.
In this topic, we’ll discuss some commonly used elements and features of the Paragon Automation GUI.

Menu and Banner
The two elements of the Paragon Automation GUI that you’ll use frequently are as follows:
· Menu: The menu, which is available at the left-side of the GUI, is minimized by default. You can hover over or click inside the menu to expand the menu. A sample of the expanded menu is shown in Figure 1 on page 8.
You can expand the menu and click different menu entries to navigate to the different pages in the Paragon Automation. For details about the menu, see “GUI Menu Overview” on page 23.
· Banner: The banner, which is displayed at the top of the page (see Figure 1 on page 8) contains several icons and GUI elements that you’re likely to use regularly. These icons and GUI elements are explained in Table 1 on page 5.
Table 1: Banner Icons and GUI Elements

Description

Function

Menu Toggle

Click the menu toggle icon (the icon with three horizontal bars) in the top left of the banner to toggle the visibility of the Paragon Automation menu. If the menu was previously hidden, it is displayed, and the menu is hidden if it was previously displayed.

6

Table 1: Banner Icons and GUI Elements (Continued)

Description

Function

Organization drop-down

The Organization drop-down displays the current organization that you are accessing. Click the Down arrow next to the organization name expand the dropdown. You can:
· View the list of organizations to which you have access.
You can click an organization name to switch context to that organization.
· Click Create Organization to add an organization. For more information, see “Add an Organization” on page 44.

7

Table 1: Banner Icons and GUI Elements (Continued)

Description

Function

Help (?) menu

Click the (?) (help) icon to access the help menu, which provides links to the following:
· Cloud Status–Opens the Juniper Cloud Status page in a new browser tab or window. For more information, see “About the Cloud Status Page ” on page 35.
· What’s New–Opens the What’s New panel within the application, which lists the new and changed features and the bug fixes in the current software release.
· Quick Help–Opens the Quick Help panel within the application, which contains the topics that explain how to use Paragon Automation. You can use the Featured tab to access featured topics or the All Topics tab to access all topics.
· About–Opens the About panel, which provides information about the software release and copyright information.
· JSI on JSP–Opens the Juniper Support Insights (JSI) dashboards on the Juniper Support Portal (JSP). JSI provides support insights for cloud connected devices, as part of the Juniper support experience. For more information, see https:// www.juniper.net/documentation/us/en/day-oneplus/jsi /jsi-on-jsp/jsi-day-one-plus/topics/topicmap/jsi-lwc-step-1-begin.html.

8

Table 1: Banner Icons and GUI Elements (Continued)

Description

Function

User account icon

Click the user account icon to access the user account menu, This menu displays your name and e-mail address, and you can do the following:
· Manage your account: Click My Account to open the My Account page, where you can modify your account, password, and other information. See “Manage Your Juniper Cloud Account” on page 77.
· Log out of Paragon Automation: Click Logout to log out of the GUI.
You are logged out and taken to the Juniper Cloud login page.

Figure 1: Sample Page Showing Menu and Banner

1– Menu toggle icon 2– Menu bar and expanded menu

5– Organization drop-down 6– Help (?) icon

9

3– Banner 4– Organization name

7– User account icon

Breadcrumbs and GUI Elements in Landing Pages
Figure 2 on page 10 shows the breadcrumbs, page help, and other GUI elements or icons, and Table 2 on page 9 provides a high-level explanation of their functions. Table 2: Breadcrumbs, Page Help Icon, and Other GUI Elements or Icons

Description Breadcrumbs

Function
The breadcrumbs in the Paragon Automation situate you in the menu structure and provide an alternative way to navigate the menu. Click the Down arrow next to a breadcrumb to access the menu entries at that menu level.

Page Help icon

Click or hover over the page help (?) icon to view help text for the page and access the More… link.
You can click the More… link to open the in-application help topic for that page.

More drop-down Add or Create (+) icon Edit (pencil) icon Delete (trash can) icon Favorite icon

The More drop-down provides additional options for tasks that you can perform on a page.
Used to add or create an entity; for example, create a site.
Used to modify an existing entity; for example, modify a site.
Used to delete an entity; for example, delete a site.
Used to mark a page as a favorite page or remove a page that was previously marked as a favorite. See “View, Add, and Remove Favorite Pages” on page 15.

10 Figure 2: Sample Page Showing Breadcrumbs, Page Help Icon, and Other GUI Elements

1– Breadcrumbs 2– Page Help icon 3– More drop-down 4– Add or Create icon

5– Edit icon 6– Delete icon 7– Favorite icon

Sort, Resize, Filter, and Search Icons, and Related GUI Elements
Figure 3 on page 13 shows the sort, filter, search, and related GUI elements that you typically encounter on landing pages (for example, Sites). Table 3 on page 11 lists these icons and provides a high-level explanation of their functions.

NOTE: The search and filter icons might not be available on some pages.

11

Table 3: Sort, Resize, Filter, Search, and Related GUI Elements

Description

Function

Sort icons

The sort icons next to a column label in a table (grid) indicate that the data can be sorted (in ascending or descending order) based on that column.
To sort the data, click the column label. The corresponding sort icon changes color to indicate whether the data is sorted in ascending or descending order.

Column Resize icon Re-arrange columns Filter icon (funnel)

In some tables, columns can be resized by moving your mouse between two column names until you see the column resize icon. You can then left-click your mouse, and hold and drag the mouse resize the column.
To move a column, click inside a column label, hold and drag to move the column to where you want it to be placed, and release.
You can apply one or more filters to the data in the table and, if needed, save the filters. Hover over or click the filter icon to access the filtering menu. For more information, see “Filter Data in a Table” on page 17.

Search icon (magnifying glass)

You can click the search icon search the data and, if needed, save the search as a filter.
· Click the Search icon and enter one or more keywords, and press Enter. The data displayed in the table is filtered based on the keywords that you entered.
· To save the search as a filter so that it can be reused later, click Save. For details, see “Filter Data in a Table” on page 17.
· To clear a search, click the X icon. The unfiltered data is displayed in the table.

12

Table 3: Sort, Resize, Filter, Search, and Related GUI Elements (Continued)

Description

Function

Vertical Ellipsis icon

Click or hover over the vertical ellipsis to access the column and page preferences menu. You can do the following: · Show or hide columns in the table (grid):
1. Hover over or click Show/Hide Columns to view the list of columns that you can display in the table.
The check box next to the column indicates whether the column is displayed (check box is selected) or not (check box is cleared).
2. (Optional) Select the check boxes corresponding to the columns that you want to display in the table.
The selected columns are displayed in the table.
3. (Optional) Clear the check boxes corresponding to the columns that you do not want to display.
The cleared columns are no longer displayed in the table.
· Reset the page preferences and remove any previously applied filters:
1. Hover over the vertical ellipsis menu and click Reset Preference.
A message appears asking you to confirm the reset.
2. Click Yes.
The page preferences are reset and the default view is displayed.

13 Figure 3: Sample Page with Sort, Resize Columns, Filter, Search, and Related GUI Elements

1– Sort icons 2– Resize column icon 3– Filter icon

4– Search icon 5– Column and Page Preferences Menu

Page Display, Navigation, and Related GUI Elements
Figure 4 on page 15 shows the GUi elements related to page display and navigation, which that you typically encounter on landing pages (for example, Sites). Table 4 on page 13 lists these GUI elements and provides a high-level explanation of their functions. Table 4: Page Display, Navigation, and Related GUI Elements

Function Total-number [of] items

Description
Displays the total number of items or entries available on a page.

Refresh icon

Typically, pages in the Paragon Automation GUI refresh automatically. However, you can click the Refresh icon to trigger a manual refresh if needed.

14

Table 4: Page Display, Navigation, and Related GUI Elements (Continued)

Function

Description

Display options

This field displays the number of entries that are currently shown in the table (grid).
You can click the number and select the number of items that you want to display.

Previous Page (<) icon Page numbers Next Page (>) icon Go to page-number

For tables displaying two or more pages, click < to go to the previous page.
Displays one or more page numbers depending on the number of pages of items (entries) displayed. Click the page number to go to that page.
For tables displaying two or more pages, click > to go to the next page.
For tables displaying two or more pages, enter the page number in the text box and press Enter to go to that page.

15 Figure 4: Sample Page Showing Display, Navigation, and Related GUI Elements

1– Total number of entries (items) available 2– Refresh icon 3– Display options 4– Previous page icon

5– Page numbers 6– Next page icon 7– Go to (page number)

View, Add, and Remove Favorite Pages
In Paragon Automation, you can mark pages that you frequently use as favorites, so that you can access such pages easily. You can view existing favorites in the Favorites menu, remove existing favorites, or add pages as favorites. A sample page showing the Favorites menu, icons, and so on is shown in Figure 5 on page 16.

NOTE: The Favorites menu appears only if at least one page marked as a favorite.

You can do the following: · View or access favorite pages: You can use the Favorites menu to view and access existing favorite
pages.
· Add a page as a favorite: You can add a page as a favorite in one of the following ways:

16
· By clicking the star icon next to the menu entry. · By clicking the star icon at the top right corner of a page (below the Paragon Automation banner). When you add a page as a favorite, it appears under the Favorites menu. The star icon is shaded (filled), which indicates that the page is a favorite. · Remove a page as a favorite: You can remove a page as a favorite in one of the following ways: · By clicking the shaded star icon in the Favorites menu. · By clicking the shaded star icon next to the menu entry. · By clicking the shaded star icon at the top right corner of a page. When you remove a page as a favorite, it no longer appears in the Favorites menu. The star icon changes to empty (unshaded), which indicates that the page is not a favorite.
Figure 5: Sample Page with Favorites Menu, and Add, or Remove Favorite Icons

1– Favorites menu 2– Remove existing favorite (using the menu)

3– Add as a favorite (using the menu) 4– Add as a favorite (using the page)

17
Filter Data in a Table
Paragon Automation enables you to filter the data displayed in a table (grid) based on filter criteria. You can specify one or more criterion, and use conditional operators (AND or OR) to create a combination of filter criteria. Figure 6 on page 17 shows the expanded filter menu with and without filters and Figure 7 on page 18 shows a sample page on which filter criteria are applied. Table 5 on page 18 explains the different icons and GUI elements related to filters (as shown in Figure 7 on page 18).
Figure 6: Filter Menu with and without Filters

1– Filter icon and drop-down menu 2– Expanded filter menus

3– Mark as default icon 4– Delete filter icon

18 Figure 7: Sample Page Showing Filter Criteria Applied

1– Filter criteria applied 2– Delete filter criterion icon 3– Filter criteria condition drop-down 4– Add filter criterion icon Table 5: Icons and GUI Elements Related to Filters

5– Apply filter criteria icon 6– Clear all filter criteria icon 7– Filter icon and drop-down menu 8– Save as filter button

Function

Description

Filter criteria field (text box)

This field (text box) displays the filter criteria that was previously specified. You can enter additional criteria by using the Add (+) icon.

Delete filter criterion (x)

To delete a previously entered filter criterion, click the x icon next to the filter criterion.
WARNING: When you trigger the deletion of a filter criterion, it is deleted immediately, and you cannot recover the filter.

Filter criteria condition and drop-down menu

If a filter criterion condition (AND or OR) already exists, you can hover over the condition and select a different condition from the drop-down menu that appears. The data is then filtered based on the updated value of the filter criteria.

19

Table 5: Icons and GUI Elements Related to Filters (Continued)

Function

Description

Add criterion icon (+)

Click the + icon to add a filter criterion. For details, see “Add Filter Criteria” on page 19.

Apply filter criteria icon ()

Click the check mark icon () to apply the filter criteria that you specified. The filtered data is displayed in the table.

Clear all filters icon (X)

To clear all the applied filter criteria and display unfiltered data, click the X icon.

Filter icon (funnel) and drop-down

Hover over or click the filter icon or the down arrow button to access the menu to toggle the display of filters and access previously saved filters. See Figure 6 on page 17.

Save filter button

To save the filter criteria so that you can reuse it later, click Save and follow the instructions in Step “5” on page 20.

Add Filter Criteria
To add one or more filter criteria: 1. Do one of the following:
· If no filters are present, click the filter (funnel) icon and select Show advanced filter (see Figure 6 on page 17).
· If one or more filters are already present, click the Add (+) icon above the table (see Figure 7 on page 18).
A page appears displaying the fields related to filter criteria. 2. Configure the fields as described in Table 6 on page 21.
NOTE: Fields marked with an asterisk (*) are mandatory.
3. Click Add.

20
The data in the table (grid) is filtered based on the criteria that you specified. The filter criterion appears on the top of the table (grid). 4. (Optional) Do one of the following: · Specify additional filter criteria by selecting the Operator (seeTable 6 on page 21) and configure
the rest of the fields as explained in Step “2” on page 19). · Click Close to close the pop-up.
You are returned to the previous page. 5. (Optional) To save the filter criteria so that you can reuse it later, click Save.
The Save Filter page appears. a. Enter a name for the filter in the Name text box. b. To set the filter as a default, click the Set as default toggle button.
NOTE: · When you set a filter as a default, Paragon Automation automatically applies the filter
on the page, and displays the filtered data.
c. Click OK. A confirmation message appears indicating that the save operation was successful. You can access saved filters using the funnel (filter) icon.
NOTE: Saved filters are stored in the local storage of the browser that you use to access Paragon Automation. If you clear your browser’s local storage, the filters are cleared.

Table 6: Fields on the Add Criteria Pop-Up Field Operator
Field Condition
Value

21
Description
NOTE: This field appears only when you’ve already entered one filter criterion and want to enter the second or subsequent criteria. Select the logical operator for the filter criterion that you are specifying: · AND: Data is filtered only when both the filter
criteria are met. · OR: Data is filtered when one of the filter criteria is
met.
Select the field (parameter) that you want to use as a filtering criterion. For example, on the Sites page, you can select Name, Country, or Address as a filtering criteria.
Select the filtering condition that you want to use in the filter. A filtering condition can be: · A mathematical operator; for example, = (equal to)
or != (not equal to). · A keyword; for example, starts with, Includes, or In.
Specify one or more values (depending on the condition that you specified) on which to filter the data.

Apply a Saved Filter To apply a previously saved filter: 1. Hover over or click the filter icon (funnel).
The Filter menu appears. 2. Click the filter that you want to apply.

22
The filtered data is displayed in the table.
Mark a Saved Filter as Default
To mark a previously saved filter as a default: 1. Hover over or click the filter icon (funnel).
The Filter menu appears. 2. Hover over the filter that you want to mark as a default and click the star icon that appears next to
the filter’s name. The star icon is shaded (filled), which indicates that the filter is now a default. The next time that you access the page, the default filter is applied and the filtered data is displayed in the table.
Delete a Saved Filter
To delete a previously saved filter:
WARNING: When you trigger the deletion of a filter, it is deleted immediately. You cannot recover the filter. So, ensure that you check the filter that you want to delete before triggering a delete operation.
1. Hover over or click the filter icon (funnel). The Filter menu appears.
2. Hover over the filter that you want to delete. A delete icon (X) appears next to the filter name.
3. Click the delete (X) icon. The filter is deleted. If the filter was previously saved as a default, then the filter is no longer applied on the page.

23
GUI Menu Overview
IN THIS SECTION Trust Menu | 24 Observability Menu | 25 Network Menu | 25 Intent Menu | 26 Settings Menu | 26 Administration Menu | 27

The Paragon Automation GUI menu enables you to access the different use cases and features. The tasks that you can perform are based on the roles and access privileges (capabilities) that you’re assigned as a Paragon Automation user. For more information, see “Predefined User Roles Overview” on page 68.
The menu bar is available on the left side of the Paragon Automation GUI. You can toggle the menu by using the menu icon (three horizontal lines) on the banner. You can also access the menu by using the breadcrumbs, that are displayed just below the banner, on every page. For more information, see “GUI Overview” on page 4.
Table 7 on page 23 shows the top-level menu items (sub-menus) in the Paragon Automation GUI.
Table 7: Paragon Automation Main Menu

Menu Entry

Description

Favorites

Displays the pages that are marked as favorites. For more information, see “View, Add, and Remove Favorite Pages” on page 15. NOTE: This menu appears only if you have at least one page marked as a favorite.

Trust Observability

Access the tasks and features related to the trust and compliance use case. See “Trust Menu” on page 24.
Access the tasks and features related to the observability use case. See “Observability Menu” on page 25.

24

Table 7: Paragon Automation Main Menu (Continued)

Menu Entry

Description

Network

Access the features related to the network topology view. See “Network Menu” on page 25.

Intent

Access the tasks and features related to the device onboarding. See “Intent Menu” on page 26.

Settings

Access the trust, intent, and network settings. See “Settings Menu” on page 26.

Administration

Access the tasks and features related to the organization, account management, and other administration tasks. See “Administration Menu” on page 27.

Onboard a device

Access the field technician UI for onboarding a device. For more information, see “Working with Field Technician UI Pages” on page 114. NOTE: This menu entry appears only when you log in as a user with the Installer role.

Device List

Access the field technician UI for the list of devices to be onboarded. For more information, see “Working with Field Technician UI Pages” on page 114. NOTE: This menu entry appears only when you log in as a user with the Installer role.

Trust Menu

Table 8 on page 24 displays the menu entries for the trust and compliance use case and links to relevant topics that you can refer to for more information.
Table 8: Trust Menu Entries

Menu Entry

Description

Trust (sub-menu)

Network Score

See “About the Network Score Page” on page 342.

Compliance

See “About the Compliance Page” on page 344.

Vulnerabilities

See “About the Vulnerabilities Page” on page 353.

Table 8: Trust Menu Entries (Continued)
Menu Entry Integrity (sub-menu) Hardware EOL
Software EOL

25
Description
See “About the Hardware End of Life Page” on page 358. See “About the Software End of Life Page” on page 356.

Observability Menu
Table 9 on page 25 displays the menu entries for the observability use case and links to relevant topics that you can refer to for more information. Table 9: Observability Menu Entries

Menu Entry

Description

Troubleshoot Devices

See “About the Troubleshoot Devices Page” on page 265.

Events

See “About the Events Page” on page 278.

Network Menu
Table 10 on page 25 displays the menu entries for the network topology view and links to relevant topics that you can refer to for more information. Table 10: Network Menu Entries

Menu Entry

Description

Devices & Links

See “Network Visualization Options” on page 297

26

Intent Menu
Table 11 on page 26 displays the menu entries for device onboarding and links to relevant topics that you can refer to for more information. Table 11: Intent Menu Entries

Menu Entry

Description

Device Onboarding (sub-menu)

Network Implementation Plan

See “About the Network Implementation Plan Page” on page 138.

Put Devices into Service

See “About the Put Devices into Service Page” on page 170.

Settings Menu

Table 12 on page 26 displays the menu entries for the trust, intent, and network settings, and links to relevant topics that you can refer to for more information.
Table 12: Settings Menu Entries

Menu Entry

Description

Trust Settings (sub-menu)

Network Score Formula

See “About the Network Score Formula Page” on page 339.

Compliance Checklist

See “About the Compliance Checklist Page” on page 333.

Compliance Tailorings

See “About the Compliance Tailorings Page” on page 330.

Compliance Benchmarks

See “About the Compliance Benchmarks Page” on page 329.

Intent Settings

27

Table 12: Settings Menu Entries (Continued)
Menu Entry Device and Interface Profiles Network Settings (sub-menu) Configuration Templates
Configuration Backup
Software Images

Description See “About the Device and Interface Profiles Page” on page 117.
See “About the Configuration Templates Page ” on page 242. See “About the Configuration Backups Page” on page 239. See “About the Software Images Page” on page 233.

Administration Menu

Table 13 on page 27 displays the menu entries for features and tasks related to administration, and links to relevant topics that you can refer to for more information.
Table 13: Administration Menu Entries

Menu Entry

Description

Users

See “About the Users Page” on page 66.

Audit Logs

See “About the Audit Logs Page” on page 87.

Inventory

See “About the Inventory Page” on page 80.

Settings

See “Manage Organization Settings” on page 45.

Sites

See “About the Sites Page” on page 62.

RELATED DOCUMENTATION Paragon Automation as a Service Overview | 2

28
Personas Overview
The management and operation of a network require different people to be involved at various stages of the process, and to perform tasks related to their area of expertise. This might mean that different departments handle different tasks, with handoffs between departments taking place. For example, one person might install a device, but a different person might then monitor the device onboarding process. Paragon Automation is designed around a structured planning process that makes the life-cycle of the device and network efficient. By using structured planning, you can streamline the device onboarding and monitoring activities. Paragon Automation uses personas to delineate the device life-cycle management (LCM) process. These personas provide a way for operators to map the different activities in the device LCM process to Paragon Automation.
NOTE: Personas are different from predefined roles that exist in the Paragon Automation GUI. Roles define which access permissions are available to users who are assigned to a role. However, a persona is simply a logical construct to make it easier to understand the structured planning approach for device LCM in Paragon Automation. For details about roles, see “Predefined User Roles Overview” on page 68
Table 14 on page 29 lists the different personas in Paragon Automation and the tasks that the persona performs.

29

Table 14: Personas in Paragon Automation

Persona

Description

Network Architect or Designer

A Network Architect typically performs the Day -2 activities in the device LCM process. These activities include:
· Deciding the types of devices to be used in the network, and the configuration of the device types.
· Identifying the types of interfaces to be used on different devices.
· Determining what protocols need to run on the different types of devices.
In addition, a Network Architect usually performs advanced troubleshooting tasks. In Paragon Automation, these tasks include creating resource pools, device profiles, interface profiles, and so on.

Network Planner (also known as Deployment Planner)

A Network Planner typically performs the Day -1 activities in the device LCM process. These activities include:
· Defining the devices to be used and configuring the interfaces on the devices.

· Defining how devices are connected and the topology to be used.

In Paragon Automation, the Network Planner performs these tasks by creating a network implementation plan.

30

Table 14: Personas in Paragon Automation (Continued)

Persona

Description

Field Technician

A field technician typically performs the Day 0 activities in the device LCM process, These activities include: · Physical installation of the device.
· Connecting the cables.
· Inserting pluggables
· Triggering the device onboarding.
In Paragon Automation, the field technician uses a web-based GUI accessible on a handheld device or a laptop to perform the Day 0 activities.

NOC Engineer

A Network Operations Center (NOC) engineer oversees the Day 0 activities, and performs Day 1 activities and performs Day 2 activities. These activities include:
· (Day 0 and Day 1) Monitoring the Day 0 activities of the field technician. Applying additional device configurations, and testing and certifying the device for production.
· (Day 2 and beyond) Monitoring and troubleshooting devices, and so on.

IT or System Administrator

An IT or a System Administrator is involved only in the tasks related to the administration of Paragon Automation. This persona typically does not perform device LCM activities.

For more information about the device LCM process, see “Device Life Cycle Management Overview” on page 90.

31
CHAPTER 2
Access and Manage Paragon Automation Account
IN THIS CHAPTER Access the Paragon Automation GUI | 31 User Activation and Login | 32 Reset Your Password | 34 About the Cloud Status Page | 35
Access the Paragon Automation GUI
The Paragon Automation as a Service is a cloud-native application that provides you with multiple authentication methods to log in. The login workflow consists of up to four main tasks based on the authentication method that you choose. You must complete your first login using a Juniper Cloud account. To log in: 1. Access the Paragon Automation Web GUI directly through the URL or through an e-mail invite to join
an organization. 2. Create and validate your Juniper Cloud account with your e-mail address from the Juniper Cloud
page. 3. Log in to your Juniper Cloud account by entering your Juniper Cloud credentials. 4. Create or select (join) an organization. After you complete the login steps, you can view the device inventory page of an organization. You can secure your future login sessions of your organization by enabling two-factor authentication (2FA). If you enabled 2FA, you must verify your identity using an authenticator application. You can also configure social media sign-in and Single Sign-On (SSO). Social media sign-in allows users Google to authenticate using their Google account. You can configure SSO that uses a third-party IdP to authenticate and authorize your users and to permit them to perform role-based tasks.

32
RELATED DOCUMENTATION Authentication Methods Overview | 50
User Activation and Login
To log in to Paragon Automation, you must create an account in Juniper Cloud and then, activate the account. After you activate your account, you either create an organization or join an organization through an invite. Paragon Automation initiates user activation when: · The first user accesses the Web GUI without an invite. · The superuser invites you to an organization. Click the link in the invite and complete the login tasks.
Your login procedure depends on whether you are an existing user with a Juniper Cloud account or a new user without a Juniper Cloud account. After you log in, the first page that Paragon Automation displays depends on your user role. If your role is Installer, the first GUI page you view is the Onboard a device page. For users with other roles, Paragon Automation displays the device inventory page. 1. To log in as the first admin user without an invite: a. Access the GUI directly at https://manage.cloud.juniper.net. b. Click Create Account on the Juniper Cloud page. c. Type your first name, last name, e-mail address, and password on the My Account page.
The password is case sensitive. d. Click Create Account.
Paragon Automation sends a verification e-mail to activate your account. e. Click Validate Me in the e-mail body.
The New Account page appears. f. (Optional) Click View Account to check your name and e-mail address. g. Click Create Organization. h. Type a unique name for your organization and click Create.
The New Account page appears. i. Click the organization on the New Account page. 2. To log in as a new user with an invite:

33
a. Click Go to organization-name in the e-mail body. The Invite to Organization page opens in your default browser.
NOTE: Juniper Networks recommends that you use Chrome 10.8, Firefox 107.0.1, or Safari 16.1 browsers to access Paragon Automation.
b. Click Register to Accept. The My Account page appears.
c. Enter your first name, last name, e-mail address, and configure a password. The password can contain up to 32 characters, including special characters, based on the password policy of the organization.
d. Click Create Account. Paragon Automation sends a confirmation e-mail to activate your account.
e. In your confirmation e-mail, click Validate Me. The New Account page opens in your default browser.
f. Click the organization for which you received the invite. You can access the selected organization’s GUI in Paragon Automation. The tasks you can perform in this organization depends on your user role. See “Predefined User Roles Overview” on page 68 for more information.
3. To accept an invite as an existing user already logged in to Paragon Automation: a. Click Access organization-name in the e-mail body. You can access Paragon Automation. The tasks you can perform in this GUI depends on your role. See “Predefined User Roles Overview” on page 68 for more information.
4. To access an invite as an existing user not logged in to Paragon Automation: a. Click Access organization-name in the e-mail body. The Invite to Organization page opens in your default browser.
b. Click Sign In to Accept. The Juniper Cloud page appears.
c. Enter your username and click Next. The Juniper Cloud login page appears.
d. Enter your password and click Log In. The Invite to Organization page appears.
e. Click Continue.

34
The Select an Organization page appears.
f. Click the organization for which you received the invite. You can access Paragon Automation. The tasks you can perform in this GUI depends on your role. See “Predefined User Roles Overview” on page 68 for more information.
RELATED DOCUMENTATION Manage Your Juniper Cloud Account | 77
Reset Your Password
You can reset your password on the login page in the Paragon Automation GUI. If you had enabled two factor authentication for your account, it will be disabed when you reset your password. You must reenable two factor authentication after logging into the GUI using your new password. To reset your password: 1. On the Juniper Cloud login page, type your e-mail address. 2. Click Next.
The Juniper Cloud sign in page appears. 3. Click Forgot Your Password?
The Reset Password page appears. 4. Type your e-mail address in the box and click Send Reset Link.
A message confirms that the link to reset password is sent to your e-mail address. The Juniper Cloud login page appears. 5. Click Reset My Password in the message body of the password recovery e-mail in your inbox. The Set New Password page appears. 6. Type a new password in the Change Password box and click Change Password. A password must contain eight or more characters that are a combination of upper case and lower case letters, numbers 0-9, and special characters. The Juniper Cloud page appears. 7. Type your e-mail address and click Next. The Juniper Cloud login page appears. 8. Enter your new password and click Log in. The Select an Organization page appears. 9. Select an organization.

35
You are logged into the Paragon Automation GUI and can view the dashboard of the selected organization.
RELATED DOCUMENTATION Manage Your Juniper Cloud Account | 77
About the Cloud Status Page
IN THIS SECTION Tasks You Can Perform | 35 Benefits of Cloud Status page | 36
Monitor the Juniper Cloud status and critical incidents on the Cloud Status page. You can view the following: · Current and past incidents that indicate problems with the operational status of Juniper Cloud
instances. · The Juniper Cloud instance statuses are operational, in maintenance, and incidents which indicate
normal health, planned maintenance, and outages, respectively. To access the page, click the Help menu (question mark icon) at the top right corner of the Paragon Automation banner and select Cloud Status from the list. The Cloud Status page opens in a new window or tab depending on your browser settings. Users can see the details of the Juniper Cloud incidents that impact service availability and the time needed to fix the incident.
Tasks You Can Perform
On the Cloud Status page, you can perform the following actions: · Track Juniper Cloud Status–On the Cloud Status page, you can see:
· The network operational status–Displays All Systems Operational if no incidents are reported for the past seven days.
· Past Incidents–Displays the incidents that have occurred in the past seven days.

36
· Incident History link–Access the uptime statistics preceding the past seven days by clicking the Incident History link and by selecting the month you want to track on the calendar.
· Subscribe to receive updates–You can subscribe to get notifications about Juniper Cloud incidents in e-mail, as text message, in Slack, and in ATOM or RSS feeds. To subscribe to e-mail updates, click Subscribe to Updates and enter the e-mail address to which notifications are to be sent. Click Subscribe Via Email. Similarly, in the Subscribe to Updates window, select the Phone (call) tab to enter a phone number to which text notifications are sent or the Slack tab to enter your slack workspace ID to receive notifications. To subscribe to feeds, right click the ATOM feed or RSS feed and click Open In a New Tab. The ATOM feed history URL or the RSS feed history URL opens in a new tab. Copy the URL and paste it in your feed reader application. The Juniper Cloud History page appears. Follow the page. If you experience an issue not listed on the Juniper Cloud page, see the Juniper Support Site.
Benefits of Cloud Status page
· Get updates about Juniper Cloud incidents over various channels such as e-mails, text messages, feeds, or Slack.

2 PART
Administration
Introduction | 38 Organization Management | 43 Site Management | 62 User Management | 66 Inventory Management | 80 Audit Logs | 86

38
CHAPTER 3
Introduction
IN THIS CHAPTER Administration Overview | 38 Administration Workflow | 40
Administration Overview
IN THIS SECTION Manage Organizations | 38 Manage Sites | 39 Manage Users | 39 Manage Inventory | 40 Monitor Audit Logs | 40
Paragon Automation provides an easy to use user and organization management system that supports multi-tenancy. An administrator with the Super User role can manage organizations, sites, and the users in the organization. The user who creates the organization is assigned the Super User role in the organization, by default. After the organization is created, the Super User needs to configure organization settings, add sites, and then add users to predefined roles in Paragon Automation according to the tasks the users need to perform in the organization. This topic provides an overview of the tasks a superuser performs in an organization.
Manage Organizations
After you create an account in Juniper Cloud, you need to create an organization in Paragon Automation. The organization represents a customer. An organization may have multiple sites that

39
represent the locations where routers, switches, and firewalls are installed. After creating an organization, the superuser needs to configure the following features from the Settings page to efficiently manage the organization: · Authentication methods to manage access to the organization
· Identity providers (IdP) to enable single sign-on (SSO)
· Roles for users at the organization-level, mapping to the predefined roles
· Session policy to time out sessions following a period of inactivity
· API tokens to enable users to retrieve information through REST APIs
· Password policy to secure users’ access to Paragon Automation
· Webhooks to view alerts and events notifications in real-time
· Juniper Networks account to view details of the devices associated with the account
For more information, see “Organization and Sites Overview” on page 43.
Manage Sites
After you create an organization, you need to create sites, which are the physical locations within the organization. Sites house the devices in a network, such as routers, switches, and firewalls. After sites are created, a superuser can assign devices to those sites. The Sites page provides information about sites, their location and timezone, and the site group to which the sites belong. A Super User can edit site information or delete sites that are not in use. For more information, see “About the Sites Page” on page 62.
Manage Users
To perform the various tasks in an organization, the Super User needs to add users to various predefined roles according to the tasks the users with those roles need to perform in the organization. Adding a user to the organization is as easy as sending an e-mail invite to a user, and assigning a predefined role in the organization. Based on the tasks that a user needs to perform, Super User can assign the roles, such as Super User, Network Admin, Observer, and Installer, providing role-based access to resources. A superuser can add, modify, and delete users. An invite expires if the user doesn’t accept the invite within seven days of receiving the invite. For more information, see “About the Users Page” on page 66.

40
Manage Inventory
Inventory in Paragon Automation consists of the devices in the organization. The devices can be physical or virtual and are grouped by type, such as routers, switches, and firewalls. Users with Super User and Network Admin roles can use the Adopt Device option if a network implementation plan is not available to onboard devices, and the Release Device option to remove a device from Juniper Cloud. Adopting a device is the process of adding a device to Juniper Cloud by a superuser or a network administrator so that Paragon Automation can manage the device in a brownfield deployment. By releasing a device, you remove the device from Juniper Cloud due to reasons such as a device reaching its end of life. For more information, see “About the Inventory Page” on page 80.
Monitor Audit Logs
An audit log is a record of a sequence of user-initiated activities such as accessing an organization, or adding or deleting a user or a site. Paragon Automation stores audit logs for 30 days. Audit logs are useful in tracking and maintaining a history of users’ activities on the network. For more information, see “About the Audit Logs Page” on page 87.
Administration Workflow
After you purchase Paragon Automation, you receive an e-mail from Juniper Networks that contains instructions to create an account in Juniper Cloud and access Paragon Automation. Typically, the first user who accesses Paragon Automation is an IT or system administrator (of a service provider or an enterprise) who performs tasks related to the administration of Paragon Automation. The administrator is assigned the Super User role by default. After logging in, the administrator must create an organization, which consists of users, devices, and geographical sites in the network. Next, the administrator must perform administration tasks. Figure 8 on page 40 shows the high-level sequence of tasks that IT or system administrators perform, starting with account creation.
Figure 8: Administrator Workflow

41
The tasks that an administrator needs to perform are as follows: 1. Create and activate your account in Juniper Cloud and log in to Paragon Automation.
See “User Activation and Login” on page 32. 2. Create an organization.
See “Add an Organization” on page 44. 3. Configure organization settings–You must configure the following for your organization:
· Password policy · Single sign-on (SSO) if you want to authenticate and authorize users using a third-party Identity
Provider (IdP) · Integrate your Juniper Networks account with your organization You can optionally configure other organization settings such as session and inactivity timeouts, API tokens, and so on. See “Manage Organization Settings” on page 45. 4. Invite users to the organization–You can invite users in either of the following ways: · By assigning a role to a user and sending the user an invitation to join the organization. The tasks
that a user performs depends on the assigned role. See “Invite Users” on page 72 to send invites and “Manage Users and Invites” on page 74 to manage users and invites in an organization.
NOTE: Users must create an account in Juniper Cloud when they access the organization invite.
· By configuring a third-party IdP that authenticates and authorizes users based on the role mapped to each user. See “Manage Identity Providers” on page 51.
5. Create one or more sites–A site represents a geographical location with one or more devices in your network. However, a device can be associated with only one site. See “Manage Sites” on page 63.
After you perform the initial administration related tasks, you can explore other tasks in the Administration menu such as inventory management and monitoring audit logs. See “About the Inventory Page” on page 80 and “About the Audit Logs Page” on page 87.

42
RELATED DOCUMENTATION Audit Logs Overview | 86

43
CHAPTER 4
Organization Management
IN THIS CHAPTER Organization and Sites Overview | 43 Add an Organization | 44 Delete an Organization | 45 Manage Organization Settings | 45 Authentication Methods Overview | 50 Manage Identity Providers | 51 Manage Roles | 53 Manage API Tokens | 55 Configure Webhooks to Receive Event Notifications in Slack Channels | 57 Link Your Juniper Account to Your Organization | 60
Organization and Sites Overview
An organization in Paragon Automation represents a customer. An organization can have multiple sites representing the locations where routers, switches, and firewalls are installed. While a site can have more than one device, a device can be associated with only one site. In Paragon Automation, you must assign a device to a site to be able to apply the device life-cycle management (LCM) functions on the device. You can group sites based on regions, functions, or other parameters for efficient management of the devices. Figure on page 44 represents the relation between an organization, sites, and site groups in Paragon Automation. In Figure on page 44, an organization has seven sites and three sites groups (Site Group 1, Site Group 2, and Site Group 3). Site 3 and Site 4 are a part of Site Group 1 and Site Group 3 while Site 7 is part of Site Group 2 and Site Group 3.

44 Figure 9: Organization, Sites, and Site Groups
RELATED DOCUMENTATION Manage Organization Settings | 45 Manage Sites | 63
Add an Organization
An organization represents the customer in Paragon Automation. You can add an organization from: · The Login page when you log in to Paragon Automation. · The organization list (next to the Help icon) on the top right-corner of the Paragon Automation GUI. To add an organization to Paragon Automation: 1. Click Create Organization on the Login page or in the Organization drop-down list at the top-right
corner of the Paragon Automation GUI. The Create Organization page appears. 2. In the Organization Name field, enter a name for the organization.

45
3. Click OK. The organization appears in the organization list and on the Login page.
4. Click the organization to access the organization. You are the superuser for an organization that you create. After you create an organization, you can configure the organization settings and invite users to access the organization. For more information, see “Manage Organization Settings” on page 45 and “Invite Users” on page 72 respectively.
Delete an Organization
You can delete an organization that you no longer manage or if you want to decommission the organization. You must be a user with the Super User role to delete an organization.
CAUTION: You cannot restore an organization after you delete it.
To delete an organization: 1. Log in to Juniper Cloud and click the organization that you want to delete.
The Troubleshoot Devices page (Observability > Troubleshoot Devices) appears. 2. Click Administration > Settings in the navigation menu.
The Organization Settings page is displayed. 3. Click Delete Organization.
The Delete Organization page appears. 4. As a confirmation for deleting the organization, enter the name of the organization in the
Organization Name field. 5. Click Delete Organization.
The organization is deleted and the Juniper Cloud Login page appears.
RELATED DOCUMENTATION Organization and Sites Overview | 43
Manage Organization Settings
A superuser can configure the organization settings and do the following tasks: · View organization name and organization ID and modify the organization name.

46

· Add, modify, and delete identity providers. · Add, modify, and delete custom roles. · Enable or disable the password policy for the organization and modify the password policy when the
password policy is enabled. · Modify the session timeout policy for the organization. · Generate, edit, and delete API tokens for various roles in the organization. · Configure webhooks for the organization. · Add Juniper account to link Juniper-supported devices to the organization. To configure and to manage organization settings: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Configure or modify the organization settings as needed. Refer to Table 15 on page 46. 3. Click Save to save the settings.
Verify that the settings are saved and close the Organization Settings page. Table 15 on page 46 describes the parameters on the Organization Settings page. Table 15: Organization Settings Parameters

Field

Description

Organization Name

Name of the organization. You can edit the organization name here.

Organization ID

The ID for the organization. The value is auto-generated. This is a read-only field.

Single Sign On (SSO) Identity Providers

View identity providers configured in the organization. Add, edit, or delete the identity providers; see “Manage Identity Providers” on page 51.

Roles

View roles configured for SSO. Add, edit, or delete the roles; see “Manage Roles” on page 53.

47

Table 15: Organization Settings Parameters (Continued)

Field

Description

Password Policy

Enable or disable (default) password policy. If you enable the password policy, configure the password policy parameters; see Table 16 on page 47.

Session Policy

Configure the time, in minutes, after which the session with Paragon Automation should timeout; see Table 17 on page 48.

API Tokens

Generate and view API tokens to authenticate users when they retrieve data by using REST APIs; see “Manage API Tokens” on page 55.

Webhooks

Webhooks enable you to get notifications when the events that you have subscribed for occur. Click to enable or disable (default) webhooks. If you enable webhooks, you must select the type of events for which you want to receive notifications; see Table 18 on page 48.

Juniper Account Integration

Add your Juniper account to link your Juniper-supported devices to the organization; see Table 19 on page 49.
If no Juniper account is integrated, you can also link your Juniper account from the Installed Base tab (Administration > Inventory). For more information, see “Link Your Juniper Account to Your Organization” on page 60.

Table 16: Parameters to Configure Password Policy

Field

Description

Required minimum password length

Enter the minimum number of characters that should be present in the password of a user’s account. Default is 8 characters.
Range: 8 to 32

Require special characters
Require 2-Factor Authentication

Click to enable (default) or disable the use of special characters in the password.
Click to enable or disable (default) two-factor authentication for users accessing the organization. If you enable two-factor authentication, a code is sent to an authenticator app. The code should be entered in addition to the password to access the organization.

48

Table 17: Parameters to Configure Session Policy

Field

Description

Session Timeout (minutes)

Enter the number of minutes after which the session should timeout. Default is 20160 minutes.

Inactivity Timeout (minutes)

Enter the number of minutes of inactivity after which the session should timeout. Default is 0, indicating that the session does not time out because of inactivity.
Range: 0 to 480 minutes

Table 18: Parameters to Configure Webhooks

Field

Description

Name

Enter the name of the server or application to which notifications for subscribed events are to be sent.

URL

Enter the URL of the server or application where the notifications in the form of

HTTP POST requests are to be sent when a subscribed event occurs.

You must configure webhooks to enable Paragon Automation to send notifications to third party applications, such as Slack, when events you have subscribed to are triggered on the managed devices.

To receive webhook notifications in a format that is compatible with Slack, you need to configure an intermediary that can interact with the sending and receiving applications, in this case, Paragon Automation and Slack. The recommended intermediary platform is Make. For more information, see “Configure Webhooks to Receive Event Notifications in Slack Channels” on page 57.

Secret Webhook Header Header Key
Header Value

Enter the secret to validate that the notifications received are from valid hosts.
Enter a unique key that the webhook endpoint can use to authenticate the event notifications. Enter a unique value for the key.

49

Table 18: Parameters to Configure Webhooks (Continued)

Field

Description

Streaming API

Alerts

Click to enable or disable (default) receiving notifications when subscribed alerts are generated on the managed devices.
You must configure the types of alerts for which you want to receive notifications on the Event Templates Configuration page (Observability > Events > Alerts > Templates Configuration). For more information on managing event templates for alerts, see “Manage Event Templates” on page 289.

Audits Device Status Device Alarms

Click to enable or disable (default) receiving notifications when an organization is accessed or any setting in the organization is changed.
Click to enable or disable (default) receiving notifications when the device status changes due to events such as a link going up or down, or the device getting disconnected from Juniper Cloud and so on.
Click to enable or disable (default) receiving notifications when subscribed alarms are generated on the managed devices.
You must configure the types of alarms for which you want to receive notifications on the Event Templates Configuration page (Observability > Events > Alarms > Templates Configuration). For more information on managing event templates for alarms, see “Manage Event Templates” on page 289.

Table 19: Parameters to Add Juniper Account

Field

Description

Email Address

The e-mail address associated with your Juniper account.

Password

The password associated with your e-mail address.

50
Authentication Methods Overview
IN THIS SECTION Benefits of Single Sign-On | 51
Paragon Automation can authenticate users using different authentication methods. You can use one of the following authentication methods to log in to the Paragon Automation web GUI. · Juniper Cloud account–Users can create a Juniper Cloud account to access the Paragon Automation
web GUI. · Social Sign-In–All users can enable Google social media sign-in (or single sign-on) on their user
account page. · Single Sign-On (SSO)–You can configure third-party Identity Providers (IdP) to authenticate users in a
Paragon Automation organization. While users have the necessary permission to configure and use Juniper Cloud and social media sign-in to log in, administrators can configure Single Sign-On for users in the organization. To use Juniper Cloud account to log in, individual users must create their user account in Juniper Cloud. Paragon Automation registers you as a new user when you create your Juniper Cloud account. Superusers can create and manage users in an organization. User management includes inviting users to join an organization and revoking users’ access to the organization. However, superusers cannot delete users.
NOTE: Paragon Automation does not register a new user when a superuser sends an invite to a user.
You can use Google as an authentication provider to sign in to Paragon Automation. Google sign-in uses OpenID Connect (OIDC) to authenticate users by verifying their Google account credentials. As an alternative, superusers can configure IdP in the Organization Settings page and map default roles in Paragon Automation to the IdP profiles. Paragon Automation supports Secure Assertion Markup Language (SAML 2.0) for SSO authentication using third-party IdPs. The IdP asserts a user’s identity and allows the user to access the web GUI based on the user’s role. This enables the Super User to create a Juniper Cloud account and authenticate other users to the organization using IdP. If you configure IdP, you manage the user account credentials in your organization.

51
Benefits of Single Sign-On
· Users can use a single account to log in to multiple platforms and applications. · SSO simplifies password management for users and administrators through centralized
authentication by IdP.
RELATED DOCUMENTATION Manage Organization Settings | 45
Manage Identity Providers
IN THIS SECTION Add an Identity Provider | 52 Edit an Identity Provider | 53 Delete an Identity Provider | 53

Identity providers enable the use of third-party credentials, such as the credentials of your Google or Facebook account, to log in into Paragon Automation.
Table 20 on page 51 lists the parameters to add identity providers to an organization. Table 20: Parameters to Add Identity Providers

Field

Description

Name

Enter a name for the identity provider.

Type

Displays the type of identity provider. The default identity provider is SAML and cannot be modified.

Issuer

Enter the unique URL that identifies your SAML identity provider. For example, Google and Microsoft.

52

Table 20: Parameters to Add Identity Providers (Continued)

Field

Description

Name ID Format

Select the unique identifier for the user. The options are e-mail and unspecified. If you select e-mail, the identity provider uses your e-mail address to authenticate you. If you select unspecified, the identity provider generates a unique identifier to authenticate you.

Signing Algorithm

Select a signing algorithm from the following: · SHA1 · SHA256 (default) · SHA384 · SHA512

Certificate SSO URL Custom Logout URL ACS URL Single Logout URL

Certificate issued by the SAML identity provider.
Enter the URL to redirect the users to the SAML identity provider for authentication. For example, https://www.google.com.
Enter the URL to redirect the users after logging out. For example, https:// www.juniper.net.
The URL that the identity provider should redirect an authenticated user to after signing in. The value is auto-generated and not editable.
The URL that the identity provider should redirect when a user logs out of an authentication session. The value is auto-generated and not editable.

Add an Identity Provider
To add an identity provider: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Click the Create IDP (+) icon above the Identity Providers table.
The Create Identity Provider page appears. 3. Configure the identity provider by using the guidelines in Table 20 on page 51. 4. Click Create.
The identity provider is created and listed in the Identity Providers table.

53
Edit an Identity Provider
To edit an identity provider: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Click the identity provider you want to edit in the Identity Providers table.
The Edit Identity Provider page appears. 3. Edit the identity provider by using the guidelines in Table 20 on page 51.
NOTE: You cannot edit identity provider type, ACS URL, and Single Logout URL.
4. Click Save. You are returned to the Organization Settings page, where you can view the changes in Identity Providers table.
Delete an Identity Provider
To delete an identity provider: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Click the identity provider that you want to delete.
The Edit Identity Provider page appears. 3. Click Delete.
You are returned to the Organization Settings page, where you can view that the identity provider is removed from the Identity Provider table.
Manage Roles
IN THIS SECTION Add a User-Defined Role | 54 Edit a User-Defined Role | 54 Delete a User-Defined Role | 55
A user with the Super User role can create a new role that maps a user role in an enterprise to a predefined role in Paragon Automation. For example, you can configure an administrator role and map it to

54

the Network Admin role so that the administrator role has the access privileges of the Network Admin user in Paragon Automation. The Network Admin role can be assigned to any enterprise user. Table 21 on page 54 lists the parameters to add custom roles to an organization.
Table 21: Parameters to Add Roles

Field

Description

Name

Enter a name for the role.

Role

Select an access level for the role:

· Super User

· Network Admin

· Observer (default)

· Installer

See “Predefined User Roles Overview” on page 68 for details on privileges of each role.

Add a User-Defined Role
A superuser can add a user-defined role and map it to a pre-defined role in Paragon Automation.
To add a user-defined role that maps to a pre-defined role:
1. Click Administration > Settings in the navigation menu. The Organization Settings page appears.
2. Click the Create Role (+) icon. The Create Role page appears.
3. Configure the new role by following the guidelines in Table 21 on page 54. 4. Click Create.
The new role is listed in the Roles table.
Edit a User-Defined Role
To edit a user-defined role:
1. Click Administration > Settings in the navigation menu. The Organization Settings page appears.
2. Click the role that you want to edit. The Edit Role page appears.

55
3. Edit the name and role by following the guidelines in Table 21 on page 54. 4. Click Save.
You are returned to the Organization Settings page, where you can verify the changes in the Roles table.
Delete a User-Defined Role
To delete a user-defined role: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Click the role that you want to delete.
The Edit Role page appears. 3. Click Delete.
You are returned to the Organization Settings page, where you can verify that the custom role is not listed in the Roles table.
Manage API Tokens
IN THIS SECTION Add an API Token | 56 Edit an API Token | 56 Delete an API Token | 57
API tokens authenticate users when they try to retrieve information from Paragon Automation by using REST APIs. By using API tokens, users can avoid authentication for each request they make. An API token provides visibility into the resources accessed by a user, enabling you to have better control over access to resources. Table 22 on page 56 lists the parameters for configuring API tokens.

56

Table 22: Parameters to Configure API Tokens

Field

Description

Name

Name of the API token.

Role

Role to which the API token is applicable:

· Super User

· Network Admin

· Observer

· Installer

Key

The key auto-generated to identify the application the user is using to access the

resources.

Add an API Token
To add an API token for a role: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Click the Create Token (+) icon.
The Create API Tokens page appears. 3. Enter values by following the guidelines in Table 22 on page 56. 4. Click Generate.
The API token is populated in the Key field. 5. Click Close to return to the Organization Settings page.
Edit an API Token
To edit an API token: 1. Click Administration > Settings in the navigation menu.
The Organization Settings page appears. 2. Click the API token that you want to edit.
The Edit API Token page appears. 3. Edit the name, role, and site access by following the guidelines in Table 22 on page 56. 4. Click Save.
You are returned to the Organization Settings page, where you can verify the changes in the API Tokens table.

57
Delete an API Token
To delete an API token:
NOTE: Users using API tokens to access Paragon Automation resources cannot access the resources after the API token is deleted.
1. Click Administration > Settings in the navigation menu. The Organization Settings page appears.
2. Click the API token that you want to delete. The Edit API token page appears.
3. Click Delete. You are returned to the Organization Settings page, where you can verify that the API token is not listed in the API Tokens table.
Configure Webhooks to Receive Event Notifications in Slack Channels
You use webhooks to automate sending event notifications from a source application to a destination application. You can configure webhooks to enable Paragon Automation to send notifications to third party applications, such as Slack, when events you have subscribed to are triggered on the managed devices. To receive webhook notifications in a format that is compatible with Slack, you need to configure an intermediary that can interact with the sending and receiving applications, in this case, Paragon Automation and Slack. The recommended intermediary platform is Make. To process notifications, Make uses a workflow called Scenario, which converts the notifications to a format that Slack supports. Each event notification is sent to a URL that is generated for the Scenario in Make. The notification is then converted into a format that Slack supports and delivered to the configured Slack channel. For information on Scenario in Make, see Scenario. To configure webhooks in Paragon Automation to send notifications to a Slack channel: 1. Log in to Make, https://www.make.com/en/login. From the home page, navigate to Scenario on the
left navigation menu. 2. Configure the scenario settings as described, see Creating a Scenario.
Make generates a URL. Whenever an event is triggered, Paragon Automation sends webhook notifications to this URL. 3. In Paragon Automation, navigate to Organization Settings (Administration > Settings). The Organization Settings page appears.

58

4. In the Webhooks tile, enable webhooks. 5. Configure the webhooks settings. See Table 23 on page 58 for webhooks field descriptions.

NOTE: In the URL field, enter the URL generated in step 2.
6. (Optional) Verify Webhook-Slack integration by logging in to the CLI of a device and generating an event. For example, run the following commands in the device CLI to generate an alert.

user@host# set interfaces et-0/0/1 disable

user@host# commit

user@host# run show interfaces terse | grep et-0/0/1

et-0/0/1

down down

user@host# delete interfaces et-0/0/1 disable

user@host# commit user@host# run show interfaces terse | grep et-0/0/1

et-0/0/1 up down

7. (Optional) Verify that: · The event you generated is listed on the Events page (Observability > Events). · You received a notification for the event in the Slack channel.

NOTE: · You must have access to the Slack channel to view event notifications in Slack.
· You must be an administrator with the Network Admin role to perform corrective action.

Table 23: Parameters to Configure Webhooks

Field Name

Description
Enter a name for the webhook. The name can contain alphanumeric and special characters.

URL

Enter the URL generated in Make for the scenario.

59

Table 23: Parameters to Configure Webhooks (Continued)

Field

Description

Secret

Enter the secret to validate that the notifications received are from valid hosts. The secret can contain a string of alphanumeric and special characters.

Webhook Header

Webhook custom headers are key-value pairs that provide additional information about the notifications.
You can add multiple custom headers to:
· Provide additional information in plain text, along with the default headers, about the webhook notifications being sent to the configured endpoint.
· Provide security, such as API keys, to verify end-to-end data integrity, for authorization, and so on.
Click the Add icon (+) to add webhook headers. The Webhook Header page appears.
· Header Key–Enter a unique key.
· Header Value–Enter a unique value for the key. The value can contain alphanumeric characters.
Click the Delete icon (trash can) to remove the webhook headers.

60

Table 23: Parameters to Configure Webhooks (Continued)

Field

Description

Streaming APIs

Enable the events for which you want to receive notifications.
You can subscribe to events such as, alerts, audits, device status, and device alarms to get real-time notifications when the event occurs.
· Alerts–Click to enable or disable receiving notifications when subscribed alerts are generated on the managed devices. Alerts notification is disabled by default.
You should configure the types of alerts for which you want to receive notifications on the Event Templates Configuration page (Observability > Events > Alerts > Templates Configuration). For more information on managing event templates for alerts, see “Manage Event Templates” on page 289.
· Audits–Click to enable or disable receiving notifications when a user accesses an organization or modifies organization settings. Audits notification is disabled by default.
· Device Status–Click to enable or disable receiving notifications when the device status changes due to events such as a link going up or down, or the device getting disconnected from Juniper Cloud, and so on. The Device Status notification is disabled by default.
· Device Alarms–Click to enable or disable receiving notifications when subscribed alarms are generated on the managed devices. Device Alarm notification is disabled by default.
You should configure the types of alarms for which you want to receive notifications on the Event Templates Configuration page (Observability > Events > Alarms > Templates Configuration). For more information on managing event templates for alarms, see “Manage Event Templates” on page 289.

Link Your Juniper Account to Your Organization
You must link your Juniper account to your organization in Paragon Automation to view the installed base information for the devices linked to that Juniper account.

61
The Installed Base tab on the Inventory page provides device-specific details along with the status information collected from the installed devices. For more information, see “About the Inventory Page” on page 80.
NOTE: You must be a superuser in Paragon Automation to link your Juniper account to your organization.
To add your Juniper account to your organization: 1. Click Administration > Settings and then locate the Juniper Account Integration tile. 2. On the Juniper Account Integration tile, click Add.
The Add Juniper Account window appears. 3. Enter the access credentials (e-mail address and password) of the Juniper account to be linked, and
then click OK. Paragon Automation validates the Juniper account, adds the user’s primary Juniper account to the organization, and populates the Installed Base (Administration > Inventory > Installed Base) page with the details of the devices assigned to the account. The Juniper Account Integration (Administration > Settings) tile displays your Juniper account name.
NOTE: To remove an account, click the delete (trash can) icon against the account name on the Juniper Account Integration tile. When you remove a user account, the associated devices are removed from the Installed Base page.

62
CHAPTER 5
Site Management
IN THIS CHAPTER About the Sites Page | 62 Manage Sites | 63
About the Sites Page
IN THIS SECTION Tasks You Can Perform | 62 Field Description | 63
Sites are the physical locations that host devices, such as routers, switches, and firewalls within an organization’s network. The superuser can create sites and add devices to those sites. Sites are used to identify the location of the devices in the organization. Multiple sites can be grouped into site groups for easy management. For more information on organizations and sites, see “Organization and Sites Overview” on page 43. To access the Sites page, click Administration > Sites.
Tasks You Can Perform
You can perform the following tasks from this page: · View details about the sites in an organization–You can view the site name, country, time zone,
address, the site group the site belongs to, and notes about the site. · Add, modify, or delete sites; see “Manage Sites” on page 63.

63

· Filter the data displayed in the table–Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.
· Search by using keywords–Click the search icon (magnifying glass), enter the search term in the text box, and press Enter. The search results are displayed on the same page.
· Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu.
· Sort, resize, or re-arrange columns in a table (grid).

Field Description
Table 24 on page 63 describes the fields displayed on the Sites page. Table 24: Fields on the Sites Page

Fields

Description

ID

Identifier for the site.

Name

Displays the name of the site.

Country

Displays the country where the site is located.

Timezone

Displays the time zone of the site.

Address

Displays the address of the site.

Site Groups

Displays the site groups to which the site belongs, if any.

Notes

Displays additional information about the site.

Manage Sites
A site identifies the location of the devices in an organization. The superuser can add, modify, or delete sites in an organization. To add a site:

1. Click Administration > Sites.

64

The Sites page appears. 2. Click Create Site (+) icon.
The Create Site page appears. 3. Enter the site parameters, select a valid location, and site groups according to the guidelines provided
in Table 25 on page 64. 4. Click OK.
A confirmation message indicating that the site is created is displayed, and the site is listed on the Sites page.
Table 25: Fields on the Create Site Page

Fields

Description

Name

Enter a unique name for the site. The site name can contain upto 64 characters.

Location

Click the location of the site on the map or enter the coordinates or location in the search field to choose the location. This automatically updates the fields for country and time zone.

Country

Select the country where the site is located.
If you select a location on the map, or enter coordinates or location, the field is updated with the respective country. However, if you select a country from the dropdown list, the same is not reflected on the map.

Timezone

Select the timezone of the site.
If you select a location on the map, or enter coordinates or location, the field is updated with the respective timezone. However, if you select a country from the dropdown list, the same is not reflected on the map.

Site Groups

Select the site groups to which the site should belong, if any.
If no site group is available, you can type a name for the site group and press Enter to create the site group.

Notes

Enter additional information about the site. The notes can contain up to 1000 characters.

65
NOTE: · To modify the site details, select the site and click Edit Site (pencil) icon. · To decommission a site, you need to delete the site from the organization. You can delete a
site by selecting the site and clicking Delete Site (trash) icon. The site is removed permanently from the organization.
RELATED DOCUMENTATION About the Sites Page | 62

66
CHAPTER 6
User Management
IN THIS CHAPTER About the Users Page | 66 Predefined User Roles Overview | 68 Add Users to an Organization | 71 Invite Users | 72 Manage Users and Invites | 74 Manage Your Juniper Cloud Account | 77
About the Users Page
IN THIS SECTION Tasks You Can Perform | 66 Field Descriptions | 67
To access the Users page, click Administration > Users in the navigation menu.
Tasks You Can Perform
An administrator with the Super User role can perform the following tasks from this page: · View details of the existing users and the users who are invited to access the organization–The basic
information about the users, such as first name, last name, e-mail ID, invite status of the user, and role assigned is displayed. See Table 26 on page 67 for field descriptions. · Invite users; see “Invite Users” on page 72.

67

· Manage user invitations; see “Manage Users and Invites” on page 74.
· Filter the data displayed in the table–Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.
· Search by using keywords–Click the search icon (magnifying glass), enter the search term in the text box, and press Enter. The search results are displayed on the same page.
· Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu.
· Sort, resize, or re-arrange columns in a table (grid).

Field Descriptions
Table 26 on page 67 describes the fields on the Users page. Table 26: Fields on the Users Page

Fields

Description

First Name

The first name of the user.

Last Name

The last name of the user.

Email

The e-mail ID the user would use to access Paragon Automation.

Status

Indicates a user’s account status:
· Active: The user’s account is active and the user can access the organization.
· Invite Pending: The user is yet to accept the e-mail invitation sent to them and doesn’t have access to the organization or the user has rejected the invitation to access the organization.
· Invite Expired: The e-mail invitation sent to the user has expired. An invitation expires after seven days.

Role

The role assigned to a user.

See “Predefined User Roles Overview” on page 68 for details about the user roles.

68
RELATED DOCUMENTATION Add Users to an Organization | 71
Predefined User Roles Overview
Paragon Automation provides four predefined roles to manage access privileges of users, based on the tasks they need to perform. The roles are: · Super User · Network Admin · Observer · Installer A superuser creates an organization, adds users to predefined roles depending on the requirements of the organization. For example, an organization with a large number of networking devices would require multiple users performing different roles to efficiently manage the organization, whereas, in a small organization, a single user can perform the tasks to be carried out by users with all four roles. Different types of users in an organization, such as a network architect, network planner, NOC engineer, and field technician, all derive their access privileges from the predefined roles assigned to them. User Roles and their Responsibilities The four predefined roles in Paragon Automation are: · Super User
· Is the administrator of the organization. · Creates organization, invites users, assigns user roles, creates sites, adopts devices, and so on. · Superuser doesn’t need to be a person with a high-level of networking domain expertise. · Network Admin · Is a networking expert who monitors, verifies, and troubleshoots an organization’s network. · Observer · Monitors events in the organization’s network. · Observer cannot take corrective action. The observer brings issues to the notice of the network
administrator for resolution.

69

· Installer · Onboards devices and monitors device status during onboarding. · Installer can access only the Onboard a Device and Device List pages.
Table 27 on page 69 displays the access privileges of the four user roles to the menu items. Table 27: User roles and their access privileges

Menu

Super User

Network Admin

Observer

Installer

Trust and Compliance

Trust

Network Score

Compliance

Vulnerabilities

Integrity

Hardware EOL

Software EOL

Observability

Troubleshoot

Devices

Events

Network

Device & Links

Intent

Device Onboarding

70

Table 27: User roles and their access privileges (Continued)

Menu

Super User

Network Admin

Observer

Network

Implementation

Plan

Put Devices into

Service

Settings

Trust Settings

Network Score

Formula

Compliance

Checklist

Compliance

Tailoring

Compliance

Benchmarks

Intent Settings

Device and

Interface Profiles

Network Settings

Configuration

Templates

Configuration

Backups

Software Images

Installer

71

Table 27: User roles and their access privileges (Continued)

Menu

Super User

Network Admin

Observer

Administration

Users

Audit Logs

Inventory

Settings

Sites

Onboard a Device

Device List

Installer

RELATED DOCUMENTATION Manage Roles | 53
Add Users to an Organization
An administrator with the Super User role can add users to an organization and provide role-based access by sending an invitation to the user’s e-mail ID. The user needs to accept the invitation to be a member of the organization. Existing users can access their organization by using their Juniper Cloud account. Figure on page 72 illustrates the workflow for inviting a new user to an organization.

72 Figure 10: Add users to an organization
The status of the invitation is shown as Invite Pending until the user: · Accepts the invitation to get role-based access to the organization. · Rejects the invitation to access the organization. · Doesn’t accept or reject the invitation within seven days. The status of such invitations is displayed
as Invite Expired. If the user accepts the invitation and has role-based access to the organization, but you want to take away the user’s access, you can revoke the invitation. If the user invitation expires, you can re-invite the user or cancel the invitation.
Invite Users
An administrator with the Super User role can add users to an organization by sending an e-mail invitation from the Paragon Automation GUI.

73

The user must accept the invitation within seven days, after which the invitation expires.
A user’s access privileges within the organization is based on the role you assign to the user. You can assign only one role to a user. For more information on roles, see “Predefined User Roles Overview” on page 68.
To invite a user:
1. Click Administration > Users. The Users page appears.
2. Click the Invite User (+) icon. The Users: New Invite page appears.
3. Enter user details and assign a role according to the guidelines provided in Table 28 on page 73. 4. Click Invite.
A confirmation message indicating that the user is invited is displayed, and the user details are listed on the Users page. 5. Check the status of the user. If the status changes to Invite Expired, you can delete the user, reinvite the user or cancel the invitation. For more information, see “Cancel an Invitation” on page 76 and “Reinvite a User” on page 75.
Table 28: Fields on the Invite User Page

Field

Description

First Name

Enter the first name of the user. First name can contain up to 64 characters.

Last Name

Enter the last name of the user. Last name can contain up to 64 characters.

Email

Enter the e-mail ID that a user would use to access Paragon Automation.

74

Table 28: Fields on the Invite User Page (Continued)

Field

Description

Role

Assign a role to the user. You can assign only one role to a user in an organization.

You can assign:

· Super User

· Network Admin

· Observer

· Installer

See “Predefined User Roles Overview” on page 68 for information about user roles.

RELATED DOCUMENTATION Add Users to an Organization | 71
Manage Users and Invites
IN THIS SECTION Edit User Role | 75 Reinvite a User | 75 Cancel an Invitation | 76 Revoke a User | 76

You must be an administrator with the Super User role to manage users and user invitations. You can edit user role, reinvite, cancel invitations, and revoke users from the Users page.

75
Edit User Role
On the User: Name page, you can edit the role of a user. The first name, last name, and e-mail ID of a user cannot be modified. To edit user role: 1. Click Administration > Users.
The Users page appears. 2. Select the user whose role you want to edit and click Edit User (pencil) icon.
The User: Name page appears. 3. Modify the role as needed. See Table 26 on page 67 for field descriptions.
NOTE: · If you modify the role of a user whose invitation status is Active, the user is not notified
about the modification in the role. · If you modify the role of a user whose invitation status is Invite Pending or Invite Expired,
a new invitation e-mail is sent to the user to access the organization with the new rolebased access privileges.
4. Click Save. A confirmation message indicating that the user invitation is updated is displayed and you are returned to the Users page, where you can view the changes you made.
Reinvite a User
You can reinvite a user if: · The user invitation expired. · The user invitation is pending. · The user role needs to be modified for users with Invite Pending or Invite Expired invitation status. To reinvite a user to the organization: 1. Click Administration > Users.
The Users page appears. 2. Select the user you want to reinvite and do one of the following:
· Click Edit User (pencil) icon > Re-invite. · Click More > Re-invite User.

76
· Right-click the user and click Re-invite User. The Re-invite User confirmation window appears. You can reinvite a user whose status is Invite Expired or Invite Pending. For users whose access is revoked or deleted, you must click the Invite User (+) icon to reinvite the user; see “Invite Users” on page 72. When you reinvite from the Edit User page, you can modify the role of a user. 3. Click Save. An invitation e-mail is sent to the user and the user account is listed on the Users page with status Invite Pending. If the user doesn’t accept the invitation within seven days, the invitation expires.
Cancel an Invitation
You can invalidate an invitation by canceling the invitation. You can uninvite a user if the invitation status is Invite Pending or Invite Expired on the Users page.
NOTE: An invite expires after seven days.
To uninvite a user: 1. Click Administration > Users.
The Users page appears. 2. Select the user you want to uninvite and do one of the following:
· Click Edit User (pencil) icon > Uninvite. · Click More > Uninvite. · Right- click the user and click Uninvite. The Delete Invitation confirmation window appears. 3. Click OK to uninvite the user. A confirmation message indicating that the invite is canceled is displayed and you are returned to the Users page. The details about the user invitation is no longer listed in the Users table.
Revoke a User
If the user accepts the invitation and has role-based access to the organization, but you want to take away the user’s access, you can revoke the invitation. Revoking a user’s access deletes the user from the organization. You can revoke access only for active accounts.

77
To revoke a user’s access to an organization: 1. Click Administration > Users.
The Users page appears. 2. Select the user whose access needs to be revoked and do one of the following:
· Click Edit User (pencil) icon > Revoke. · Click More > Revoke User. · Right- click the user and click Revoke User. The Delete User confirmation window appears. 3. Click OK. The user is deleted from the organization and cannot access the organization.
NOTE: Paragon Automation maintains a log of the user’s activities in the organization even after the user’s account is deleted or their access gets revoked. For example, the user’s activities recorded in the audit logs will remain even if they no longer have access to the organization.
Manage Your Juniper Cloud Account
You can manage your Juniper Cloud account information from the My Account page in Paragon Automation. You can access the My Account page by clicking the user account icon in the top right corner of the GUI. From the list, choose My Account. You can perform the following tasks in the My Accounts page: · Change account information · Change your password · Enable two-factor authentication · Enable e-mail notifications for superusers and network admins · Enable social sign-in · Delete your Juniper Cloud account 1. To change account information:
a. Click your user account icon at the top-right corner and click My Account from the list.

78
b. Change your e-mail address, name, and phone number, as necessary, in the Account Information section.
c. Click Save. Paragon Automation updates your user account information.
2. To change your password: a. Type a new password in the Change Password box. The super user configures the password policy for the organization. A password can contain up to 32 characters including special characters.
b. Click Save. A message confirms that Paragon Automation updated your user data.
3. To enable two-factor authentication: a. Toggle the switch on to enable Two Factor Authentication.
b. Click Save. A message confirms updating your user data. A verify button appears near the two-factor authentication option.
c. Click Verify. The Verification of Two Factor Authentication page displays a QR code.
d. Open your authenticator application and click the add icon (+) to add a new account.
e. Scan the QR code displayed in Paragon Automation. Your Juniper Cloud account appears in your authenticator application.
f. Enter the token number from your authenticator application in the Verification of Two Factor Authentication page.
g. Click Verify. A green check mark appears beside the Two Factor Authentication option on your My Account page. The two-factor authentication is active for your account. You can log out and log back in to the cloud portal.
4. To enable e-mail notifications: After a super user configures alerts for which Paragon Automation can send e-mail notifications. You must enable e-mail notification on your My Account page to receive e-mail notifications for all or selected sites. a. Click Enable in the Email Notification section. The Enable Email Notifications page appears.
b. Click the Enable Org Notifications toggle button.

79
The Enable Email Notifications page appears. a. Click the toggle button against a site to receive e-mail notifications specific to the site. b. Click Close.
The Enable Email Notification section shows that you have enabled notifications for your current organization. 5. To enable social sign-in: a. Enable the Sign In With Google option in the Social Sign In section. A message asks your permission for redirection to link your Google account. b. Click Yes. You will be redirected to the Google sign in page. c. Enter your Google e-mail and password and click Next. Paragon Automation links your Google account and redirects to the My Account page. A message confirms that Paragon Automation linked your Google account. 6. To delete your account: a. Click Delete Account. A confirmation message appears. b. Click Yes. Paragon Automation logs you out and deletes your Juniper Cloud account.
NOTE: After you delete your user account, Paragon Automation stores audit logs that reference your name for 30 days.
RELATED DOCUMENTATION About the Events Page | 278

80
CHAPTER 7
Inventory Management
IN THIS CHAPTER About the Inventory Page | 80 Assign a Device to a Site | 84
About the Inventory Page
IN THIS SECTION Tasks You Can Perform | 80 Field Description | 82
The Inventory page lists the devices in an organization grouped as routers, switches, and firewalls. You can view the device details such as host name, model, a serial number and so on. In the Installed Base tab, you can view device details, including the site where the device is located, the start and end date of the device’s service contract, end of life (EOL) and end of service (EOS) for the device, and so on, for all the Juniper Networks devices in your network. To access the Inventory page, click Administration > Inventory on the navigation menu.
Tasks You Can Perform
You can perform the following tasks on the Inventory page: · View details of a device (router, switch, or firewall) present in the organization–To view details of a
device, click the respective tab of the device, and click the Details icon that appears next to the check box beside a device name. The Device Details pane appears on the right side of the page

81
displaying the basic device information and the site where the device is located. See Table 30 on page 83.
· Adopt a device; see “Adopt a device” on page 109.
· Release a device–Releasing a device implies removing the device from the management of Paragon Automation due to reasons such as end of life (EOL) of the device. When you release a device, the SSH configuration that establishes the connection between the device and the Juniper Cloud is removed from the device. The device cannot connect with Juniper Cloud and therefore, is not managed by Paragon Automation.
Select the device (under the appropriate tab) and click Release Device and click Yes on the Confirm Device Release page.
NOTE: If the selected router is managed by Paragon Automation, releasing it removes any configuration added to the device during device adoption. Other configurations committed on the device are not affected.
· Export details of all the routers in a CSV format–To export details of all routers, on the Routers tab, click the Export button. The details are exported to an CSV that you can download to your local system.
· Assign one or more devices to a site; see “Assign a Device to a Site” on page 84.
· View information about the Juniper devices linked to your organization from the Installed Base tab. The information includes device-specific details along with the status information collected from the installed devices. Once the Juniper account is linked to your organization, the page displays a banner with the total count of your devices that are currently onboarded, onboarded and assured, and not onboarded to Paragon Automation. The installed base information helps you decide whether you should onboard a device to Paragon Automation.
To view the details of all Juniper Networks devices in your network, click the Installed Base tab. See Table 31 on page 83.
NOTE: To access information about the Juniper devices from the Installed Base tab, you must first link the associated Juniper account to your organization from the Settings (Administration > Settings) page. For more information, see “Link Your Juniper Account to Your Organization” on page 60.
· Filter the data displayed in the table–Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.

82

· Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu. · Sort, resize, or re-arrange columns in a table (grid).

Field Description
Table 29 on page 82 lists the fields on the Inventory page. Table 29: Fields on the Inventory Page

Field

Description

ID

ID of the device in Paragon Automation.

Name

Name of the device.

Status

Status of the device: · Connected–Device is connected to Juniper Cloud and assigned to a site in Paragon
Automation.
· Disconnected–The device is not connected to Juniper Cloud or is connected to Juniper Cloud, but not assigned to a site in Paragon Automation.

IP Address (for

Management IP address assigned to the device.

routers and firewalls)

MAC Address (for switches)

MAC address assigned to the device.

Model

Device model; for example ACX7100-48L, ACX7100-32C, and MX240.

Site

Site to which the device is assigned.

Serial Number

Serial number of the device.

Software Version

Version of operating system installed on the device.

Product

Device type; for example, MX, ACX.

Vendor

Manufacturer of the device.

Operating System

Operating system installed on the device; for example, Junos and Junos Evolved.

83

Table 30: Fields on the Device Details Pane

Field

Description

General

Name

Host name of the device.

Model

Device model; for example ACX7100-32C.

IP Address

Management IPv4 address assigned to the device.

Created Time

Date and time when the device was onboarded to Paragon Automation.

Modified Time

Date and time when a device detail was modified.

Site

Name

Name of the site where the device is installed.

Address

Address of the site where the device is installed.

Country Code

Country where the device is installed.

TimeZone

Time zone where the device is installed.

Table 31: Fields on the Installed Base Tab

Field

Description

Model

Model of the device.

Status

Indicates if the device is connected to Paragon Automation. Values include: · Not Onboarded–The device is not yet connected to Paragon Automation. · Onboarded–The device is connected to Paragon Automation.

Installed Address Serial Number

Address of the site where the device is installed. Serial number of the device.

84

Table 31: Fields on the Installed Base Tab (Continued)

Field

Description

Service Contract

Service contract number for the device.

Product SKU

Stock Keeping Unit (SKU) number assigned to the device.

Service SKU

SKU assigned to the device’s service contract.

Svc Contract Start Date

Service contract start date for the device.

SVC Contract End Date

Service contract end date for the device.

EoL Date

End of Life date for the device.

EoS Date

End of Service date for the device.

Customer PO

Customer purchase order number for the device.

Sales Order

Sales order number for the device.

Reseller

Reseller of the device.

Distributor

Distributor of the device.

Warranty Type

Type of warranty.

Warranty Start Date Start date of warranty for the device.

Warranty End Date End date of warranty for the device.

Assign a Device to a Site
A site represents the location where the device is installed. Each device that is claimed (managed) by Paragon Automation must be assigned to a site for efficient management such as for applying policies. To assign one or more devices to a site:

85
1. Navigate to Administration > Inventory. The inventory page appears.
2. On the Router tab, select the device that you want to assign to a site and click More > Assign to a Site. The Assign Devices to a Site page appears.
3. Select the site to assign the devices in the Select Site list and click Done. The device is assigned to the selected site and the Site field on the Inventory page shows the site to which the device is assigned.
After the device is assigned to a site, you can apply all the device management functions on the device.

86
CHAPTER 8
Audit Logs
IN THIS CHAPTER Audit Logs Overview | 86 About the Audit Logs Page | 87
Audit Logs Overview
An audit log is a record of activities initiated by a user or by a process in a workflow that the user has initiated. You can view a record of: · User- initiated activities such as accessing, creating, updating, or deleting any resource or component
in Paragon Automation. · System-run activities that are part of workflows in Paragon Automation such as committing the
configurations defined in the network implementation plan on devices as part of the onboarding workflow, by using the NETCONF protocol. Such tasks are recorded in the audit logs as systeminitiated tasks even though the workflow is initiated by the user during the onboarding process. Audit logs are useful in tracking and maintaining a history of these activities.
NOTE: Audit logging does not track device-initiated activities. Audit logs are cleared every 30 days.
Superusers and network administrators can view and filter audit logs to determine which users performed which actions at what time. For example, a super user or network administrator can use audit logs to see who: · added user accounts on a specific date. · accessed the organization and at what time.

87
· updated or deleted an event (alert or alarm) template. · added or deleted a site.
RELATED DOCUMENTATION About the Audit Logs Page | 87
About the Audit Logs Page
IN THIS SECTION Tasks You Can Perform | 87 Field Descriptions | 88
To access this page, select Administration > Audit Logs. Superusers and network administrators can view and filter audit logs for the organization. The Audit Logs page refreshes automatically and displays the latest logs.
Tasks You Can Perform
· View details of an audit log–Select an audit log and click More > Detail or click the Details icon on the left. The Details for Audit Log pane appears.
NOTE: You can hover over the Period drop-down list to filter the audit logs based on the time interval you select. You can choose Last 60 Minutes, Last 24 Hours, Last 7 Days, Today, Yesterday, This Week, or Custom (enter a custom time range).
· Filter the data displayed in the table–Click the filter icon (funnel) and select whether you want to show or hide advanced filters. You can then add or remove filter criteria, save criteria as a filter, apply or clear filters, and so on. The filtered results are displayed on the same page.
· Show or hide columns in the table or reset page preferences, using the vertical ellipsis menu. · Sort, resize, or re-arrange columns in a table (grid).

88

Field Descriptions
Table 32 on page 88 describes the fields on the Audit Logs page. Table 32: Fields on the Audit Logs Page

Field

Description

ID

Unique identifier assigned to the log.

Timestamp

Date and time at which the audit log was recorded.

Username

Name and e-mail address of the user who initiated the task.

Source IP

IP address of the device from which the user initiated the task. For tasks that do not have an associated source IP address, this field is blank.

Message

Description of the logged task.

Site

Name of the site in which the task was initiated.

User Agent

Displays information about the Web browser the user used to access Paragon Automation GUI.

Job

Displays a clickable Show job details link if a job is associated with the audit log

activity. Click the link to search and display audit logs with the same Job ID.

Job ID

Unique identifier assigned to the job.

RELATED DOCUMENTATION Audit Logs Overview | 86

3 PART
Device Life Cycle Management
Introduction | 90 Day-Wise Activities for Device Life Cycle Management | 99 Field Technician User Interface | 113 Onboarding Profiles | 116 Plan Device Onboarding | 136 View Device Onboarding | 170 Device Management | 225

90
CHAPTER 9
Introduction
IN THIS CHAPTER Device Life Cycle Management Overview | 90 Device Onboarding Overview | 93 Supported Devices | 96 Device Onboarding Workflow | 96
Device Life Cycle Management Overview
IN THIS SECTION Onboard a Device | 91 Manage and Monitor a Device | 91 Decommission a Device | 92 Benefits of Device Life Cycle Management | 92
Device life cycle management in Paragon Automation is divided into various tasks that you perfom as Day -2, Day -1, Day 0, Day 1 and Day 2 activities. The tasks are divided so that you follow a structured process to onboard, manage, and offboard devices, The activities for managing a device life cycle are divided as: · Day -2 activities in which a newtork architect plans the device role and device configuration for that
device role. See “Add Network Resource Pools and Profiles (Day -2 Activities)” on page 99. · Day -1 activities in which a network planner prepares a plan for onboarding the device to Paragon
Automation. See “Prepare for Device Onboarding (Day -1 Activities)” on page 100. · Day 0 activities in which a field technician installs the device and gets Paragon Automation to
manage the device. See “Install and Onboard the Device (Day 0 Activities)” on page 101.

91
· Day 1 and Day 2 activities in which a network administrator monitors the health and functioning of the device and moves the device to prodcution. See “Move Device to Production (Day 1 and Day 2 Activities)” on page 111.
Onboard a Device
You can use Paragon Automation to onboard: · New devices that you procure for your network (greenfield devices).
You onboard greenfield devices by using a network implementation plan, which includes the management (IP address, hostname, and so on) and infrastructure configurations (routing protocol configurations). You can apply the following configurations on a device by using a network implementation plan: · Basic device-level configurations (IP address configurations, hostname, software image to be used,
and so on) and routing protocols (ISIS, OSPF, BGP, RSVP, LDP, and PCEP). · Configuration for links with neighboring devices.
NOTE: The neighboring devices are devices that are a part of the same network implementation plan.
· Configuration for performing health checks, connectivity checks, and running trust scans. · Devices that already exist in your network (brownfield devices).
You onboard brownfield devices by committing outbound SSH commands for connecting with Paragon Automation, on the device. Paragon Automation provides you the SSH commands that you can copy and commit on the device. The onboarding of a devices by committing the outbound SSH commands is referred to as adopting a device. See “Device Onboarding Overview” on page 93.
Manage and Monitor a Device
After you onboard a device, you can manage a device’s inventory, apply licenses, perform backup and restore of device configurations, upgrade software, reboot the device, and access the CLI of the device. See “Device Management Workflow” on page 225. While Paragon Automation provides automated solution for managing configurations, device monitoring, and periodic Trust scans for greenfield devices, Paragon Automation also provides the conventional device life cycle management solutions for brownfield devices.

92
For a greenfield device, to upgrade a software, you update the software version to be applied on the device in the device profile or the network implementation plan used to onboard the device. Similarly, links and basic configurations that were committed on a device by using the network implementation plan can be updated by editing the network implementation plan and profiles used to onboard the device. You can also use configuration templates to apply advanced configurations on the device.
In addition, Paragon Automation instantiates playbooks (based on the configurations in the plan and profiles) for automatic monitoring and operations of the greenfield devices right from when the device is in the process of onboarding. For example, when you enable BGP or RSVP protocols in the profiles, Paragon Automation instantiates playbooks to monitor the functioning of the BGP and RSVP protocols and displays any alerts or alarms related to the functioning of the protocols on the GUI.
Paragon Automation GUI provides an integrated view of all the information about a device. On the Device-Name page (Intent > Put Devices into Service > Device-Hostname), you can view general details, connectivity details, results of trust scans, and key performance indicators and assess the functioning of the device. You can also upgrade software and perform a backup and restore of the device configurations from the same page.
For brownfield devices, Paragon Automation provides options for software upgrade, adding licenses, applying configurations by using configuration templates, and backing up configurations under the Settings > Network Settings menu.
Decommission a Device
When you want to decommission (offboard) a greenfield device, you can:
· Use the network implementation plan that you are using to manage a device to decommission the device. See “Offboard a Network Implementation Plan” on page 166.
When you use a network implementation plan to offboard, device configurations are deleted, but the outbound SSH configuration is retained. You must delete the outbound SSH configuration for Paragon Automation to disconnect from the device. See “Release a Device” on page 81.
· Use the Release option to delete the outbound SSH configuration so that Paragon Automation disconnects from the device, See “Release a Device” on page 81.
In this case, the other configurations committed on the device are retained. You must access the device CLI and manually delete the configurations.
To decommission a brownfield device, you simply use the Release option in Paragon Automation to delete the outbound SSH configuration on the device. See “Release a Device” on page 81.
Benefits of Device Life Cycle Management
· Provides an automated solution for managing the life cycle of new devices procured for a network.

93
· The profiles and network implementation plan that are used to onboard and manage multiple devices reduces the time taken and effort needed for managing the devices considerably. For example, if you want to upgrade software running on five devices, you can simply edit the software version in the plan used for onboarding the devices and publish the plan. Paragon Automation updates the software on the devices to the version you mention here.
Device Onboarding Overview
Device onboarding refers to the steps that you must perform to enable Paragon Automation to manage the devices in your network. Device onboarding involves different personas in an organization performing different tasks to onboard devices.
A network architect prepares to add devices to the network and decides the roles for each device in the network. Based on the device role, the network architect creates resource pools, device profiles, and interface profiles.
Resource pools include values for network resources [IP addresses, loopback addresses, BGP cluster IDs, segment identifiers (SIDs), autonomous system number, and so on] that Paragon Automation can assign to the devices when automatic confiugration is specified for the resources. See the “Add Network Resource Pools” on page 141 for more details.
The device profiles include configurations associated with configurations such as IP loopback address, router ID, the software image to be used, and some routing protocols (such as BGP). The interface profiles include the routing protocol (IS-IS, OSPF, RSVP, and LDP) configurations. The network architect can also specify compliance and connectivity checks to be performed during device onboarding. See “Device and Interface Profiles Overview” on page 116 for more details.
A network planner uses these profiles to create a plan (referred to as network implementation plan) for onboarding devices. In the plan, the network planner assigns the device and interface profiles to the devices to be onboarded. The planner can also configure links between the devices included in a plan. See “Network Implementation Plan Overview” on page 136 for more details.
The planner also adds information about the type of pluggables and cables to be used for each port on a device. A field technician views these information and uses them as guidance for installing the device. Paragon Automation provides a field technician UI that that a field technician can access on a laptop or a handheld device such as a smart phone. The field technician can view the instructions and the progress of the installation on the field technician UI. See “Field Technician UI Overview” on page 113 for details.
Paragon Automation commits configurations defined in the device and interface profiles, and the network implementation plan on the device during device onboarding. You can use the profiles and plan to also add configurations after a device is onboarded. For example, if a plan has an RSVP LSP configured from a device to all the provider edge (PE) devices, an LSP is configured from the device to all

94
the PE devices that are present in the network during onboarding and also, to any PE device that might be added to the network after the device is onboarded.
After a device is onboarded and brought to production, you can use the network implementation plan to manage the devices. For example, if you want to upgrade software on all the devices in the plan, you specify the software version to be installed in the plan and push the updates on to the devices (known as publish). Paragon Automation updates the software that is installed on the devices to the version you specified in the plan.
Figure 11 on page 95 shows the device onboarding workflow in Paragon Automation for a new device (greenfield).

95 Figure 11: Device Onboarding Workflow
You (Super User or Network Admin) can use Paragon Automation to onboard devices that already exist in your network (brownfield devices). In this scenario, Paragon Automation provides the SSH configuration that a Super User or a Network Admin can commit on the device for the device to connect with Paragon Automation. After the device is connected, you can use Paragon Automation to manage configurations, upgrade software and licenses, and perform other management tasks on the device. See “Adopt a Device” on page 109.

96
Benefits · Paragon Automation facilitates faster deployment of devices to the network by committing device
configurations and checking the health and connectivity of the devices during onboarding. · The field technician UI makes the device onboarding process easy by providing guidance to add
pluggables and connect cables, and displaying the progress of the device onboarding process to the field technician. · The network implementation plan provides an easy way to upgrade software or modify configurations on multiple devices at the same time.
RELATED DOCUMENTATION Add a Device Profile | 120 Add an Interface Profile | 130 Add a Network Implementation Plan | 158
Supported Devices
Paragon Automation supports the following ACX Series devices: · ACX7024 · ACX7100-32C · ACX7100-48L · ACX7509
Device Onboarding Workflow
The workflow for onboarding a new device (greenfield device) includes creating network resource pools, device and interface profiles, and a network implementation plan. The network implementation plan includes instructions about the type of pluggables and cables that a field technician must use for the device ports. Table on page 97 lists the different personas and the roles in Paragon Automation that are involved in onboarding a device.

97

Table 33: Persona and Roles Involved in Device Onboarding

Persona

Role in Paragon Automation

Network architect

Super User or Network Admin

Network planner

Super User or Network Admin

Field Technician

Installer

NOC Engineer (Network administrator)

Super User or Network Admin

To onboard a device to Paragon Automation:
1. A network architect creates network resource pools for automatic assignment of values to the resource pools (IP addresses, segment identifiers, BGP cluster IDs, and so on). See “Add Network Resource Pools” on page 141.
2. The network architect decides the configurations that must be committed on the device to be onboarded and creates the following profiles:
· Device profiles. See “Add a Device Profile” on page 120.
· Interface profile. See “Add an Interface Profile” on page 130.
The network architect can add device and interface profiles to suit specific needs; that is, create profiles with configurations that can be committed to all the devices or selected devices in a network. 3. A network planner creates a network implementation plan for onboarding the device. See “Add a Network Implementation Plan” on page 158. 4. At the site, the field technician unpacks the device and mounts it on a rack. For instructions on how to mount a device, see the corresponding device Hardware Guide or the Quick Start Guide in the Techlibrary site. To access the Hardware Guide or the Quick Start Guide of a device, on the homepage of the Techlibrary site, under Products by Category, click View More > Device-Model in the Routing section. 5. The field technician accesses the field technician UI for guidance on inserting pluggables and connecting cables to the device. See “Day 0 activities: Install the Device” on page 101. 6. The field technician inserts pluggables and cables based on the instructions displayed on the field technician UI.

98
After you insert the pluggables and cables, Paragon Automation performs tests to check the health of the pluggables and performs ping tests to neighbors for checking connectivity. Any errors found during the tests are displayed on the field technician UI. If the onboarding process stops in between citing an error, the field technician can correct the errors and click Resume Onboarding to resume the onboarding process.
NOTE: If onboarding completes with errors and warnings, the Super User or Network Admin monitoring the onboarding process sees the onboarding status of the devices as Onboarding failed on the Paragon Automation UI. The field technician can correct the errors, but the status of onboarding continues to be Onboarding failed and also the errors and warnings are not removed.
See “View Results of Automated Device Tests” on page 174. 7. A network administrator appl

References

• GeoJSON
• manage.cloud.juniper.net
• Downloads
• Security Content Automation Protocol | CSRC
• GeoJSON
• learning.postman.com/docs/
• Postman documentation overview | Postman Learning Center
• learning.postman.com/docs/sending-requests/managing-environments/
• license.juniper.net/licensemanage/
• manage.cloud.juniper.net
• schema.getpostman.com/json/collection/v2.1.0/collection.json
• Statuspage | Atlassian
• Statuspage | Atlassian
• Statuspage | Atlassian
• Downloads
• CEC Juniper Community
• CIS Benchmarks
• Documentation | Juniper Networks
• Quick Start | Juniper Networks
• Juniper Support Insights | Quick Start | Step 1: Begin | Juniper Networks
• show ntp status | Junos OS | Juniper Networks
• Juniper Licensing User Guide | Licensing | Juniper Networks
• Juniper Agile Licensing for License Management | Licensing | Juniper Networks
• How to Buy Juniper | Contact Sales | Juniper Networks US
• Scenarios
• Creating a scenario
• Sign in | Make HQ
• Download Postman | Get Started for Free

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>