EMC Analytics/Purview - UserID Detection

  • 1
  • 2
  • Problem
  • Updated 11 months ago
  • Not a Problem
I think I'm missing something simple here in my setup.  I am running Purview 7.0.6.27 with EMC 7.1.2.12 and NAC 7.1.1.9 and WLC V2110 10.31.07.0002.

I am mirroring (n15) my outbound ISP link, and I have netflows on my core for that port (S6, 8.62.4) directed to the purview appliance.

I get app ids in purview as expected, but what I don't get is my username matches for the flows.

I have usernames populating my NAC as expected.

I haven't found anywhere in the purview config to tweak userid settings, nor have I found in the NAC anywhere to export userids to purview.

Is this part of the integration completely behind the scenes?  --Or am I missing something in my setup?
Photo of Keith Obermeier

Keith Obermeier

  • 430 Points 250 badge 2x thumb

Posted 12 months ago

  • 1
  • 2
Photo of Volker Kull

Volker Kull

  • 1,862 Points 1k badge 2x thumb
Keith,

there is a config option in
Analytics > Configuration > Engines > Configuration > Access Control Integration 
"Enable Access Control Integration"
You have to check this box an save and deploy the configuration to the analytics engines.

(this is the way on 8.0.3/4 - I think this will be at 7.1 as well) )

br
Volker
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,650 Points 5k badge 2x thumb
Yes, it is available in earlier codes, in the same area. Sometimes the sections need to be expanded a bit to see all options.

The firmware for Analytics appliance should match the eXtreme Management Center version in almost all cases. NAC is mostly backwards compatible.
In versions 8.x, we expect to keep all appliances effectively revision locked as a requirement. FYI.
Photo of Keith Obermeier

Keith Obermeier

  • 430 Points 250 badge 2x thumb
I do have that checked, with comm channel 2525....
Photo of Keith Obermeier

Keith Obermeier

  • 430 Points 250 badge 2x thumb
key question here, is 2525 the correct port?
Photo of Volker Kull

Volker Kull

  • 1,862 Points 1k badge 2x thumb
Keith !

I had several issues with comm channel configurations. Don ́t do that !
Please try it without comm channel.

br
Volker
Photo of Joshua Puusep

Joshua Puusep

  • 2,274 Points 2k badge 2x thumb
I just enabled it this morning after reading this post and it worked immediately without the use of comm channel
Photo of Keith Obermeier

Keith Obermeier

  • 430 Points 250 badge 2x thumb
changed Comm channel to "Default" as shown in the NAC config, and updated NAC and purview to match Netsight version.  After these corrections problem was resolved
Photo of Keith Obermeier

Keith Obermeier

  • 430 Points 250 badge 2x thumb
btw, not sure how but 2525 was prepopulated in my comm channel.
Photo of Vesna

Vesna

  • 136 Points 100 badge 2x thumb
Hi all, 

Do you maybe have an idea why in Purview for some flows username is correctly populated from NAC, but for some flows User/Detailed Location fields are blank (and user exist in NAC).

We didn't enable Communication Channels because we don't need that feature in NAC. 

Everything (Purview, NAC, EMC) are on same 7.1.2.12 version.

Tnx,
Vesna.