Views:

Q: How many devices can be managed using the bulk management process?

A: While the IP address file is not restricted, TippingPoint recommends that no more than 30 devices be simultaneously bulk managed. After bulk management of the group is complete:

  • Verify all devices are managed correctly; if any device fails, manage manually.
  • Verify virtual segments on the SMS.
  • Verify if any Reputation tag category duplicates were created.

Q: How long does it take to add an IPS device to the SMS?

A: This number will vary depending on the type of device being managed. A fully populated device under heavy traffic load can take between 1 to 5 minutes, with the high end at around 10 minutes.

Q: When adding multiple devices to the SMS, does the process happen serially or in parallel?

A: Bulk managing happens in parallel. There are 20 threads dedicated to the bulk management process. The SMS puts the devices to be managed into a queue and at most 20 devices will be processed simultaneously. As one device finishes the management process, it is removed from the queue and another device will be added to the queue until finished.

Q: What is the best practice to monitor the process?

A: The SMS client interface would be the best place to monitor the process.

Things to consider:

  1. Timing: Each managed device will take the SAME amount of time that a device normally takes to be managed; there’s no acceleration in the process, and bulk device management simply automates the process.
  2. Failures: The reality of bulk device management is that some devices may fail to be managed on the first attempt. TippingPoint recommends that any devices that fail the bulk management process be managed manually.
  3. User ID and Password: Bulk device management will only work on groups of devices with the same credentials (username and password).
  4. Device Groups: Bulk device management will not create Device Groups. Device groups can be created before or after the bulk management process.
  5. Reputation: In some instances, managing devices may create duplicate reputation tag categories on their new SMS.
  6. Virtual Segments: Virtual segments on the IPS can cause complications with device management. This can lead to a process failure or the creation of duplicate virtual segments. The best practice is to bulk-add only unconfigured devices or perform a filter reset before managing the device (a filter reset deletes all virtual segments). You can then reconfigure the virtual segments.

Before You Begin

  • You must have SuperUser rights on the SMS to add or delete a device.
  • If required, create the group in which the devices will reside.
  • When you add multiple devices, they must all use the same authentication (user name and password) and be part of the same device group.
  • Create an "IP Addresses file" that contains one valid IP address per line or a comma-delimited list of valid IP addresses.

Device

Click the image to enlarge.

Procedure:

  1. Log in to the SMS from a client.
  2. On the SMS toolbar, navigate to the Devices > All Devices tab screen.
  3. To add a device do one of the following:
  •  On the All Devices screen, click New Device.
  •  On the All Devices screen, right-click the screen and select New Device.
  •  On the top menu bar, select the File > New > Device.
  1. The Devices - New Device dialog box displays.
  • To add a single device, select Add Device(s), and enter the device's IP Address.
  • To add multiple devices, select Add Device(s), and enter the device IP addresses, separated by commas.
  • To use a text file to add multiple devices, select Add Multiple Devices Using a File, and then click Browse to locate the file.
  1. Provide the Username and Password for the devices.
  2. Select a Device Group for the device(s) you are adding.
  3. Select the appropriate Device Type.
  4. Optionally, you can click Options in the navigation pane and select from the following new device options:
  • Select Synchronize Device Time with SMS to synchronize time on the device with the SMS.
  • Select Configure/Clone Options to launch the Device Configuration wizard after the device(s) are added. You can also select Clone an existing device to copy settings from an existing device.
  1. Click OK.
 
NOTE: When a device is successfully added to the SMS, the device appears in the All Devices area and in the navigation tree under the All Devices node. If the device is functioning properly, the Health Status indicator is green. When you add a device, the system saves historical data for the device.

 

Reference: SMS User Guide

Keywords: Adding devices, multiple devices, add multiple devices, multiple devices to the sms, ip addresses