Managing USM Users (SNMPv3)

Skylight orchestrator supports SNMPv3. SNMPv3 defines User-based Security Model (USM), a security mechanism that enables per-message authentication and encryption.

To use SNMPv3 on Skylight orchestrator, you need to define one or more USM user accounts that cover your organization's different security profiles for receiving and sending SNMPv3 messages.

The USM users must be defined on the northbound system to which Skylight orchestrator will forward SNMP messages. Matching USM users must also be defined on Skylight orchestrator so that the appropriate user can be specified when sending messages.

You create and manage USM user accounts in the USM Users page of Skylight orchestrator.

To view the list of existing USM users

1. Select Admin ▶ SNMP to access the SNMP page.

2. Select the USM Users tab.
   The list of all USM Users that have been defined is displayed.

Creating a USM User

You must create USM users in Skylight orchestrator that match the USM users that exist on the destination systems to which Skylight orchestrator will send SNMP messages.

To add a USM User

1. Select Admin ▶ SNMP to access the SNMP page.

2. Select the USM Users tab.

3. Click the Add button on the toolbar to add a new USM user.
   The USM user configuration dialog is displayed.

4. Enter or select appropriate values for all settings, click Apply then click Close.
   For more information on specific parameters, see the table below.

USM User parameters (Admin ▶ SNMP ▶ USM Users)

Security name:
Name used for a certain security profile.

This name must correspond to a USM user that exists on one of the SNMP destinations (Trap receiver [0] to [3]) defined on the Configuration page.

Security level:
Sets the security levels for the user.

Possible values:

• NOAUTH_NOPRIV: User does not require authentication nor privacy protocol.
• AUTH_NOPRIV: User requires authentication, but does not require use of a privacy protocol.
• AUTH_PRIV: User requires authentication and use of a privacy protocol.

The value selected for this field must match the value set for the USM user on the destination system.

Authentication password:
This field is only enabled if Security level is set to either: AUTH_NOPRIV or AUTH_PRIV.

You must enter the password that matches the value set for the USM user on the destination system.

Authentication protocol:
This field is only enabled if Security level is set to either: AUTH_NOPRIV or AUTH_PRIV.

Possible values:

• AUTH_NONE: Authentication not required
• AUTH_MDS: MDS protocol will be used for authentication
• AUTH_SHA: SHA protocol will be used for authentication.

You must select the protocol that matches the protocol set for the USM user on the destination system.

Privacy password:
This field is only enabled if Security level is set to: AUTH_PRIV.

Possible values:

• PRIVACY_NONE: Privacy protocol not required
• PRIVACY_DES: DES protocol will be used for privacy.
• PRIVACY_3DES: 3DES protocol will beused for privacy.
• PRIVACY_AES128: AES128 protocol will be used for privacy.

You must select the protocol that matches the protocol set for the USM user on the destination system.

Deleting USM Users

You can delete USM users from Skylight orchestrator if they are no longer useful.

Note that deleting a USM user from Skylight orchestrator does not affect the USM user defined on the destination system.

To delete a USM user

1. Select Admin ▶ SNMP to access the Configuration page.

2. Select the USM Users tab.

3. Select an entry in the USM list.

4. Click the Remove    button. A dialog pops up asking you to confirm that you want to delete the user.

5. Click OK in the confirmation dialog to remove the user from the list.