Operate NSO using the Web UI.
The NSO Web UI provides an intuitive northbound interface to your NSO deployment. The UI consists of individual views, each with a different purpose to perform operations such as device management, service management, commit handling, etc.
The main components of the Web UI are shown in the figure below.
The UI works by auto-rendering the underlying device and service models. This gives the benefit that the Web UI is immediately updated when new devices or services are added to the system. For example, say you have added support for a new device vendor. Then, without any programming requirements, the NSO Web UI provides the capability to configure those devices.
It's important to realize that the bulk of concepts and configuration options in Web UI are shared with the NSO CLI. The rest of the documentation covers these in detail. You need to be familiar with the fundamental concepts to work with the Web UI.
All modern web browsers are supported and no plug-ins are needed. The interface itself is a JavaScript Client.
By default, the Web UI is accessible on port 8080 of the NSO server for an NSO Local Install and port 8888 for a System Install. The port can be changed in the ncs.conf file. Users are required to authenticate before accessing the Web UI.
Log in to the NSO Web UI by using the username and password provided by your administrator. SSO SAML login is available if set up by your administrator. If applicable, use the SSO option to log in.
Log out by clicking your username on the top-right corner and choosing Logout.
Access the help options by clicking the help options icon in the UI banner. The following options are available:
Online documentation: Access the Web UI's online help.
Manage hidden groups: Administer hidden groups, e.g. for debugging. Read more about hide groups in NSO CLI.
NSO version: Information about the version of NSO you are running.
In the Web UI, supplementary help text, whenever applicable, is available on the configuration fields and can be accessed by clicking the info icons.
Anytime a configuration is changed in the Web UI (such as a device or service configuration change), the UI reflects the change with a so-called color-coded "dirty state", with the following meanings:
Blue color: An addition was made.
Red color: A deletion was made.
Green color: A modification was made to an already-committed list element.
The Commit Manager is accessible at all times from the UI banner. A number (corresponding to the number of changes in a transaction) is displayed next to the Commit Manager icon when changes are available for review. Working with the Commit Manager is further described in Tools.
Create and manage service deployment.
The Services view is used to view, create, and manage services in your NSO deployment. The default Services view displays the existing services.
If you have several services configured, you can use the Search to filter down results to the service of your choice. The search filter matches the entered characters to the service name and shows the results accordingly. Results are shown only for the service point that you have selected.
To filter the service list:
In the Select service type drop-down, select the service point to populate all the services under it.
Enter a partial or full name of the service you are searching for.
Press Enter.
To create and deploy a service:
In the Select service type drop-down, select the service point.
Click the Add service button. You will be redirected to the Configuration editor view.
In the Add new list item pop-up, enter the required information, which in this case is the name of the service.
Confirm the intent.
Configure additional service data in the Configuration editor view.
Review and commit the service to NSO in the Commit manager. Committing the service deploys it to NSO and displays it in the Services view.
Service configuration is viewed and carried out in the Configuration Editor. In the Services view, you can use the Modify in Config Editor option on the desired service to access its config in the Configuration Editor.
To rename a service:
Navigate to the service using the Configuration Editor and access the Edit config tab.
Select the service in the list using the checkbox.
Click the pencil icon.
Rename the service in the pop-up.
Commit the change in the Commit manager.
To edit service configuration:
Navigate to the service using the Configuration Editor and access the Edit config tab.
Click the service name in the list.
Make the changes.
Commit the changes in the Commit manager.
The other two tabs, i.e., Config and Operdata can be used respectively to view the service configuration and operational data.
You can apply actions on a service from the Services view or the Configuration editor.
Start by selecting the service point to populate all services under it and then follow the instructions below:
To apply an action on a service:
Choose the preferred action from the list, i.e., Re-deploy, Un-deploy, Check sync, Deep check sync, or get modifications.
The Check sync action can be run on multiple services at once by selecting them using the checkbox and then running the action using the Choose actions button.
Actions Possible in the Services View
The Modify in Config Editor and Delete are GUI-specific operations accessible on the service row.
Additional actions are applied to an individual service. Use this option if you want to run an action with additional parameters.
Access the service in the Configuration Editor. This you can do by selecting the Modify in Config Editor option in the Services view.
Access the Actions tab in the Configuration editor view.
Click the desired action in the list.
At this point, you can configure different parameters.
(Use the Reset action parameters option to reset all parameters to default value).
Run the action.
Actions Possible in the Configuration Editor -> Actions Tab
To view details of a service:
In the Select service type drop-down, select the service point.
Click the desired service. This opens up the service details view.
Browse service details using the following tabs:
Details
Plan
Log
To delete a service instance:
In the Select service type drop-down list, select the service point.
Select, using the checkbox, the service to be deleted. You can select multiple services at once.
Click Delete.
Confirm the intent in the pop-up.
Review and commit the change in the Commit manager.
To skip the Commit Manager review, use the Commit changes directly option in the Delete service instance pop-up.
Manage devices, device groups, and authgroups in your NSO deployment.
The Devices view provides options to manage devices, device groups, and authgroups in the NSO network.
The Device management view lists the devices in the network and provides options to manage them.
You can search for a device by its name, IP address, or other parameters. Narrow down the results by using the Select device group filter.
To add a new device to NSO:
Click the Add device button.
In the Add device pop-up, specify the device name.
Click Add.
Configure the specifics of the device in the Configuration editor.
Review and commit the changes in the Commit manager when done.
Actions can be applied on a device from the Device management view or the Configuration editor -> Actions tab.
An action can be applied to a single or multiple devices at once.
Select the device(s) from the list using the checkbox.
Using the Choose actions button, select the desired action. The result of the action is returned momentarily.
Actions Possible in the Device Management View
Additional actions are applied to an individual device. Use this option if you want to run an action with additional parameters.
Click the device name in the list. You will be redirected to the Configuration editor view.
Access the Actions tab in the Configuration editor.
Click the desired action in the list.
At this point, you can configure different parameters.
(To reset all the parameters to their default value, use the Reset action parameters option).
Run the action.
Actions Possible in the Configuration Editor -> Actions Tab
If you access the device in the Configuration editor, the following additional actions are available:
migrate, instantiate-from-other-device, check-yang-modules, scp-to, copy-capabilities, compare-config, connect, scp-from, find-capabilities, sync-from, disconnect, rename, add-capability, sync-to, ping, load-native-config, apply-template, check-sync, delete-config, clear-trace, and fetch-host-keys,
To edit the device configuration of an existing device:
In the Devices view, click the desired device from the list.
In the Configuration editor, click the Edit config tab.
Make the desired changes.
(Press Enter to save the changes. An uncommitted change in a field's value is marked by a green color, and is referred to as a 'dirty state').
Review and commit the change in the Commit manager.
The other two tabs, i.e., Config and Operdata can be respectively used to:
View the device configuration, and,
View the device's operational data.
The Device groups view lists all the available groups and devices belonging to them. You can add new device groups in this view as well as carry out actions on devices belonging to a group.
Device groups allow for the grouping and collective management of devices.
Click Add device group.
In the Create device group pop-up, specify the group name.
If you want to place the new device group under a parent group, select the Place under parent device group option and specify the parent group.
Click Create. You will be redirected to the group's details page. Here, the following panes are available:
Details: Displays basic details of the group, i.e., its name and parent/subgroup information. To link a sub-group, use the Connect sub device group option.
Devices in this group: Displays currently added devices in the group and provides the option to remove them from the group.
Add devices: Displays all available NSO devices and provides the option to add them to the group.
In the Add devices pane, select the device(s) that you want to add to the new group and click Add to device group. The added devices become visible under the Devices in this group pane.
Finally, click Create device group.
Click the desired device group to access the group's detail page.
In the Devices in this group pane, select the device(s) to be removed from the group.
Click Remove from device group. The devices are removed immediately (without a Commit Manager review).
Click Save device group.
Device group actions let you perform an action on all the devices belonging to a group.
Select the desired device group from the list. It is possible to select multiple groups at once.
Choose the desired action from the Choose actions button.
Actions Possible in the Device Groups View
This view is further partitioned into the following two tabs for different device types:
The Group tab
The SNMP Group tab
The Group tab is used to view, search, and manage device authentication groups for CLI and NETCONF-managed devices.
To create a new group:
Click the Add authgroup button.
Enter the Authgroup name and click Continue.
In the group details page, add users to the newly created group:
If a default map is desired for unknown/unmapped users, use the Set default-map option.
Click the Add user button to bring up the Add user overlay window. Here, you have the option to add the user with the authentication type set to 'remote mapping' or 'callback':
Remote mapping: If remote mapping is desired, specify the local-user that is to be mapped to remote authentication credentials and configure the following settings:
remote-user: Choose between same-user or remote-name options.
remote-auth: Choose between same-pass, remote-password, or public-key options.
remote-secondary-auth (optional): Choose between same-secondary-password or remote-secondary-password options.
Callback: If a callback type authentication is desired to retrieve login credentials, specify the local-user, set the Use callback flag, and configure the following settings:
callback-node
action-name
Click Add. This adds the newly created user to the group and displays it in the list.
4. Click Create authgroup to save and finish creating the group.
To view/edit details of a group:
Click the group name to access the group details page.
Make the desired changes, such as adding/removing a user from the group, editing existing user settings, or configuring general group settings.
Click the Save authgroup button to save and apply the changes.
To delete a group:
Proceed with caution as the changes are applied immediately.
Select the desired group using the checkbox.
Click Delete.
Confirm the intent by pressing Delete in the pop-up.
The SNMP Group tab is used to view, search, and manage device authentication groups for SNMP-managed devices.
To add a new group:
Click the Add SNMP group button.
Enter the SNMP group name and click Continue.
In the group details page, add users to the newly created group:
If a default map is desired for unknown/unmapped users, use the Set default-map option.
Click the Add user button to bring up the Add user overlay window.
Specify the local-user and configure the following settings:
community (optional): Choose between community-name or community-binary-name.
remote-user: Choose between same-user or remote-name options.
security-level: Choose between no-auth-no-priv, auth-no-priv, or auth-priv options. Depending on the security-level selection, specify further the required SNMP authentication and privacy parameters, which include the authentication/privacy protocol, key type, and remote password.
Click Add. This adds the newly created user to the group and displays it in the list.
4. Click Create SNMP group to save and finish creating the group.
To view/edit details of a group:
Click the group name to access the group details page.
Make the desired changes, such as adding/removing a user from the group, editing existing user settings, or configuring general group settings.
Click the Save SNMP group button to save and apply the changes.
To delete a group:
Proceed with caution as the changes are applied immediately.
Select the desired group using the checkbox.
Click Delete.
Confirm the intent by pressing Delete in the pop-up.
Click the plus button.
The Configuration editor view shows a host of options when configuring a service. You are expected to be well-versed with these options (and service concepts in general) before you delve into service configuration. Refer to the and documentation for more information.
On the desired service in the list, click the more options button.
Available actions include Re-deploy, Un-deploy, Check sync, Deep check sync, and get modifications. See for the details of these actions.
Fetch the action information by clicking the info icon in the Configuration editor -> Actions tab.
Access the service in the Configuration editor to run the following actions: check-sync, reactive-re-deploy, un-deploy, deep-check-sync, touch, set-rank, re-deploy, get-modifications, and purge. See for the details of these actions.
In the Device management view, you can also apply actions on a device using the more options button.
Available actions include Connect, Ping, Sync from, Sync to, Check sync, Compare config, Fetch ssh host keys, and Apply template, and. See for the details of these actions.
The Modify in Config Editor and Delete are GUI-specific operations accessible by clicking the more options button on the device row.
To fetch information about an action in the Configuration editor -> Actions tab, click the info icon.
See for the details of these actions.
In the Device groups view, you can also apply actions on a device group using the more options button.
The available group actions are the same as in the section called (e.g., Connect, Sync from, Sync to, etc.) and are described in .
The Modify in Config editor option is accessible by clicking the more options button on a device group.
The Authgroups view displays device authentication groups and provides ways to manage them. Concepts and settings involved in the authentication groups setup are discussed in .
Home page of NSO Web UI.
The Home view is the default view after logging in. It provides shortcuts to Devices, Services, Config editor, and Tools.
Currently loaded Web UI extension packages are shown in this view under Packages. Web UI packages are used to extend the functionality of your Web UI, for example, to create additional views and functionalities. Examples are creating a view to visualize your MPLS network, etc.
Traverse and edit NSO configuration using the YANG model.
The Configuration editor view is where you view and manage aspects of your NSO deployment using the underlying YANG model, for example, to configure devices, services, packages, etc.
The Configuration Editor's home page shows all the currently loaded YANG modules in NSO, i.e., the database schema. In this view, you can also browse and manage the configuration defined by the YANG modules.
All NSO configuration is performed in this view. You can edit the configuration data defined by the YANG model directly in this view or in some cases, get directed by the Web UI to this view.
An important component of Configuration Editor is the Configuration Navigator which you can use to traverse and edit the configuration defined by the YANG model in a hierarchical tree-like fashion. This provides an efficient way to browse and configure aspects of NSO. Let's say, for example, you want to access all the devices in your deployment and choose a specific one to view and configure. In the Configuration Editor, you can do this by typing in ncs:devices in the navigator, and then choosing further guided options (automatically suggested by the Web UI), e.g., ncs:devices/device/ce0/config/....
As you navigate through the Web UI, the Configuration Navigator automatically displays and updates the path you are located at.
Use the TAB key to complete the config path.
When accessing an item (e.g., a device, service, etc.) using the Configuration Editor, the following tabs are visible:
Edit Config tab, to configure the item's configuration.
Config tab, to view configured items.
Operdata tab, to view the operational data relevant to the item (e.g., last sync time, last modified time, etc).
Actions tab, to apply an action to the item with specified options/parameters.
Depending on the selection of the tabs mentioned above, you may see four additional tabs in the Configuration editor view:
Widgets tab, to view the data defined by YANG modules in different formats.
None tab.
Containers tab, to view container-specific information from the YANG model.
List tab, to view list-specific information from the YANG model.
Tools to view NSO status and perform specialized tasks.
The Tools view includes utilities that you can use to run specific tasks on your deployment, such as running compliance reports, etc.
The following tools are available:
Insights: Gathers and displays useful statistics of your deployment.
Package upgrade: Used to perform upgrades to the packages running in NSO.
High availability: Used to manage a High Availability (HA) setup in your deployment.
Alarms: Shows current alarms/events in your deployment and provides options to manage them.
Commit manager: Shortcut to the Commit Manager.
Compliance reports: Used to run compliance checks on your NSO network.
The Insights view collects and displays the following types of operational information using the /ncs:metrics data model to present useful statistics:
Real-time data about transactions, commit queues, and northbound sessions.
Sessions created and closed towards northbound interfaces since the last restart (CLI, JSON-RPC, NETCONF, RESTCONF, SNMP).
Transactions since last restart (committed, aborted, and conflicting). You can select between the running and operational data stores.
Devices and their sync statuses.
CDB info about its size, compaction, etc.
In the Package upgrade view, you can load custom packages in NSO.
The Reload button on the Packages pane is the equivalent of the packages reload command in CLI. Read more about the reload action in NSO Packages.
To install a new package:
In the Package upgrade view, click Browse files to select a new package (.tar or .tar.gz) from your local disk.
Click Upload. The package becomes visible under the Available pane. (The Progress Trace shows the real-time progress of the upload).
Click Install.
On the Loaded pane, click Reload and confirm the intent.
To uninstall an existing package:
To uninstall a package, simply click Deinstall next to the package in the Loaded packages list.
The High Availability view is used to visualize your HA setup (rule-based or Raft).
Actions can be performed on the cluster using the Configuration editor -> Actions tab. Possible actions are further described in the High Availability documentation under Actions.
The Alarm manager view displays current alarms in the system. The alarms are categorized as criticals, majors, and minors and can be filtered by the device.
The Commit manager displays notifications about commits pending to be approved. Any time a change (a transaction) is made in NSO, the Commit Manager displays a notification to review the change. You can then choose to confirm or revert the commit.
Transactions and Commits
Take special note of the Commit Manager. Whenever a transaction has started, the active configuration data changes can be inspected and evaluated before they are committed and pushed to the network. The data is saved to the NSO datastore and pushed to the network when a user presses Commit.
Any network-wide configuration change can be picked up as a rollback file. The rollback can then be applied to undo whatever happened to the network.
To review a configuration change:
Review the available changes appearing as Current transaction. If there are errors in the change, the Commit Manager alerts you and suggests possible corrections. You can then fix them and press Re-validate to clear the errors.
Click Revert to undo or Commit to confirm the changes in the transaction.
Commit Options: When committing a transaction, you have the possibility to choose Commit options and perform a commit with the specified commit option(s). Examples of commit options are: No revision drop, No deploy, No networking, etc. Commit options are described in detail in the JSON-RPC API documentation under Methods - transaction - commit changes.
Start a transaction to load or save configuration data using the Load/Save option which you can then review for commit. The following tabs are available:
Rollback, to load data that reverts an earlier change.
Files, to load data from a local file on your disk.
Paste, to load data by pasting it in.
Save, to save loaded data to a file on your local disk.
In the Commit manager view, the following tabs are shown.
changes tab, to list the changes and actions done in the system, e.g., deleting a device or changing its properties.
errors tab, to list the errors encountered while doing changes. You can review the errors, make changes, and revalidate the error using the Re-validate option.
warnings tab, to list the warnings encountered while doing changes.
config tab, to list the configuration changes associated with the change.
native config tab, to list the device configuration data in the native config.
commit queue tab, to manage commit queues. See Commit Queue for more information.
The Compliance reporting view is used to create and run compliance reports to check the current situation, check historical events, or both. The conceptual aspects of the compliance reporting feature are discussed in greater depth in the Compliance Reports section.
Web UI is the recommended way of running the compliance reports.
The following tabs are available in this view:
Compliance reports
Report results
The Compliance reports tab is used to view, create, run, and manage the existing compliance reports.
To create a new compliance report:
In the Compliance reporting view -> Compliance reports tab, click New report.
In the Create new report pop-up, enter the report name and click Create.
Next, set up the compliance report using the following tabs. For a more detailed description of Compliance Reporting concepts and related configuration options, see Compliance Reporting.
General tab: to configure the report name. Configuration options include:
Report name: Displays the report name and allows editing of the report name.
Devices tab: to configure device compliance checks. Configuration options include:
Device choice: Include All devices or only Some devices to include in compliance checks. If Some devices is selected, specify the devices using a device group, an XPath expression, or individual devices.
Current out of sync: Check the device's current status and report if the device is in sync or out of sync. Possible values are true (yes, request a check-sync) and false (no, do not request a check-sync).
Historic changes: Include or exclude previous changes to devices using the commit log. Possible values are true (yes, include), and false (no, exclude).
Compliance templates: If a compliance template should be used to check for compliance (see Device Configuration Checks). You have the option to add a compliance template using the Add template option or convert an existing device template into a compliance template by using the Create from device template option (which can then be added using the Add template option). To enforce devices to comply exactly with the template's configuration, use Strict mode; see Additional Configuration Checks for more information.
Services tab: to configure service compliance checks. Configuration options include:
Service choice: Include All services or only Some services. If Some services is selected, specify the services using service type, an XPath expression, or individual service instances.
Current out of sync: Check the service's current status and report if the service is in sync or out of sync. Possible values are true (yes, request a check-sync) and false (no, do not request a check-sync).
Historic changes: Include or exclude previous changes to services using the commit log. Possible values are true (yes, include), and false (no, exclude).
Click Create report when the report setup is complete. The changes are saved and applied immediately.
Copy as new report: Copy an existing report as a new report.
Run: Run the report.
Delete: Delete the report.
Edit name: Edit the report name.
To run a compliance report:
In the Compliance reports tab, click the desired report and then click Run report.
Specify the following in the Run report pop-up:
Report title
Historical time interval. Select the time range. The report runs with the maximum possible interval if you do not specify an interval.
Click Run report.
The Reports results tab is used to view the status and results of the compliance reports that have been run.
The report's results show if the devices/services included in the report are compliant or have violations. A summary of the report status is available readily in the Report results tab. To fetch detailed information on the report, click the report name. The following information panes are then available:
Details: Includes specifics about the report that was run, such as report name, date/time it was run, time range, and contents analyzed (i.e., services, devices, and rollback files).
Results overview: Shows a summary of the results with information on the number of compliant and non-compliant devices/services.
Devices/Services/Errors: Displays individual compliance and error information for analyzed devices and services. In case of non-compliance, a 'diff view' is available.
Use the Export to file button to export the report results to a downloadable file (PDF).
To exit back to the home page from another path, click the home button.
Click the up arrow to go back one step to the parent node.
To fetch information about a property/component, click the info button.
You can run actions on an alarm by selecting it and using the run action button.
Access the Commit Manager by clicking its icon in the banner.
In the Commit manager view, you can fetch additional information about the leaf by enabling more node options and clicking the info button.
In the Compliance reports tab, you can apply the following actions on the report by selecting it using the checkbox and using the more options button.
