Netmagis
| Netmagis: Specifications |
Netmagis is an application designed to ease network administration, It provides data management for DNS and DHCP servers, a modelization of the network with a graph, allowing an automatic map generation of the network topology (on the routing and the switching level) and the visualization of metrology informations.
It is also a web application, meaning accessing informations become really easy.
Features for users
For the user, Netmagis offers the following functions:
- add, modify and delete a host (A record for IPv4 addresses or AAAA for IPv6 addresses);
- associate informations for each host:
- one or more IPv4 and IPv6 addresses,
- optionnale MAC address (allowing to define a static DHCP allocation),
- DHCP profile (allowing to define DHCP options like a network boot or a terminal),
- host type, choosen in a list defined by the administrator (eg. PC, printer etc.),
- any comment,
- name and email address of the person in charge of a host ;
- support for multiple DNS views (also called split DNS): the same name can be associated to different IP addresses according to the appropriate DNS view.
- add, modify and delete address intervals for a dynamic DHCP server;
- display a list or a map of all hosts in a network;
- add, modify and delete aliases (CNAME DNS records);
- add, modify and delete "mail roles" which define MX records;
- consultation of the people in charge of a host;
- display level 2 map (switching) and level 3 (routing) of the network if the user allowed to consult them;
- modify switch interfaces to set the desired VLAN (including the ToIP VLAN if it exists);
- consult metrology informations regarding the network equipements if the user is allowed to see them.
Features for administrators
For the administrator, Netmagis offers the following functions:
- manage access rights of user groups: allowed networks and allowed IP addresses, authorized DNS domains, authorized DNS views, accessible DHCP profiles and network equipements;
- manage networks, DNS domains, zones, views, network administrators and groups, user communities, DHCP profiles, etc.;
- definition of mail relays for domains;
- definition of a zone "prologue", including the SOA record in which the serial number will be generated for each zone modification;
- MAC address search and network equipement interface search given an IP address;
- statistics (by organization, by network, etc.);
Besides, for mass-modification, or to automate some operations, Netmagis also provides command-line script to add hosts, modify informations pertaining to a host, etc.
Netmagis can rely on your LDAP directory and, optionally on your CAS server, for authentication. In the case you don't have any LDAP directory or CAS server, Netmagis can directly manage users into a PostgreSQL database.
Main characteristics
The following objects are managed by Netmagis:
| Objects | Attributes |
| Hosts | Name (FQDN), associated view, IPv4/IPv6 address(es), type, MAC address (optional), comment, person or group in charge. In addition, depending on configuration: TTL, allowed to use unauthenticated SMTP |
| Aliases | Names (FQDN) of the alias and of the referenced host |
| Mail relay | Names (FQDN) of the MX and of the host which receives the messages |
| Networks | Name, geographical localization, IPv4 and/or IPv6 address passerelle par défaut, activation du service DHCP, organisme, communauté, commentaire |
| Domain | Domain name |
| Views | View name (no limit on number of managed views) |
| Zones | Name, records to put in the prologue, selection criteria (domain or IP address range), associated view |
| DHCP profiles | Name, lines to insert into the dhcpd.conf configuration file for ISC DHCPD |
| Dynamic DHCP interval | IPv4 address interval, domain name, DHCP profile, default and maximum leases time |
| VLANs | VLAN, VLAN Id and «ToIP» capability |
| Equipments | Name, type, et status (active or not) |
| Network administrator groups | Logins of group membres in the authentication database (LDAP or PostgreSQL), access rights |
| Group rights | Database administrator right, network rights IP addresses rights, domain name rights accessible DHCP profiles, host TTL modification rights, unauthenticated SMTP rights, network equipements read access rights, network equipements modification access rights |
Authentication et user account management
Authentication is managed by Netmagis. Account management is done:
- either with an existing LDAP or PostgreSQL infrastructure In that case, you manage user accounts with your own tools, and Netmagis will fetch informations concerning the users using their login
- or with a dedicated PostgreSQL database, in that case you will use the user management built into Netmagis.
Authentication can also use a CAS server with a LDAP directory
Hardware prerequisite
Netmagis is a lightweight application and does'nt need a lot of computing power.
Moreover, you could if you wish so (but it is in no way obligatory), install each component on a distinct server:
- Web server
- Data server (PostgreSQL)
- Authentication server (LDAP, CAS+LDAP or PostgreSQL)
- DNS server
- DHCP server (if necessary)
- Mail relay server (if necessary)
- Network equipements management server (if necessary)
- Metrology server (if necessary)
Of course, one computer could host one or several services listed above. You should decide according to your own constraints regarding your current network architecture and the security level required.
Software prerequisite
Netmagis needs the following software:
| Type | Software | Minimum version | Mandatory | Comment |
| Web server | Apache | >= 2.4 | Mandatory | Any web server compatible with CGI interface can do |
| RDBMS | PostgreSQL | >= 9.1 | Mandatory | PostgreSQL is mandatory in order to use network address datatypes, stored procedures, triggers et transactions |
| Language | Tcl | >= 8.5 | Mandatory | Programming Language used |
| Library | Tcllib | >= 1.15 | Mandatory | Tcllib contains essential functions like LDAP directory access or OO extensions |
| Encryption | OpenSSL | any | Mandatory | OpenSSL can encrypt strings (password for example) on the command line. |
| Password generation | pwgen | >= 1.5 | Mandatory | Generate a password when creating a user account |
| PDF generation | LaTeX | Optional | pdflatex is used to generate the PDF files when printing lists. We recommend either the teTeX distribution or the TeX-Live distribution. | |
| Network equipements management | Rancid | Optional | Rancid is used simultaneously to collect network equipement configurations and to send modifications to equipements (to set VLAN to interface) | |
| Language | Perl | 5.x | Optional | Used for the optional metrology module NB: the required Perl modules are not documented yet |
| Metrology database | RRDTools | Optional | Used for the optional metrology module |