How To: Password protect remote configuration changes from profile scripts

Overview

ZPE Cloud provides a great way to remotely manage your ZPE Nodegrids and make configuration changes from the cloud.  However, in some cases such as:

1. You are a very paranoid System Administrator
   
2. You work with other ZPE Cloud admins/operators with same permission levels as you.
   
3. You want to protect against the proverbial "fat finger" mistake.

Therefore, you may want to lock down your Nodegrid from remote configuration changes initiated in the cloud using profiles.  Profiles are a powerful tool for ZTP and other management activities, but in your situation, it isn't ideal to just have any admin/operator change your device configuration, perhaps by mistake.

Enable File Protection

The first step is to "Enable File Protection" on Nodegrid.  In the web UI, navigate to Security-->Services, then check the box "Enable File Protection" and provide a password.  This is the password that must be provided when pusing a profile/script from ZPE Cloud to this device.

Configure Password Protected

Now, from the cloud, any profile that is to be applied to this device, must provide the password you set in "Enable File Protection" in order to run successfully.

• Related Articles

• Changing the Password

  One can change the admin password with any of these methods. Method 1: Login as admin and click on admin link( drop down ) on the top right corner Click Change Password Enter your current and New passwords Click Save  Method 2: Navigate to ...

• How to: Create and apply configurations to your device using ZPE Cloud

  Overview ZPE Cloud profiles enable to perform operations to your Nodegrid devices, such as: configurations, custom scripts, backups, software upgrades, and cellular modem firmware upgrades. In this document, we are focusing on the configuration ...

• How to: Enable ZPE Cloud Remote Access...Remotely

  You just got your ZPE Nodegrid up and running and it is connected and enrolled in your ZPE Cloud. But you can't access it remotely because the remote access buttons are grayed out. It is online, but no access available. The way to get remote access ...

• Password Encryption for automation scripts

  For automation you may need to encrypt passwords for security reason. For example with ZTP/ansible or with ZPE Cloud you may have scripts to change a password. Openssl is the tool to use. The example below will encrypt your password with MD5-based ...

• Ansible configuration on remote Nodegrid devices

  Ansible playbook can be used to automate remote devices. Every remote device needs to have one ansible user to apply the automation. Follow this script to have complete configuration of ansible user, ssh keys, sudo permission on remote Nodegrid ...