Monitoring Aruba EdgeConnect Devices

Overview

Add Aruba EdgeConnect (formerly SilverPeak) Orchestrator devices to TOS using the Open Policy Model (OPM). OPM expands device coverage in TOS to additional vendors. Device connectors collect the device's configuration and policy data and import them into SecureTrack.

The Aruba device connector supports onboarding Aruba EdgeConnect Orchestrator using HTTPS API. SecureTrack pulls topology and rule data from the Orchestrator based on the sync schedule set in Tufin Integrations.

For supported features, see Features by Vendor in SecureTrack and Features by Vendor in SecureChange.

Prerequisites

  • EdgeConnect Orchestrator: HTTPS API access

  • Customer Portal access to download the OPM package

  • Admin credentials for SecureTrack and SecureChange

  • TOS server:

    • sudo permissions to run the installer

    • File upload permissions to /opt/misc

  • On systems with non-Tufin OS, python3 and bzip2 packages installed

Install the OPM package

Install the OPM package from the shell on the TOS server. The steps are identical for both new installations and upgrades.

If you have existing OPM packages, the OPM installer automatically detects and upgrades older versions.

  1. Go to the Download center.

  2. Select HPE Aruba Networking.

  3. Click Download to Computer.

  4. Upload the downloaded file to /opt/misc (recommended) on the TOS server:

    sh <package-name>

    where:

    <package-name> is the name of the package you downloaded in the format install-<vendor>-0.1.77.aur.run

  5. When prompted, enter:

    • SecureTrack Username and Password

    • SecureChange Username and Password

  6. Wait for the installation to complete. The installer installs PS Proxy and Tufin Integrations if they don't exist. If an older version is installed, the script upgrades it.

    These credentials are used by the OPM scripts to make API requests. You can always update them later in Tufin Integrations.

Device properties

The following properties are used for Aruba EdgeConnect Orchestrator devices:

Device Property Description
API key

API key used to authenticate with the EdgeConnect Orchestrator.

For instructions, see the Aruba Orchestrator API Key documentation.
FQDN (optional) For SaaS or cloud-based Orchestrators without a static IP. Used instead of the IP address.

Add a Device

Add an Aruba EdgeConnect Orchestrator to SecureTrack.

The API key must have Read-Only permission.

  1. In SecureTrack, go to Monitoring > Devices > Device Viewer.

  2. Click Add Device, then select Add OPM Device.

  3. In the ADD OPM DEVICE window, define the device details:

    • Vendor: HPE Aruba
    • OPM agent: Select the registered agent for Aruba
    • Type: EdgeConnect Orchestrator
    • Display name: Name to display in SecureTrack
    • IP: IP address of the device
  1. Click Next.
  2. Enter the API key and optional FQDN as needed.
  3. Click Save to confirm settings and add the device.

Sync Device with SecureTrack

Use Tufin Integrations to configure how SecureTrack syncs with your OPM-managed device. Tufin Integrations is the updated web interface for managing OPM devices, automatically installed by the OPM package if it is does not exist.

Configuring SecureTrack to sync with your OPM-managed device includes:

  • Assigning the device to a cluster

    You can assign devices to different TOS clusters for monitoring. For example, you can monitor one OPM device from the main cluster and another from a Remote Collector. Remote collectors are available only if they are configured in TOS.

  • Scheduling sync jobs

    Schedule automated syncs or trigger a manual sync on demand when monitoring is enabled for the device.

  • Reviewing job history

    View per-device status, start/end time, and message after each agent run.

When configuration is complete, SecureTrack runs a script that connects to the device, retrieves configuration data (such as interfaces, routes, and rules), and imports the data. This process replaces real-time monitoring with scheduled or manual data collection.

  1. To open Tufin Integrations, do one of the following:

    • Go to https://<tos-vip>/apps/integrations.

    • In SecureTrack , from the list of Tufin Extensions , select Tufin Integrations.

  2. From the DASHBOARD, select the OPM client or vendor to configure.

  3. Enable monitoring for the device and select the monitoring option:

    1. From the list of vendors on the left, select the vendor for the device to sync.

    2. To enable monitoring for this device, click Start.

    3. From the list of available devices, right-click the required device, and select the cluster from which to monitor the device:

      • Migrate to main: Monitor the device from the primary cluster.

      • Migrate to <remote_collector>: Monitor the device from a Remote Collector, for example, RC4.  Available only if a Remote Collector is configured in TOS. The actual name of the Remote Collector differs by environment.

      For automated or manual sync to run, you must enable monitoring for the device.

  4. Set the sync schedule:

    1. Set Schedule interval, for example: daily, weekly, or monthly.

    2. Choose the Time or Day of execution.

    3. Select the Log Level. The default is INFO.

    4. To enable the script, select Enabled.

    5. Click Save.

  5. To trigger the sync immediately, click SAVE & RUN. If not triggered manually, the sync is triggered as scheduled.

    Every script execution retrieves the configuration from all devices assigned to the vendor’s OPM agent.

  6. Verify the results in the Run Details popup:

    In the Agent Runs table, click the blue information icon information icon in the Run Details column.

    The popup shows the status, start and end time, and a message for each device in the run.