Configure VOS User Accounts
For supported software information, click here.
To configure Versa Operating SystemTM (VOSTM) user accounts, you configure a VOS user policy. The policy contains account and role information for shell accounts on VOS devices. When the policy is associated with a main template, and the template is then published to a device, it configures the device with the accounts listed in the policy.
In a VOS user policy, you configure one or more user accounts and define access permissions for these accounts. You assign the accounts either the Admin or Operator role. These roles grant the following abilities:
- Admin
- Be placed into either the Versa CLI or the shell at initial login.
- Start a shell from the CLI.
- Start the CLI from a shell.
- Use the sudo command to run privileged commands.
- Login using the physical or virtual console.
- Login using SSH to port 22 and port 2024. When using port 2024, the user is always placed into the CLI, regardless of the login that is configured.
- Use password-less authentication on VOS devices, using the SSH public key. Password-less authentication enhances security, protecting the system against the brute force password attacks of SSH.
- Configure multiple SSH keys.
- View and modify the device configuration.
- Operator
- Login to the CLI using the physical or virtual console only.
- View the device configuration.
This article describes how to configure VOS user policies.
Note: In Concerto Releases 12.2.2 and earlier, you configure VOS user accounts through a user management policy. For information about configuring these policies in Releases 12.2.2 and earlier, see Manage VOS Users.
Create a VOS User Policy
You can create a VOS user policy as part of a main template, or you can create it separately and then associate it with a main template. For more information about main templates, see Configure Main Templates.
- To create a VOS user policy as part of a main template:
- In Tenant view, select Configure > Secure SD-WAN > Main Templates.
- Click + Add, or select an existing main template for which you want to configure the policy.
- Select the workflow step for Servers and Settings, in the top menu bar. The following screen displays.
- Select the VOS User Policies tab, and then click Add New VOS User Policy. The Add VOS User Policy workflow displays.
- Continue to Configure VOS User Accounts, below.
- To create a VOS user policy separately from a main template:
- In Tenant view, select Configure > Secure SD-WAN > Servers & Settings > VOS User Policies
The following screen displays.
- Click + Add. The Add VOS User Policy workflow displays.
- Continue to Configure VOS Users, below.
- In Tenant view, select Configure > Secure SD-WAN > Servers & Settings > VOS User Policies
Configure VOS User Accounts
Note: You configure all VOS user accounts for a device in a single VOS user policy. You can associate exactly one VOS user policy with a main template.
To configure VOS user accounts:
- In workflow step 1, VOS Users, click + Add.
The Add VOS Users popup window displays.
- Enter information for the following fields.
Field Description Username Enter the login name for the user. This is the user's account on the device.
Range: 2 through 31 characters
Role Select the role for the account:
- Admin
- Operator
Default: Admin
Log Into Select the command interface the user is placed into when they login to the account.
- CLI—The Versa CLI.
- Shell—A Linux shell. The bash shell is assigned by default.
Note that if Role is Admin, the CLI and Shell options are displayed. For the Operator role, only the CLI option is displayed.
Password Enter a password for the account. You can also use a parameterized variable as a password; see Object Variables in Versa Concerto for SD-WAN.
Confirm Password Confirm the password. - Click Add VOS User.
- To add additional accounts, repeat steps 1 through 3.
- Continue to Configure Permissions, Review, and Submit the VOS User Policy, below.
Configure Permissions, Review, and Submit the VOS User Policy
- In the Add VOS User Policy workflow, select step 2, Permissions. The following screen displays.
- To change the permissions for a role, select/deselect Create, Read, Update, or Delete in the Permissions column. These permissions apply to this specific policy; see Object Permissions in Versa Concerto for SD-WAN.
- Click Next or select workflow step 3, Review and Submit.
- In the General section, enter information for the following fields.
Field Description Name Enter a name for the VOS user policy.
Description Enter a text description. Tags Enter a tag, and then press the Enter key. You can enter multiple tags. A tag is an alphanumeric text descriptor with no spaces or special characters. The tags are used for searching the objects. Reuse Options (For policies added through the Main Templates workflow) Click Reusable on Other Templates to make the policy usable in other main templates. Otherwise, click Not Reusable. If you mark the policy as reusable, the policy is listed in the VOS User Policies table at Configure > SD-WAN > Servers & Settings > VOS User Policies. - Review the settings you have selected. Click the
Edit icon to change a setting, if needed. - Click Submit.
Manage VOS User Policies
You can perform the following actions on VOS user policies:
- Edit
- Clone
- Delete
- View references
- Propagate
- Compare versions
- View the audit log
- Enable and disable auto delete
For information about these actions, see Manage SD-WAN Policies and Profiles.
Supported Software Information
Releases 13.1.1 and later support all content described in this article.
Additional Information
Configure Main Templates
Manage SD-WAN Policies and Profiles
Versa Concerto for SD-WAN