It's attached below which could be a good reference if you need to do a ITNCM PoC.I will blog the related tricks & tips in the coming articles.
Step 1. After we finish demonstrating the use stories of Omnibus and ITNM, from the TIP GUI, we launch the TNCM native GUI from the TIP navigation pane. (The purpose is to show that those products can work within a single-centralized GUI pane although strictly speaking this is just a navigation link)
Step 2. Then from the Navigation GUI, we initiate a "Manual Logon" IDT session to a Juniper EX4500 switch as the device user of "itncm" which is an unauthorized user on the switch. (The purpose of this step is to show that we can log onto a device remotely from TNCM)
Step 3. In that IDT session window, we made a change to a interface description as the device user "itncm". We also emphasize to the audience that this is actually an unauthorized change.
Step 4. Then we go back to the Omnibus TIP AEL event list and show that we received configuration change traps sent by the Juniper switch and also the TNCM event which shows OOBC change detected. Then after 1-2 mins, the UOW task events show the automatic configuration re-sync done by the TNCM. (This step's main purpose is to show customer that we can automatically detect OOBC changes, re-sync and inform operators. BTW we set up a AEL dedicated to configuration-related alarms in TIP beforehand to make the demo straightforward.)
Step 5. Then we select & right-click an TNCM alarm in the AEL and execute the TNCM integration tool of "Activity Viewer". This tool then presents a quite decent device configuration change history diagram and compliance report. Here we make some explanations to the audience about the presented view. (This step also highlights the seamless contextual integration between Omnibus & TNCM.)
Step 6. Then by right-clicking an icon in the configuration change history diagram, we execute the tool of "Compare config versions" which then contextually launch a TNCM window of configuration comparison. We select the "smart view" and then show the difference comparison window presenting the interface description change made on the device by the unauthorized user "itncm" just now.
Step 7. Then inside the related TNCM window, we show and explain to the customer about list of the detailed configuration maintained in TNCM and also advise them that if the operator is not happy about the OOBC change, she/he can then roll back to the previous configuration. But we didn't actually do that in the demo due to time limit.
Step 8. Then we go back to the TIP and from the ITNM network view we right-click that Juniper switch and show & explain to the customer about the menu in particular the TNCM integration menu item. (This is also to show seamless integration between ITNM and TNCM)Step 9. Then from that TNCM integration menu item, we execute the TNCM report of compliance score. Then it shows a decent report view about the device's compliance score and the compliance policy set up for Juniper switches. We also roughly show the customer how to set up the compliance policy in TNCM. (BTW, we set up two simple compliance policies for Juniper EX* switches beforehand. One is "Telnet should not be enabled" and the other is "itncm user should exist on the device". The purpose is to make sure that we have at least one policy compliant and the other policy breached in the report).