With any application, getting the balance right between security and convenience is crucial. At NetBox Labs, we believe that you shouldn’t have to compromise in either area and this blog will explore some of the latest NetBox Cloud features that are designed to make the lives of the network team easier, whilst at the same time enhancing the security of NetBox Cloud.
Prefer video? Watch this on-demand webinar, “New Security and Efficiency Enhancements in NetBox Cloud,” which includes a hands-on tour of the security and convenience features of NetBox Cloud, and covers how robust security features are combined with user-friendly functionality.
Let’s take a quick look at some of the features that we will cover in depth in the webinar.
Securing Access with Prefix Lists
Prefix Lists enable fine-grained control over access to your NetBox Cloud instances. With the flexibility to manage IPv4 and IPv6 addresses across different interfaces (UI, API & GraphQL), it’s never been easier to customize access policies that suit your needs.
What Prefix Lists Offer
- Create, Edit, and Delete Prefix Lists: Easily manage your allowed IP addresses or ranges directly in the NetBox Labs Admin Console.
- Synchronize Prefix Lists with NetBox: Synchronize your Prefix Lists from a NetBox instance using tags for consistent network security.
- Large List Support: Manage lists with support for up to 15,000 prefixes, ensuring comprehensive access control across your network.
- Interface-Specific Prefixes: Apply distinct Prefix Lists to control access to the NetBox Cloud UI, API, and GraphQL interfaces separately.
Prefix Lists provide a layered security approach by controlling which source IP addresses can connect to your instances. By managing separate lists for the UI, API, and GraphQL interfaces, you can tailor your network security based on your organization’s unique access requirements. You can find step-by-step guides for working with Prefix Lists in the NetBox Labs Admin Console documentation site.
Add Even More Security – mTLS and Dedicated IP Addresses
If you require extra layers of security on top of Prefix Lists then we have you covered, with these additional security options:
- mTLS: Mutual TLS provides advanced connection security for enterprise use cases by ensuring that all clients connecting to NetBox cloud present a valid security certificate before establishing an encrypted connection. Combine with Prefix Lists for ultimate connection security.
- Dedicated IP Addresses: Utilize a dedicated IP address for accessing the User Interface (UI) and Application Programming Interface (API) to bolster security and ensure protected connectivity.
Database Backup and Restore
Data integrity and security is a primary focus at NetBox Labs, and with our robust NetBox database backup features, you can rest assured that your data remains secure and easily recoverable. Scheduled backups take place automatically and all backups are encrypted at rest and in transit to offsite storage. From within the NetBox Labs Admin Console, you can easily manage and work with your backup files.
What the Backup and Restore Feature Offers
- View Available Database Backups: Get a list of all available backups, giving you visibility and control over your data recovery points.
- On-Demand Backups: Take a backup of your NetBox Cloud database at any time with the click of a button, ensuring you have recent recovery points before major changes.
- Download Backup Files: Download a local copy of any backup file, enabling you to keep an additional copy in your own secure storage or replicate it to an on-prem NetBox.
- Restore from Backup: Restore your NetBox Cloud instance directly from a previous database backup, minimizing downtime and ensuring business continuity.
- Restore to Another NetBox: Set up daily or weekly restores eg. from production to dev Netbox instances (contact support to set this up).
The database backup feature safeguards your NetBox Cloud data effectively. Whether you need an on-demand backup before major changes or a full restoration to a previous state, these capabilities ensure your data is always protected and easily recoverable. You can find step-by-step guides for working with database backups in the docs.
Streamlining NetBox Cloud Upgrades with the Safe Upgrade Tool
Upgrading your NetBox Cloud instance has never been easier, thanks to the Safe Upgrade Tool. The upgrade process ensures that your NetBox Cloud instance remains secure and up-to-date while handling any plugin compatibility issues automatically.
Note that NetBox Cloud instances for Starter Tier customers are automatically upgraded to the latest versions, but for Pro and Enterprise customers there are options for ‘On Demand’ upgrades. See our Upgrade Policy for more details.
Key Benefits of the Safe Upgrade Tool
- Automated Plugin Compatibility Handling: Automatically upgrades compatible plugins to match the new NetBox version.
- Recommendations and Warnings: Clearly indicates the safest version to upgrade to and provides warnings for incompatible plugins.
- Seamless Upgrade Experience: Ensures a smooth upgrade process with minimal disruption to your operations.
With the Safe Upgrade Tool, upgrading your NetBox Cloud instance is straightforward and efficient. It provides peace of mind by handling plugin compatibility and ensuring you’re always on the most secure and feature-rich version of NetBox Cloud. You can find step-by-step guides for upgrading NetBox Cloud in the docs.
Two-Factor Authentication for the NetBox Labs Admin Console
Two-Factor authentication for the NetBox Labs Admin Console enhances security even further by adding an extra layer of protection beyond just a password, making it significantly more challenging for unauthorized users to gain access.
2FA is super quick and easy to enable or disable in a couple of clicks, and you can view the step-by-step instructions to set this up in the dedicated docs page.
SSO Options for NetBox Cloud: Enhancing Security and Streamlining Access
Single Sign-On (SSO) capabilities within NetBox Cloud offer a robust way to streamline access and bolster security across your network management environment. By centralizing authentication control, SSO minimizes password-related vulnerabilities and unauthorized access, making it simpler to manage and monitor user access to NetBox Cloud.
Common SSO Integrations Across All Pricing Plans
NetBox Cloud integrates with popular SSO providers such as Azure, Okta, and Google across all pricing tiers, ensuring seamless access control regardless of the plan you choose. This support includes:
- Microsoft Azure Active Directory: Utilizes OAuth2 for authentication.
- Okta: Supports both OAuth2 and OpenID protocols.
- Google: Offers OAuth2 and OpenID integrations.
- AWS Cognito (coming soon): Will support OAuth2 once implemented.
Advanced SSO and Group Mapping for Enhanced Control
For organizations with more complex needs, NetBox Cloud offers advanced SSO options and group mapping features on Professional and Enterprise plans:
- Group Mapping: Available with Okta and Azure (planned for Google AWS Cognito), this feature syncs group memberships from your Identity Provider (IDP) directly to NetBox Cloud. This synchronization helps align user access with organizational structures and enhances security by ensuring up-to-date access management.
- Advanced SSO (SAML 2.0): Available as a paid add-on for Professional plans and included in Enterprise plans, SAML 2.0 offers a higher level of customization and security for SSO configurations.
- Authorization Servers for Okta: If you use Okta for NetBox Cloud SSO and require Authorization Servers (‘long-form’ URL) for security policies, we’ve got you covered. Okta Authorization Servers allow for custom access policies, scopes, and claims, offering flexible management for multiple client apps.
Custom Connectivity Options
The standard NetBox Cloud offering is delivered over the internet in a single AWS region, with TLS Security and IP Prefix Lists to secure access, and this is suitable for a large majority of customers. If however, you require connectivity over and above the standard offering then there are multiple options available:
- AWS Private Link, Single Region: Delivery via Private Link between a customer’s existing AWS account and the NetBox Labs AWS account, with VPC endpoints using private IPs. This option has fast turn-up times and standard Internet delivery can optionally be disabled.
- IPSEC VPN Tunnels, Single Region: Delivery via IPSEC VPN. Single or dual tunnel options, using a static route or BGP (preferred), with customer IP space assigned for the VPC.
- AWS Direct connect, Single Region: Delivery via AWS Direct Connect. Available via hosted connections from BT, Equinix Fabric, MegaPort, Optus, PCCW, Zayo etc. VLAN hand-off with BGP, Single or dual Direct Connect, customer IP space assigned for the VPC.
- AWS Direct connect, Multi Region Failover: Delivery via AWS Direct Connects in 2 regions. Replicated NetBoxes, Single (or dual) Direct Connect in each region. Customer IP space assigned for the VPCs
If you require custom connectivity for NetBox Cloud we will work with you to ensure you have the optimal connectivity and delivery option for your requirements.
Plugins
The NetBox community has built hundreds of plugins to expand on NetBox’s core functionality. NetBox plugins enable you to document and model new kinds of resources, connect automations, add workflows, and much more. While there are many more plugins available in the community, some of the most popular plugins are featured in the Community Plugin Catalog.
From within the Admin Console you can now quickly and easily view details of each plugin you have installed, including the version and scope, for each of your NetBox instances. This includes private plugins that you may have developed yourself along with public plugins from the community catalog. Note that for private plugins we provide the same safe upgrade functionality as we do for community plugins, so rest assured that your upgrades will always be safe no matter which type of plugins you have.
For step-by-step instructions you can view the docs, or contact support for assistance with adding plugins to your NetBox instance. Also look out for more functionality around managing plugins from within the NetBox Cloud Admin Console coming very soon!
Hostnames Manager
In the NetBox Labs Admin Console, you can view and manage hostnames and their associated NetBox instances easily. While current functionality allows for viewing hostnames and their associated instances, look out for more advanced management features coming very soon! You can read more about the different categories of hostname for NetBox Cloud on the docs page.
Launch of the AI-Powered NetBox Labs Resource Center
Last (but definitely not least!), we’ve rolled out the NetBox Labs Resource Center, an AI-powered in-app tool that boosts efficiency by providing direct access to curated resources within NetBox Cloud. From how to add a new device to becoming a NetBox Hero – the Resource Center will guide you instantly to the correct information, whether that’s a blog, documentation, webinar or how-to video!
This new, non-intrusive hub facilitates finding resources to answer specific questions quickly and easily. By integrating help directly into the application, you have the right information at your fingertips without leaving NetBox.
Look out for the NetBox Labs Resource Center tool coming soon to your NetBox Cloud instance!
Summary
I hope this blog post has given you a feel for some of the recently added Netbox Cloud features and how they combine convenience with robust security – two things that are always top of mind for us here at NetBox Labs. New features keep coming thick and fast, so stay tuned for more exciting product updates coming soon!
To take a deeper dive and see all these features in action, be sure to check out this on-demand webinar, New Security and Efficiency Enhancements in NetBox Cloud.