Organization
Overview
This discusses the menus that you can use to monitor your organization, and manage sites, devices, accounts, licenses and VPN members for the organization.
Monitor
Use the Monitor menus to check the site and device information and change logs for the selected organization.
Organization Overview
This menu shows you the site locations on the Google map and the summary of sites, site tags and connected devices for the selected organization.
Sites
Click the Sites tab in the Overview screen to view detailed information of the sites which are associated with the selected organization.
The following table describes the labels in this screen.
Organization > Overview: Sites
Label | Description |
Tag | Select one or multiple sites and click this button to create a new tag for the site(s) or delete an existing tag. |
Delete | Select the site(s) and click this button to remove it. |
Search | Enter a key word as the filter criteria to filter the list of sites. |
Sites | This shows the number of sites in this organization. |
Over the last day | This shows how many clients associated with the sites in this organization and the total amount of data transmitted or received by the clients in the past day. |
Status | This shows whether the site is online (green), has generated alerts (yellow), or goes off-line (red) during the past day or has been off-line for at least one week (gray). |
Name | This shows the descriptive name of the site. |
Usage | This shows the amount of data consumed by the site. |
Client | This shows the number of clients associated with the site. |
Tag | This shows the user-specified tag that is added to the site. |
Site Health | This shows the percentage of uptime in a given time interval to indicate the site’s network availability. • Green: 95-100% Network uptime • Dark green: 75-95% Network uptime • Brown: 50-75% Network uptime • Red: <50% Network uptime • Grey: No uptime data |
Device | This shows the total number of Nebula devices deployed in the site. |
Offline device | This shows the number of off-line Nebula devices deployed in the site. |
% Offline | This shows what percentage of the connected clients are currently off-line. |
| Click this icon to display a greater or lesser number of configuration fields. |
Site tags
Click the Site tags tab in the Overview screen to view the tags created and added to the sites for monitoring or management purposes.
The following table describes the labels in this screen.
Organization > Overview: Site tags
Label | Description |
Search | Enter a key word as the filter criteria to filter the list of tags. |
Site tag | This shows the number of site tags created and added to the sites in this organization. |
Over the last day | This shows how many clients associated with the sites in this organization and the total amount of data transmitted or received by the clients in the past day. |
Status | This shows whether the device is online (green), has generated alerts (yellow), or goes off-line (red) during the past day or has been off-line for at least one week (gray). |
Tag | This shows the tag created and added to the site. |
Site | This shows the name of the site to which the tag is added. |
Offline device | This shows the number of off-line Nebula devices deployed in the site. |
Client | This shows the number of clients associated with the site. |
Usage | This shows the amount of data consumed by the site. |
Device | This shows the total number of Nebula devices deployed in the site. |
Offline site | This shows the number of off-line sites to which the tag is added. |
% Offline | This shows what percentage of the sites are currently off-line. |
| Click this icon to display a greater or lesser number of configuration fields. |
Devices
Click the Devices tab in the Overview screen to view the detailed information about devices which are connected to the sites in the selected organization.
The following table describes the labels in this screen.
Organization > Overview: Devices
Label | Description |
Search | Enter a key word as the filter criteria to filter the list of connected devices. |
Devices | This shows the number of Nebula devices assigned to the sites in this organization. |
Over the last day | This shows how many clients associated with the sites in this organization and the total amount of data transmitted or received by the clients in the past day. |
Status | This shows whether the device is online (green), has generated alerts (yellow), or goes off-line (red) during the past day or has been off-line for at least one week (gray). |
Model | This shows the model number of the device. |
Name | This shows the descriptive name of the device. |
Site | This shows the name of the site to which the device is connected. |
MAC address | This shows the MAC address of the device. |
Tag | This shows the user-specified tag for the device. |
Client | This shows the number of the clients which are currently connected to the device. |
Usage | This shows the amount of data consumed by the device. |
Serial number | This shows the serial number of the device. |
Configuration status | This shows whether the configuration on the device is up-to-date. |
Connectivity | This shows the device connection status. Nothing displays if the device is off-line. The gray time slot indicates the connection to the NCC is down, and the green time slot indicates the connection is up. Move the cursor over a time slot to see the actual date and time when a device is connected or disconnected. |
| Click this icon to display a greater or lesser number of configuration fields. |
Change Log
Use this screen to view the logged messages for changes in the specified organization.
When the log is full, it deletes older entries one by one to make room for new ones.
The following table describes the labels in this screen.
Organization > Change log
Label | Description |
Search | Specify your desired filter criteria to filter the list of logs. |
| This shows the date the last log was recorded and the total number of the log messages in the list. |
Time (UTC) | This shows the date and time the log was recorded. |
Admin | This shows the name of the administrator who made the changes. |
Site | This shows the name of the site to which the change was applied. |
SSID | This shows the SSID name to which the change was applied. |
Page | This shows the name of the NCC menu in which the change was made. |
Label | This shows the reason for the log. |
Old value | This shows the old setting that was discarded and overwritten with the new attribute value. |
New value | This shows the new setting that was adopted. |
Configure
Use the Configure menus to create new sites, register or unregister a device, change organization general settings, and manage licenses, user accounts, administrator accounts or VPN members in the organization.
Create Site
After an organization is created, click Organization > Create Site to add a site (network) to your organization.
1 Enter a descriptive name for the site.
2 If you already have one or more than one sites in the organization and you want to copy the site settings of an existing one, select the Clone from checkbox and then the site name.
3 Choose the time zone of the site’s location.
4 Enter the name of the registered device that is to be added to this site. If there is no registered Nebula devices in the organization, you can click register to claim one.
5 Click Create site to add the new site to your organization.
Inventory
Use this screen to view and manage the Nebula devices you registered for the selected organization.
The following table describes the labels in this screen.
Organization > Inventory
Label | Description |
Add to ... | Click this button to assign the selected device(s) to an existing site. |
Unregister | Click this button to remove the selected device(s) from the organization. |
Unused | Click this button to show the Nebula device(s) which is not assigned to a site yet. |
Used | Click this button to show the Nebula device(s) which has been assigned to a site. |
Both | Click this button to show all Nebula devices which are registered for the organization. |
Search | Enter a key word as the filter criteria to filter the list of connected devices. |
Devices | This shows the number of the devices in the list. |
Register | Click this button to pup up a window where you can register a device by entering its MAC address and serial number even before the device is connected to a site. You can click template in the pop-up window to download the template (an example Excel file), add devices information in the Excel file, and then click import to register multiple devices quickly by importing the Excel file. |
Export | Click this button to save the device list as a CSV or XML file to your computer. |
MAC address | This shows the MAC address of the device. |
Serial number | This shows the serial number of the device. |
Site | This shows the name of the site to which the device is connected. |
Model | This shows the model number of the device. |
Registered on | This shows the date and time that the device was registered at the NCC. |
Country | This shows the country where the device is located. |
License Management
Use this screen to view and manage the licenses for Nebula devices in the organization.
Note: Licenses for different Nebula devices in the same organization are re-calculated and set to expire on the same day.
The license credit (device points) varies depending on the type and number of Nebula devices you are managing and for how long you want to manage the devices using the NCC service.
Device and Organization
• When a Nebula device is registered and assigned to an organization at NCC for the first time, the organization can use the license credit that comes with the device, and the organization creator is the device owner at NCC.
• If a device is removed from an organization, you can only register it again for the original or other organizations that belong to the same organization creator. And the new organization cannot use the device’s license credit.
Note: The account you use to create an organization is the administrator creator account that has full access to that organization. The organization creator account cannot be deleted by other organization administrators. See
Administrator for more information about administrator accounts.
Limited Lifetime License (LLL)
Zyxel offers a lifetime management license that will not expire for NCC services. The lifetime license is on a per organization basis. If you register a lifetime license key for your organization, each Nebula device in the organization must have a lifetime license. Make sure you have enough limited lifetime licenses for all Nebula devices in the organization. After upgrading to lifetime licenses, you cannot set the organization back to use non-lifetime licenses.
Note: The organization with lifetime licenses will not consume its non-lifetime license credit again even before the non-lifetime license expires.
The following table describes the labels in this screen.
Organization > License management
Label | Description |
Nebula Control Center License / Nebula Security Service License |
Status | This shows whether the license is active. |
Expiration date | This shows the date the license expires. |
Remaining | This shows the number of days remaining before the license expires. |
Calculator | Click the button to open a screen where you can determine the additional license credit (device points) you should get to allow more time for the service. Select a date to which you want to extend the expiration date for the current license. You should purchase the device points in increments of 10. Therefore, the required minimum device points (based on the date you specified) might be different to the actual device points you can purchase. The screen also shows the actual date the license will expire after you get the device points. |
Devices | This shows the model name and the number of Nebula devices that you can manage with the current license. |
Nebula points for 1 year of NCC service | This shows the number of device points (license credit) you need to have one-year NCC service for the Nebula devices listed above in the Devices section. |
Nebula Security Points for 1 year of NSS-IDP service | This shows the number of device points (license credit) you need to have one-year NSS-IDP service for the Nebula devices listed above in the Devices section. |
Activated | Click this button to show the service that has been activated. |
Registered | Click this button to show the service that has been registered. |
Both | Click this button to show the service that has been registered and also activated |
Register | Click this button and enter your license key(s) to register a new service. |
License Key | This shows the license key for the service. |
Type | This shows how the service is registered. |
Service | This shows the type of the service. It shows NCC-1Yr Bundle if the Nebula managed device is offered one-year NCC service. The license will be automatically activated when the device is registered. It shows Empty if the device doesn’t have any NCC service license. It shows NCC Stay when the device is removed (unregistered) from the organization but the device’s license credit is still valid and belongs to this organization. To transfer the license credit to another organization, please go to Help > Support request to submit a ticket. |
Activated at | This shows when the service is activated. |
Status | This shows whether the service is registered (and activated). |
Action | Click the Activate button to activate or extend the service with the license key. You can renew the license’s expiration date. |
Device | This shows the model name of the Nebula device which you can manage with the license. |
MAC address | This shows the MAC address of the Nebula device which you can manage with the license. |
Serial number | This shows the serial number of the Nebula device which you can manage with the license. |
Organization Setting
Use this screen to change your general organization settings, such as the organization name and security.
The following table describes the labels in this screen.
Organization > Setting
Label | Description |
Name | Enter a descriptive name for the organization. |
Security |
Idle timeout | Select ON and enter the number of minutes each user can be logged in and idle before the NCC automatically logs out the user. Select OFF if you don’t want the NCC to log out users. |
Login IP ranges | Select ON and specify the IP address range of the computers from which an administrator is allowed to log into the NCC. Select OFF to allow any IP address of the computer from which an administrator can log into the NCC. |
Import certificate | Select ON to import a certificate that can be used by connected Nebula APs in WPA2 authentication. |
Certificate | This shows the name used to identify the certificate. |
Status | This shows whether the certificate is active. |
Actions | Click Edit to change the certificate name or password or replace the certificate. |
Update certificate | Click this button to save a new certificate to the NCC. |
Add certificate | Click this button to save a certificate to the NCC. |
Name | Enter a name for the certificate. |
File Path | Click to find the certificate file you want to upload. |
Password | Enter the certificate file’s password. |
Add | Click this button to save your changes. |
Cancel | Click this button to return the screen to its last-saved settings. |
Administrator
Use this screen to view, manage and create administrator accounts for the specified organization.
The following table describes the labels in this screen.
Organization > Administrator
Label | Description |
Force logout | Click this button to force the selected account(s) to log out of the NCC. |
Delete | Click this button to remove the selected account(s). |
Search | Specify your desired filter criteria to filter the list of administrator accounts. |
administrators | This shows the number of administrator accounts in the list. |
Import | Click this button to create administrator accounts in bulk by importing a complete list of all new administrators in an Excel file. |
Add | Click this button to create a new administrator account. See
Create/Update Administrator. |
Name | This shows the name of the administrator account. |
Email address | This shows the email address of the administrator account. |
Privilege | This shows whether the administrator account has read-only, monitor-only, guest ambassador, or read and write (full) access to the organization and sites. Installer indicates the administrator account can register devices at a site. Owner indicates the administrator account is the creator of the organization, who has full access to that organization and cannot be deleted by other administrators. |
Account status | This shows whether the administrator account has been validated (OK). It shows Deactivate if an administrator account has been created but can not be used. This may happen since you can only have up to five active administrator account on Nebula (free). |
Last access time | This shows the last date and time traffic was sent from the administrator account. |
Create date | This shows the date and time the administrator account was created. |
Status change date | This shows the last date and time the administrator account status was changed. |
Create/Update Administrator
In the Organization > Administrator screen, click the Add button to create a new administrator account or double-click an existing account entry to modify the account settings.
The following table describes the labels in this screen.
Organization > Administrator: Create/Update administrator
Label | Description |
Name | Enter a descriptive name for the administrator account. |
Email | Enter the email address of the administrator account, which is used to log into the NCC. This field is read-only if you are editing an existing account. |
Organization access | Set the administrator account’s access to the organization. When an administrator account has read and write (Full) access, the administrator can create or delete other administrator accounts, create or delete a site, and add or renew licenses for Nebula devices in the organization.  The account you use to create an organization is the administrator creator account that has full access to that organization. The organization creator account cannot be deleted by other organization administrators. If you select Read-only, the administrator account can be the organization administrator (that has no write access to the organization) and also be a site administrator. If you select None, the administrator account can only be a site administrator. |
Activated | Select Yes to enable the account or No to temporarily disable the account. |
Site | This field is available only when you set the account’s organization access to Read-only or None. Select the site to which you want to set the account’s access. |
Privilege | This field is available only when you set the account’s organization access to Read-only or None. Set the administrator account’s access to the site. You can select from Read-only, Monitor-only, Guest Ambassador, Installer and Full (read and write). An administrator account that has Guest Ambassador access can create, remove or mange guest accounts using the Cloud Authentication screen (see
Cloud Authentication). Installer access allows an administrator to register devices at this site. |
Add | Click this button to create a new entry in order to configure the account’s access to another site. |
Close | Click this button to exit this screen without saving. |
Create admin | Click this button to save your changes and close the screen. |
Cloud Authentication
Use this screen to view and manage the user accounts which are authenticated using the NCC user database.
The following table describes the labels in this screen.
Organization > Cloud Authentication
Label | Description |
Account Type | Select the type of user accounts that you want to display or create. User - an internal user that can gain access to the networks by authenticating with a RADIUS server via the IEEE 802.1x or WPA2 authentication method or the captive portal. MAC - an internal user that can gain access to the networks by authenticating with a RADIUS server via the MAC-based authentication method. Guest - a guest that can gain access to the networks via the captive portal. VPN User - a L2TP VPN client that can gain access to the networks by authenticating with the Nebula cloud authentication server. |
Authorization | This button is available only when your administrator account has full access to the organization. Select one or more than one user account and click this button to configure the authorization settings for the selected user account(s). |
Remove users | This button is available only when your administrator account has full access to the organization. Select one or more than one user accounts and click this button to remove the selected user account(s). |
Search | Enter a key word as the filter criteria to filter the list of user accounts. |
Users | This shows how many user accounts of the selected type displayed in the list and how many user accounts match the filter criteria. |
Import | Click this button to create user accounts in bulk by importing a complete list of all new users in an Excel file. |
Add | Click this button to create a new user account. See
Create/Update User. |
Export | Click this button to save the account list as a CSV or XML file to your computer. |
Email | This field is available only when the account type is set to User, Guest or VPN User. This shows the email address of the user account. |
Username | This field is available only when the account type is set to User, Guest or VPN User. This shows the user name of the user account. |
Description | This shows the descriptive name of the user account. |
MAC address | This field is available only when the account type is set to MAC. This shows the MAC address of the user account. |
Account type | This shows the type of the user account. |
Authorized | This shows whether the user has been authorized or not. |
Authorized by | This shows the email address of the administrator account that authorized the user. |
Expire in | This shows the date and time that the account expires. This shows - if authentication is disabled for this account. This shows Never if the account never expires. |
Login by | This field is available only when the account type is set to User, Guest or VPN User. This shows whether the user needs to log in with the email address and/or user name. |
Created by | This shows the email address of the administrator account that created the user. |
Created at | This shows the date and time that the account was created. |
| Click this icon to display a greater or lesser number of configuration fields. |
Create/Update User
The following table describes the labels in this screen.
Organization > Administrator: Create/Update user
Label | Description |
Account type | This is the type of the user account. |
Email | Enter the email address of the user account, which is used to log into the networks. |
Username | This field is not available when the account type is MAC. Enter the user name of this account. |
Description | Enter a descriptive name for the account. |
Password | This field is not available when the account type is MAC. Enter the password of this user account. It can consist of 4 - 31 alphanumeric characters. You can click Generate to have the NCC create a password for the account automatically, and select the checkbox to send the password to the user via email. |
MAC address | This field is available only when the account type is MAC. Enter the MAC address of this account. |
Authorized | Set whether you want to authorize the user of this account. |
Expire in | This field is available only when the user is authorized. Click Change to specify the number of minutes/hours/days/weeks the user can be logged into the network in one session before the user of this account has to log in again. Otherwise, select Never and the user of this account will never be logged out. |
Login by | This field is not available when the account type is MAC. Select whether the user needs to log in with the email address and/or user name. |
Close | Click this button to exit this screen without saving. |
Print | Click this button to print the account information. |
Create user | Click this button to save your changes and close the screen. |
VPN Members
Use this screen to view and manage the VPN members in the organization.
The following table describes the labels in this screen.
Organization > VPN Members
Label | Description |
Topology | This shows the VPN topology of the organization. |
Maximum site connectivity | This shows the maximum number of Site-to-Site VPN tunnels allowed in the organization. It is determined by the maximum allowed for the smallest model. |
Connect site member | This shows the number of Site-to-Site VPN tunnels which are currently set up in the organization. |
Site Connectivity |
Site | This shows the name of the site to which the security gateway is assigned. Click the name to go to the Site-Wide > Dashboard screen. |
Model | This shows the model name of the security gateway. |
Subnet(s) | This shows the address(es) of the local network behind the security gateway, on which the computers are allowed to use the VPN tunnel. |
NSG status | This shows whether the security gateway is online or goes off-line. |
Join member | Select ON to set the VPN topology of the security gateway to Site-to-Site by default or Hub-and-Spoke when another site in the same organization has permitted the use of Hub-and-Spoke VPN topology. Otherwise, select OFF to not set a VPN connection. This also change the VPN topology in the Gateway > Configure > Site-to-Site VPN screen (see
Site-to-Site VPN). |
NAR traversal | This shows the public IP address or the domain name that is configured and mapped to the security gateway on the NAT router. |
