Here is the backstory of the request from the SolarWinds support case (Case #: 890027) that I opened on this feature request:
So, we are trying to do a firmware upgrade on a Juniper vSRX (Currently: Version 12.1X47-D20.7) to upgrade the firmware to 12.1X47-D25.4. This process works fine manually on the command line and it will work from the NCM server by going to the CONFIGS tab, then the Jobs tab and creating a new job with a Job Type of "Execute Command Script on Devices" and executing the following commands:
start shell
scp USERNAME@SOLARWINDSIPADDRESS:junos-vsrx-12.1X47-D25.4-domestic.tgz /cf/var/tmp/junos-vsrx-12.1X47-D25.4-domestic.tgz
PASSWORD
exit
request system software add validate /cf/var/tmp/junos-vsrx-12.1X47-D25.4-domestic.tgz reboot
That is the only way that I could successfully upgrade the firmware on a Juniper device using SolarWinds NCM (FTP, HTTP and TFTP are either unsupported by Juniper or banned by our Security team).
The problem with this approach is that the username and password is in clear text on the SolarWinds NCM job, which is unacceptable by the Networking and Security folks.
What I need to know is if there are any other methods that I can upgrade a Juniper vSRX device without using a job with a clear text password in the job? Can the SolarWinds NCM server's "SolarWinds SFTP/SCP Server" be used to create SSH private/public key pairs to push to the devices?
The main question that I have is: "Is there a way to push a file FROM the SolarWinds NCM server (Maybe using the SolarWinds SFTP/SCP Server process?) TO the Juniper device using a CONFIGS --> Job somehow?
This is the reply that I received from the support agent:
Unfortunately, this is a limitation of the SolarWinds Software. Currently, we use a VTY which is no different than PuTTY or CLI. This would be a feature request.
So, here I am creating a feature request to get the devs to add this as a feature. I know that if Junipers supported TFTP to transfer the file, this wouldn't be an issue, so this likely doesn't affect Cisco/Brocade customers, but this is such a big issue for us, as we are almost 100% a Juniper shop, that we are going to have to buy and install Junos Space just to do firmware upgrades in a fashion that the Network/Security guys will allow.
Junos Space handles this process by SCPing the file to the Juniper device as well (From Junos Space to the target device), but the authentication credentials are embedded in the job and the user does not see it (Take a gander at this video to see how it is done: Junos Space Image Management - YouTube). This actually makes me wonder if I can use a SolarWinds variable as the password in that firmware upgrade job... I'll have to look into that now that I think of it...