Enable SSH2 for the secure key transfers.

1. Ensure that SSH2 is enabled on each NE that is to participate in NGE; see To verify that SSH2 is enabled on a device.

2. Enable SSH2 host key persistence on devices that support host key persistence; see To enable SSH host key persistence on a device.

3. Create a mediation policy that specifies SSH2 as the CLI protocol; see To configure device mediation.

   If you specify SNMPv3 in the mediation policy, ensure that the associated SNMPv3 user has console access enabled.

4. Apply the SSH2 mediation policy as the Security Mediation Policy in each discovery rule associated with an NE that is to participate in NGE; see To configure a discovery rule.

Configure the global encryption label; see To create the NGE global encryption label.

Create a key group to specify the security algorithms, encrypt objects, and create a rekeying scheduled task; see To create an NGE key group.

As required, add objects to a key group, and encrypt the objects; see To add an object to a key group.

As required, add NGE domains to a key group; see To create an NGE domain on a key group.

As required, add managed sites to NGE domains, and apply encryption; see To configure an NGE domain.

As required, add unmanaged sites to NGE domains, and apply encryption; see To add unmanaged sites to an NGE domain.

If required, manually execute a rekeying scheduled task; see To manually execute a rekeying scheduled task.

View the results of one or more rekeying operations; see To view rekeying results and statistics.

Remove the NGE security from one or more objects; see To disable encryption on an object.