Configuring proxy settings
Use proxy settings to configure a proxy between the Portal and data sources. Choose Administration > System Settings: Proxy Settings to access the Proxy Settings page. Access to that page is controlled through the System Configuration permission—read-only provides view access only; read-write provides editing privileges.
Optionally, configure the host and port for HTTP traffic, HTTPS traffic, or both.
Optionally, set Non Proxy Hosts to specify paths that should not be routed through the proxy. Set Non Proxy Hosts to a list of patterns separated by the pipe symbol (|). The patterns may start or end with an asterisk (*) for wildcards. Any host matching one of these patterns will be reached directly instead of through the configured proxy.
You can specify a username and password to be passed to the proxy using the command-line interface.
Configuring the proxy username and password
1. Log in to the Portal command-line interface and open the controller_config.xml file:
enable
configure terminal
Portal-broker controller
2. Press Ctrl+W to search for proxyUsername.
3. Insert the username. For example: <entry key="proxyUsername">exampleUserName</entry>
4. Insert the password. For example: <entry key="proxyPassword">examplePassword</entry>
5. Press Ctrl+O to save the file, and press Ctrl+X to exit.
6. Reboot Portal.
Configuring SNMP polling
Portal supports the use of SNMP for traps and polling.
No license is required for SNMP support.
1. Log in to the Portal UI as an administrative user.
2. Choose Administration > System Settings: General.
3. Select the SNMP tab.
Configure SNMP polling by entering this information:
– Enable SNMP—Activate or deactivate SNMP.
– Download MIB—Download the devices MIB to your local system.
– SNMP Version—Choose the version of SNMP to use.
– Location—Type information about where the device resides. This can be between 0 and 255 characters long.
– Description—Type a meaningful description of the device. This can be between 0 and 255 characters long.
– Contact—Provide contact information for the administrator. This can be between 0 and 255 characters long.
– Community—Type the SNMP community string if you are using version 1 or version 2c. This must be between 1 and 31 characters long.
– Username—Specify the user account
– Security Level—For version 3, choose one of:
– NoAuthNoPriv—Authentication and privacy both are disabled.
– AuthNoPriv—Authentication is enabled and privacy is disabled.
– AuthPriv—Authentication and privacy both are enabled.
– Authentication Passphrase—For AuthNoPriv or AuthPriv, specify the string to use for authentication. This must be at least 7 characters long.
– Authentication Protocol—Choose MD5 or SHA as the authentication regime.
– Privacy Passphrase—For AuthNoPriv or AuthPriv, specify the string to use as an additional password. This must be at least 7 characters long.
– Privacy Protocol—Choose DES or AES.
4. If you are satisfied with your choices, apply your changes to take effect. Otherwise, revert your changes to return to the previous saved settings.
About encrypted syslog
You can send remote, secure notifications to a remote syslog server.
These controls are provided for configuring an encrypted syslog recipient:
• Click to configure encrypted syslog local certificate—This displays the General System Settings page, open to the Encrypted Syslog Certificate tab. This is the certificate that the remote server uses to verify the Portal system's identity, and it is used only when connecting to a remote syslog server. A self-signed certificate can be generated, or a certificate and private key can be imported.
• Host—Type the hostname or IP address of the syslog server.
• Port—This defaults to 6514, the well-known port for encrypted syslog.
• Auth method—For both the certificate validation and certificate matching methods, the certificate must match the hostname being contacted (the Subject/Common Name). If validation of the server fails, the connection will be terminated, and no syslog message will be sent.
– Certificate validation—This is the preferred authentication method. Add the root CA and any intermediate certificates for the remote syslog server. When the remote server is connected, the server's certificate is verified as properly signed—the same as for a typical browser connection. The server's certificate does not need to be known ahead of time.
– Certificate matching—For this method, enter the server's certificate here. When a connection is made, the certificate presented by the server is compared with this certificate, and the server is authenticated if the two match.
• Certificates
– Add—Click to display the Add Certificate dialog, in which you can type a certificate name and paste in its CA-signed certificate, in Privacy Enhanced Mail (PEM) format. Up to 30 certificates can be added for one remote syslog server.
Backup/restore considerations
Encrypted syslog uses a private key to identify the Portal system. Configuration backups are not encrypted, so that private key is not included in the backup. After a restore, the system creates a new self-signed certificate and key for itself. Depending on how the remote syslog server is configured, it’s likely that you will need to reconfigure the Portal system's old certificate and key manually. This behavior is the same as the certificate/key used for web UI connections. Certificates for the remote servers are public and are included in configuration backups.
Configuring encrypted syslog certificates
1. Log in to the Portal UI as an administrative user.
2. Choose Administration > System Settings: General.
3. Select the Encrypted Syslog Certificate tab.
4. Click Replace to update the certificate. Add your own certificate, or generate a new one.
If you are satisfied with the choices, save your changes. Otherwise, revert your changes to return to the previous saved settings.
Performing a backup and restore
From the Backup and Restore tab of the Administration > System Settings: System Operations page you can save an appliance's configuration information for safekeeping. This capability is not intended for use as a means of cloning a configuration rapidly to deploy new equipment.
The backup process saves configuration information including: custom dashboards, custom dashboard templates, thresholds, custom facets, AppResponse configuration elements (host groups, applications, and so on) and other modified settings. Most configuration information is backed up, although some is omitted, for example for security reasons.
The backup is written to a .tgz (G-zipped TAR) file.
Sensitive configuration such as SSL certificates/keys will not be backed up, and will be reset to defaults upon a restore operation. This includes the default SSL certificate used when logging in to the WebUI; the browser will complain about a self-signed certificate after a restore operation. Licenses will be left untouched, neither backed up nor deleted. Licenses are not transferable between devices. User accounts, including one-way-hashed passwords, will be backed up and restored.
When you Restore, the Portal system is reset to its factory default state prior to the restoration of the backed up configuration information.
Licenses are not affected by the system reset-factory command.
The reset and restore process can take a long time. The system does not provide a progress indicator, so, when you execute the restore command, be prepared to allow the process a period of time to run to completion, and monitor it occasionally to see if it has finished.
Rebooting and shutting down Portal
Portal should always be gracefully shut down. Shutting down the virtual appliance using the virtual power switch may result in data loss.
You must have the read/write System Configuration permission to reboot or shutdown Portal.
Rebooting Portal
A reboot restarts the virtual machine. Users are signed out and must sign in after Portal restarts. The reboot process can take several minutes to complete.
1. Choose Administration > System Settings: System Operations and select the Reboot/Shutdown tab.
2. Click Reboot.
3. Click OK, or click Cancel to stop the process.
After the process completes, you are directed to the sign-in page.
Shutting down Portal
A shutdown gracefully halts Portal and powers off the virtual machine. To restart Portal, you must turn on the virtual machine via the VM host.
1. Choose Administration > System Settings: System Operations and elect the Reboot/Shutdown tab.
2. Click Shutdown.
3. Click OK, or click Cancel to stop the process.
Updating the Portal software
Software updates to Portal can be installed using the Update page in the web UI. A single update image can be used to update Portal from one or more earlier versions. Check the release notes and the Riverbed Support site for more information on update paths for earlier versions.
An update to an earlier software version cannot be installed. Databases are modified during the update process, preventing a reversion to a previous release.
The update process requires:
• you have editing privileges for the System Configuration permission.
• an update image uploaded from your local file system or fetched from a remote source.
• a successful system check that the uploaded or fetched update image is valid and that adequate system resources, for example, storage, are available.
Other signed-in users of Portal are automatically signed out when an update starts. Users can sign in again once the update is completed and Portal has booted.
The Update Information section displays the update status, the current version of the Portal software, and the version of the update image.
• State indicates whether an update image is loaded and ready for installation. The state can be any of the following: Fetching, Initializing, Initialized, Failed Graceful, or Failed Critical. If the state is Failed Graceful, click Revert to uninitialize the update. If the state is Failed Critical, contact Riverbed customer support for assistance.
• State Description information is provided while the installation process is running.
• Current Version displays the software version of Portal currently installed.
• Target Version displays the version of the update image about to be installed.
The Update Source section provides you options for specifying the source of the image. You can select an update image on your local file system or fetch an update image from a remote web server.
• Select Upload new Update ISO File to specify an update ISO file residing on the local file system. Click Browse to explore the local file system and select an update image residing there. Portal automatically loads the selected file.
• Select Remote File URL and enter the URL identifying an update image residing on a web server. Click Fetch to load the update image for installation.
Updating Portal software
1. Choose Administration > System Settings: System Operations and select the Software Update tab.
2. Select an update source.
3. Click Install, or click Revert to cancel the update process.
Creating and managing system dumps
Three types of system dumps can be created and stored as a compressed file (.tgz) by a Portal system:
• Logs—includes log files, stack traces, and some additional diagnostics as well as version information and the most recent core dump.
• Cores—includes all core dumps, versions, and all stack traces.
• Both—includes the logs and the core dumps.
Sysdump employs a storage quota that limits the amount of disk space that can be consumed by a sysdump as it is being created; this prevents a rapidly growing sysdump from consuming an excessive amount of storage before the exhaustion of storage is recognized. Essentially, the amount of space that is available for sysdumps that is not used already is divided in half; if a newly created sysdump reaches the size of half the remaining sysdump space, the sysdump is stopped at that point as marked as “partial.”
Creating a system dump
1. Choose Administration > System Settings: System Operations and select the System Dumps tab.
2. Select the Log Type from the drop-down menu.
3. Optionally, type a customer case ID if you have received one from Riverbed support. The case ID will be prepended to the sysdump filename, and will be inserted also in the file metadata so that it will be easy to recognize which customer case the sysdump is associated with.
The Include System Metrics option is selected by default, but you can deselect it if you wish.
4. Click Generate. The compressed log file is generated in the background and is listed as pending under Available System Dumps until it is completed.
Managing system dumps
System dumps that have been started are listed under Available SysDumps. This information is provided for each dump:
• Created—the date and time the system dump was created.
• Status—The present state of the system dump. Pending indicates that the system dump is in progress in the background. Done indicates that the file is complete and ready for downloading.
• Size—The compressed file size, in bytes.
Downloading a system dump
1. Choose Administration > System Settings: System Operations and select the System Dumps tab.
2. Mouse over the system dump to be downloaded and select the check box to the left of the Created column.
3. Click Download Selected SysDump. The compressed folder is downloaded to your local system.