About Host Settings
Host settings are located under Administration > Networking: Host Settings. Host settings including host networking, proxy, and interface settings.
When you initially run the installation wizard, you set required network host settings for the appliance. Change host settings only if you want to make additional modifications, perform additional configuration, or want to verify the DNS configuration:
• Name—Modify the hostname only if your deployment requires it.
• DNS Settings—We recommend you use DNS resolution.
• Hosts—If you don’t use DNS resolution, or if the host doesn’t have a DNS entry, you can create a host-IP address resolution map.
• Configure How this Appliance Connects to the Network—Configure proxy addresses for web or FTP proxy access to the SteelHead. You can also create a whitelist of domains allowed to bypass the proxy. Because SteelHead backups to SCC are blocked if a proxy is enabled, this option lets you enter an exception to allow direct SteelHead to SCC communication.
About SSH and HTTPS connections to managed appliances
If you want to upgrade SCC connections to managed appliances from IPv4 to IPv6, you must break and then reinitiate the SSH and HTTPS connections. The SCC uses SSH and HTTPS to communicate with managed appliances. The SSH connection is initiated from SCC, and merely changing the SCC hostname from the SteelHead will not disconnect and reinitiate the SSH connection. To properly disconnect and reinitiate this communication, you must explicitly break the SSH and HTTPS channels on the SCC. You can break the channels in any of these ways:
• Disable the IPv4 address from the Interface.
• Disable the IPv6 address from the Interface.
• Reboot the SCC.
Alternatively, you can also break the SSH and HTTPS channels by:
• running the CLI command no scc enable on the managed appliance.
• specifying the new IP address of the appliance in the Manage > Appliances: Appliances Pages: Host Settings.
• changing the IP address of the SCC in the Host Settings page.
This table summarizes the CLI steps to establish the SSH/HTTPS channels.
Appliance conditions | No SSH/HTTPS channels | There is SSH/HTTPS channel already over IPv4 | There is SSH/HTTPS channel already over IPv6 |
|---|
SteelHead & SCC reachable over IPv4 and IPv6 | To establish an SSH/HTTPS channels: scc hostname <ip-address> scc enable | Until the existing SSH/HTTPS channel is broken explicitly the IPv4 SSH/HTTPS channel will continue to exist. Break the channels using the procedures described above. To reestablish the SSH/HTTPS channels: scc hostname <ip-address>
scc enable | Until the existing SSH/HTTPS channel is broken explicitly the IPv6 SSH/HTTPS channel will continue to exist. Break the channels using the procedures described above. To reestablish the SSH/HTTPS channels: scc hostname <ip-address>
scc enable |
SteelHead & SCC reachable over IPv4 only | To establish the SSH/HTTPS channel over IPv4: scc hostname <ip-address> scc enable | To establish the SSH/HTTPS channel over IPv4: scc hostname <ip-address>
scc enable | Not applicable |
SteelHead & SCC reachable over IPv6 only | To establish the SSH/HTTPS channel over IPv6: scc hostname <ip-address> scc enable | Not applicable | To establish the SSH/HTTPS channel over IPv6: scc hostname <ip-address>
scc enable |
About DNS settings
Primary DNS Server
Specifies the IP address for the primary name server. The IP address can be either IPv4 or IPv6. For IPv6 specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example: 2001:38dc:0052:0000:0000:e9a4:00c5:6282
You don’t need to include leading zeros. For example: 2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example: 2001:38dc:52::e9a4:c5:6282
Secondary DNS Server
Specifies the IP address for the secondary name server.
Tertiary DNS Server
Specifies the IP address for the tertiary name server.
DNS Domain List
Specifies an ordered list of domain names. If you specify domains, the system automatically finds the appropriate domain for each of the hosts that you specify in the system.
About Host settings
Add a New Host
Manually adds a host if you are not using DNS and creates a Host-IP address resolution map.
IP Address
Specifies the IP address of the host.
Hostname
Specifies the hostname of the host.
Remove Selected
Removes the selected host.
Configuring proxy settings
You configure proxy settings under Administration > Networking: Host Settings. These configuration options are available under Configure How this Appliance Connects to the Network:
Enable Proxy Settings
Provides network proxy access to the SteelHead. It enables the SteelHead to use a proxy to contact the Riverbed Licensing Portal and fetch licenses in a secure environment. You can optionally require user credentials to communicate with the proxy, and you can specify the method used to authenticate and negotiate user credentials. Proxy access is disabled by default.
RiOS supports these proxies: Squid, Blue Coat Proxy SG, Microsoft WebSense, and McAfee Web Gateway.
Web/FTP Proxy
Specifies the IP address, either IPv4 or IPv6, for the network or FTP proxy. For IPv6 specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example: 2001:38dc:0052:0000:0000:e9a4:00c5:6282
You don’t need to include leading zeros. For example: 2001:38dc:52:0:0:e9a4:c5:6282
You can replace consecutive zero strings with double colons (::). For example: 2001:38dc:52::e9a4:c5:6282
Port
Specifies the port for the network or FTP proxy. The default port is 1080.
Enable Authentication
Requires user credentials for use with network or FTP proxy traffic. Specify these values to authenticate the users:
• User Name—Specify a username.
• Password—Specify a password.
• Authentication Type—Select an authentication method from the drop-down list:
– Basic—Authenticates user credentials by requesting a valid username and password. This is the default setting.
– NTLM—Authenticates user credentials based on an authentication challenge and response.
– Digest—Provides the same functionality as basic authentication; however, digest authentication improves security because the system sends the user credentials across the network as a Message Digest 5 (MD5) hash.
Proxy Whitelist
Adds or remove domains from a proxy whitelist.