Registration and Configuration
This chapter describes the basic management operations for the SCC. It includes the following sections:
SCC registration and configuration
This section describes how to register and configure SteelHeads, Interceptors, Mobile Controller, and Cores with the SCC. This section includes the following topics:
Setting up an appliance for SCC management
All SteelHeads, Interceptors, Mobile Controllers, Cores, and Edges are shipped with SCC management and automatic registration enabled.
To disable automatic registration, see the SteelCentral Controller for SteelHead User Guide or the SteelHead User Guide.
Manual registration
To complete registration from the SCC, enter the following information about the appliance into the Appliances page of the SCC:
• Serial number
• IP address
• Username
• Password
With this information, the SCC can connect to and manage the SteelHead. If you enable Common Administration Login, the SCC uses a single username and password to manage all appliances. The appliance-specific username and password are ignored. A single username and password is useful if the account used by the SCC to authenticate is the same across the organization or the SCC account is authenticated through TACACS+ or RADIUS.
For more information about using a single username and password, see the
SteelCentral Controller for SteelHead User Guide. For details on automatic registration, which doesn’t require the SteelHead serial number, see
Automatic registration.
Automatic registration
Automatic registration allows a new appliance installed in an existing SCC-managed environment to automatically contact the SCC and register itself. Automatic registration is useful in environments in which you want to ship an appliance to a remote office and have a nonadministrator operator connect the appliance into the network.
To use automatic registration, prepare the appliance for registration with the SCC by entering the IP address or DNS-registered hostname of the SCC when you run the configuration wizard on the appliance. We recommend that you set up your DNS servers to resolve riverbedcmc to the primary interface IP address of your SCC. If you configure your DHCP servers to forward the correct DNS settings, any appliance added into the network and powered on should automatically register with the SCC.
Alternatively, you can use the cmc enable and cmc hostname commands. If you do not change the default hostname, it remains riverbedcmc.
If the appliance password has changed from the default, the SCC can automatically register the appliance, but it can’t connect to nor manage it. The appliance appears as disconnected on the Appliances page. To continue the automatic registration process, from the Edit Appliance page, select Edit Appliance and enter the correct password.
If automatic registration is not working, use the show cmc command to verify that automatic registration is enabled. If the show cmc command indicates that the hostname is correct, but autoregistration is not working, check the SteelHead name server search-path configuration using the show host command. Use the cmc hostname <hostname> command to change the SCC hostname (by default, riverbedcmc in DNS).
Registration doesn’t change the appliance configuration. It allows the SCC to communicate with the appliance. Configuration of the appliance is completed either automatically or manually through a policy push.
For more details on automatic registration, see the SteelCentral Controller for SteelHead User Guide.
HTTPS communication channel
In SCC 9.0 and later and SteelHeads running RiOS 9.0 and later, there’s a second, full duplex-persistent communication channel established between the SteelHead and the SCC. This channel is:
• HTTPS based.
• initiated by the SteelHead to the SCC.
• established using a certificate-based authentication mechanism.
• independent of and coexists with the current SSH-based communication channel.
• used to manage the new features introduced with RiOS 9.0—specifically, path selection, QoS, and secure transport.
For information about upgrading to SCC 9.1 or later, go to Knowledge Base article
S26959.
You can view the status of these two communication channels on the SteelHeads using the following CLI command:
amnesiac > show scc
Auto-registration: Enabled
HTTPS connection (to the CMC):
Status: Connected
Hostname: bravo-123
SSH connection (from the CMC):
Status: Connected
Hostname: bravo-123 (10.0.0.7)
You must establish these two communication channels to the same SCC for a SteelHead to be fully manageable by the SCC. By default, a SteelHead tries to connect to the SCC using the hostname riverbedcmc. Make sure that your DNS system points the hostname riverbedcmc to the correct SCC that’s managing the appliance.
To change the SCC hostname, enter the following command while in configuration mode:
scc hostname <hostname>
You can establish the SSH-based communication channel through a manual registration of the appliance in SCC while the HTTPS-based communication channel is disconnected because the default hostname riverbedcmc is unresolvable. For more details on the impact of such a situation, go to Knowledge Base article
S25613.
Automatic configuration
Automatic configuration allows a SteelHead, Interceptor, Mobile Controller, Core, and Edge that’s registered with the SCC to automatically download its configuration when you add it as a new appliance and it connects to the SCC.
To confirm that automatic configuration is enabled, check the Auto Configure column on the Appliances page before you add the SteelHead or SteelHead Interceptor. The Auto Configuration column indicates whether a SteelHead and SteelHead Interceptor has the Enable Auto Configure check box selected on the Edit Appliance page. Checking the Enable Auto Configure check box pushes the configuration out one time. After the configuration is pushed, the check box is automatically cleared.
If automatic configuration is not enabled, the appliance configuration, including nonpolicy configuration settings found on the Appliance Pages tab on the Appliances page, is updated only when policies are pushed to the appliance.
Locally managed SteelHeads
The SCC has very little knowledge of a change that you apply directly to the SteelHead. You want to change settings directly on the SteelHead only:
• when the SCC software version is earlier than the SteelHead release version, and SteelHead settings haven’t been integrated into the SCC.
• if the SCC is a monitoring-only appliance, rather than an appliance you use for configuration. In this deployment, to prevent accidental configuration changes, you can manage the remote appliances with the permissions of a monitor account or a role-based user in place of the administrator account.
Enabling local changes on a SteelHead
This section describes how to enable local changes on a SteelHead that’s under SCC management.
To enable local changes on a SteelHead that’s under SCC management
1. Open the Appliances page.
2. Select the name of the SteelHead about which you want to view information.
3. Select Edit Appliance.
4. Select Enable Branch Managed. This selection ensures that the SCC doesn’t change the SteelHead configuration, including pushing policies, upgrading, or rebooting.
Enable branch managed option
A common mistake is to make a configuration change on a SteelHead locally, and then have the changes disappear the next time policies are pushed from the SCC. We recommend that you make all configuration changes for an SCC-managed SteelHead through the SCC. SteelHead settings are available in the SCC as a policy or on the Appliance Pages. You can change any settings not covered by a policy in the Appliance Pages tab.
You can also manage appliances as a cluster. For more information, see
Appliance Clusters.