Configuring System Settings

Announcement settings are located under Administration > System Settings: Announcements. You can enter a login message and a message of the day. The login message appears in the SCC login page. The message of the day appears on the Dashboard and when you first log in to the CLI.

You can also set the local (that is, the serial interface) and remote login message using the banner CLI. For example:

You can configure alarms on the Alarms page, though enabling them is optional.

RiOS uses a hierarchical alarm system. Alarms are grouped under top-level categories (e.g., SSL Settings). When a top-level alarm is triggered, it expands to show more details. For example, the System Disk Full alarm covers multiple disk partitions—if one partition is full, the parent alarm triggers and the Alarm Status report identifies the specific partition.

Disabling a parent alarm also disables all its child alarms. You can enable a parent and selectively disable its children, but child alarms cannot be enabled unless their parent is also enabled.

Child alarms under a disabled parent appear in the Alarm Status report as suppressed. Disabled children of an enabled parent appear as disabled.

An alarm activates when it reaches its rising threshold, and resets after dropping below its reset threshold. Once triggered, it won’t trigger again until the condition clears below that reset point.

For details about alarm status, see About Alarm Status reports.

You configure alarm parameters under Administration > System Settings: Alarms.

These configuration options are available under Enable SCC Alarms:

Enables an alarm if the average and peak threshold for the CPU utilization is exceeded. When an alarm reaches the rising threshold, it is activated; when it reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it isn’t triggered again until it has fallen below the reset threshold. By default, this alarm is enabled, with a rising threshold of 90 percent and a reset threshold of 70 percent.

Enables an alarm if the system partitions (not the RiOS data store) are full or almost full. For example, RiOS monitors the available space on /var, which is used to hold logs, statistics, system dumps, TCP dumps, and so on. By default, this alarm is enabled. This alarm monitors these system partitions:

Enables an alarm when the system detects an error with the flash drive hardware. By default, this alarm is enabled.

Enables an alarm and sends an email notification if an Intelligent Platform Management Interface (IPMI) event is detected (not supported on all appliance models). By default, this alarm is enabled. This alarm triggers when there has been a physical security intrusion. These events trigger this alarm:

Enables an alarm and sends an email notification if a license on the SCC is removed, is about to expire, has expired, or is invalid. This alarm triggers if the SCC has no MSPEC license installed for its currently configured model. By default, this alarm is enabled.

• Autolicense critical event—This alarm triggers on an appliance when the Riverbed Licensing Portal can’t respond to a license request with valid licenses.

• Autolicense information event—This alarm triggers if an information event for autolicense occurs, such as when the portal returns licenses that are associated with a token that has been used on a different appliance.

• Insufficient Appliance Management License(s)—This alarm triggers if the SCC has insufficient license(s).

• License(s) Expired—This alarm triggers if one or more features have at least one license installed, but all of them are expired.

• License(s) Expiring—This alarm triggers if the license for one or more features is going to expire within two weeks.

The licenses expiring and licenses expired alarms are triggered per feature. For example, if you install two license keys for a feature, LK1-FOO-xxx (expired) and LK1-FOO-yyy (not expired), the alarms don’t trigger, because the feature has one valid license.

Enables an alarm and sends an email notification when an interface wasn’t configured for half-duplex negotiation but has negotiated half-duplex mode. By default, this alarm is enabled. Half-duplex significantly limits the optimization service results. The alarm displays which interface is triggering the duplex alarm.

Enables an alarm and sends an email notification when the link error rate exceeds 0.1 percent while either sending or receiving packets. This threshold is based on the observation that even a small link error rate reduces TCP throughput significantly. A properly configured LAN connection experiences very few errors. By default, this alarm is enabled.

The alarm clears when the rate drops below 0.05 percent.

You can change the default alarm thresholds by entering the alarm linkers threshold xxxxx CLI command at the system prompt. For details, see the Riverbed Command-Line Interface Reference Guide.

Enables an alarm and sends an email notification if an Ethernet link is lost due to a network event. Depending on that link is down, the system can no longer be optimizing and a network outage could occur. By default, this alarm is disabled.

This alarm is often caused by surrounding devices, like routers or switches, interface transitioning. It also accompanies service or system restarts on the appliance. For WAN/LAN interfaces, the alarm triggers if in-path support is enabled for that WAN/LAN pair.

Indicate issues with the security certificates used for secure logging:

• Secure logging expired certificates—Indicates that a certificate used for secure logging has reached its expiration date and is no longer valid.

• Secure logging expiring certificates—Indicates that a certificate is nearing its expiration date and needs to be renewed

Enables the memory paging alarm. If 100 pages are swapped every couple of hours, the system is functioning properly. If thousands of pages are swapped every few minutes, contact Support. By default, this alarm is enabled.

Enables an alarm that indicates that the system has detected an error while trying to create a process dump. To correct the issue, contact Support.

Enables an alarm when an SCC configuration backup occurs.

Enables an alarm when an SCC external configuration backup and restore failure occurs.

Enables an alarm when an SCC statistics backup and restore failure occurs.

Enables an alarm that indicates when a virtual machine is under provisioned.

Enables an alarm and sends an email notification if the system encounters a problem with the secure vault.

• Secure Vault Locked indicates that the secure vault is locked. To optimize SSL connections or to use RiOS data store encryption, the secure vault must be unlocked.

Enables an alarm if an error is detected in your SSL configuration. By default, this alarm is enabled.

These configuration options are available under CMC Managed Appliance Alarms:

Enables an alarm when the appliance is too slow to respond. By default, this alarm is enabled.

Under CMC Managed Appliance Alarms, click + Add Unmanaged Peer Exception to display the controls. These configuration options are available:

Specifies the IP address to suppress the alarm of the peer that’s unmanaged.

Allows you to type a description to help you identify the unmanaged peer.

You set the date and time in the Date and Time page.

You can either set the system date and time by entering it manually or by assigning an NTP server to the SCC.

By default, the appliance uses the Riverbed-provided NTP server:

You configure the date and time under Administration > System Settings: Date and Time. These configuration options are available:

Specifies a time zone from the drop-down list. The default value is GMT. If you change the time zone, log messages retain the previous time zone until you reboot.

Sets the time manually. Select these options:

Indicates to use NTP time synchronization, enabled by default.

NTP authentication ensures that the SCC is receiving time information from a trusted NTP server. RiOS 8.5 supports NTP authentication using symmetric keys based on MD5 and SHA1 hash algorithms. MD5 is a widely used cryptographic hash function that generates a 128-bit (16-byte) hash. SHA1 is a more advanced hash function and is considered a successor to MD5.

NTP authentication is optional.

The default NTP configuration points to the Riverbed-provided NTP server IP address 208.70.196.25 and these public NTP servers:

We recommend synchronizing appliances to an NTP server of your choice.

You add NTP servers under Administration > System Settings: Date and Time. These configuration options are available:

Displays the controls to add a server.

Specifies the hostname or IP address for the NTP server. You can connect to an NTP public server pool: for example, 0.riverbed.pool.ntp.org. When you add an NTP server pool, the server is selected from a pool of time servers. The IP address can be either IPv4 or IPv6. For IPv6 specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example: 2001:38dc:0052:0000:0000:e9a4:00c5:6282

You don’t need to include leading zeros. For example: 2001:38dc:52:0:0:e9a4:c5:6282

You can replace consecutive zero strings with double colons (::). For example: 2001:38dc:52::e9a4:c5:6282

Specifies the NTP server version from the drop-down list: 3 or 4.

Connects to the NTP server or disconnects from the NTP server by selecting either Enabled or Disabled from the drop-down list.

Specifies the MD5 or SH1 key identifier to use to authenticate the NTP server. The valid range is from 1 to 65534. The key ID must appear on the trusted keys list.

Adds the NTP server to the server list.

NTP server state information appears in these server tables:

• Connected NTP server table—Displays all of the servers to which the SteelHeads are actually connected.

When the SCC connects to an NTP server in a public pool (for example, *.riverbed.pool.ntp.org), the hostname doesn't resolve to a single, fixed IP address. Instead, it returns the IP of one server randomly selected from the pool. For example, resolving 0.riverbed.pool.ntp.org may return the IP of the first available server, and that IP is what appears in the connected NTP server table.

This information appears after an NTP server name:

• Authentication information; unauthenticated appears after the server name when it isn’t using authentication.

When RiOS has no NTP information about the current server, nothing appears.

You view NTP server information under Administration > System Settings: Date and Time.

NTP authentication uses a key and a shared secret to verify the identity of the NTP server sending timing information to the SCC. RiOS encrypts the shared secret text using MD5 or SHA1, and uses the authentication key to access the secret.

NTP keys appear in a list that includes the key ID, type, secret (displays as the MD5 or SHA1 hash value), and whether RiOS trusts the key for authentication.

You can only remove a key from the trust list using the CLI command ntp authentication trusted keys. For details, see the Riverbed Command-Line Interface Reference Guide.

You add new NTP authentication keys under Administration > System Settings: Date and Time. These configuration options are available:

Displays the controls to add an authentication key to the key list. Both trusted and untrusted keys appear on the list.

Specifies the secret MD5 or SHA1 key identifier for the NTP server. The valid range is from 1 to 65534.

Specifies the authentication key type: MD5 or SHA1.

Specifies the shared secret. You must configure the same shared secret for both the NTP server and the NTP client. The MD5 shared secret:

The secret appears in the key list as its MD5 or SHA1 hash value.

Adds the authentication key to the trusted keys list.

You can specify which TCP ports to monitor under Administration > System Settings > Monitored Ports. These ports appear in the Traffic Summary report. Be sure to use clear, descriptive labels to identify the type of traffic on each port.

The SCC also automatically discovers all ports with active traffic. These discovered ports are listed in the Traffic Summary report, along with any existing labels. If a port doesn’t have a label, it’s shown as unknown. To update this, add the port manually with a meaningful label—the system retains all traffic statistics from the time the port was first detected.

By default, traffic is monitored on the following ports:

21 (FTP)
80 (HTTP)
139 (CIFS:NetBIOS)
443 (SSL)
445 (CIFS:TCP)
1352 (Lotus Notes)
1433 (SQL:TDS)
7830 (MAPI)
8777 (RCU)
8779 (SMB2)
8780 (SMB2 Signed)
10566 (SnapMirror).

You configure monitored ports under Administration > System Settings: Monitored Ports. These configuration options are available:

Displays the controls to add a new port.

Specifies the port to be monitored.

Provides a description of the type of traffic on the port.

Displays the controls for adding a port.

To modify a monitored port, click the port and specify a description of the type of traffic on the port under Port Description.

You configure SNMP basic contact and trap receiver settings to allow events to be reported to an SNMP agent in the SNMP Basic page.

Traps are messages sent by an SNMP entity that indicate the occurrence of an event. The default system configuration doesn’t include SNMP traps.

RiOS 7.0 and later provide support for these SNMP versions:

You set the default community string on the SNMP Basic page. To set more than one SNMP community string, go to Knowledge Base article S16345.

For details about SNMP traps sent to configured servers, see SNMP traps.

You configure SNMP Basic parameters under Administration > System Settings: SNMP Basic. These configuration options are available:

Enables event reporting to an SNMP entity.

Specifies the username for the SNMP contact.

Specifies the physical location of the SNMP system.

Specifies a password-like string to identify the read-only community: for example, public. This community string overrides any VACM settings. Community strings can’t contain the pound sign (#).

You add and remove trap receivers under Trap Receivers. These configuration options are available:

Displays the controls to add a new trap receiver.

Specifies the destination IPv4 or IPv6 address or hostname for the SNMP trap. For IPv6 specify an IP address using this format: eight 16-bit hexadecimal strings separated by colons, 128-bits. For example: 2001:38dc:0052:0000:0000:e9a4:00c5:6282

You don’t need to include leading zeros. For example: 2001:38dc:52:0:0:e9a4:c5:6282

You can replace consecutive zero strings with double colons (::). For example: 2001:38dc:52::e9a4:c5:6282

Specifies the destination port. The default value is 162.

Specifies v1, v2c, or v3 (user-based security model).

(Appears only when you select v3.) Specifies a remote username.

(Appears only when you select v3.) Specifies either Supply a Password or Supply a Key to use while authenticating users.

(Appears only when you select v3.) Specifies an authentication method from the drop-down list:

• MD5—Specifies the Message-Digest 5 algorithm, a widely used cryptographic hash function with a 128-bit hash value. This is the default value.

• SHA—Specifies the Secure Hash Algorithm, a set of related cryptographic hash functions. SHA is considered to be the successor to MD5.

(Appears only when you select v3 and Supply a Password.) Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Password Confirm text box.

(Appears only when you select v3.) Determines whether a single atomic message exchange is authenticated. A security level applies to a group, not to an individual user. Select one of these levels from the drop-down list:

• No Auth—Doesn’t authenticate packets and doesn’t use privacy. This is the default setting.

(Appears only when you select v3 and AuthPriv.) Specifies either the AES or DES protocol from the drop-down list. AES uses the AES128 algorithm.

(Appears only when you select v3 and AuthPriv.) Select Same as Authentication Key, Supply a Password, or Supply a Key to use while authenticating users. The default setting is Same as Authentication Key.

(Appears only when you select v3 and Supply a Password.) Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Privacy Password Confirm text box.

(Appears only when you select v3 and Authentication as Supply a Key.) Specifies a unique authentication key. The key is either a 32-hexadecimal digit MD5 or a 40-hexadecimal digit SHA digest created using md5sum or sha1sum.

(Appears only when you select v3 and Privacy as Supply a Key.) Specifies the privacy authentication key. The key is either a 32-hexadecimal digit MD5 or a 40-hexadecimal digit SHA digest created using md5sum or sha1sum.

(For v1 or v2 trap receivers.) Specifies the SNMP community name. For example, public or private v3 trap receivers need a remote user with an authentication protocol, a password, and a security level.

Enables the new trap receiver. Clear to disable the receiver.

Adds a new trap receiver to the list.

You test SNMP traps under Administration > System Settings: SNMP Basic. Under SNMP Trap Test, click Run.

SNMPv3 settings are under Administration > System Settings: SNMP v3. SNMP v3 provides additional authentication and access control for message security. For example, you can verify the identity of the SNMP entity (manager or agent) sending the message. SCC supports SNMPv3 message encryption for increased security.

Using SNMPv3 is more secure than using SNMPv1 or v2; however, it requires more configuration steps to provide the additional security features. These are the basic steps

3. Configure SNMP-server groups, which map users to views, allowing you to control who can view what SNMP information.

4. Configure the SNMP-server access policies that contain a set of rules defining access rights. Based on these rules, the entity decides how to process a given request.

You create SNMPv3 users under Administration > System Settings: SNMP v3. These configuration options are available under Users:

Displays the controls to add a new user.

Specifies the username.

Specifies an authentication method from the drop-down list:

• MD5—Specifies the Message-Digest 5 algorithm, a widely used cryptographic hash function with a 128-bit hash value. This is the default value.

• SHA—Specifies the Secure Hash Algorithm, a set of related cryptographic hash functions. SHA is considered to be the successor to MD5.

Specifies either Supply a Password or Supply a Key to use while authenticating users.

Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Password Confirm text box.

Uses SNMPv3 encryption.

Specifies either the AES or DES protocol from the drop-down list. AES uses the AES128 algorithm.

Specifies Same as Authentication, Supply a Password, or Supply a Key to use while authenticating users. The default setting is Same as Authentication.

(Appears only when you select Supply a Password.) Specifies a password. The password must have a minimum of eight characters. Confirm the password in the Privacy Password Confirm text box.

(Appears only when you select Supply a Key.) Specifies a unique authentication key. The key is an MD5 or SHA-1 digest created using md5sum or sha1sum.

(Appears only when you select Supply a Key.) Specifies a unique authentication key. The key is either a 32-hexadecimal digit MD5 or a 40-hexadecimal digit SHA digest created using md5sum or sha1sum.

You configure SNMP ACL contact settings to allow events to be reported to an SNMP agent in the SNMP ACLs page.

The features on this page apply to SNMPv1, v2c, and v3 unless noted otherwise:

• Secure Groups—Identify a security-name, security model by a group, and referred to by a group name.

• Secure Views—Create a custom view using the VACM that controls who can access which MIB objects under agent management by including or excluding specific OIDs: for example, some users have access to critical read/write control data, while some users have access only to read-only data.

• Security Models—A security model identifies the SNMP version associated with a user for the group in which the user resides.

• Secure Access Policies—Defines who gets access to which type of information. An access policy is composed of <group-name, security-model, security-level, read-view-name>.

An access policy is the configurable set of rules, based on which the entity decides how to process a given request.

You configure secure usernames under Administration > System Settings: SNMP ACLs. These configuration options are available under Security Names:

Displays the controls to add a security name.

Specifies a name to identify a requester allowed to issue gets and sets (v1 and v2c only). The specified requester can make changes to the view-based access-control model (VACM) security name configuration. This control doesn’t apply to SNMPv3 queries. To restrict v3 USM users from polling a particular subnet, use the RiOS Management ACL feature, located in the Administration > Security: Management ACL page. Traps for v1 and v2c are independent of the security name.

Specifies the password-like community string to control access. To enhance security, use a mix of uppercase letters, lowercase letters, and numbers. Avoid using printable 7-bit ASCII characters, except spaces, and don’t start the string with a pound sign (#) or a hyphen (-).

If you set a read-only community string (found under SNMP Server Settings), it overrides the community string you specify and grants access to the entire MIB tree from any source host. If you don’t want this, remove the read-only string.

To create multiple SNMP community strings, keep the default "public" string and add a second read-only string with a different security name. Alternatively, you can delete the default string and create two new SNMP ACLs with unique names.

Specifies the host IPv4 or IPv6 address and mask bits to which you permit access using the security name and community string.

Adds the security name.

You configure secure groups under Administration > System Settings: SNMP ACLs. These configuration options are available under Groups:

Displays the controls to add a new group.

Specifies a group name.

Specifies a security model. Click the plus sign (+) and select a security model from the drop-down list:

To add another Security Model and Name pair, click the plus sign (+).

Adds the group name and security model and name pairs.

You configure secure views under Administration > System Settings: SNMP ACLs. These configuration options are available under Views:

Displays the controls to add a new view.

Specifies a descriptive view name to facilitate administration.

Specifies the Object Identifiers (OIDs) to include in the view, separated by commas. For example, .1.3.6.1.4.1. By default, the view excludes all OIDs. You can specify .iso or any subtree or subtree branch. You can specify an OID number or use its string form. For example: .iso.org.dod.internet.private.enterprises.rbt.products.steelhead.system.model

Specifies the OIDs to exclude in the view, separated by commas. By default, the view excludes all OIDs.

You configure access policies under Administration > System Settings: SNMP ACLs. These configuration options are available under Access Policies:

Displays the controls to add a new access policy.

Selects a group name from the drop-down list.

Determines whether a single atomic message exchange is authenticated. Select one of these from the drop-down list:

• No Auth—Doesn’t authenticate packets and doesn’t use privacy. This is the default setting.

A security level applies to a group, not to an individual user.

Specifies a view from the drop-down list.

Adds the policy to the policy list.

You configure email notification for events and failures in the under Administration > System Settings: Email. By default, email addresses aren’t specified for event and failure notification. These configuration options are available under Email Notification:

Specifies the SMTP server. For this feature to work, you need external DNS and access for SMTP traffic. The SCC doesn’t support specifying an SMTP server using IPv6 addresses. To send email over IPv6, use the email server’s hostname instead. Ensure you provide a valid SMTP server so users receive email notifications for events and failures.

Specifies the port number for the SMTP server. Typically, you don’t need to change the default port 25.

Specifies the maximum size of email attachment allowed. The default is 15 MB.

Reports alarm events through email. Specify a list of email addresses to receive the notification messages. Separate addresses by spaces, semicolons, commas, or vertical bars. These alarms are events:

• Connection forwarding (ACK time-out, failure, lost EOS, lost ERR, keepalive time-out, latency exceeded, read info time-out)

Reports alarm failures through email. Specify a list of email addresses to receive the notification messages. Separate addresses by spaces, semicolons, commas, or vertical bars. These alarms are failures:

Configures the SMTP protocol to send error or event messages. Provide a list of email addresses to receive notifications, separating them with commas. You can also set the outgoing email address that clients will see. By default, this address is do-not-reply@hostname.domain. If no domain is specified, it will default to do-not-reply@hostname. You can adjust the host and domain settings under Networking > Networking: Host Settings.

Reports serious failures such as system crashes to Support. We recommend that you activate this feature so that problems are promptly corrected. This option doesn’t automatically report a disk drive failure. In the event of a disk drive failure, contact Support.

You set up local and remote logging in the Logging page.

By default, the system rotates each log file every 24 hours or when the file size reaches one Gigabyte uncompressed. You can change this to rotate every week or month and you can rotate files based on size.

The automatic rotation of system logs deletes your oldest log file, labeled as Archived log #10, pushes the current log to Archived log # 1, and starts a new current-day log file.

You configure logs under Administration > System Settings: Logging. These configuration options are available under Logging Configuration:

Specifies the minimum severity level for the system log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:

• Warning—Conditions that could affect the functionality of the SteelHead, such as authentication failures.

• Notice—Normal but significant conditions, such as a configuration change. This is the default setting.

This control applies to the system log only. It doesn’t apply to the user log.

Specifies the maximum number of logs to store. The default value is 10.

Specifies the number of lines per log page. The default value is 100.

Specifies the rotation option:

• Disk Space—Specify how much disk space, in megabytes, the log uses before it rotates. The default value is 16 MB.

The log file size is checked at 10-minute intervals. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set disk space limit in that period of time.

• Add a New Process Logging Filter—Configure logging of specific processes. Select the Process to monitor, the Minimum Severity Level and click Add.

You configure remote log servers under Administration > System Settings: Logging. If you are using TLS to secure the connection to the remote log server, you can add a certificate and key for it.

To import or replace a log certificate, under Log Certificate select the Replace tab.

These options are available for importing a log certificate:

Imports the certificate and key. The page displays controls for browsing to and uploading the certificate and key files. You can also use the text box to copy and paste a PEM file. The private key is required regardless of whether you are adding or updating the certificate.

Under Certificate, select from the following options:

Browses to the local file in PKCS-12, PEM, or DER formats.

Allows you to copy and then paste the contents of a PEM file.

Specifies the private key origin. You can choose from the following private key options:

• The Private Key is in a separate file (see below). You can either upload it or copy and paste it.

Browses to the local file in PEM or DER formats.

Pastes the contents of a PEM file.

Specifies the decryption password, if necessary. Passwords are required for PKCS-12 files, optional for PEM files, and never needed for DER files.

To generate a CSR, under Log Certificate select the Generate CSR tab. These configuration options are available:

Specifies the common name (hostname).

Specifies the organization name (for example, the company).

Specifies the organization unit name (for example, the section or department).

Specifies the state. Do not abbreviate.

Specifies the country (2-letter code only).

Specifies the email address of the contact person.

Generates the Certificate Signing Request.

For secure remote logging, certificates and keys are moved to the appliance’s secure vault. Ensure that the vault is unlocked before adding certificates and keys. If it is not, they will not be stored in the vault.

The default port number for secure remote logging is 514. If you are upgrading, you’ll need to remove the current secure remote server, and then add it back and specify the secure port number.Remote Log Servers

Adds a new remote log server from the drop-down menu.

Specifies the server IP address or hostname of the remote log server.

Specifies the port. If you are upgrading from a release that did not include a port number option, you’ll need to remove the remote log server and then add it back, specifying a port. Default is 514.

Specifies the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:

• Warning—Conditions that could affect the functionality of the SteelHead, such as authentication failures.

• Notice—Normal but significant conditions, such as a configuration change. This is the default setting.

Enables secure remote logging. A log certificate must be installed before a secure remote logging server can be enabled.

You rotate logs under Administration > System Settings: Logging. Under Log Actions, click Rotate Logs. After the logs are rotated, this message appears: “Logs have been successfully rotated.”

Log file #1 may include data for only a partial day because the logs haven’t completed the current 24-hour period.

You can filter a log by one or more applications or one or more processes. This is particularly useful when capturing data at a lower severity level where an SCC might not be able to sustain the flow of logging data the service is committing to disk.

Specifies a process to include in the log from the drop-down list:

• mgmtd—Device control and management, which directs the entire device management system. It handles message passing between various management daemons, managing system configuration and general application of system configuration on the hardware underneath through the Hardware Abstraction Layer Daemon (HALD).

• pm—Process Manager, which handles launching of internal system daemons and keeps them up and running.

Specifies the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of these levels from the drop-down list:

• Warning—Conditions that could affect the functionality of the SteelHead, such authentication failures.

Adds the filter to the list. The process now logs at the selected severity and higher level.

You can change the password in the My Account page. You must be logged in as the administrator user to change the administrator password.

The My Account page enables you to restore user preferences. User preferences are set for individual users and don’t affect the appliance configuration.

If any user preference settings result in an unsafe state, the SCC can’t display the page.

The Administrator section indicates that you are logged in as an administrator.

You configure your account password under Administration > System Settings: My Account. These configuration options are available under Password:

Changes the password.

Specifies a new password.

Confirms the new password.

User preferences are used to remember the state of the Management Console across sessions on a per-user basis. They don’t affect the configuration of the appliance.

To restore user preferences, click Restore Defaults under User Preferences.

You can save, activate, and import configurations under Administration > System Settings: Configurations.

Every appliance, including controllers, has an active, running configuration and a written, saved configuration. When you apply settings changes, the values are applied to the active running configuration, but the values aren’t written to disk and saved permanently. When you save your configuration settings, the values are written to disk and persist.

Each time you save your configuration settings, they’re written to the current running configuration, and a backup is created. For example, if the running configuration is myconfig and you save it, myconfig is backed up to myconfig.bak and myconfig is overwritten with the current configuration settings.

The Configuration Manager is a utility that enables you to save multiple named configurations as backups or to activate configuration profiles.

Some configuration settings require that you to restart the appliance for the settings to take effect. Rebooting and shutting down controller appliances.

You manage configurations under Administration > System Settings: Configurations. These configuration options are available under Current Configuration <configuration-name>:

Displays the running configuration settings in a new browser window.

Saves settings that have been applied to the running configuration.

Reverts your settings to the running configuration.

Specifies a new filename to save settings that have been applied to the running configuration as a new file, and then click Save As.

You import configurations under Administration > System Settings: Configurations. These configuration options are available:

Displays the controls for importing a new configuration.

Specifies the IP address or hostname of the SteelHead from which you want to import the configuration.

Specifies the administrator password for the remote SteelHead.

Specifies the name of the configuration you want to import from the remote SteelHead.

Specifies a new, local configuration name.

Takes a subset of the configuration settings from the imported configuration and combines them with the current configuration to create a new configuration. Import shared data is enabled by default.

When the Import Shared Data Only check box is selected, activates the imported configuration and makes it the current configuration. This is the default. When the Import Shared Data Only check box isn’t selected, adds the imported configuration to the Configuration list. It doesn’t become the active configuration until you select it from the list and click Activate.

Under Change Active Configuration, specifies the configuration to activate from the drop-down list. Click Activate.

You change the active configuration under Administration > System Settings: Configurations. Under Change Active Configuration, select the configuration from the drop-down list and click Activate.