akm server management guide

Alliance Key Manager 2.0.0 i

Patrick Townsend Security Solutions

ALLIANCE KEY MANAGER SERVER MANAGEMENT GUIDE

Contents Administration Guide

ii Alliance Key Manager 2.0.0

Administration Guide Contents

Alliance Key Manager 2.0.0 iii

Copyright Notice

The information contained within this document represents the current view of Patrick Townsend Security Solutions. Alliance Key Manager (AKM) as of the date of publication. Because PTSS must respond to changing market conditions, the contents of this document should not be interpreted as a commitment of PTSS, and indeed, should be considered in light of the fact that PTSS is continuously improving Alliance Key Manager.

PTSS cannot guarantee the accuracy of any information presented after the date of publication.

This Alliance Key Manager 2.0.0 Administration Guide is for informational purposes only.

All rights reserved worldwide.

It is the responsibility of the Alliance Key Manager customer to comply with all applicable copyright laws. Licensed Alliance Key Manager customers may make a reasonable number of copies of this publication for internal use. This document is a template that licensed Alliance Key Manager customers may modify, copy and use, when they incorporate the information into the documentation they distribute to their customers. This publication may not otherwise be copied, reproduced or modified, in whole or in part, by any other person or entity without the express prior written consent of PTSS.

PTSS may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from PTSS, possession of this document does not provide any license to these copyrights, trademarks, patents, or other intellectual property.

Links and addresses to Internet resources are inspected thoroughly prior to release, but the ever-changing nature of the Internet prevents PTSS from guaranteeing the content or existence of the resource. When possible, the reference contains alternate sites or keywords that can be used to acquire the information by other methods. If you find a broken or inappropriate link, please send an email with the topic name, link, and its behavior to [email protected].

Any sample companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred.

Microsoft, Internet Explorer and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Microsoft product screen shots reprinted with permission from Microsoft Corporation.

PTSS, the PTSS logo, and Alliance Key Manager are trademarks of Patrick Townsend Security Solutions. All other brands, product names, trade names, trademarks and service marks used herein are the property of their respective owners. Product specifications subject to change without notice.

Date of Publication: December 10, 2009


iv Alliance Key Manager 2.0.0

Document version

The following section provides document version and release date information:

Document version 1.1.0 December 10, 2009


Alliance Key Manager 2.0.0 v

Contents

Patrick Townsend Security Solutions ............................................................................................................. i

Installing the Management PC ...................................................................................................................... 1

Prerequisites .............................................................................................................................................. 1

Default and Adapter Values ...................................................................................................................... 2

Set Up the Management PC ..................................................................................................................... 3

Connect the Management PC to the Appliance .................................................................................... 3 Configure the Management PC ............................................................................................................. 3

Configure the Appliance for Deployment................................................................................................... 7

Introduction to System Administration .......................................................................................................... 1

Provisioning and Administration ............................................................................................................ 1 Health Monitoring and Alarm Management ........................................................................................... 1 Update Management ............................................................................................................................. 1 Image Management ............................................................................................................................... 1 Configuration Management ................................................................................................................... 2 Access Control ....................................................................................................................................... 2 System Auditing ..................................................................................................................................... 2 File Management ................................................................................................................................... 2 Scheduled Maintenance Tasks .............................................................................................................. 2 Multiple Appliance Management ............................................................................................................ 2

User Interface ............................................................................................................................................ 2

Accessing Alliance Key Manager .......................................................................................................... 4

1: Alarm Manager .......................................................................................................................................... 5

Configure Basic Alarm Delivery Properties ............................................................................................... 5

Review the Alarms Log.............................................................................................................................. 7

Low Disk Space Alarm Messages ......................................................................................................... 9

Configure Advanced Alarm Delivery Properties ........................................................................................ 9

Create Email Groups ........................................................................................................................... 10 Create Action Instances ....................................................................................................................... 12 Assign Action Instances to Alarm Categories ...................................................................................... 15

2: Update Manager ..................................................................................................................................... 17

Select the Operation Mode ...................................................................................................................... 18

Phone Home Update Process ................................................................................................................. 19

Manually Download Packages ............................................................................................................. 21 Manually Install Packages ................................................................................................................... 22 Manage Update Schedules ................................................................................................................. 24

Dark Site Update Process ....................................................................................................................... 26

Add and Extract Dark Site Files ........................................................................................................... 28 Manually Install Packages ................................................................................................................... 29

Rollback Packages .................................................................................................................................. 30

3: Image Manager ....................................................................................................................................... 33

Image Manager Features ........................................................................................................................ 34

Manually Create Backup Images ......................................................................................................... 34 Create a Default Backup Image ........................................................................................................... 36 Configure Image Backup Schedules ................................................................................................... 36 Restore an Image ................................................................................................................................ 38


vi Alliance Key Manager 2.0.0

Restore the Factory Image – factory.tib............................................................................................... 40 Delete Backup Images ......................................................................................................................... 40

Emergency Restore Procedure ............................................................................................................... 41

4: Configuration Manager ............................................................................................................................ 43

Configuration Manager Features ............................................................................................................. 43

Back Up Configuration Properties ....................................................................................................... 44 Restore a Configuration File ................................................................................................................ 45

5: Network Features .................................................................................................................................... 47

Adapters .................................................................................................................................................. 47

Configure an Adapter ........................................................................................................................... 48

Tools ........................................................................................................................................................ 49

Ping a Host .......................................................................................................................................... 50 Trace Network Packet Routes ............................................................................................................. 50 View Network Statistics........................................................................................................................ 51

Management ............................................................................................................................................ 52

Change Appliance Name and Domain or DNS Domain Name ........................................................... 52 Add or Delete a Route ......................................................................................................................... 53 View and Flush the ARP Table ............................................................................................................ 54 Edit the Host File .................................................................................................................................. 55 Replace the SSL Certificate ................................................................................................................. 55

6: Users and Groups ................................................................................................................................... 59

Manage Groups ....................................................................................................................................... 59

Add a Group ......................................................................................................................................... 60 Change a Group .................................................................................................................................. 61 Delete a Group ..................................................................................................................................... 62

Manage Users ......................................................................................................................................... 63

Add a User ........................................................................................................................................... 63 Change User Information ..................................................................................................................... 64 Delete a User ....................................................................................................................................... 65 Add Users to Multiple Groups .............................................................................................................. 66

7: File Management .................................................................................................................................... 67

8: Task Scheduler ....................................................................................................................................... 73

Task Scheduler User Interface ............................................................................................................ 73

Archive the Configuration File to a Local Directory ................................................................................. 74

Archive the Configuration File to a Remote Location .............................................................................. 75

Archive the Alarm Log to a Local Directory ............................................................................................. 76

Archive Log Files to a Remote Location .................................................................................................. 77

Delete Log Files ....................................................................................................................................... 78

Duplicating and Deleting Scheduled Tasks ............................................................................................. 80

Duplicating Scheduled Tasks .............................................................................................................. 80 Deleting Scheduled Tasks ................................................................................................................... 80

9: Multi-Appliance Console ......................................................................................................................... 81

Multi-Appliance Console System ......................................................................................................... 82 Start Multi-Appliance Console ............................................................................................................. 83 Multi-Appliance Console User Interface .............................................................................................. 84 Determine the State of the Appliances ................................................................................................ 85 Appliance Authentication ..................................................................................................................... 86


Alliance Key Manager 2.0.0 vii

Appliance Management Process ......................................................................................................... 86

Set Up and Maintain Multi-Appliance Console ........................................................................................ 87

Find and Add Available Appliances ..................................................................................................... 87 Add Appliances Manually .................................................................................................................... 88 Add Groups .......................................................................................................................................... 89 Add Appliances to a Group .................................................................................................................. 90 View the Appliances within a Group .................................................................................................... 90 View the Properties of an Appliance .................................................................................................... 91 View and Acknowledge Errors ............................................................................................................. 91 Remove Appliances from a Group ....................................................................................................... 92 Edit Appliances and Groups ................................................................................................................ 92 Delete Appliances and Groups ............................................................................................................ 92

Open Alliance Key Manager on an Appliance ......................................................................................... 93

Stop a Multi-Appliance Console Listener ................................................................................................ 93

Manage Your Appliances ........................................................................................................................ 93

Create Backup Configuration Files ...................................................................................................... 94 Restore Backup Configuration Files .................................................................................................... 94 Create Backup Images ........................................................................................................................ 95 Download and Install Phone Home Updates ....................................................................................... 96 Add, Extract and Install Dark Site Updates.......................................................................................... 97

10: System Utilities ...................................................................................................................................... 99

Date/Time ................................................................................................................................................ 99

Configure Date and Time Settings ..................................................................................................... 100

Shutdown/Reboot .................................................................................................................................. 101

Reboot the Appliance......................................................................................................................... 101 Shutdown the Appliance .................................................................................................................... 102

Start/Stop Services ................................................................................................................................ 102

Processes .............................................................................................................................................. 104

11: Help Navigation ................................................................................................................................... 107

12: Troubleshooting .................................................................................................................................. 109

Alarm Manager Issues........................................................................................................................... 109

Alarm Categories ............................................................................................................................... 109

Update Manager Issues ........................................................................................................................ 115

Cannot Download Manifest – Error! Invalid update data from appliance .......................................... 115 Cannot Download Manifest – Error obtaining the update manifest ................................................... 115 Cannot Download a Package Due to Firewall Restrictions ............................................................... 117 File Not On the File Server ................................................................................................................ 117 CRC Failure ....................................................................................................................................... 118 Package Does Not Install .................................................................................................................. 118 Scheduled Downloads and Installations Do Not Run ........................................................................ 118

Image Manager Issues .......................................................................................................................... 119

Partition List is Empty ........................................................................................................................ 119

Networking Issues ................................................................................................................................. 119

Adapter Not Connecting .................................................................................................................... 119 Cannot Connect to a Domain ............................................................................................................ 120

Glossary of Terms ..................................................................................................................................... 121


viii Alliance Key Manager 2.0.0

List of Tables

Table 1: Appliance Default Values ............................................................................................................... 2

Table 1: User Interface Components ............................................................................................................ 3

Table 2: Alarm Status Indicators ................................................................................................................... 7

Table 3: Alarm Manager Alarm Components ................................................................................................ 9

Table 4: Alarm Category Components ........................................................................................................ 15

Table 5: Update Components ..................................................................................................................... 17

Table 6: Types of Update Solutions ............................................................................................................ 17

Table 7: Update Manager Operation Modes ............................................................................................... 18

Table 8: Phone Home Update Components ............................................................................................... 20

Table 9: Dark Site Update Components ..................................................................................................... 27

Table 10: Alliance Key Manager Partitions ................................................................................................. 33

Table 11: Types of Backup Images ............................................................................................................ 34

Table 12: Configuration Manager Features ................................................................................................ 43

Table 13: Adapters Tabs ............................................................................................................................. 47

Table 14: File Management File Categories ............................................................................................... 67

Table 15: Task Scheduler User Interface ................................................................................................... 73

Table 16: Multi-Appliance Console Devices ............................................................................................... 82

Table 17: Multi-Appliance Console UI Components ................................................................................... 85

Table 18: Configuration Manager Alarms ................................................................................................. 109

Table 19: Image Manager Alarms ............................................................................................................. 111

Table 20: Health Monitor Alarms .............................................................................................................. 112

Table 21: Update Manager Alarms ........................................................................................................... 113


Alliance Key Manager 2.0.0 ix

List of Figures

Figure 1: Alliance Key Manager User Interface ............................................................................................ 3

Figure 2: Configuring Advanced Alarm Components ................................................................................. 10

Figure 3: Phone Home Update Components .............................................................................................. 20

Figure 4: Dark Site Update Components .................................................................................................... 27

Figure 5: Incremental Backup Image Scenario ........................................................................................... 34

Figure 6: Incremental Deletion Example ..................................................................................................... 41

Figure 7: Access Rights from Multiple Groups ............................................................................................ 66

Figure 8: Scheduled Tasks List ................................................................................................................... 73

Figure 9: Multi-Appliance Console Devices ................................................................................................ 82

Figure 10: Multi-Appliance Console User Interface .................................................................................... 84

Alliance Key Manager 2.0.0 1

Installing the Management PC

Prerequisites

The Management PC used to configure the appliance must be a personal computer that has the following hardware and software:

Standard Ethernet port

Microsoft Windows or Linux operating system supporting an Internet browser with AES128 or AES256 support. For Windows XP you will need either the Firefox version 3.5.7 or earlier, or Internet Explorer version 8 or later. You can use Internet Explorer on Windows Vista and Windows 7.

Introduction Configuration Guide

2 Alliance Key Manager 2.0.0

Default and Adapter Values

The following table shows the default values that apply to the initial appliance setup.

Table 1: Appliance Default Values

Default Appliance Values

User Name admin

Password admin (case sensitive)

NIC Adapter IP Addresses eth0 eth1

192.168.1.10 DHCP (variable)

URL for Accessing the Appliance https://192.168.1.10:3886

Note: The recommended best practice for the eth0 or GigE0 adapter is to use the default IP address. This helps avoid breaking the connection between the Management PC and the appliance during configuration.


Set Up the Management PC

Connect the Management PC to the Appliance

Before beginning the configuration process, establish a direct connection between the Management PC and a network interface (NIC) adapter on the appliance by completing the following steps:

1. Connect one end of the purple cable shipped with the appliance to the eth0 Ethernet port on the back of the appliance. This port is the left hand port identified as Network Interface Connector 0 in the Hardware Setup Guide. The default IP address for this port is 192.168.1.10.

2. Connect the other end of the cable to an Ethernet port on the Management PC.

Configure the Management PC

Perform one of the following procedures to add the Management PC to the same subnet as the appliance.

Configuring a Linux Operating System Management PC

Note: These instructions apply to the Fedora 8 version of Linux. The procedure is similar for other Linux versions.

1. Click System > Administrator > Network Device Control.

2. Click the NIC adapter to configure then click Configure.

Set Up the Management PC Configuration Guide


3. On the Devices tab, double-click the NIC adapter to configure the device. The Ethernet Device dialog box opens.

4. On the General tab, click Statically set IP addresses.

Configuration Guide Set Up the Management PC


5. In the Address field, enter 192.168.1.x, where x is any value from 1 to 254 except 10. This is the IP address for communicating with the management port on the appliance.

6. In the Subnet mask field, enter 255.255.255.0.

7. Click OK.

Configuring a Windows Operating System Management PC

Note: These instructions are apply to Windows XP with the Classic Start Menu. The procedure

for configuring other Windows versions is similar.

1. From the Start menu on the Management PC, click Settings > Network Connections.

2. Right-click the Local Area Connection icon and select Properties. The Local Area Connection Properties dialog box opens.

Set Up the Management PC Configuration Guide


3. Click Internet Protocol (TCP/IP) then click Properties. The Internet Protocol (TCP/IP) Properties dialog box opens.

4. Select Use the following IP address.

5. In the IP address field, enter 192.168.1.x, where x is any value from 1 to 254 except 10. This is the IP address for communicating with the management port on the appliance.

6. In the Subnet mask field, enter 255.255.255.0.

7. Click OK.

8. Click OK again to close the Local Area Connection Properties dialog box.


Configure the Appliance for Deployment

Complete the following steps to configure the appliance for deployment:

Verify that the appliance is cabled properly and powered on as described in the Hardware Setup Guide and the ―Connect the Management PC to the Appliance‖ section in this guide.

On the Management PC, launch a Web browser. Disregard any error message that indicates the browser is not connected to the Internet.

In the Web browser Address field, type https://192.168.1.10:3886 then press [Enter]. One or more certificate security dialog boxes may open according to the browser you are using.

Accept the security certificate. The Alliance Key Manager login page opens:

5. In the Username field, type the default appliance administrator user name: admin.

6. In the Password field, type the default password: admin (passwords are case sensitive).

Note: All appliances ship with the same administrator password. Change the password to one that is consistent with your network security policy. Refer to the ―Change User Information‖ section in Chapter 5 of the NEM Element Manager 3.0 Administrator’s Guide for information on changing a password.

7. Click Submit. The Appliance Setup Wizard page opens. This page displays the appliance serial number and a progress list that shows the steps involved in the setup process. The following icons track your progress:

– steps you have completed

– steps you have not completed

– item you are currently configuring

Configure the Appliance for Deployment Configuration Guide


Enter the serial number of the application you are using. If a serial number is displayed, click Start Wizard to begin.

Configuration Guide Configure the Appliance for Deployment


Review the End User License Agreement and click ―I Agree‖ to continue.

You must change the password to continue. The password must be at least 6 characters in length, contain upper and lower case letters, contain at least one number, and not include words, or part of words, that might be found in a dictionary.

Click ―Save Changes‖, and then click ―Next‖ to continue.

The Adapters page opens:

Click on an adapter to open the detail page:



This page contains two adapter tabs, eth1 and eth0. You can configure one adapter to connect to a LAN and one to connect to a WAN. By default, eth1 is configured with a DHCP address and eth0 is configured with the static IP address, 192.168.1.10. You can change the adapter properties to meet your specific needs as described in step 9.

Important: Generally, the eth0 adapter connects the Management PC to the appliance. Changing the eth0 IP Address may break the connection. For a single appliance, the recommended best practice is to retain the default eth0 IP address – 192.168.1.10. For multiple appliances on the same network, the recommended best practice is to change the IP address on each appliance to avoid address conflicts.

9. To change the default adapter values, do the following as necessary:

a. In the Type field, specify the method for assigning the IP address for the adapter by selecting either Static IP or Dynamic IP (DHCP).

b. For Dynamic IP (DHCP), no further action is required because the system automatically populates the adapter fields for you. For Static IP, complete the following steps:

i. In the IP Address field, enter a new IP address for the appliance adapter.

ii. In the Subnet Mask field, enter the adapter‘s subnet mask.

iii. In the Gateway field, enter the default gateway for the adapter.

iv. In the Primary DNS and Secondary DNS fields, enter the primary and secondary DNS addresses.

c. To enable the adapter, confirm that the check box is selected. In the sample screen, the text to the right of the check box is Enabled. This text indicates the status of the adapter.

d. Click Submit.

e. When prompted to save the changes, click OK.

Click Next display the Domain page:



On this page, you can change the appliance name and/or the DNS domain name.

11. To change the appliance name:

a. In the Appliance Name field, enter a unique name for the appliance that is consistent with your network security policies.

b. Click Submit.

c. Reboot the appliance. The wizard opens at the Setup Wizard – Domain page.

12. To change the DNS domain name:

a. In the DNS Domain Name field, enter the new domain name.

b. Click Save Changes, then Next.

The Alarm Handler Setup page opens. The appliance Health Monitor and Alarm Manager systems monitor the appliance and send alarm notifications when specific events occur. On this page, configure the basic systems for delivering alarm notifications.



14. Configure Alarm Manager to deliver alarm notifications through any applicable protocols as follows:

FRU Failure Notification – to deliver Field Replaceable Unit (FRU) hardware failure notifications, select FRU Failure Notification. Alarm Manager sends FRU failure notifications through email, so the email server values are the same for FRU failure and Email notifications. Refer to the following Email section for a description of the fields.

Email – to send alarm notifications via SMTP email message, select Email then enter values for the following fields:

Error, Warning, Informational – select the types of notifications to send via email.

User group address list – enter individual email addresses or email groups that specify to whom Alarm Manager sends alarm notifications. Separate the users or groups with a semicolon (;).

SMTP Server – enter the IP address or the fully-qualified domain name of the SMTP server to which Alarm Manager sends alarm notifications.

Source User – enter the name or email account from which Alarm Manager sends the email alarm notifications. This email address appears in the email From field. The value you enter depends on the requirements of your SMTP server. If the server authentication requires an email account, enter a valid email account; otherwise, enter any name that does not contain spaces.

Source User Password – enter the password for the Source User email account. This field is optional unless your SMTP server authentication requires a password.

SNMP – to send alarm notifications via SNMP trap, select SNMP then enter values for the following fields:

Error, Warning, Informational – select the types of notifications to send via SNMP.

SNMP Server – enter the IP address or the fully-qualified domain of the SNMP server.

SNMP Port – enter the port that the system uses for SNMP communication. If no value is entered, the system defaults to port 162.

SNMP Version – enter the SNMP version. The options are V1 or V2. If no value is entered, the system defaults to V1.

Syslog – to send alarm notifications via syslog message, select Syslog then enter values for the following fields:

Error, Warning, Informational – select the types of notifications to send via syslog.

Syslog Server – enter the IP address or the fully-qualified domain name of the syslog server that collects and receives log data.

Syslog Port – enter the port that the system uses for syslog communication. If no value is entered, the system defaults to port 512.

Syslog TCP or UDP – to specify the communication protocol, enter TCP or UDP. The value should match the protocol that is assigned on the syslog server. This



option complies with RFC 3164 and RFC 3195. If no value is entered, the system defaults to TCP.

Click Save Changes. The License File Upload panel is displayed:

Click on the Upload button. A new browser session will open. Note that in some browsers you may receive a message that the certificate is not trusted. Click the button or link to trust the certificate.

You can then select the license file you received from your software vendor. Click the Upload button to upload the file and observe the successful upload message. Click the Close button to close the separate upload window.

Click on the Next button to display the Server Signed Certificate and Private Key Upload panel:



You must now upload the server signed certificate. Click on the Upload button and follow the prompts to upload the server certificate file. Observe the successful upload message and close the separate window.

Repeat this process to upload the server private key file.

Click the Next button to display the KEK Signed Certificate and Private Key Upload panel.

WARNING: Use care when uploading the KEK signed certificate and private key. Uploading an incorrect file can permanently disable your Alliance Key Manager installation.

You must now upload the KEK signed certificate. Click on the Upload button and follow the prompts to upload the KEK certificate file. Observe the successful upload message and close the separate window.

Repeat this process to upload the KEK private key file.

Click the Next button to display the Auth Signed Certificate and Private Key Upload panel:



You must now upload the Auth signed certificate. Click on the Upload button and follow the prompts to upload the Auth certificate file. Observe the successful upload message and close the separate window.

WARNING: Use care when uploading the KEK signed certificate and private key. Uploading an incorrect file can permanently disable your Alliance Key Manager installation.

Repeat this process to upload the Auth private key file.



Click Next to display the AKM Configuration update panel:

You can modify the following values: KeyServerPort=6000 Specify the port numbr for key retrieval. The default is 6000. AdminPort=6001 Specify the port number for the administration services. The default is 6001. KeyServerIP=192.168.1.10 Specify the IP address of the key retrieval interface. AdminIP=192.168.1.10 Specify the IP address of the administrative interface. The default is the IP address assigned to the server. MirrorPortEnabled=N



If this server will receive mirroring transactions from other AKM servers, specify Y for Yes. Otherwise specify N for No. MirrorIP=192.168.1.10 Specify the IP address for receiving mirror transactions from other AKM servers. MirrorPort=6002 Specify the port number for receiving mirror transactions from other servers. The default is 6002. AdminPortEnabled=Y Specify Y for Yes if you want the administrative port enabled. You can also specify N for No to disable the administrative port. If you disable the administrative port you will need to run this web browser session again to enable it. MirrorOut=N Specify Y for Yes if this server will be sending mirror transactions to other AKM servers. Specify N for No if this server will not be sending mirror transactions. GroupRes=Permissive Specify Permissive for Group name resolution. Specify Strict if you want to use restrictive group name resolution. The default is Permissive. ServerSignedCert=AKMServerSignedCert Specify the name of the server’s signed certificate. This is the file you uploaded on previous panels. Do not specify the “.pem” extension. ServerPrivKey=AKMServerPrivKey Specify the name of the server’s private key. This is the file you uploaded on a previous panel. Do not specify the “.pem” extension. TrustedCACert=TCASelfSignedCert Specify the name of the server’s CA certificate. This is the file you uploaded on a previous panel. Do not specify the “.pem” extension. PCIDSSMode=Y Specify Y for Yes for PCI Data Security Standards mode. Specify N for No if you do not need PCI DSS compliance mode. DualKnowledgeRequired=N Specify Y for Yes if dual knowledge is required for key import and export operations. Specify N for No if dual knowledge is not required. Enabled=N Specify Y for Yes if automatic key rollover is required. Specify N for No if automatic rollover is not required. TimeOfDay=12:20:00 Enter the time of day for automatic key rollover operations in HH:MM:SS format.



Review the configuration and make any needed changes. If you specified a new IP address on the previous pages, you should change the AKM configuration file for the new IP address, etc.

Click the Write Changes to Disk button when you are finished.

Click the Next button to display the last Wizard panel:

Click Finish. The AKM key service should start.

If an error occurs you will see a dialog and a link to the application error log.

Review the error messages and return to the wizard to correct the errors.

When the Wizard is complete the main page is displayed:



Click on the AKM Service Control link to view the current status of the server:

When the status indicator is green the key service is running.


Introduction to System Administration

Alliance Key Manager is a browser-based management agent that resides on your appliance. It provides the following features:

Provisioning and Administration

The following features enable you to set up, configure and administer your appliance:

Easy-to-use deployment wizard

User and group management

Granular customization of network and network adapter settings

Ability to start and stop services

Remote rebooting of the appliance

Troubleshooting tools

Health Monitoring and Alarm Management

Health Monitor continuously checks conditions such as drive status, condition of the power supply, system temperatures and services running, and reports problems to Alarm Manager.

Alarm Manager provides email, SNMP and/or syslog alarm notifications of system errors and events.

Remote notification of Field Replaceable Unit (FRU) failures enables rapid depot services to quickly dispatch replacement components to ensure maximum uptime.

Update Management

Update Manager enables appliances to ―phone home‖ to a remote Update Service to check for pre-qualified updates for the appliance application, operating system and Alliance Key Manager software. For high security dark site environments that prohibit Internet access, you can upload and install updates from a media resource.

Manifest scripts provide the information required to download and install an update. When updates are available, you can download and install them either manually or automatically through customized update schedules.

Image Management

Image Manager is an appliance image management feature that enables you to create full and incremental backup images – either automatically or manually – of any appliance drive partition. You can also use this feature to quickly restore your appliance to a specific, known working state.

Introduction Administration Guide


Configuration Management

Configuration Manager enables you to rapidly deploy appliances by providing the ability to back up and restore configuration files. If you have multiple appliances, you can back up the configuration file on one appliance then restore it on all of your other appliances. This feature can also assist in disaster recovery if you need to replace the configuration file on an appliance.

Access Control

The Users and Groups features let you control access to the Alliance Key Manager features through group-level feature access lists. You specify the Alliance Key Manager features that the members of each group can access then assign users to each group.

System Auditing

The following log files record system activity to assist with troubleshooting:

Change log – records login/logoff events and Alliance Key Manager functions performed on the appliance

Appliance log – records events that occur during processing of the Alliance Key Manager appliance management features

Lighttpd logs – record Web server events

System logs – record operating system and support software events

File Management

The File Management feature enables you to view, download, upload and/or delete backup image files, backup configuration files, dark site update files, the alarm database and various log files.

Scheduled Maintenance Tasks

The Task Scheduler feature enables you to archive and delete alarm, configuration and system log files at scheduled intervals to maintain disk space and preserve the data for future reference.

Multiple Appliance Management

Multi-Appliance Console enables you to easily create and restore backup configuration files, create backup images, and download and install updates on multiple appliances from a single console. You can store the backup files locally on each appliance or on a network drive or Internet file repository. You can also open Alliance Key Manager on any appliance.

To support these management capabilities, you can add all appliances within your main subnet to Multi-Appliance Console with a single click or add individual appliances that reside on other subnets. You can also add groups to organize your appliances and simplify the multi-appliance management operations.

User Interface

The Alliance Key Manager user interface combines conventional menu navigation with graphical navigation toolbars and dashboards.

Administration Guide Introduction


Figure 1: Alliance Key Manager User Interface

The user interface consists of the following components.

Table 2: User Interface Components

Component Description

Toolbar Provides access to the Alliance Key Manager dashboards. When you click a toolbar icon, the associated dashboards appear. Also provides an option for logging off of Alliance Key Manager.

Menu bar Provides navigation menus for the Alliance Key Manager features. When you click a menu item in the menu bar, the options for that menu appear in the submenu area below the menu. Click these submenu items to navigate to feature pages.

Submenu Items associated with a menu bar menu. Click an item to launch the feature.

Introduction Administration Guide



Dashboard Provides a more direct means of accessing the pages associated with the Alliance Key Manager features. For example, to access the Groups tab on the Alarm Manager page, you can either click Appliance > Health from the menu bar, click the Alarm Manager Setup tab, click the Go to Alarm Manager Advanced Config link and then click the Groups tab, or click Groups within the Health Manager dashboard.

Action Request Indicator Notifies you that your attention is requested. The Appliance Launch page provides notification indicators within some dashboards that provide additional feature information such as alarms that you should review and updates that you should install. Click the indicator to view the associated items.

Note: Use the toolbar/dashboard or the menus/submenus interchangeably to navigate within the interface. This guide is organized to correspond with the Alliance Key Manager features. The procedural descriptions are based on the menu/submenu navigation.

Accessing Alliance Key Manager

To access the Alliance Key Manager user interface:

1. In a browser, open the URL https://<IP_address>:3886, where <IP_address> is the IP address of the network adapter that connects the Management PC to your appliance. The default IP address is 192.168.1.10. The Alliance Key Manager login page opens.

2. Enter the user name and password assigned to you for accessing Alliance Key Manager.

3. Click Submit.

Note: If your password has expired, you are prompted to enter your current password and a new password.


1: Alarm Manager

Alarm Manager monitors the appliance and sends alarm notifications when specific hardware and software events occur.

The Alarm Manager interface enables you to view current alarms, configure basic alarm delivery properties, and if necessary, configure advanced components that provide greater control over alarm delivery. You generally define the basic alarm notification properties when you set up the appliance; however, you can also set or change these values on the Alarm Manager Setup tab. To define the advanced alarm delivery components, refer to the ―Low Disk Space Alarm Messages‖ section.

When new alarms are available to view, Alliance Key Manager displays the Unacked # Alarms action request indicator within the Health Manager dashboard. Click this indicator to open the Alarms tab on the Alarm Manager page. You can then, review the alarms and acknowledge or clear them as described in the ―Review the Alarms Log‖ section.

Configure Basic Alarm Delivery Properties

When you ran the Setup Wizard to configure Alliance Key Manager, you defined the basic Alarm Manager alarm notification properties. If this initial configuration, which sets up email, SNMP and/or syslog alarm actions that Alarm Manager applies to all alarm categories is adequate for your purposes, it is not necessary for you to perform the procedures described in the remainder of this chapter. However, if you need to change the basic property values, perform the following steps. If you want to provide more control over the alarm notification process, refer to the ―Low Disk Space Alarm Messages‖ section.

To change the basic alarm notification properties:

1. Click Appliance > Health. The Alarm Manager page opens.

1: Alarm Manager Administration Guide


2. Click the Setup tab.

3. Configure all applicable notification delivery services as follows:

FRU Failure Notification – to deliver Field Replaceable Unit (FRU) hardware failure notifications, select FRU Failure Notification. Alarm Manager sends FRU failure notifications through email, so the email server values are the same for FRU failure and Email notifications. Refer to the following Email section for a description of the fields.

Email – to send alarm notifications via email, select the Email check box then enter values for the following fields:

Error, Warning, Informational – select the types of notifications to send via email.

User group address list – enter individual email addresses or email groups that specify to whom you want Alarm Manager to send alarm notifications. If you want to enter multiple users or groups, separate them with a semicolon (;). To add email groups, refer to the ―Low Disk Space Alarm Messages‖ section.

SMTP Server – enter the IP address or fully-qualified domain name of the SMTP server to which Alarm Manager sends alarms.

Source User – enter the name or email account from which Alarm Manager sends the email alarm notifications. This name appears in the email From field. The value you enter depends on the requirements of your SMTP server. If the server authentication requires an email account, enter a valid email account; otherwise, you can enter any name that does not contain spaces.

Source User Password – enter the password for the Source User email account. This field is optional unless your SMTP server authentication requires a password.

SNMP – to send alarm notifications to a network management system via SNMP trap, select the SNMP check box then enter values for the following fields.

Error, Warning, Informational – select the types of notifications to send via SNMP.

Administration Guide 1: Alarm Manager


SNMP Server – enter the IP address or fully-qualified domain name of the SNMP server.

SNMP Port – enter the port that the system uses for SNMP communication. If you do not enter a value, the system uses the default port, 162.

SNMP Version – enter the SNMP version. The options are V1 or V2. The default value is V1.

Syslog – to send alarm notifications to a network management system via syslog message, select the Syslog check box then enter values for the following fields:

Error, Warning, Informational – select the types of notifications to send via syslog.

Syslog Server – enter the IP address or fully-qualified domain name of the syslog server that collects and receives log data.

Syslog Port – enter the port that the system uses for syslog communication. If you do not enter a value, the system uses the default port, 512.

Syslog TCP or UDP – to specify the communication protocol, enter TCP or UDP. The value should match the protocol that is assigned on the syslog server. This option complies with RFC 3164 and RFC 3195. The default value is TCP.

4. Click Save Changes.

Review the Alarms Log

Alarm Manager writes all alarm messages to the alarms log and displays new alarms on the Alarms tab. The records in the log file can have the following states.

Table 3: Alarm Status Indicators

State Description

Unacked Unacknowledged. Indicates you have not acknowledged receipt of the alarm.

Acked Acknowledged. Indicates that you acknowledged receipt of the alarm. You can keep the alarm in the acknowledged state until you no longer need to refer to it.

Cleared Removes the selected alarms from the list on the page, but not from the Alarms log.

New alarms enter the Alarms log in the unacknowledged state. To acknowledge receipt of an alarm, but keep it on the Alarms tab for later review or until you resolve the associated issue, set the state to acknowledged. If you want to remove the alarm from the Alarms tab, clear it.

To view, acknowledge and clear the alarms:




2. Click the Alarms tab. By default, the alarms appear in reverse chronological order, with the most recent alarm appearing in the top row. You can change the sort sequence by clicking the column heading by which you want to sort.

3. To change the number of records Alarm Manager displays at one time, select 50, 100 or all in the Records field.

4. Review the alarm messages. This page automatically refreshes every 30 seconds; however, you can manually refresh the page by pressing F5.

5. After you review an alarm record, you can mark it as acknowledged or you can clear it from the list.

To acknowledge individual alarms, select the associated check box in the left column then click Ack Alarm. To acknowledge all alarms displayed on the current page, click Ack All. Alarm Manager changes the state of all acknowledged alarms to Acked.

To clear individual alarms, select the associated check box in the left column then click Clear Alarm. Alarm Manager removes the alarms you selected. To clear all alarms displayed on the current page, click Clear All. Alarm Manager clears the alarms from the

page, but does not remove them from the Alarms database.

Notes:

The alarm time stamp reflects Greenwich Mean Time (GMT). To display the time stamp in local time, select Local Time from the Time drop-down list. Local time is the local time property set on the Management PC.

To help avoid flooding the network, Alarm Manager throttles event messages. Within a twenty second period, Alarm Manager writes only one notification per action type per alarm category.



Low Disk Space Alarm Messages

Alarm Manager writes low free disk space alarm messages to the alarms log and displays them on the Alarms tab.

Configure Advanced Alarm Delivery Properties

If you want to provide greater control over alarm notification delivery, you can define the following components that provide a more flexible delivery solution.

Table 4: Alarm Manager Alarm Components


Alarm category Alarm associated with an event. An alarm category includes the following properties:

Name that identifies the category

Fixed message text

Severity

Alarm action Delivery protocol through which Alarm Manager delivers alarms. Options include SMTP (email) messages, SNMP traps and syslog messages. You can create multiple alarm action instances to specify different delivery options for a protocol, for example, to send alarm notifications to recipients on different SMTP servers.

Alarm actions are optional. If you do not assign alarm actions to alarm categories, alarm notifications are visible only on the Alarm Manager Alarms tab.

Email group Set of email addresses that you can assign to email actions to specify the users to whom Alarm Manager sends an alarm. Email groups eliminate the need to individually assign the same set of recipients to different alarm actions.



To configure the advanced alarm components, perform the following procedures in the sequence specified:

Figure 2: Configuring Advanced Alarm Components

1. If you plan to send alarm messages to multiple recipients through email, create one or more email groups to establish sets of email recipients. Refer to the ―Create Email Groups‖ section for details.

2. Create alarm actions to define specific delivery methods for alarm notification. Refer to the ―Create Action Instances‖ section for details.

3. Assign one or more action instances to each alarm category to specify how and where Alarm Manager delivers the alarm messages. Refer to the ―Assign Action Instances to Alarm Categories‖ section for details.

Note: If you make a change on the Setup, Groups, Actions or Categories tabs, Alarm Manager enables the Save Changes button on all of the tabs. When you click Save Changes on one of the tabs, Alarm Manager saves the changes you made on all tabs.

To configure the advanced components, click the Go to Alarm Manager Advanced Config link on the Setup tab.

Create Email Groups

Email groups provide an easy way to assign multiple recipients to alarm actions. Rather than assign individual email addresses for each recipient of an alarm notification, you can combine one or more recipients into a group and assign the group to the associated actions.

The system defines the groups FRU Notification Group and Default Notification Group if you configure the alarm FRU Failure Notification and Email properties within the Alliance Key Manager setup wizard or on the Alarm Manager Setup tab. The initial member of these groups is



the email account you specify in the User group address list field during setup. You can add or delete group members. You can also add any other groups that are appropriate for your organization.

To create email groups:



3. Click the Go to Alarm Manager Advanced Config link.

4. Click the Groups tab.

5. Click Add Group. A default group named NewEmailGroup_1 appears in the Group Name and Groups fields.

6. In the Group Name field, rename the group to comply with your naming conventions.

7. In the Email Address field, enter the email address of the first member you are adding to the group.

Note: You cannot add other groups to an email group.

8. Click Add Address. The address appears in the Email List field.

9. Repeat steps 7 and 8 to add an email address for each member of the group.


11. To create additional groups, repeat steps 5 through 10.

Note: To remove an email address, select the address in the Email list field then click Remove Address. To remove a group, select the group in the Groups list then click Remove Group. Click Save Changes.

If your browser is Internet Explorer, the groups you remove may reappear in the Groups list. If this happens, clear the browser cache by doing the following:

a. From the browser menu, click Tools > Internet Options.

b. On the General tab, click the Delete Files button within the Temporary Internet Files area.



Create Action Instances

Action instances specify a unique set of routing properties for the alarm action types (delivery methods) you implement. The following action types are available:

Email – sends alarm notifications to one or more recipients via email

Syslog – sends alarm notifications via syslog

SNMP – sends alarm notifications via SNMP

Important: To ensure proper delivery of the alarm notifications, when you define an alarm action, specify values for all of the properties associated with an action instance. You must click Modify Property for each property to assign the value.

Create Email/FRU Failure Action Instances

Email and FRU Failure action instances define the way that Alarm Manager delivers alarm notifications to the appropriate recipients via email. When you define email action instances, the properties you define also apply to FRU Failure alarm actions. To configure email action instances:




4. Click the Actions tab.

5. In the Action Types field, select Email. An instance appears in the Action Name field with the default name Email Action 1_1 and a set of properties for the action appear in the Properties of Action field.

6. In the Action Name field, change the name of the email action instance to a unique name that identifies the purpose of the action instance.

7. To ensure that Alarm Manager sends alarm notifications properly, select each property, enter a value in the Property Value field then click Modify Property. When you select:

a. SMTP Server IP – enter the IP address or fully-qualified domain name of the SMTP server to which Alarm Manager sends alarms. Click Modify Property.



b. User group address list – in the Email Groups field, select one or more email groups. Click Add Group then click Modify Property.

c. Source User – enter the name or email account from which Alarm Manager sends the email alarm notifications. This name appears in the email From field. The value you enter depends on the requirements of your SMTP server. If the server authentication requires an email account, enter a valid email account; otherwise, you can enter any name that does not contain spaces. Click Modify Property.

d. Source user password – enter the password for the Source User email account. This field is optional unless your SMTP server authentication requires a password. Click Modify Property.

8. After you modify all of the properties, click Add Action. The new action instance appears in the Action Instances box.

9. To configure additional email action instances, repeat steps 5 through 8 for each instance.

10. Review all of the new email action instances then click Save Changes.

Create SNMP Action Instances

SNMP action instances define the routing properties for delivering alarm messages via SNMP. To configure alarm notifications that Alarm Manager delivers via SNMP trap:





5. In the Action Types field, select SNMP. An instance appears in the Action Name field with the default name SNMP Action 1_1 and a set of properties for the action appear in the Properties of Action field.

6. In the Action Name field, change the SNMP action instance name to a unique name that identifies the purpose of the action instance.

7. To ensure that Alarm Manager sends alarm notifications properly, select each property, enter a value in the Property Value field then click Modify Property. After you select:



SNMP Server – enter the IP address or fully-qualified domain name of the SNMP server. Click Modify Property.

SNMP Port – enter the port the system uses for SNMP communication. The default port is 162. Click Modify Property.

SNMP Version – enter the SNMP version. The options are V1 or V2. The default value is V1. Click Modify Property.


9. To configure additional SNMP action instances, repeat steps 5 through 8 for each instance.

10. Review all of the new SNMP Action instances then click Save Changes.

Create a Syslog Action Instance

Syslog action instances define the routing properties for delivering alarm messages via syslog. To configure alarm notifications that Alarm Manager delivers via syslog message do the following:





5. In the Action Types field, select Syslog. An instance appears in the Action Name field with the default name Syslog Action 1_1 and a set of properties for the action appear in the Properties of Action field.

6. In the Action Name field, change the syslog action instance to a unique name that identifies the purpose of the action instance.

7. To ensure that Alarm Manager sends alarm notifications properly, select each property, enter a value in the Property Value field then click Modify Property. After you select:

Syslog Server – enter the IP address or fully-qualified domain name of the syslog server that collects and receives log data. Click Modify Property.

Syslog Port – enter the port the system uses for syslog communication. The default port is 512. Click Modify Property.



Syslog TCP or UDP – enter either TCP or UDP. The value should match the protocol that is assigned on the syslog server. This option complies with RFC 3164 and RFC 3195. The default value is TCP. Click Modify Property.


9. To configure additional syslog action instances, repeat steps 5 through 8 for each instance.

10. Review all of the new syslog action instances then click Save Changes.

Note: To remove an action instance, select the action instance in the Action Instances list then click Remove Action. If your browser is Internet Explorer, the actions you remove may reappear in the Action Instances list. If this happens, clear the browser cache by doing the following:

a. From the browser menu, click Tools > Internet Options.

b. On the General tab, click the Delete Files button within the Temporary Internet Files area.

Assign Action Instances to Alarm Categories

Alarm categories are the alarms that Alarm Manager sends. Follow the steps in this section to assign the action instances you created in the ―Create Action Instances‖ section to the alarm categories to specify how and where Alarm Manager delivers the alarms.

Categories consist of the components listed on the following table.

Table 5: Alarm Category Components


Category Predefined name that identifies an alarm category

Fixed Message Predefined message text associated with the alarm category

Severity Importance of the alarm

Action List One or more action instances that identify how Alarm Manager delivers the alarm message

Note: You cannot add or modify category names nor fixed messages.

To configure alarm categories:






4. Click the Categories tab.

5. In the Select Application field, select the Alliance Key Manager application (feature) for which you are configuring categories or choose Select All to select all applications. Alarm Manager populates the Application Alarm Properties table with all alarm categories for that application.

6. Click a category.

7. Alarm categories have a default severity (error, warning or info) assigned to them. To change the default severity, select a different severity in the Select Severity field.

Note: For a list of the alarm categories and their default severity levels, refer to the ―Alarm Categories‖ section in ―12: Troubleshooting‖.

8. Assign one or more action instances to the category by doing the following:

a. In the Available Alarm Actions list, select all applicable action instances.

b. Click the Add button (>>) to add the instances to the Current Alarm Actions list. To remove instances, click the Remove button (<<).


10. Repeat steps 5 through 9 for all applications in the list and for all alarm categories.


2: Update Manager

Update Manager enables you to download and install to your appliance, updates for your application software, the operating system and Alliance Key Manager. Updates can include software patches, operating system security and other types of updates, and full software upgrades.

IMPORTANT: You should always make an image backup of the Alliance Key Manager server before performing an update. In the event of a failure in the update process your data may be unrecoverable. Never skip this step.

Updates consist of the following components.

Table 6: Update Components


Patch Self-extracting program that installs a software fix, update or upgrade without user interaction

Package Set of one or more related patches. Update Manager displays all available packages on the Available Updates tab.

Manifest Script that contains the list of packages and patches for an appliance family update and instructions for locating, processing and installing them.

The following types of update solutions are available.

Table 7: Types of Update Solutions

Type of Update Description

Phone Home Update The manifest and patch files reside on an Internet-accessible Update Service. The Update Service is the central repository for all updates. When you click Phone Home within Update Manager, Update Manager ―phones home‖ to the Update Service to determine whether new packages are available for you to download. Update Manager displays a list of packages available for download on the Available Updates tab. You download the packages then install them.

You can perform the download and installation operations either

2: Update Manager Administration Guide


manually or automatically through download and installation schedules.

Refer to the ―Phone Home Update Process‖ section for information on downloading and installing packages within a phone home update environment.

Use this option if your appliance has Internet access.

Dark Site Update A dark site is a secure facility that does not permit Internet access. The manifest and patch files are stored in a zipped file that resides on a media source, such as an FTP server, CD, DVD or flash drive, that is accessible within a dark site. You add the update file to the appliance, extract the manifest and patch files then install the packages.

Refer to the ―Dark Site Update Process‖ section for information on adding, extracting and installing packages within a dark site environment.

Use this option if your appliance does not have access to the Internet.

To download and install update packages, you perform the following tasks:

1. Select the Operation Mode – perform this procedure to specify the method for downloading and installing packages. Refer to the ―Select the Operation Mode‖ section for details.

2. Download and install the update packages – perform one of the following procedures based on the update solution you select:

Phone Home Updates – refer to the ―Phone Home Update Process‖ section for information on downloading and installing update packages.

Dark Site Updates – refer to the ―Dark Site Update Process‖ section for information on adding, extracting and installing update packages.

Notes:

If you encounter update problems, display the alarms log and appliance log to obtain details related to the issue. To access the alarms log, click Appliance > Health then click the Alarms tab. To access the appliance log, click System > File Management then expand the ace element manager logs file category. You can also refer to the ―Update Manager Issues‖ section in ―12: Troubleshooting‖.

To re-download packages that you could not install, refer to the ―Rollback Packages‖ section.

Select the Operation Mode

The operation mode specifies the method by which you download and install update packages. The following operation modes are available.

Table 8: Update Manager Operation Modes

Operation Mode Description

Manual You manually download and install all packages.

Administration Guide 2: Update Manager


Download and Approve Update Manager automatically downloads packages based on download schedules you define then you install the packages manually.

Note: You must define a download timer before you change the operation mode to Download and Approve. Refer to the ―Manage Update Schedules‖ section for details.

Auto Update Manager automatically downloads and installs packages based on download and installation schedules that you define.

Note: You must define download and install timers before you change the operation mode to Auto. Refer to the ―Manage Update Schedules‖ section for details.

Dark You manually add the dark site update file to the appliance, extract the manifest and patch files, and install the packages. You must select this option to see the dark site files on the Available Updates tab.

To specify the update operation mode:

1. Click Appliance > Updates. The Update Manager page opens.

2. Click the Update Schedule tab.

3. In the Operation Mode field, select Auto, Download and Approve, Manual or Dark depending on how you want to process the downloads and installations. The default setting is Manual.

4. Click Submit.

Phone Home Update Process

If your appliance has access to the Update Service via the Internet, you can download and install update packages through the phone home update process. Figure 3 illustrates the components involved in this process and Table 9 describes each component.



Figure 3: Phone Home Update Components

Table 9: Phone Home Update Components


Management PC Computer that you use to manage the appliance. You access Update Manager through the Management PC.

Vendor-hosted Updates Remote server that hosts the update manifest and patch files. Update Manager downloads packages from this Update Service.

Note: Your software vendor manages this server.

Update Manager Phones home to the Update Service to determine whether new packages are available, downloads and installs the packages and displays the status of the download and installation operations. Also enables you to create update schedules and logs status alarms to Alarm Manager and other status information to the change log and the appliance log.



Appliance Computer on which the software you update with Update Manager is running.

To download and install update packages, perform one or more of the following procedures based on the operation mode you select (see ―Select the Operation Mode‖):

If you selected the Manual operation mode, download then install the update packages as necessary. Refer to the ―Manually Download Packages‖ section for information on downloading packages and to the ―Manually Install Packages‖ section for information on installing packages.

If you selected the Download and Approve operation mode, define a download schedule then after the automatic download completes, manually install the downloaded packages. Refer to the ―Manage Update Schedules‖ section for information on defining download schedules and to the ―Manually Install Packages‖ section for information on installing packages.

If you selected the Auto operation mode, configure download and install schedules that specify when these operations run. Refer to the ―Manage Update Schedules‖ section for information on defining schedules.

Manually Download Packages

If you selected Manual as the operation mode on the Update Schedule tab, you must manually download and install all packages.


Note: If you selected the Auto or Download and Approve operation mode, in addition to scheduled downloads, you can also manually download packages at any time.

To manually download a package:

1. Click Appliance > Updates.

2. Click the Available Updates tab.

3. Click Phone Home. Update Manager checks the Update Service for new updates then displays all available update packages.

Notes:

If you see the message ―Nothing new to download,‖ there are no new packages available.

The Last Successful Phone Home field displays the date/time stamp for the last time you successfully phoned home to the Update Service. A successful phone home involves downloading the manifest and building the package list.

If you see the message ―ERROR: Can't get the manifest file,‖ Update Manager cannot access the Update Service. This is usually due to a communications issue



between the appliance and the Update Service. See the ―Cannot Download Manifest‖ section in ―12: Troubleshooting‖ for possible solutions.

4. In the Package list, select the packages you want to download or click Select All to select all packages.

Note Update Manager enforces update dependencies; that is, if an update contains two packages, package #1 is always a dependency of package #2. If you select package #2, Update Manager automatically selects package #1 if you have not already downloaded it.

5. Click Download to initiate the download process. Update Manager displays the Update Status tab that lets you monitor the status of the download. For small packages, Update Manager displays the message ―Downloading…‖ For larger packages, Update Manager shows the progress of each patch within the package. When the download completes, Update Manager displays the packages on the Updates to Install tab.

Notes:

After you start the download operation, you cannot download additional packages until the initial download completes.

If an error occurs during the download operation, Update Manager retries the download three times at five minute intervals. If after three attempts Update Manager still cannot complete the download, it terminates the process, writes an alarm to the Alarms log and more detailed information to the appliance log then returns the package to the Available Updates tab.

6. Refer to the ―Manually Install Packages‖ section for information on installing the packages.

Manually Install Packages

To manually install packages, complete the following steps:

Note: If you selected the Auto operation mode, in addition to scheduled installations, you can also manually install packages at any time.




2. Click the Updates to Install tab.

3. In the Package list, select the check boxes for the packages you want to install or click Select All to select all packages.

4. Click Install to install the package. Before Update Manager installs the package, it may call Image Manager to create a backup image with the prefix ―befInst‖ followed by the package name and the suffix ―imgbackup‖. Update Manager displays the Install Status tab that lets you monitor the progress and status of the installation. While the installation is running, you see a revolving circle icon for each package in the Updates in Progress area that indicates the installation is in progress. You may also see messages that inform you an image backup is being created and the appliance will reboot after UM installs a specific package. When the installation completes, you see a list of the installed packages in the Installed Updates area.

Notes:

You must install all patches within a package. You cannot select individual patches.

After you start the installation operation, you cannot install additional packages until the initial installation completes.

If a package requires an appliance reboot (True appears in the Reboot column), the reboot initiates immediately after the package installation completes. You will have to log in to Alliance Key Manager after each reboot; however, Update Manager continues the installation process; it does not wait for you to log in.

Unlike downloads, if Update Manager cannot install a package, it does not retry the installation.

If Update Manager cannot install a package, refer to the ―Update Manager Issues‖ section in ―12: Troubleshooting‖ for help in resolving the issue.

After installing one or more packages, if you find that it is necessary to return the appliance to a pre-update state, use Image Manager to restore a backup image that was created prior to installing the packages.



Manage Update Schedules

Update schedules enable you to automate the download and installation processes. If you select the Download and Approve operation mode, you must create a download schedule. If you select the Auto operation mode, you must create a download schedule and an installation schedule.

You can perform the following procedures to manage your update schedules:

Configure Update Schedules

Change Update Schedules

Delete Update Schedules

Notes:

Scheduled downloads download all available packages, and scheduled installations install all available packages. This is different from manual downloads and installations, which let you download or install specific packages that you select.

Prior to changing the operation mode to Auto, you must define a download timer and an install timer. Prior to changing the operation mode to Download and Approve, you must define a download timer. If you delete a required timer from either operation mode, the scheduled downloads or installations will not occur.

To avoid network congestion, you should schedule downloads and installations to occur during a period of low system and network activity; for example, between 12:00 midnight and 7:00 a.m.

To determine the status of an automatic download or installation, check the Alarms tab on the Alarm Manager page, the change log (installations only) or the appliance log. Refer to the ―Review the Alarms Log‖ section in ―1: Alarm Manager‖ for information on viewing alarms and ―7: File Management‖ for information on viewing the appliance log and change log.



Configure Update Schedules

To configure a schedule:


2. Click the Update Schedule tab.

3. In the Timer field, select New Timer.

4. In the Purpose field, select Download to define the download schedule or Install to define the installation schedule.

5. In the When area, specify when the download or installation occurs by selecting Daily, Weekly or Monthly. If you select Weekly, select the day of the week that each download or installation occurs. If you select Monthly, specify the day of the month that each download or installation occurs.

6. In the At field, specify the time each download or installation occurs.

7. Click Add to save the schedule.

Change Update Schedules

You can define only one download schedule and one installation schedule. After you create a schedule, you can change the schedule parameters by doing the following:

1. In the Timer drop-down list, select the schedule you want to change.

2. Make your changes.

3. Click Update.

Delete Update Schedules

If you no longer need a schedule, you can delete it by doing the following:

1. In the Timer drop-down list, select the schedule you want to delete.

2. Click Delete. If the operation mode is set to Auto or Download and Approve, Update Manager displays a warning message. Click OK to delete the schedule.



Dark Site Update Process

If your appliance does not have access to the Update Service via the Internet, you can upload and install update packages through the dark site update process. The following figure illustrates the components involved in this process and Table 10 describes each component.




Figure 4: Dark Site Update Components

Table 10: Dark Site Update Components


Management PC Computer that you use to manage the appliance. You access Update Manager through the Management PC.



Media Source File source on which dark site update files reside. This can be an FTP server, CD, DVD, flash drive or other file source.

File Management Enables you to manage appliance files. Use File Management to add (upload) the zipped update file from the media source to the appliance.

Update Manager Enables you to set the update operation mode, extract the manifest and patch files from the zipped update file, and install the packages. Also displays the status of the installation operation and sends status alarms to Alarm Manager and other status information to the change log and the appliance log.

Appliance Computer on which the software you update with Update Manager is running.

To upload, extract and install update packages in a dark site environment:

1. Add the dark site update file to the appliance then extract the manifest and patch files. Refer to the ―Add and Extract Dark Site Files‖ section for details on these procedures.

2. Manually install the packages. Refer to the ―Manually Install Packages‖ section for information on installing packages.

Add and Extract Dark Site Files

If you select Dark as the operation mode on the Schedule Update tab, you must manually upload, extract, and install the update packages. To upload and extract a file for a dark site, complete the following steps. To install the packages, refer to the ―Manually Install Packages‖ section.

1. Click System > File Management.

2. Click the dark site packages file category to expand it.

3. Click Add.

4. Browse to and select the update file. Do not change the name of the file.



Note: The maximum file size for a dark site update file is 500MB.

5. Click Upload. When the successful upload window appears, close the window. The update file appears in the File Management dark site packages list and on the Available Updates tab on the Update Manager page.


7. On the Update Schedule tab, be sure that the Operation Mode is Dark.

8. Click the Available Updates tab.

9. In the File column, select the check box for the first dark site file. You can extract only one dark site file at a time.

Note: You must extract a dark site file and install all packages before you can extract another dark site file.

10. Click Extract. Update Manager decrypts the update file, extracts the packages and validates each package. Update Manager then displays the Update Status tab that lets you monitor the status of the extraction. If the validation is successful, Update Manager removes the update file from the Available Updates tab and displays the associated packages on the Updates to Install tab. If the package validation fails, the packages remain on the Available Updates tab and Update Manager displays an error message. Contact your software vendor for assistance.

Note: Update Manager does not send alarm notifications to Alarm Manager to indicate the status of dark site file extractions.

11. Refer to the ―Manually Install Packages‖ section for information on installing the packages.

Manually Install Packages

To manually install packages, complete the following steps.





3. In the Package list, select the checkbox for the packages you want to install or click Select All to select all packages.

4. Click Install to install the packages. While the installation is running, you see a revolving circle icon for each package in the Updates in Progress area that indicates the installation is in progress. You may also see messages that inform you an image backup is being created and the appliance will reboot after UM installs a specific package. When the installation completes, you see a list of the installed packages in the Installed Updates area.

If the installation fails, refer to the ―Update Manager Issues‖ section in ―12: Troubleshooting‖.

Notes:


You must install all patches within a package. You cannot select individual patches.

After you start the installation operation, you cannot install additional packages until the initial installation completes.


Unlike downloads, if Update Manager cannot install a package, it does not retry the installation.

Rollback Packages

The Rollback feature lets you manually remove downloaded packages from the Updates to Install tab and return them to the Available Updates tab. Use this feature if you cannot install a package or if your software vendor informs you that a replacement package is available. After you



roll back the packages, Update Manager can properly download or extract a new set of packages. If you roll back packages that were in a dark site file, you will see the dark site file on the Available Updates tab, not the individual packages.

Note: In this context, rollback does not mean that Update Manager removes previously installed packages from the appliance. You cannot remove an installed package from the appliance. To return to a pre-update state, you must restore a pre-update image. See ―3: Image Manager.‖

To roll back packages:



3. Click Rollback. Update Manager removes all of the packages from the Package list.

Update Manager returns downloaded packages to the Available Updates tab and returns dark site update files to the Available Updates tab and the DarkStore directory shown in the dark site packages category in File Management. See ―7: File Management‖ for the location of this directory.


3: Image Manager

Image Manager enables you to create backup images (restore points) and restore to one of these images if you encounter a problem that was not present in an earlier image. An image consists of all files that reside within an appliance drive partition. You can create backup images for each partition except the Alliance Key Manager backup partition. Backup images can be full or incremental backups. You can create the backup images either manually or automatically through image backup schedules.

SECURITY NOTE: The image manager will create two image backups. One image backup contains the OS, Alliance Key Manager application, key database, and other files. The second image backup contains the private keys used to secure the Alliance Key Manager application. You should never store or transport the two images files together. Be sure to enforce this separation at all times.

Notes:

If you are running a Software Appliance (Virtual Machine), the Image Manager feature is not available.

You can run only one image backup at a time.

Image Manager writes the results of all image backup and restore operations, including scheduled operations, to Alarm Manager and to appliance.log.

Important: If, for reasons other than authorization, you cannot access Alliance Key Manager to restore a backup image, refer to the ―Emergency Restore Procedure‖ section.

Table 11 shows the default Alliance Key Manager drive partitions.

Partition Description

Primary Root partition from which you boot the appliance. This is the location of the operating system and the Alliance Key Manager software. It may also contain your application software.

Backup Recovery partition within which Image Manager stores the backup image files and the change logs.

Data Partition within which the application data resides.

Table 11: Alliance Key Manager Partitions

Important: When you restore a backup image to a partition, Image Manager overwrites all files on the associated partition.

3: Image Manager Administration Guide


Image Manager Features

You can perform the following Image Manager tasks:

Manually Create Backup Images

Create a Default Backup Image

Configure Image Backup Schedules

Restore an Image

Restore the Factory Image – factory.tib

Manually Create Backup Images

You can create the following types of backup images for any partition in Table 11 except the backup partition:

Image Description

Full image Backup of the entire partition. A full backup image serves as the initial base for incremental backup images. To avoid confusion with incremental backup images, the file name cannot end with a number.

Incremental image Saves only the changes made since the last backup image. Image Manager adds a sequential index number to the end of the backup image name, for example, the file name for the first incremental backup ends with the number 2. The second incremental backup file name ends with the number 3, and so on.

Table 12: Types of Backup Images

When you create an incremental backup image, you can select a full or incremental backup image as the base image. Whether the base image is a full or incremental image, the incremental image contains only the changes made since the last backup image. Figure 5 illustrates the following incremental backup image scenario:

Backup2 was created with Backup as the base image. It includes only the changes made since Backup was created.

Backup3 was created with Backup2 as the base image. It includes only the changes made since Backup2 was created.

Although Backup4 was created with Backup2 as the base image, it includes the changes made since Backup3 was created, not the changes made sinceBackup2.

Figure 5: Incremental Backup Image Scenario

Administration Guide 3: Image Manager


To create a backup image:

1. Click Appliance > Images. The Image Manager page opens.

2. Click the Image Backup/Restore tab.

3. In the Select Partition field, select primary or data depending on whether you want to back up the primary partition, which backs up the operating system, Alliance Key Manager and your application software, or the data partition, which backs up just your application data.

4. Do one of the following depending on the type of backup image you are creating:

Full Image

To create a full backup image:

a. Select the Full radio button.

b. In the New File Name field, enter a name for the backup image file. The name must be unique, contain no more than fifty characters and cannot contain spaces or special characters. To avoid confusion during future incremental backups, the last character in the file name must be an alphabetic character (―A‖ through ―Z‖ or ―a‖ through ―z‖).

Notes:

o Backup image file names are case insensitive; that is, you cannot enter duplicate file names, even if the names have different combinations of upper and lower case letters. For example, the names default.tib and DEFAULT.tib represent the same file name.

o If you do not enter a file name, Image Manager assigns a name in the form <YYYY>_<MM>_<DD>_<hhmm>_<partitionname>_image.tib

where:

♦ <YYYY> is the four-digit year

♦ <MM> is the two-digit month

♦ <DD> is the two-digit day

♦ <hh> is the two-digit hour

♦ <mm> is the two-digit minutes

♦ <partitionname> is the name the partition you are backing up

o The time that Image Manager assigns to the file name when it creates the backup image may not match the timestamp for the backup image. This is



because the date in the name is based on the time set on the Management PC; whereas the time in the timestamp is based on the time set on the appliance.

Incremental Image

To create an incremental backup image, which saves only changes made since the last backup image:

a. Select the Incremental radio button.

b. In the Select Base Image field, select a backup image. Image Manager automatically names the incremental backup image BackupImageName#, where BackupImageName is the name of the base image you selected and # is the number of the increment. Incremental numbering starts with the number ―2.‖ The following sample backup image names illustrate the Image Manager naming convention:

ImageBackup – full backup image base file – no increment number

ImageBackup2 – first incremental backup image – increment number 2

ImageBackup3 – second incremental backup image – increment number 3

Note: The base image is always a full backup image.

Note: If the base image for an incremental backup image is corrupt, Image Manager creates a full backup image.

5. Click Create Image.

The message Working … appears in the Create Backup area. The backup process may take several minutes.

When the backup is complete, Image Manager replaces the Working … message with Image Creation Complete.

Navigating away from the Image Manager page causes the Working … message to disappear, and the completion message may not appear. You can verify that the backup is complete by checking the alarm log for the Image Creation Complete message.

Create a Default Backup Image

After you configure your appliance for production use, you should create a full backup image of the primary partition named default. This is a special backup image that enables you to restore to your original production configuration. You cannot delete default.tib after you create it. Refer to the ―Manually Create Backup Images‖ section for information on backing up an image.

Configure Image Backup Schedules

To automate the process of creating backup images, you can define backup schedules that specify what to back up and when to back it up. You can back up any labeled partition and can perform full or incremental backups.

To create an image backup schedule:




2. Click the Image Schedule tab.

3. In the Select Partition field, select primary or data.

4. In the Schedule Name field, select New Schedule then enter a name for the schedule. The name must be unique, contain no spaces or special characters and cannot exceed the maximum length of forty characters. The name must be unique across all partitions.

5. In the Schedule Type field, select Full or Incremental.

6. In the When field, select Daily, Weekly or Monthly. If you select Weekly, select the day of the week that each backup runs. If you select Monthly, select the day of the month that each backup runs.

7. In the At field, enter the time of day that each image backup runs.

8. Click Add.

9. Repeat steps 3 through 8 for each image backup schedule you want to define.

Notes:

You cannot modify an existing schedule. You must delete the schedule then create a new schedule. To delete a schedule, select it in the Schedule Name drop-down list then click Delete.

Multiple schedules cannot contain the same properties.

The recommended best practice is that scheduled backups should be full backups.

After a scheduled backup completes, Image Manager identifies and saves the date and time for the next scheduled backup. If you change the appliance date to a previous date, Image Manager does not run backups that are scheduled to run between the new date and the date it set for the next backup. For example, after Image Manager ran a scheduled daily backup at 1:00am on November 5

th, it saved 1:00am November 6

th as

the time and date for the next scheduled backup. If you set the appliance date to October 30

th, Image Manager does not run the backups scheduled for October 30

th through

November 5th because they are prior to the time and date set for the next backup –

1:00am November 6th. If you must set the date to a previous date, set the date then

delete the current schedule and create a new one.

You should periodically delete old backup images to avoid exceeding storage capacity. Refer to ―7: File Management‖ for information on deleting backup image files.



Restore an Image

If you encounter an issue with any partition that you cannot correct by restoring a configuration file or by installing an update, you can restore a backup image. Restoring a backup image replaces the data on the partition associated with the image you are restoring. You can restore a full backup image or an incremental backup image that was created before the problem occurred.

Image Manager lists the backup images you can restore based on the partition you are restoring. The sample page in the following step 2 shows the following types of backup images for the primary partition:

2008_Dec_8_1201_primary_image.tib – full backup image of the primary partition. Image Manager automatically created the file name using the default naming convention.

2008_Dec_8_1201_primary_image2.tib – incremental backup image of the primary partition. The base image is 2008_Dec_8_1201_primary_image.tib.

befInst90005100imgbackup.tib and befInst90005100imgbackup.tib – full backup images of the primary partition that Image Manager automatically created before Update Manager installed a package.

default.tib – production image – full backup image of the primary partition following configuration for production. This is the image you create after you configure Alliance Key Manager for production.

factory.tib – manufacturing image – full backup image of the primary partition. This is the

image shipped with Alliance Key Manager.

Note: Restoring an incremental backup image restores the following files to ensure that you restore all changes that occurred up to and including the incremental backup you restore:

Full backup image upon which the incremental backup is based

All incremental backup images created between the time of the full backup and the incremental backup you are restoring

Incremental backup you are restoring

To restore a backup image:




2. Click the Image Backup/Restore tab. The Image to Restore area displays all backup images.

3. In the Select Partition field, select the partition associated with the backup image you want to restore. The appropriate list of backup images for that partition appears in the Image to Restore area.

4. In the Restore Image column, select the radio button for the backup image you want to restore.

5. Click Restore Image. The image restore confirmation dialog box appears.

6. Click OK. The image validation confirmation dialog box appears.

7. To instruct Image Manager to validate the image before restoring it, click OK. This is the recommended best practice. To skip the image validation process, click Cancel. The image restore process begins.

After restoring the backup image, the appliance displays the login page then reboots to the image you restored. Wait for the appliance to reboot.

Notes:

During the restore process, the appliance reboots once for all partitions except the primary partition. For a primary partition restore, the appliance reboots twice.

The login page appears before the restore completes; therefore, you should wait at least five minutes before logging in to Alliance Key Manager.



8. To determine the status of the restore operation, look for the image restore message on the Alarms tab of the Alarm Manager page. The following sample page shows the results of several restore operations. Alarm record 6 shows a failed restore. Alarm records 3, 4 and 5 show successful restores. For information on viewing alarm messages, refer to the ―Review the Alarms Log‖ section in ―1: Alarm Manager‖.

Restore the Factory Image – factory.tib

The backup image factory.tib, is the manufacturing image installed on your appliance when it was shipped from the factory. You can restore your appliance to the original factory primary partition settings by restoring to factory.tib. Factory.tib is a full backup of the primary partition only. It does not include other partitions.

Notes:

You cannot delete factory.tib.

Because factory.tib does not contain any of your setup and configuration settings, when you restore to factory.tib, any IP addresses you assigned to the network adapters are reset to the default IP address values. Therefore, you may have to reconfigure the adapters before you can use Alliance Key Manager. Refer to the ―Adapters‖ section in ―5: Network Features‖ for details on configuring adapters.

Factory.tib does not restore the data partition. If you want to clear your application data, you must back up the data partition before you begin to add data. You can then restore that backup image to provide an empty data partition.

Delete Backup Images

To delete backup images that you no longer need, refer to ―7: File Management‖.

Important: If you delete an intermediate incremental backup image, you may not be able to restore a later incremental backup image. For example, in Figure 6, if you delete the incremental backup image Backup3, you will not be able to restore any of the other images unless you also delete incremental backup image Backup4. To restore a backup image, Image Manager requires a complete, unbroken sequence of incremental backup images.



Figure 6: Incremental Deletion Example

Emergency Restore Procedure

If you cannot access Alliance Key Manager because of an appliance failure, you can perform this emergency restore procedure to open a version of the software that provides access to Image Manager so you can restore a primary partition backup image. You can restore the appliance to any backup image.

To perform an emergency restore:

1. Connect a keyboard, video monitor and mouse to the KVM (keyboard, video, mouse) ports on the back of the appliance. Turn on the monitor.

2. Press the reset button on the front of the appliance. The appliance starts to reboot.

3. During the process of rebooting, a boot menu appears that asks you to select one of the following partitions:

Primary partition – NEWS (Main)

Recovery partition – NEWS (Recovery)

Select the Recovery partition and wait for the reboot to complete.

Important: Watch closely for this prompt, because you have only five seconds to select the recovery (backup) partition. If you are not able to select the Recovery partition before the boot menu disappears, press the appliance reset button to begin the reboot process again.

4. On the Management PC, refresh the browser. The login page appears.

Note: The URL should be https://192.168.1.10:3886.

5. Log in to Alliance Key Manager. The Restore Manager page opens.

6. Select a backup image to restore then click the Restore Image button. Image Manager starts the restore process. Wait for the reboot to complete. The appliance reboots to the primary partition.

Important: During this process, do not change the partition that is selected in the boot menu.

7. When the recovery completes (approximately 3 to 5 minutes), refresh the browser on the Management PC. You should now see the Alliance Key Manager login page.

Important: If the page does not open properly, be sure that the IP address in the URL that connects the Management PC to the management NIC on the appliance is correct. If the backup image you restore uses a different IP address, change the address in the URL.

8. Disconnect the keyboard, video monitor and mouse from the appliance KVM ports.


4: Configuration Manager

Configuration Manager enables you to back up and restore various appliance configuration properties. If you encounter configuration-related problems, you can use Configuration Manager to restore the configuration settings without having to use Image Manager to restore the entire primary partition. Configuration files are portable, which enables you to set up multiple appliances with a single configuration file (refer to ―Restore a Configuration File‖ for information on uploading configuration files). The configuration backup process captures the following settings:

Alarm Manager

Alarm Manager configuration

Update Manager

Operation mode

Download schedule

Installation schedule

Image Manager

Backup schedules

Task Scheduler

All schedule settings

Configuration Manager Features

The Configuration Manager features include:

Table 13: Configuration Manager Features

Feature Description

Backup Back up the appliance configuration files and store them on the appliance.

Restore Restore appliance settings to those stored in a backup configuration file

Note: You can download, upload and delete backup configuration files within File Management. You can also add a configuration file from another location. Refer to ―7: File Management‖ for details.

4: Configuration Manager Administration Guide


Back Up Configuration Properties

The Backup feature creates a backup file of the current configuration settings and stores it on the appliance. To create a configuration backup file:

1. Click Appliance > Configuration. The Configuration Manager page opens.

2. In the Configuration Name field within the Backup Configuration area, enter a unique name for the configuration file.

Note: Backup configuration file names are not case sensitive. Do not use duplicate file names, even if the names have a different combination of upper and lower case letters. For example, the file name ConfigurationBackup and CONFIGURATIONBACKUP represent the same file name.

3. In the Note field, add information that describes the configuration. Do not enter single quotes (‗) in this field.

4. Click Backup. When the backup completes, the message ―Configuration backup succeeded‖ appears above the Backup button.

Note: For information on applying the configuration file to other appliances, refer to the download and upload features described in ―7: File Management‖.

Administration Guide 4: Configuration Manager


Restore a Configuration File

The Restore feature enables you to restore a configuration file onto the appliance. The restored file overwrites the current configuration files.

To restore a configuration file to your appliance:

1. Click Appliance > Configuration. The Configuration Manager page opens.

2. In the Select Configuration field within the Restore Configuration area, select the file you want to restore. Configuration Manager displays the Note, Model Number, Date and System Serial Number metadata for the file in the corresponding fields.

Important: Confirm that you are restoring the correct file. Configuration Manager replaces the current appliance configuration files with the configuration files you are restoring.

If the configuration file you want to restore does not reside on the appliance:

i. Click System > File Management. The File Management page opens.

ii. Click the configuration backups category to expand it.

iii. Click Add.

iv. Click Browse then locate and select the configuration file you want to add.

v. Click Upload. File Management adds the file to the list of configuration files within the configuration backups category and to the list in the Select Configuration field on the Configuration Manager page.

vi. Return to the Configuration Manager page by clicking Appliance > Configuration.

3. Click Restore to start the restore operation. Configuration Manager installs the configuration files onto the appliance.

If you decide you do not want to restore the configuration file, click Cancel. This clears the Restore Configuration area.

4: Configuration Manager Administration Guide



5: Network Features

The Network features include the following network-related configuration, informational and management features:

Adapters – enables you to change the configuration of the appliance network adapters

Tools – enables you to perform the following tasks:

Ping a host

Trace packet routes

View network statistics

Management – enables you to manage the following network components:

Appliance name

DNS domain name (Linux) or domain name (Windows)

Network routes

ARP table

Host file

SSL certificate

Adapters

The Network Adapters feature displays the status, description, and configuration information for each of the appliance Network Interface Card (NIC) adapters. The page includes the following tabs.

Table 14: Adapters Tabs

Tab Description

Summary Displays a summary of the configuration values and status of the eth0 and eth1 (Linux) or GigE0 and GigE1 (Windows) adapters.

eth0 or GigE0 Shows the full configuration properties of the eth0 or GigE0 adapter and enables you to change the configuration. By default, this adapter is configured with the static IP address 192.168.1.10; however this may have been changed during initial configuration of the appliance. This adapter is configured as the management adapter that communicates with the Management PC.

Note: The recommended best practice for the eth0 or GigE0 adapter is to use the default IP address. This prevents loss of the

5: Network Features Administration Guide


Tab Description

connection between the Management PC and the appliance during configuration.

eth1 or GigE1 Shows the full configuration properties of the eth1 or GigE1 adapter and enables you to change the configuration. By default, this adapter is configured with a DHCP IP address; however this may have been changed during initial configuration of the appliance.

Configure an Adapter

To change an adapter configuration:

1. Click Network > Adapters. The Adapters page opens.

2. Click the tab for the adapter you want to configure, eth1 or eth0.

Administration Guide 5: Network Features


3. Do one or more of the following as applicable:

In the Type field, select Static IP or Dynamic IP (DHCP) to change the connection type.

If you select Dynamic IP (DHCP) in the Type field, no further changes are required. If you select Static IP:

i. In the IP Address field, enter a new IP address for the adapter.

ii. In the Subnet Mask field, enter the adapter‘s subnet mask.

Enter the default Gateway IP address.

Enter the Primary DNS server and Secondary DNS server values as needed.

Select or clear the Enabled check box to enable or disable the adapter connection. By default, Alliance Key Manager enables the adapters.

Note: To avoid breaking the connection to the appliance, if you change the IP address of the adapter through which the Management PC connects to the appliance, be sure that the new IP address is accessible from the Management PC before you click Submit.

4. Click Submit to apply the changes.

Note: If you changed the IP address for the adapter that connects the Management PC to the appliance, click the red link to access the appliance with the new IP address. For future access to the appliance, be sure you replace the IP address in the URL for accessing the appliance (https://<IP Address>:3886) with the new IP address.

Tools

The Network Tools page provides common network tools for analyzing network traffic on an appliance. You typically use these tools under the direction of a customer support technician when diagnosing a system problem. These tools include the following:

Ping – tests the connection from the appliance to another host

Trace Route – traces the connection route from the appliance to another host

Netstat (Network Statistics) – displays different types of connection information



Ping a Host

Ping is a computer network tool you can use to determine whether a host is accessible across an IP network. To ping a host:

1. Click Network > Tools. The Network Tools page opens.

2. Click the Ping tab.

3. In the Name/IP field, enter the host name or IP address of the host you want to ping.

4. If applicable, in the Options area, select one or more of the following options:

Constant ping – the appliance resends the ping until you manually stop it. To stop the ping, click the Stop button.

The constant ping feature displays four responses at one time, and updates these four lines as new ping responses arrive. This feature does not scroll through ping responses as it would if issued from a command line in a terminal window.

Timeout – set the maximum time (in milliseconds) to wait for the reply.

Address to Hostname – resolves the IP address to the host name for display.

Echo Request Number – set the number of requests. The default echo request number is four.

5. Click Ping. The results appear in the Results field.

Trace Network Packet Routes

Trace route is a computer network tool that you can use to determine the route taken by packets across an IP network. To trace the packet route from an appliance to a remote host:




2. Click the Trace Route tab.

3. If applicable, in the Options area, select one or more of the following options:

Timeout – set the maximum time (in milliseconds) to wait for each reply.

Don’t resolve addresses to hostnames – do not resolve addresses to host names for display. This disables name resolution, which improves performance.

4. Click TraceRt. The results appear in the Results field.

View Network Statistics

The netstat tool (short for network statistics) is a command line tool that displays network connections, routing tables, and a number of network interface statistics.


2. Click the NetStat tab.

3. In the Options area, select one or more of the following options. By default, netstat displays open socket connections (active connections) for all address families (IP, Unix socket, etc.).

All – displays active connections and listening sockets

Numerical – displays numerical addresses rather than symbolic host, port or user names



Routes – displays, the kernel routing tables

4. Click Netstat. The results appear in the Results field.

Management

The network management features are the following:

Change Appliance Name and Domain or DNS Domain Name

Add or Delete a Route

View and Flush the ARP Table

Edit the Host File

Replace the SSL Certificate

Change Appliance Name and Domain or DNS Domain Name

If you did not assign appropriate names for the appliance, domain, or DNS domain name during the initial appliance setup procedure, use the following procedures to change these values.

Important: If you have not configured the network adapters, you should do this before changing the appliance name or joining a domain or workgroup.

Linux Environment

To change the appliance name and DNS domain name:

1. Click Network > Management.

2. Click the Domain icon. The Domain page opens.

3. Do one or both of the following:

To change the appliance name:

i. In the Appliance Name field, enter a new appliance name. Use a name that is not already in use on your network.

ii. Click Accept Changes.

To change the DNS domain:



i. In the DNS Domain Name field, enter the DNS domain name.

ii. Click Accept Changes.

4. Reboot the appliance. Refer to the ―Reboot the Appliance‖ section in ―10: System Utilities‖ for information on rebooting an appliance.

Add or Delete a Route

The Routing feature displays the current state of the active and persistent routes for the appliance. You can add or delete routes to other networks from this page.

Each row in the Active Routes and Persistent Routes tables represents a route.

Add a Route

To create a new route:


2. Click the Routing icon. The Routing page opens.

3. Click Add a new Route.

4. In the Destination field, enter the IP address of the destination network.

5. In the Mask field, enter the subnet mask of the destination network.

6. In the Next Hop field, enter the IP address of the gateway for this route.

7. In the Metric field, enter the metric that specifies the weight value for the route.

8. In the Interface field, select the network interface for the route, eth0 or eth1 (Linux) or GigE0 or GigE1 (Windows).



9. If you would like the route to be persistent (not deleted when the appliance reboots), select the Enter as Persistent check box. If you do not select this check box, the route is added to the Active Route table.

Note: To add a persistent route, you must create two separate routes, one with the Enter as Persistent check box cleared (adds route to the Active Route table) and one with the Enter as Persistent check box selected (adds route to the Persistent Route table).

10. Click Add to create and save the new route.

Delete a Route

You can delete any route that shows a Delete button in the Delete column; however, prior to deleting a route, you should be sure that deleting the route will not impact the overall network connectivity.

To delete a route:


2. Click the Routing icon. The Routing page opens.

3. Click the Delete button associated with the route you want to delete.

Important:

Be sure that deleting this route will not impact connectivity to the Management PC. If the appliance is connected through this route, do not delete it.

The system does not display a deletion confirmation dialog box, so be sure you are deleting the correct route before you click Delete.

View and Flush the ARP Table

The ARP table displays the contents of the appliance Address Resolution Protocol (ARP) cache, which includes:

IP address

MAC address

Entry type – dynamic or static

To view the ARP table:




2. Click the ARP Table icon. The ARP Table page opens.

3. View the table information.

4. To clear the appliance ARP table cache, click Flush Arp Cache.

Edit the Host File

The host file is a file within your operating system that maps IP addresses to host names for the purpose of locating computers within a network. To change the host file settings:


2. Click the HostFile icon. The Edit Host File page opens.

Linux Host File

Replace the SSL Certificate

The appliance has an SSL certificate that encrypts the connection to Alliance Key Manager. If necessary, you can install a different SSL certificate. The table at the top of the SSL Certificate page displays a list of SSL certificates that have been uploaded to the appliance. The following information is available for each certificate:

Active – displays the status of the SSL certificate. The following icons are available:



– active certificate

– inactive certificate

– default certificate

File– name of the SSL certificate file

Subject – subject that is defined in the SSL certificate

Issuer – issuer of the SSL certificate

Expires – expiration date of the SSL certificate

Note: SSL certificates must meet the following requirements:

Must be a self-signed certificate

File must be in Privacy Enhanced Mail (.pem) format

File must have the .pem file extension

File must contain both the certificate and the private key

Private key must not require a passphrase

To replace the appliance SSL certificate:

1. Place the SSL certificate file in a folder on the Management PC. Be sure that the file has a .pem file extension.


3. Click the SSL Certificate icon. The SSL Certificate page opens.

4. In the Filename field located below the certificate information, click Browse to and select the appropriate SSL certificate file.

5. Click Upload. The file information appears in the SSL certificate table.

6. To activate the certificate, in the File column within the SSL certificate table, click the certificate file name then click the Activate button that appears at the bottom, left corner of the page. The green active icon appears in the Active column.



Note: To view the contents of the current certificate file, click the name of the file in the File Name field located within the Certificate Details area. Click OK to close the file.


6: Users and Groups

The Users and Groups features enable you to manage the users and groups that are defined within the appliance operating system to control access to the Alliance Key Manager features.

You can perform the following tasks with the Access features:

Manage Groups

Manage Users

When you add users, you can assign them to one or more groups. A group specifies the Alliance Key Manager access rights available to the users assigned to the group. Access is controlled through a feature list that lets you select the Alliance Key Manager features to which group members have access. If a user attempts to access a feature to which access is not granted, the system displays an error message.

Alliance Key Manager provides a default administrative user, applianceuser who is a member of the default administrative group ApplianceAdmin. ApplianceAdmin has access rights to all of the Alliance Key Manager features. You can add new users and groups to provide greater flexibility in controlling access to the Alliance Key Manager features.

Notes:

You cannot assign the same name to a user and a group, for example, you cannot have both a user and a group named Administrator.

You cannot delete or modify the ApplianceAdmin group.

Be sure that at least one user is assigned to the ApplianceAdmin group.

Manage Groups

You can perform the following tasks to manage the groups that control access to the Alliance Key Manager features:

Add a Group

Change a Group

Delete a Group

Note: For information on adding users to multiple groups, refer to the ―Add Users to Multiple Groups‖ section.

6: Users and Groups Administration Guide


Add a Group

When you define a group, you specify the name and access rights for the group. All members you assign to the group are assigned the access rights of the group.

To add a group:

1. Click Access > Groups. The Groups Management page opens. This page shows all existing operating system groups and the groups you add with the Alliance Key Manager Groups feature.

2. Click Add Group.

Administration Guide 6: Users and Groups


3. In the Name field, enter a descriptive name for the group. Do not include spaces or special characters other than underscore (_) or hyphen (-).

4. To enable access to Alliance Key Manager features, select the Alliance Key Manager Authorization check box.

Note: If you do not select this check box, you cannot specify access rights to the Alliance Key Manager features. The users you assign to this group will be able to log in to Alliance Key Manager, but will have no access to the Alliance Key Manager features.

5. If you selected Alliance Key Manager Authorization in step 4, in the Allow column of the feature list, select the Alliance Key Manager features to which you are providing access to the members of this group.

6. Click Add. The group appears in the Groups list.

Change a Group

To change the access rights for a group:

1. Click Access > Groups. The Groups Management page opens.

2. Click the group you want to change.

3. Make one or more of the following changes:

Select or clear the Alliance Key Manager Authorization check box.

Select or clear the check boxes in the Allow column of the feature list to change the features to which the members of this group have access.

4. Click Update.



Delete a Group

When you delete a group, you remove the group from the Groups list. This operation does not delete the users assigned to the group, but removes any access rights assigned to them through their membership in the group.

To delete a group:

1. Click Access > Groups. The Groups Management page opens.

2. Click the group you want to delete.

3. Click Delete.

4. When you are prompted to confirm the deletion, click OK.



Manage Users

You can perform the following tasks to manage your local users:

Add a User

Change User Information

Delete a User

Add a User

When you add a user, you specify a login user name and password, a comment, and the initial group to which the user is a member.

To add a user:

1. Click Access > Users. The User Account Management page opens. This page displays existing operating system users and the users you add with the Alliance Key Manager Users feature.

2. Click Add User.

3. In the Login Name field, enter the user name this user enters to log in to the appliance.

4. In the Comment field, enter any pertinent information about the user, such as the user‘s role within the company or contact information.

5. In the Password field, enter a password for the user then in the Confirm Password field enter the password again.

Note: Alliance Key Manager allows spaces in passwords; therefore, do not add spaces at the end of a password unless you want them to be part of the password.

6. In the Initial Group Membership field, select the initial group to which you want to add the user. To add the user to other groups, refer to the ―Change User Information‖ section.

Important: If you do not assign the user to a group, the system assigns the user to the first group in the Groups list. This group may have access rights that are not appropriate for the user, so it is important to assign the user to a group with the proper access rights.

7. Click Add.



Change User Information

You can change the following user attributes:

Description

Password

Groups

Note: The changes take effect immediately.

To change the information for a user:

1. Click Access > Users. The User Account Management page opens.

2. Click the user you want to change.

3. Do one or more of the following:

To change the comment, enter a new description in the Comment field then click the Update button within the User Information area.

To change the password:

i. In the Current Password field, enter the user‘s current password.

ii. In the New Password field, enter the new password.

iii. In the Confirm Password field, enter the new password again.

iv. Click the Update button within the Change Password area.



To bind (add) the user to a group, in the Member of (Group Membership) area, select the group then click Bind Group. Repeat these steps for each group to which you want to add the user. For information on assigning users to multiple groups, refer to the ―Add Users to Multiple Groups‖ section.

To remove the user from a group, in the Member Of (Group Membership) area, click the red UnBind link for the group. When you are prompted to remove the user from the group, click OK.

Notes:

o You cannot remove a user from all groups. All users must be assigned to at least one group.

o When you bind a user to—or unbind a user from—a group, the changes take place immediately upon clicking the Bind Group button or Unbind link. Do not click the Update button in the User Information or Change Password areas.

Delete a User

To delete a user:

1. Click Access > Users. The User Account Management page opens.

2. Click the user you want to delete.

3. In the User Information area, click Delete. When the system prompts you to confirm the deletion, click OK.



Add Users to Multiple Groups

If a user is assigned to multiple groups, the user has access to all of the features available through these groups. As illustrated in the following figure, user rjones is assigned to the UpdateAdministrators group, which has access to the Alarm Manager, Update Manager, Network Tools, System Management and File Management features. He is also assigned to the FeatureAdministrators group, which has access to the Alarm Manager, Update Manager, Image Manager, Configuration Manager and File Management features. Because rjones is assigned to both of these groups, he has access to all of the features available to both groups.

Figure 7: Access Rights from Multiple Groups


7: File Management

File Management displays the following types of files and lets you view, download, upload, add or delete them depending on the type of file you are managing.

Table 15: File Management File Categories

File Category Description

data partition image files Data partition backup image files created with Image Manager.

primary partition image files

Primary partition backup image files created with Image Manager.

The factory.tib backup image file is not included in this list because you cannot view, upload, download or delete this file.

If you created the default.tib backup image to back up your initial production image, this file appears in the list. You can download and upload the file, but you cannot delete it.

Within a Windows environment, you cannot view, download or upload an image backup file for any partition.

Important: Before you delete an intermediate incremental backup image, refer to the ―Delete Backup Images‖ section in ―3: Image Manager‖ for important guidelines.

configuration backup files Backup configuration files created with Configuration Manager.

configuration archive files Backup configuration files that Task Scheduler archives based on schedules you define.

dark site packages Encrypted update package files for updating appliances that reside within a dark site.

You add the files with File Management and then extract and install them with Update Manager. To see these files in Update Manager, you must select Dark as the operation mode on the Update Schedule tab.

alarms database Repository for Alarm Manager alarms.

When you delete the Alarms database, Alarm Manager restarts and creates a new database file.

Important: To ensure that you can access the information in the alarms database if you need to refer to it in the future, prior to deleting the database, you should download it to the Management PC or another location.

7: File Management Administration Guide



alarm archive files Backup alarm log files that Task Scheduler archives based on schedules you define.

Alliance Key Manager logs Appliance.log – records events that occur during processing of the following Alliance Key Manager features:

Alarm Manager

Health Monitor

Image Manager

Update Manager

Configuration Manager

SendMail.log – contains a log of SMTP communication between the appliance and an external email server. A new version of this file is generated whenever an email is transmitted by the appliance.

lighttpd logs Web server logs

system logs Operating system and support software logs

Administration Guide 7: File Management



change logs Record the following Alliance Key Manager events:

Alarm Manager:

Alarm handler configuration changed

Configuration Manager:

Configuration backup success

Configuration backup failure

Configuration restore success

Configuration restore failure

Image Manager:

Image backup success

Image backup failure

Image restore success

Image restore failure

Web:

User log in

User authentication failure

User log out

System date and/or time changed

System time zone changed

Feature control list changed

Update Manager:

Package download success

Package download failure

Package installation success

Package installation failure

The change log displays the values that existed before a change, as well as the new values.

When you view a file, the system records this action as a download.

The log records appear in chronological sequence, with the most recent changes at the bottom of the list.

The change log files reside within the backup partition.

Note: The maximum change log file size is 250 KB. When the file reaches this size, the system renames the file to change#.log (where # is an incremental number, for example, change0.log, change1.log) and opens a new change.log file.




installed packages list PTSS Linux Packaging Service. Appears only in a Linux environment.

Notes:

An Add button is available within the configuration backups and dark site packages categories. The Add feature enables you to add new files to the appliance that do not already reside on the appliance. Upload is similar to Add; however, it can only replace an existing file on the appliance with a file of the same name.

If your Management PC is running a Windows operating system, you can improve the viewing layout of log files that you download by using one of the following options. Both of these options display the file content in the same format that you see when you view the files in File Management. If your Management PC is running a Linux operating system, the default viewer displays the files in the correct format.

View the log files with WordPad rather than Notepad or an XML editor.

Change the file extension to .xml. When you open the file, it opens in a browser.

You can perform an operation on a file only if the link for the operation is red.

To view, download, upload or delete a file:

1. Click System Tools > File Management. The File Management page opens.

2. Click a file category to expand the list of files within the category. To close the category, click the category again to collapse the list.

3. Do one of the following:

To view a file, click the red View link associated with the file you want to view. The file opens in a separate browser window. If you have the file open for an extended period, you can refresh the file to view the latest entries by clicking Refresh.

To download a file:

i. Click the red Download link associated with the file you want to download. A browser-specific dialog box opens from which you can save the file to the Management PC or another location.

Administration Guide 7: File Management


ii. Save the file.

Note: You cannot download files that are larger than 500 MB.

To upload a file:

i. Click the red Upload link associated with the file you want to upload.

ii. In the Upload file field, click Browse to browse to and select the file you want to upload.

Notes:

♦ The file you select must have the same file name and extension as the file in the File Management list that you are replacing when you perform the upload.

♦ You cannot upload files that are larger than 500 MB.

iii. Click Upload.

To add a file:

i. Within a category that supports the Add feature, click the Add button. The File Create dialog box opens.

ii. Browse to and select the file you want to add.

Note: You cannot add files that are larger than 500 MB.

iii. Click Upload. When the successful upload window appears, close the window. For configuration files, the file appears within the configuration backups list and in the Update existing file field on the Configuration Manager tab. For dark site packages, the file appears within the dark site packages list and on the Available Updates tab on the Update Manager page (you must select the Dark operation mode on the Update Schedule tab to see the files).

To delete a file:

i. Click the red Delete link associated with the file you want to delete.

ii. In the confirmation dialog box, click OK.

Notes:

For log files greater than 20MB in size, File Management provides a Download link, but not a view link. You can view the file by clicking Download then clicking the Open button in the Download dialog box or by downloading the file then opening it.

You should monitor the appliance.log file to ensure that it does not consume too much disk space. You can create a scheduled task within Task Scheduler that archives and clears the appliance log and lighttpd logs on a regular basis to minimize the chance of disk consumption problems.

Deleting the appliance log clears the log, it does not delete the file.


8: Task Scheduler

Task Scheduler provides archive and maintenance features that enable you to run the following tasks at scheduled intervals:

Archive the Configuration File to a Local Directory

Archive the Configuration File to a Remote Location

Archive the Alarm Log to a Local Directory

Archive Log Files to a Remote Location

Delete Log Files

Task Scheduler User Interface

Figure 8 shows the list of scheduled tasks that appear to the end-user. From this page the user can view task information and click any link to edit the user-configurable parameters. For more information about user-configurable parameters see the ―5. Customizing Task Scheduler‖ chapter in the Alliance Key Manager 2.0.0 Customization Guide.

Figure 8: Scheduled Tasks List

The Task Scheduler user interface provides the following information.

Table 16: Task Scheduler User Interface

Column Description

Enabled Specifies whether the scheduled task is active and ready to launch at the time specified in the task schedule.

Description Name of the task. Click each link to access the page for configuring the task schedule.

8: Task Scheduler Administration Guide


Column Description

Interval Specifies whether the task runs on a weekly or monthly basis. You can set tasks to run daily by creating a weekly schedule and selecting each day of the week.

Time Time the task is scheduled to run.

Day Days the task is scheduled to run. For monthly schedules, the days are indicated with a numeric value that identifies the day of the month. For weekly schedules, the days are indicated by three-character abbreviations that identify the days of the week.

You can adjust the schedules and define the location of local and remote archive files.

Task Scheduler records all scheduled task operations in the change log. No alarms are generated.

Configuration Manager backs up all of your Task Scheduler settings, so you can easily propagate them to each of your appliances.

Archive the Configuration File to a Local Directory

The Archive Configuration Locally task backs up the Alliance Key Manager configuration file then moves the file to the local appliance directory shown in the File Management configuration archives category. Prior to moving the file, Task Scheduler compresses it to minimize space requirements.

Note: The Delete Source after Operation check box does not apply to archiving the configuration file.

To define the schedule for archiving the configuration file to a local directory:

1. Click System Tools > Task Scheduler.

2. In the Description column, click Archive Configuration Locally Task.

Administration Guide 8: Task Scheduler


3. If you want to change the description of the task, enter the new name in the Scheduled Task Description field.

4. Select the Enabled check box to enable this task. If at some point you want to temporarily disable the task, clear the check box.

5. In the Schedule Details area, define the archive schedule by doing the following:

a. Select Weekly or Monthly. If you select Weekly, select one or more days of the week on which Task Scheduler runs the archive operation. If you select Monthly, select the day of the month that each archive runs.

b. In the At field, enter the time of day that each archive operation runs.

6. Click Modify.

Archive the Configuration File to a Remote Location

The Archive Configuration Remotely task backs up the Alliance Key Manager configuration file then moves the file to a remote location on a network file share or FTP site, Prior to moving the file, Task Scheduler compresses it to minimize space requirements.


To define the schedule for archiving the configuration file to a remote location:


2. In the Description column, click Archive Configuration Remotely Task.



5. In the Transport field, select the transport protocol. Select FTP to archive the log files on an FTP site or File System to archive the files on a network share.



6. In the Destination field, enter the path to which Task Scheduler saves the configuration file.

7. In the Username and Password fields, enter the credentials that provide authorized access to the destination you specified in step 6.




9. Click Modify.

Archive the Alarm Log to a Local Directory

The Archive Alarm Log Locally task backs up the Alliance Key Manager alarm log file to the local appliance directory shown in the File Management alarm archives category. Prior to backing up the file, Task Scheduler compresses the file to minimize space requirements. You can instruct Task Scheduler to remove the following alarms from the alarm log file after it archives the file:

All Info and Warning level alarms

Warning level alarms that have been acknowledged and cleared

To define the schedule for archiving the alarm log file:


2. In the Description column, click Archive Configuration Locally Task.





5. To instruct Task Scheduler to remove Info, Warning and cleared Error alarms from the alarm log file after it archives it, select the Delete Source after Operation check box.




7. Click Modify.

Archive Log Files to a Remote Location

The Archive Log Files Remotely task backs up the following log files and associated rollover files to a remote location on a network file share or FTP site:

appliance.log

error.log

access.log

Prior to backing up the files, Task Scheduler compresses them to minimize space requirements. You can instruct Task Scheduler to run the Delete Log Files task to clear the log files after it archives them.

To define the schedule for archiving the appliance log files to a remote location:


2. In the Description column, click Archive Log Files Remotely Task.





5. In the Transport field, select the transport protocol. Select FTP to archive the log files on an FTP site or File System to archive the files on a network share.

6. In the Destination field, enter the path to which Task Scheduler saves the log files.

7. In the Username and Password fields, enter the credentials that provide authorized access to the destination you specified in step 6.

8. To instruct Task Scheduler to delete the appliance log files after it archives them, select the Delete Source after Operation check box.




10. Click Modify.

Delete Log Files

The Delete Log Files task performs the following procedures at scheduled intervals for the Alliance Key Manager and lighttpd log files:

1. Deletes the rollover files for the following log files:

appliance.log

error.log

access.log

2. Copies the active appliance, error and access log files to the following rollover files:

appliance.log.0

error.log.0

access.log.0

3. Clears the contents of the active log files: appliance.log, error.log and access.log


To define the schedule for deleting the log files:




2. In the Description column, click Delete Log Files Task.



5. To instruct Task Scheduler to clear the contents of active log files after it copies them to the rollover files, select the Delete Source after Operation check box.

6. In the Schedule Details area, define the deletion schedule by doing the following:

a. Select Weekly or Monthly. If you select Weekly, select one or more days of the week on which Task Scheduler runs the delete operation. If you select Monthly, select the day of the month that each archive runs.


7. Click Modify.



Duplicating and Deleting Scheduled Tasks

You can define multiple scheduled tasks to meet your specific needs. For example, you can archive log files on a weekly basis and also on the last day of the month. To define multiple tasks, you duplicate an existing task then modify it.

You can also delete any scheduled tasks that you no longer need.

Duplicating Scheduled Tasks

To duplicate a scheduled task:


2. In the Description column, click the task you want to duplicate.


4. Click Modify.

Deleting Scheduled Tasks

To delete a scheduled task:


2. In the Description column, click the task you want to delete.

3. Click Delete.


9: Multi-Appliance Console

Multi-Appliance Console is a multi-function management feature that enables you to easily perform the following operations on all of your Alliance Key Manager-enabled appliances from a single console:

Create, restore and propagate backup configuration files

Create backup image files

Download and install updates

Open Alliance Key Manager on an appliance

To facilitate these appliance management features, Multi-Appliance Console provides the following setup and maintenance features:

Automatically find and add all appliances that reside within the current subnet

Add individual appliances including those that reside within other subnets

Add groups that make it easy for you to perform operations on sets of appliances

Add appliances to groups and remove them from groups

Select all appliances and groups with the click of a button

View and edit appliance and group properties

9: Multi-Appliance Console Administration Guide


Multi-Appliance Console System

The following figure shows the devices that comprise the Multi-Appliance Console system and Table 17 describes each of these devices.

Figure 9: Multi-Appliance Console Devices

Table 17: Multi-Appliance Console Devices


Multi-Appliance Console Server

Provides the user interface and process controls for managing multiple appliances. You can use the server to manage all of your appliances, including the server itself. Any appliance running Alliance Key Manager can serve as the Multi-Appliance Console Server.

Important: Although it is possible to run more than one Multi-Appliance Console Server, the recommended best practice is to have only one server. This practice eliminates conflicts and operational failures that can occur when multiple servers run Alliance Key Manager operations simultaneously on the Multi-Appliance Console Agents.

Multi-Appliance Console Listener

Listener resides on the appliance that the Multi-Appliance Console Server manages and processes the commands. The appliance can reside within any subnet that the Multi-Appliance Console appliance can access.

Administration Guide 9: Multi-Appliance Console


Start Multi-Appliance Console

To start an appliance as a Multi-Appliance Console Server:

1. Open Alliance Key Manager by running https://<IP Address>:3886 from your browser, where <IP Address> is the IP address of the network adapter that connects the Management PC to your appliance.

2. Click System Tools > Multi-Console. The Multi-Appliance Console page opens.

3. Click the Start Service button to enable Multi-Appliance Console.

Note: To stop the Multi-Appliance Console service, click the Stop Service button that appears when the service is running.



Multi-Appliance Console User Interface

The following figure shows the components of the Multi-Appliance Console user interface and Table 18 describes each of these components.

Figure 10: Multi-Appliance Console User Interface



Table 18: Multi-Appliance Console UI Components


View Management area Provides the following features:

Add, change, and delete appliances and groups within Multi-Appliance Console

Add appliances to a group

View the appliances within a group

Remove appliances from a group

Appliance icon Represents an appliance that you add to Multi-Appliance Console for management purposes.

Group icon Set of appliances that you can manage. You can add an appliance to only one group.

Appliances Available for Management area

Displays the appliances and groups you add to Multi-Appliance Console. To perform an Alliance Key Manager operation, you select the appliances and/or groups in this area then execute the operation from the Management Actions area. When you expand a group to view the contents, this area displays the appliances within the group.

Breadcrumb trail Identifies the navigational context. When you open Multi-Appliance Console, the breadcrumb trail displays Main View. When you expand a group, the breadcrumb trail displays Main View and the name of the group.

Management Actions area Provides the following Alliance Key Manager operations you can perform on the appliances and groups you select within the Appliances Available for Management area:

Back up and restore configuration files

Create backup images


Open Alliance Key Manager on an appliance you select

You can also view the basic properties of an appliance and select or unselect all appliances and groups within the current context.

Determine the State of the Appliances

Below each icon, Multi-Appliance Console displays the different states of individual appliances and the appliances within a group.

When you select an appliance or group, Multi-Appliance Console places a green check mark over the icon. If you select a group, Multi-Appliance Console selects all appliances within the group.



Appliance Authentication

When you add appliances to Multi-Appliance Console, you must provide authentication credentials that grant access to the appliances. When you add individual appliances, you enter the credentials for each appliance. When you use the Find feature, Multi-Appliance Console assumes that you use the same user name and password for all of the appliances on the subnet. If you assign different user credentials to the appliances, when Multi-Appliance Console adds the appliances, they appear with an error status. When you open the appliance to view the error, Multi-appliance console asks if you want to reauthenticate. You can then enter the appropriate user name and password.

The appliance authentication credentials expire after thirty days. When this occurs, you must re-add each affected appliance to Multi-Appliance Console. If the credentials changed during or after the thirty day timeout period, contact the appliance administrator to obtain the new user name and password.

Appliance Management Process

To manage your appliances with Multi-Appliance Console, perform the following high-level procedures:

1. Set Up and Maintain Multi-Appliance Console – add the appliances you want to manage, and if applicable, assign them to groups.

2. Open Alliance Key Manager on an Appliance

3. Manage Your Appliances – perform Alliance Key Manager operations on the appliances.



Set Up and Maintain Multi-Appliance Console

Before you can manage your appliances through Multi-Appliance Console, you must provide access to the appliances you want to manage, and if applicable, organize them in groups. This section describes the following tasks:

Find and Add Available Appliances

Add Appliances Manually

Add Groups

Add Appliances to a Group

View the Appliances within a Group

View the Properties of an Appliance

View and Acknowledge Errors

Remove Appliances from a Group

Edit Appliances and Groups

Delete Appliances and Groups

Find and Add Available Appliances

The Find feature searches the subnet on which the Multi-Appliance Console server resides for all appliances that are eligible for Multi-Appliance Console management. To be eligible, an appliance must have Alliance Key Manager installed. The Find feature returns only appliances that are not already present within Multi-Appliance Console.

Note: Find always places appliances in the Main View, regardless of the context. For example, if you click Find while viewing the contents of a group, the appliances appear in the Main View, not within the group.

To find and add appliances:

1. In the View Management area, click Find. Multi-Appliance Console displays the User and Password fields in the Management Actions area.

2. In the User and Password fields, enter the credentials you use to log on to your appliances then click Submit. Multi-Appliance Console displays a broadcast find confirmation message. For information on the authentication credentials, see ―Appliance Authentication.‖

3. Click OK. Multi-Appliance Console displays all of the appliances it finds in the Appliances Available for Management area. Above each appliance is the appliance name, which defaults to the IP address. Below each appliance is the appliance status. If the status is ―Error Unacked,‖ an error occurred when Multi-Appliance Console added the appliance. Refer to the ―View and Acknowledge Errors‖ section for information on errors.



Add Appliances Manually

The Add feature enables you to add individual appliances to Multi-Appliance Console for management purposes. With this feature, you can add appliances that reside on different subnets.

To add an appliance:

1. In the View Management area, click Add.

2. Select Add Appliance then click Submit.

3. In the IP Address field, enter the appliance IP address.

4. In the Appliance Name field, enter a name that identifies the appliance. Multi-Appliance Console displays this information above the appliance icon in the Appliances Available for Management area.

5. In the User and Password fields, enter the credentials for logging on to the appliance.



6. In the Appliance Description field, enter information that describes the appliance. Multi-Appliance Console displays this information as a tool tip when you move your mouse pointer over the appliance icon.

7. Click Add. Multi-Appliance Console adds the appliance to the Available Appliances for Management area. Above the appliance is the appliance name. Below the appliance is the appliance status. If the status is ―Error Unacked,‖ an error occurred when Multi-Appliance Console added the appliance. Refer to the ―View and Acknowledge Errors‖ section for information on errors.

Add Groups

The Add feature enables you to add groups for organizing your appliances and making it easier to perform operations on a set of appliances. The group icon consists of stacked appliances. Below the icon is the number of appliances in the group.

To add a group:

1. In the View Management area, click Add.

2. Select Add Group then click Submit.



3. In the Group Name field, enter a name that identifies the group. Multi-Appliance Console displays this name above the appliance icon in the Appliances Available for Management area.

4. In the Group Description field, enter information that describes the group. Multi-Appliance Console displays this information as a tool tip when you move your mouse pointer over the group icon.

5. Click Add Group. Multi-Appliance Console adds the group to the Available Appliances for Management area. Above the group is the group name. Below the group is the number of items in the group.

Add Appliances to a Group

The Group feature enables you to group appliances together logically, geographically or in any other way that meets your needs. This provides a simple way to perform operations on multiple appliances simultaneously for management.

To add an appliance to a group:

1. In the Appliances Available for Management area, click the appliances you want to add to a group.

2. In the View Management area, click Group.

3. In the Add to Group area, select the appropriate group.

4. Click Add. Multi-Appliance Console adds the appliances to the group and removes them from the Appliances Available for Management area.

Note: You can also add an appliance to a group by expanding the group then using the Add feature to add the appliance directly to the group. See the ―View the Appliances within a Group‖ and ―Add Appliances Manually‖ sections.

View the Appliances within a Group

The Expand feature enables you to view the appliances within a group. The Collapse feature closes the group view.

To view the appliances within a group:

1. In the Appliances Available for Management area, click the group you want to view.

2. In the View Management area, click Expand. Multi-Appliance Console displays the appliances within the group and enters the name of the group in the breadcrumb trail within the Appliances Available for Management area, for example, Main View => Group1.

3. To close the group view, click Collapse.



View the Properties of an Appliance

Multi-Appliance Console stores the following information about each appliance:

To view the properties of an appliance or the appliances within a group:

1. In the Appliances Available for Management area, click the appliance or group for which you want to view the properties or click Select All.

2. In the Management Actions area, click View. If you selected a single appliance, Multi-Appliance Console displays a list of the appliance properties. If you selected a group or multiple appliances, Multi-Appliance Console displays a table that shows all of the appliances and the properties for each appliance. To see a detailed view of an appliance, click the associated link in the Description column.

View and Acknowledge Errors

When you add an appliance or when you run an Alliance Key Manager operation, you may see the status ―Unacked Error‖ below one or more appliances, or you may see a group icon with the red error indicator. To view the error message and acknowledge the error status:

1. In the Appliances Available for Management area, click the appliance you want to view. If necessary, expand the appropriate group to access the appliance. Multi-Appliance Console displays the error message.

2. Review the alarm message then click OK to acknowledge you have read it. The status changes to ―Error Acked.‖



Remove Appliances from a Group

To remove appliances from a group:

1. In the Appliances Available for Management area, click the group from which you want to remove appliances.


To remove all appliances from the group, click UnGroup in the View Management area. Multi-Appliance Console removes all appliances from the group and displays them in the Appliances Available for Management area.

To remove appliances from one group and place them in a different group:

i. Click Expand. Multi-Appliance Console displays all appliances within the group.

ii. Click the appliances you want to move.

iii. In the View Management area, click Group.

iv. In the Add to Group area, select the group to which you want to move the appliances.

v. Click Add. Multi-Appliance Console removes the appliances from the current group and places them in the new group.

Edit Appliances and Groups

The Edit feature enables you to change the name and description of appliances and groups. To edit an appliance or group:

1. Select the appliance or group you want to edit by doing one of the following:

If the appliance or group is in the Appliances Available for Management area, click the appliance or group.

If the appliance is within a group, click the group, click Expand then click the appliance.

2. In the View Management area, click Edit.


4. Click Submit.

Delete Appliances and Groups

The Delete feature enables you to delete appliances and groups from the Appliances Available for Management area.

Important: When you delete a group, Multi-Appliance Console deletes the group and all of the appliances within it. If you do not want to delete the appliances within the group, use the UnGroup feature to remove them from the group before you delete it.

To delete an appliance or group:

1. Select the appliance or group you want to delete by doing one of the following:

If the appliance or group is in the Appliances Available for Management area, click the appliance or group.

If the appliance is within a group, click the group, click Expand then click the appliance.



2. In the View Management area, click Delete.

3. Click OK to confirm the deletion.

Open Alliance Key Manager on an Appliance

You can open Alliance Key Manager on an Multi-Appliance Console agent. This feature makes it easy to perform any Alliance Key Manager operation on an appliance, especially those that are not available directly through Multi-Appliance Console.

To access Alliance Key Manager on an appliance:

1. In the Appliance Available for Management area, click the appliance on which you want to open Alliance Key Manager.

2. In the Management Actions area, click Open AKM.

3. Click Submit.

4. Log on to Alliance Key Manager.

Stop a Multi-Appliance Console Listener

If an appliance you are managing with Multi-Appliance Console is not responding:

1. Open a browser then in the Address field, enter <IP address>:3886, where IP address is the IP address of the appliance that is not responding (listener or agent).

2. On the listener appliance, log on to Alliance Key Manager.

3. Open Multi-Appliance Console. For details, see ―Start Multi-Appliance Console.‖

4. In the Management Actions area, click Stop Agent.

5. Close Alliance Key Manager then return to the Multi-Appliance Console server.

6. Refresh the Multi-Appliance Console page. Alliance Key Manager removes the appliance icon from the Appliances Available for Management area.

7. Re-add the appliance to Multi-Appliance Console. For details, see ―Add Appliances Manually.‖

Manage Your Appliances

After you add and organize your appliances and groups, you can perform the following management tasks on your appliances:

Create and restore backup configuration files

Create backup image files




Create Backup Configuration Files

With Multi-Appliance Console, you can create backup configuration files for archive and disaster recovery purposes. When you create a backup configuration file, you have the following options:

Back up the configuration of each appliance you select and save the file locally on each appliance.

Back up the configuration of each appliance you select and save the files to a remote location such as a network shared directory or Internet data repository.

To create a configuration backup file:

1. In the Appliances Available for Management area, click the appliances and groups for which you want to create a backup configuration file, or click Select All to select all appliances and groups.

2. In the Management Actions area, click Execute.

3. In the Choose action to execute for selected appliances area, select Configuration Backup/Restore.

4. Click Submit.

5. Select Backup Configuration.

6. If you are creating a backup configuration file that will reside on a remote device:

a. Select Move to Network Device.

b. In the Network Path field, enter the complete path to the remote location.

7. If you want to encrypt the backup configuration file, select Encrypt.

8. Click Submit. Multi-Appliance Console calls Configuration Manager on each applicable appliance to create the backup configuration file. The status below each appliance changes to Executing until the operation completes.

Note: The file naming convention for the backup configuration files is ConfigBackup-<date>.nac, where <date> is in the format YYYY-MM-DD.

Restore Backup Configuration Files

The Multi-Appliance Console Restore Configuration feature enables you to restore backup configuration files that are stored locally on an appliance or stored on a remote device. If you select multiple appliances, Multi-Appliance Console propagates the backup configuration file you select to all of the appliances.



To restore a configuration backup file:

1. In the Appliances Available for Management area, click one or more appliances and/or groups onto which you want to restore the backup configuration file, or click Select All to select all appliances and groups.


3. In the Choose action to execute for selected appliances area, select Configuration Backup/Restore.

4. Click Submit.

5. Select Restore Configuration.

6. Select the file to restore by doing one of the following:

If you are restoring a local backup configuration file onto each appliance:

i. Select From Appliance Manager.

ii. Select the file you want to restore.

If you are restoring a remote backup configuration file onto one or more appliances:

i. Select From Network.

ii. In the Network Path field, enter the complete path and file name for the backup configuration file you are restoring. If applicable, use File Management to identify the path and file name.

7. Click Submit. Multi-Appliance Console calls Configuration Manager on each appliance to restore the backup configuration file. The status below each appliance changes to Executing until the operation completes.

Create Backup Images

With Multi-Appliance Console, you can create backup images for archive and disaster recovery purposes. When you create a backup image file, you have the following options:

Back up the image of each appliance you select and save the file locally on each appliance.

Back up the image of each appliance you select and save the files to a remote location such as a network shared directory or Internet data repository.



Note: Because each backup image is specific to an appliance, you cannot restore a backup image file directly with Multi-Appliance Console. To restore a backup image, use the Image Manager restore feature on each appliance. You can access Image Manager on an appliance to perform this operation with the Multi-Appliance Console Open AKM feature. Refer to the ―Open Alliance Key Manager on an Appliance‖ section for details.

To create a backup image for each appliance you select:

1. In the Appliances Available for Management area, click one or more appliances and/or groups for which you want to create a backup image, or click Select All to select all appliances and groups.


3. In the Choose action to execute for selected appliances area, select Image Backup.

4. Click Submit.

5. Select Primary Partition to back up the primary partition or select Data Partitions to backup all data partitions.

6. If you are creating a backup image file that will reside on a remote device:

a. Select Move to Network Device.

b. In the Network Path field, enter the complete path to the remote location.

7. If you want to encrypt the backup image files, select Encrypt.

8. Click Submit. Multi-Appliance Console calls Image Manager on each appliance to create the backup image file. The status below each appliance changes to Executing until the operation completes.

Note: The file naming convention for the backup image files is ImageBackup-<date>-<partition>.tib, where <date> is in the format YYYY-MM-DD and <partition> is either primary or data.

Download and Install Phone Home Updates

Multi-Appliance Console enables you to download and install phone home software updates to all appliances you select. This feature makes it very easy and efficient to update all applicable appliances.

To download and/or install updates onto each appliance you select:

1. In the Appliances Available for Management area, click one or more appliances and/or groups to which you want to download and/or install the updates, or click Select All to select all appliances and groups.




3. In the Choose action to execute for selected appliances area, select Update Download/Install.

4. Click Submit.

5. Specify the operation to perform by doing one or both of the following:

To download the updates, select Download Updates.

To install the updates, select Install Updates.

6. Click Submit. Multi-Appliance Console calls Update Manager on each appliance you selected to download and/or install the update packages. The status below each appliance changes to Executing until the operation completes.

Add, Extract and Install Dark Site Updates

Multi-Appliance Console enables you to add, extract and install software updates from a dark site file on all appliances you select. This feature makes it very easy and efficient to update all applicable appliances.

To add, extract and install a dark site update onto each appliance you select:

1. In the Appliances Available for Management area, click one or more appliances and/or groups to which you want to install the updates, or click Select All to select all appliances and groups.


3. In the Choose action to execute for selected appliances area, select Update Download/Install.

4. Click Submit.



5. To specify the operation to perform, do one or more of the following:

To add the dark site file to the appliance, select Dark Site then in the Network Path and Dark Site Package Name field, enter the complete path and file name of the dark site file you want to add.

To extract the update manifest and patches from the dark site file, select Download Updates.

To install the updates, select Install Updates.

6. Click Submit. Multi-Appliance Console calls Update Manager on each appliance you selected to add, extract and/or install the update packages. The status below each appliance changes to Executing until the operation completes.


10: System Utilities

From the System menu you can change Alliance Key Manager and appliance settings using the following features:

Date/Time – change the appliance date, time and time zone.

Shutdown/Reboot – shut down or reboot the appliance.

Start/Stop Services – start or stop system services.

View Processes – view the processes running on the appliance.

Date/Time

Set the date, time, and time zone of the appliance to ensure that the date/time stamp on all log and alarm records is accurate.

Note: A reboot is required after any change to the date, time, or time zone. You must reboot the appliance to make sure the change is implemented throughout the system.

10: System Utilities Administration Guide


Configure Date and Time Settings

Linux

To configure the date and time settings:

1. Click System > Date/Time. The Date and Time page opens.

2. Make one or more of the following changes:

To change the time zone:

i. In the Time zone field, select your time zone.

ii. Click Save. The appliance reboots.

To add Network Time Protocol (NTP) servers:

i. Select the Enable NTP Servers check box.

ii. In the text box to the left of Add NTP Server, enter the IP address or fully-qualified domain name of the NTP server.

iii. Click Add NTP Server. AKM adds the server to the NTP server table.

iv. Repeat these steps for each NTP server you want to add.

To change the date, select the current year, month and day. To change the month and year, click the previous (<) or next (>) buttons. To change the day, click the appropriate day within the calendar.

Administration Guide 10: System Utilities


To change the time:

i. Select the Change Time check box to enable the time fields. The Date/Time feature uses a 24-hour clock.

ii. In the System Time field, enter the current hour (00 to 23), minutes (00 to 59) and seconds (00 to 59).

3. Click Save to save your changes.

Note: A reboot is required after any change to the date, time, or time zone. You must reboot the appliance to make sure the change is implemented throughout the system.

Shutdown/Reboot

If necessary, you can shutdown or reboot the appliance with the Shutdown/Reboot feature. You must reboot the appliance when you change any of the following properties:

Time Zone

Date/Time

Appliance Name

Notes:

After you initiate and confirm a shutdown or reboot, you cannot cancel the operation.

A system reboot terminates the current session. After a reboot completes, you must log in to start a new session.

Reboot the Appliance

To reboot the appliance:

1. Click System > Shutdown/Reboot. The Shutdown or Reboot page opens.

2. Click Reboot. The system ends your current session and reboots the appliance.

3. When the system prompts you to confirm the reboot operation, click OK. The reboot cycle takes approximately two minutes.

Note: If your browser is Internet Explorer, the message ―The appliance is rebooting. Please standby…‖ appears. When the reboot completes, Alliance Key Manager displays the login page. If your browser is Firefox, the Alliance Key Manager login page appears immediately. You can ping the appliance to determine whether the reboot is complete.



Shutdown the Appliance

To shutdown the appliance:

1. Click System > Shutdown/Reboot. The Shutdown or Reboot page opens.

2. Click Shutdown.

3. When the system prompts you to confirm the shutdown operation, click OK. It may take several minutes for the appliance to shut down.

Important:

When the shutdown process starts, you see the message ―Appliance has shutdown.‖ Wait for the appliance to fully shutdown (power light off) before you attempt to restart it.

To restart the appliance after you shut it down, you must physically press the Power On button on the appliance.

Start/Stop Services

The Start/Stop Services feature displays the services installed on the appliance and enables you to start or stop them. The system provides the following service information:

Current status

Service name

Service description

Service startup setting

Important:

You should use this feature only as a diagnostic tool under the guidance of technical support. Do not stop or start any services unless a technical support technician instructs you to do so. Stopping a service may prevent you from accessing the appliance.

Do not stop the following services because doing so terminates Alliance Key Manager:

Linux:

lighttpd

To start or stop a service:

1. Click System > Start/Stop Services. The Services page opens.



2. Click the name of the service you want to start or stop. The Service Control page opens. The Status field indicates whether the service is running, and in a Linux environment, may provide additional information related to the service status.


To stop the service, click Stop Service (visible only if the service is running).

To start the service, click Start Service (visible only if the service is not running).

To refresh the browser window, click Refresh.

Note: The Dependent Services section shown in the preceding figure appears only when a service has one or more dependent services.



Processes

The Processes feature displays the memory usage and process identifiers for the processes running on the appliance. If you contact Customer Support, the support representative may ask you to access this page to help identify and resolve a problem.

To view the process information, click System > Processes. The Processes page opens.


11: Help Navigation

The Help feature provides access to the appliance documentation and other types of appliance-related information.

To access the Help dashboard, click Help on the toolbar. The Help dashboard opens.

From the Help dashboard you can do the following:

Click Documentation to access the online documentation for the appliance. You may have to install a plug-in application to view the documentation.

Click Support to access the Support Web site.

Click Register Appliance to register your appliance if you did not do this when you performed the initial appliance setup. Enter the following information then click Submit:

Contact information – information that identifies your company, location and the person at your company to contact for communication purposes

SMTP Server Address – IP address or the fully-qualified domain name for your email SMTP server

Source User and Source User Password – user name and password of the email account you want to use to send the registration email message. You must enter a user name, the password is optional unless your SMTP server authentication requires a password.

11: Help Navigation Administration Guide


Click About to access the Appliance Status page. This page displays the following types of information:

Appliance Information – displays the following appliance information:

Appliance model

Appliance description

Appliance version

Appliance build

Appliance serial number

OS Information – displays the following operating system and hardware information:

Appliance name

Operating system version

Processor

Processor ID

Memory size and space available

Page file size and space available

Date and time the appliance was started or rebooted


12: Troubleshooting

This chapter contains information for troubleshooting certain issues that you may encounter while using Alliance Key Manager.

Solutions are available for the following features. If you cannot resolve an issue using the information in this chapter, contact Customer Support.

Alarm Manager Issues

Update Manager Issues

Image Manager Issue

Networking Issues

Alarm Manager Issues

This section provides information, organized by alarm category, that will help you troubleshoot Alarm Manager issues.

Alarm Categories

The tables in this section describe the Alarm Manager messages that appear in the Alarms log and on the Alarm Manager Alarms tab. Use this information to help troubleshoot issues.

Configuration Manager Alarms

Image Manager Alarms

Health Monitor Alarms

Update Manager Alarms

Configuration Manager Alarms

For more information about error messages, see the description in the error.log file and check the appliance.log file for additional messages.

Table 19: Configuration Manager Alarms

Configuration Manager Alarms Registered with Alarm Manager

Category Default Alarm Message Default Severity

Configuration Manager Backup Complete

Configuration Manager Backup Complete Info

12: Troubleshooting Administration Guide


Configuration Manager Alarms Registered with Alarm Manager


Configuration Manager Backup Failure

Configuration Manager Backup Failure

Solution

Check disk space and resolve if needed.

Reboot the system and repeat the Back Up Configuration Properties procedure.

Error

Configuration Manager Restore Complete

Configuration Manager Restore Complete Info

Configuration Manager Restore Failure

Configuration Manager Restore Failure

Solution

Reboot the system and repeat the Restore a Configuration File procedure.

Error

Administration Guide 12: Troubleshooting


Image Manager Alarms


Table 20: Image Manager Alarms

Image Manager Alarms Registered with Alarm Manager


ImageCreateError Error creating a backup image

Solution

Check disk space and resolve if needed.

Reboot the system and repeat the Create Backup Image procedure.

Error

ImageRestoreError Error restoring an image

Solution

Reboot the system and repeat the Restore an Image procedure.

Repeat the Restore an Image procedure using a different image file.

Error

BackupComplete Backup Image Creation Complete Info

RestoreComplete Image Restore Complete Info

ImageValidationError Error validating a backup image

Solution

If this error occurs during a backup, Reboot the system and repeat the Create Backup Image procedure.

If this error occurs during a restore, repeat the Restore an Image procedure using a different image file.

Error

ImageValidationComplete Image Validation Complete Info



Health Monitor Alarms


Table 21: Health Monitor Alarms

Health Monitor Alarms Registered with Alarm Manager


Power Supply Failure Hardware sensor indicated failure.

Solution

Check the power supply and repair or replace as needed.

If the problem persists, contact customer support.

Error

RAID Error A RAID error event has been logged.

Solution

Check the RAID unit and repair or replace as needed.


Error

RAID Information A RAID information event has been logged.

Info

RAID Warning A RAID warning event has been logged.

Warning

Sensor Critical Hardware sensor entered critical range. Warning

Sensor Non-Critical Hardware sensor entered non-critical range.

Info

Sensor Non-Recoverable Hardware sensor entered non-recoverable range.

Solution

Reboot the system.


Error



Update Manager Alarms


Table 22: Update Manager Alarms

Update Manager Alarms Registered with Alarm Manager


ManifestError Error obtaining the update manifest.

Solution

Check the network connection and repair as needed.

Check the alarm description for a problem such as invalid serial number.


Error

ManifestDownloadComplete Update Manifest Downloaded. Info

InstallError Package Installation Failure.

Solution

Roll back the current updates. Download the update package and install it again.


Error

InstallComplete Package Installation Complete. Info

DownloadComplete Package Download Complete. Info

DownloadError Package Download Failure.

Solution

Check the network connection and download the update package again.


Error

ExtractComplete Darksite Package Extract Complete Info

ExtractError Darksite Package Extract Failure

Solution

Make sure there is sufficient disk

Error



Update Manager Alarms Registered with Alarm Manager


space to complete the operation.

Download the update package and extract it again.

CRCCheckError CRC Checking Failure

Solution

For phone home updates, download the update package again.

For darksite updates, download the update package and extract it again.


Error



Update Manager Issues

This section provides information that will help you to troubleshoot Update Manager issues.

Cannot Download Manifest – Error! Invalid update data from appliance

Issue

Update Manager displays the message ―Error! Invalid update data from appliance‖ in response to checking for available updates as described in the Phone Home Update Process section.

Solution

The user interface lost communication wirth the appliance, or the update manager is not running. Restart the update manager service as described in the Start/Stop Services section.

Cannot Download Manifest – Error obtaining the update manifest

Issue

Update Manager displays the message ―Error obtaining the update manifest‖ in response to checking for available updates as described in the Phone Home Update Process section.

Solutions

The phone home update process cannot obtain a new update manifest. If available, an additional error message describes the problem in more detail. See the Alarm Manager page or the appliance log for more information. Additional information:

Missing Update URL

The URL for the NEI Update Service is stored in the NEIAgent.xml file. The URL for the Update Service could be incorrect, missing, or the file could be corrupt. Contact customer support.

Missing Appliance Serial Number

Contact customer support.

Invalid Appliance Serial Number

The appliance serial number is not in the PTSS Update Service database. Complete the following steps to resolve the problem:

a. From Alliance Key Manager, select Help > About.

b. Record the characters displayed in the Serial Number field. The serial number should be a 14 characters beginning with NNG and followed by 11 digits.

c. Contact customer support and provide the following information:

The error message.

Serial number of the appliance.

Approximate date and time of the error.



Bad Manifest: parse error

The downloaded manifest contains parse errors. Complete one or more of the following steps to resolve the problem:

a. Repeat the phone home process as described in the Phone Home Update Process section.

b. If the problem persists, contact customer support.

Error creating the Manifest object

Element Manager could not create the file in memory. Complete one or more of the following steps to resolve the problem:

a. Repeat the phone home process as described in the Phone Home Update Process section.

b. If the problem persists, contact customer support.

Failed to write downloaded file to disk

Element Manager could not save the file due to disk error, out of disk space, or lack of write privilege. Complete one or more of the following steps to resolve the problem:

a. Check disk space and resolve if needed.

b. Check write permissions and resolve if needed.

c. Repeat the phone home process as described in the Phone Home Update Process section.

d. If the problem persists, contact customer support.

Download retry failed – Error, NEI Downloader could not resolve the host name/error.

The appliance cannot connect to the NEI Update Service. Resolve DNS or Gateway settings as described in 5: Network Features.

Download error

Repeat the phone home process as described in the Phone Home Update Process section. If the problem persists, contact customer support.

Unexpected download failure

Repeat the phone home process as described in the Phone Home Update Process section. If the problem persists, contact customer support.



Patch Server DB is not available

The appliance cannot connect to the Update Service. This can be caused by one of the following problems:

Appliance lost its connection to the Internet

Domain name is not configured correctly

Update Service is offline

Internet connection to the Update Service is down

Complete one or more of the following steps to resolve connection problems:

a. Click the Available Updates tab again. If Update Manager downloads the correct manifest, the serial number is registered in the PTSS Update Service database and the Internet connection to the PTSS Update Service is functioning.

b. Ping the Update Service as follows:

i. From Alliance Key Manager, select Network > Tools.

ii. Click the Ping tab.

iii. In the Name/IP field, enter appupdate.alm-news.com then click Ping. If the ping is not successful, access another Web site such as google.com to see if the appliance can access any Internet site.

c. Test the Update Service connection by opening http://appupdate.alm-news.com/ from a Web browser on Management PC. The message ―It Works!‖ should appear in the Web browser to show that the Management PC can access the Update Service.

d. Be sure that the appliance is not blocked from accessing the Update Service by a connection restriction, blocked route, or firewall rule.

Cannot Download a Package Due to Firewall Restrictions

Issue

Update Manager cannot download a package from the Update Service. Alarm Manager issues the message ―There was an error downloading the package.‖ The operating system event log contains messages that indicate a firewall issue.

Solution

Check the appliance anti-virus, anti-spyware, and other firewall-related services to determine if they are configured to prevent the packages from passing through the firewall. If restrictions exist, add exclusions that permit packages from the Update Service to pass through the firewall.

File Not On the File Server

Issue

The message ―File not found” appears during the download process.

Solution

The package is not on the Update Service. Contact Customer Support.

http://appupdate.alm-news.com/



CRC Failure

Issue

A CRC failure occurs during the download operation.

Solution

This issue can occur due to the following reasons:

A patch that Update Manager is downloading is damaged

An error occurred during transmission of the download

Download the package again. If the problem persists, contact Customer Support.

Package Does Not Install

Issue

The package downloads, but the installation process fails and Alarm Manager reports an installation failure.

Solution

Review the associated alarm in the Alarms log. If the message does not specify a reason for the issue, attempt to install the package again. If the installation still fails, reboot the appliance then reinstall the package. If this does not resolve the issue, contact Customer Support.

Scheduled Downloads and Installations Do Not Run

Issue

Scheduled downloads and/or installations do not run after the appliance date was changed to an earlier date.

Solution

After a scheduled download or installation, Update Manager schedules the next event. If the appliance date is changed to a previous date, Update Manager does not run any events between the new date and the next scheduled event.

For example, after Update Manager runs a scheduled daily download at 1:00am on June 5th, it

schedules the next download for 1:00am June 6th. If the appliance date is changed to May 30

th,

Update Manager does not run any events between May 30th and June 5

th because they are prior

to the next download scheduled for 1:00am June 6th.

To correct this issue, delete the current scheduled events and schedule new events. The new downloads and installations will run as expected based on the new schedule.



Image Manager Issues

This section provides information that will help you to troubleshoot Image Manager issues.

Partition List is Empty

Issue

The Select Partition drop-down list on the Image Backup/Restore tab contains no partitions.

Solution

This issue may result if the Image Manager service is not running. To correct the problem:

1. Click System > Start/Stop Services.

2. Click the NeiIM (Windows) or the Image Manager (Linux) service.

3. Click Stop Service.

4. Click Start Service.

Networking Issues

This section provides information that will help you to troubleshoot network-related issues.

Adapter Not Connecting

Issue

An adapter is not connecting properly.

Solution

Confirm that the adapter configuration is correct. If it is, unplug the adapter cable to remove power from the card then reconnect the cable.



Cannot Connect to a Domain

Issue

Appliance cannot connect to a domain.

Solution

Try the following procedures:

Confirm that the appliance name and domain name settings are correct:

a. Click Network > Management > Domain. The Domain page opens.

b. Check the appliance name and domain name.

c. If the domain is not a fully-qualified domain name, enter the fully-qualified name.

Ping the domain server as follows:

a. Click Network > Tools.

b. Click the Ping tab.

c. In the Name/IP field, enter the fully-qualified domain name for the domain.

d. Click Ping. Check the results to determine whether the DNS lookup occurred and the appliance is connected to the domain.


Glossary of Terms

Term Description

Acknowledge and Clear Within Alarm Manager, provides a two-step response mechanism for alarms in the Alarms log: Acknowledge changes the state of an alarm to ―Acked‖ while keeping the alarm in the alarm list. This distinguishes new alarm messages (Unacked) from those you have already viewed. Clear removes an alarm from the alarm list.

Sample use case: A hard drive fails on a RAID system and the appliance sends an alarm to the Alarms log. When you order a replacement drive, you open Alarm Manager and acknowledge the alarm. After you replace the drive, you clear the alarm.

Action instance Alarm action with specific behavior properties. For example, send alarm notifications to a specific set of users from a specific SMTP server, or send alarm notifications to a specific syslog server via TCP over a specific port. You can define multiple action instances for each alarm action.

Alarm Notification that Alarm Manager sends to indicate the occurrence of a system or Alliance Key Manager event. Alarms can provide error, warning and informational messages.

Alarm action Alarm distribution method protocol, for example, SMTP email message, syslog message, or SNMP trap. You assign alarm actions to alarm categories to specify how and where Alarm Manager delivers alarm notifications.

Alarm category Alarm definition that includes the alarm ID, fixed message and status.

Alarm Manager Provides a mechanism for configuring alarm delivery to notify users when specific events occur on the appliance. You can configure a basic set of alarm delivery protocols or define a more advanced set of alarm properties that provide greater flexibility.

Appliance log File that records events that occur during the processing of Alarm Manager, Health Monitor, Image Manager, Update Manager and Configuration Manager.

Configuration Manager Provides backup and restore mechanisms for appliance configuration files. Configuration Manager simplifies the configuration process for multiple appliance deployments by enabling you to export a configuration file and import it onto multiple appliances.

Glossary of Terms Administration Guide


Term Description

Change log File that records any the following changes that you make within Alliance Key Manager:

User login and logout

Image backups and restores

Configuration backups and restores

Update downloads and installations

Changes to Alarm Handler settings

Changes to Network adapter settings

The change log displays the values that existed before the change as well as the new values.

Dark site Secure facility that does not permit Internet access.

Default.tib Full backup image of the primary partition that you create after you finish configuring Alliance Key Manager for production. If necessary, you can restore the appliance to this initial production image.

Email group An email distribution group that you assign to one or more alarm actions to support delivery of alarms to a set of recipients via SMTP email messages.

Factory.tib Full manufacturing backup image of the primary partition that is delivered with the appliance. If necessary, you can restore the appliance to this pristine state.

Feature list Specifies the Alliance Key Manager features that members of a group can access.

File Management Feature that enables you to view, download, add, upload and delete files.

Full Image Image Manager backup image of an entire partition.

Group Enables you to control user access to system features. Within the Access Groups feature, you select a set of features to which members of a group are authorized.

Health Monitor Monitors hardware sensors and software event notification for predefined alarm conditions. When the appliance detects an alarm condition, it reports the event to Alarm Manager.

Image Manager Provides drive partition backup and restore mechanisms that enable you to recover from an appliance failure.

You can restore a backup image to restore the appliance to a known state. Restoring factory.tib restores the appliance to the initial appliance state. Restoring default.tib restores the appliance to the initial production state.

Administration Guide Glossary of Terms


Term Description

You can perform full and incremental backups, either manually or automatically based on schedules you define.

Incremental Image Image Manager backup image that includes only the changes made since the previous backup image was created. Incremental backup images are smaller and therefore consume fewer resources. Image Manager can restore directly to an incremental backup image.

Manifest Update Manager script that identifies update packages and patches, and provides a set of installation options.

Package Within an Update Manager manifest, a set of one or more related patches.

Patch Self-extracting program that installs a software fix, update or upgrade without user interaction.

Setup Wizard Provides a series of intuitive, single-function screens that enable you to quickly configure an appliance during the initial deployment. The wizard is documented in the Alliance Key Manager Configuration Guide, which accompanies the appliance in the shipping box.

Update Manager Administers the detection, download, and installation of update patches. Manifest and patch files reside on the Update Service or another media resource. For updates stored on the Update Service, the appliance contacts the server (―phones home‖) to determine whether new packages are available. For dark site updates, the manifest and patch files are contained within a zipped update file that resides on a media source such as an FTP server, CD, DVD or flash drive.

You download and install packages either manually or through schedules that you define.

User Person who is identified within the appliance operating system. Within Alliance Key Manager, users are local to the appliance. You can add users to groups to control their access to the appliance and to the Alliance Key Manager features.

Patrick Townsend Security Solutions 406 Legion Way SE, Ste 300 Olympia, WA 98501 Phone: 360.357.8971 Fax: 360.357.9047 www.patownsend.com

akm server management guide

Documents