Settings
This chapter describes how to configure system administration settings. It includes the following sections:
“Setting Announcements” on page 31 “Configuring Alarm Settings” on page 32 “Configuring Date and Time” on page 37 “Configuring Monitored Ports” on page 39 “Configuring SNMP Settings” on page 41 “Configuring Email Settings” on page 50 “Configuring Log Settings” on page 53 “Configuring Advanced Settings” on page 57
Setting Announcements
You can create or modify a login message or a message of the day. The login message appears in the Mobile Controller Login page. The message of the day appears in the Home page and when you first log in to the CLI.
To set an announcement
1. Choose Configure > System Settings > Announcements to display the Announcements page.
Figure 3-1. Announcements Page
2. Use the controls to complete the configuration as described in this table.
3. Click Apply to view the message before saving.
4. Click Save to save your settings permanently.
Configuring Alarm Settings
You can set alarms in the Configure > System Settings > Alarms page. Enabling alarms is optional. Mobile Controller v4.0 and later uses hierarchical alarms. The system groups certain alarms into top-level categories, such as the SSL Settings alarm. When an alarm triggers, its parent expands to provide more information. As an example, the Disk Full top-level parent alarm aggregates over multiple partitions. If a specific partition is full, the Disk Full parent alarm triggers and the Alarm Status report displays more information regarding which partition caused the alarm to trigger.
When an alarm reaches the rising threshold, it is activated; when it reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold. Notice that CPU Utilization settings are percentage thresholds, while endpoint-related alarm settings are number counts.
Control Description
Login Message Specify a message in the text box to appear in the Login page. MOTD Specify a message in the text box to appear in the Home page.
To set alarm parameters
1. Choose Configure > System Settings > Alarms to display the Alarms page.
2. Under Enable Alarms, complete the configuration as described in this table.
Control Description
Configuration Whether a configuration error was detected.
CPU Utilization Enables an alarm and sends an email notification if the average and peak threshold for the CPU utilization is exceeded. By default, this alarm is enabled with a rising threshold of 90% and a reset threshold of 70%.
• Rising Threshold - Specify the rising threshold. When an alarm reaches the rising threshold, it is activated.
• Reset Threshold - Specify the reset threshold. When an alarm reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold.
Disk Full Enables an alarm if the system partitions (not the SteelHead Mobile data store) are full or almost full. For example, Mobile Controller monitors the available space on /var, which is used to hold logs, statistics, system dumps, TCP dumps, and so on.
By default, this alarm is enabled.
This alarm monitors the following system partitions: • Partition "/" Free Space
• Partition "/boot" Free Space • Partition "/bootmgr" Free Space • Partition "/config" Free Space • Partition “/data” Free Space
• Partition "/tmp/mnt/config" Free Space • Partition "/var" Free Space
Endpoint Datastore Whether the number of endpoint clients with data store errors has reached the rising threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40.
Endpoint Filesystem Full
Whether the number of endpoint clients with File System Full errors has reached the rising threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40.
Endpoint Firewall Whether the number of endpoint clients with firewall status errors has reached the rising threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40.
Endpoint Gen ID Error Whether the number of endpoint clients with Endpoint genID errors has reached the rising threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40.
Endpoint NFS Whether the number of endpoint clients with NFS errors has reached the rising threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40. Endpoint Service Whether the number of endpoint clients with service errors has reached the rising
threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40.
Endpoint SSL Error Whether the number of endpoint clients with SSL errors has reached the rising threshold. By default, this alarm is enabled with a rising threshold of 50 and a reset count of 40.
Endpoint Version Whether the number of endpoint clients in your network with mismatches between software versions has reached the rising threshold. If a software mismatch is detected, resolve the mismatch by upgrading or reverting to a previous version of the software. By default, this alarm is enabled with a rising threshold of 50 and a reset threshold of 40. Endpoint License Whether to send an alarm when all the licenses of the selected type have been used.
• Endpoint License to enable alarms for any license type. • Desktop to enable alarms only for that specific license type.
Hardware • Fan Error - Enables an alarm and sends an email notification if a fan is failing or has failed and needs to be replaced. By default, this alarm is enabled.
• Flash Error - Enables an alarm when the system detects an error with the flash drive hardware. By default, this alarm is enabled.
• IPMI - Enables an alarm and sends an email notification if an Intelligent Platform Management Interface (IPMI) event is detected. (Not supported on all appliance models.)
This alarm triggers when there has been a physical security intrusion. The following events trigger this alarm:
– Chassis intrusion (physical opening and closing of the appliance case) – Memory errors (correctable or uncorrectable ECC memory errors) – Hard drive faults or predictive failures
– Power cycle, such as turning the power switch on or off, physically unplugging and replugging the cable, or issuing a power cycle from the power switch controller. By default, this alarm is enabled.
• Memory Error - Enables an alarm and sends an email notification if a memory error is detected: for example, when a system memory stick fails. By default, this alarm is enabled.
• Power Supply - Enables an alarm and sends an email notification if an inserted power supply cord does not have power, as opposed to a power supply slot with no power supply cord inserted. By default, this alarm is enabled.
• RAID - Indicates that the system has encountered RAID errors (for example, missing drives, pulled drives, drive failures, and drive rebuilds).
Licensing Enables an alarm and sends an email notification if a license on the Mobile Controller is removed, is about to expire, has expired, or is invalid. This alarm triggers if the Mobile Controller has no license installed for its currently configured model.
• Autolicense Critical Event - This alarm triggers on a SteelHead (virtual edition) appliance when the Riverbed Licensing Portal cannot respond to a license request with valid licenses. The Licensing Portal cannot issue a valid license for one of these reasons:
– A newer SteelHead (virtual edition) appliance is already using the token, so you cannot use it on the SteelHead (virtual edition) appliance displaying the critical alarm. Every time the SteelHead (virtual edition) appliance attempts to refetch a license token, the alarm retriggers.
– The token has been redeemed too many times. Every time the SteelHead (virtual edition) appliance attempts to refetch a license token, the alarm retriggers.
• Autolicense Informational Event - This alarm triggers if the Riverbed Licensing Portal has information regarding the licenses for a SteelHead (virtual edition) appliance. For example, the SteelHead (virtual edition) appliance displays this alarm when the portal returns licenses that are associated with a token that has been used on a different SteelHead (virtual edition) appliance.
• Licenses Expired - This alarm triggers if one or more features has at least one license installed, but all of them are expired.
• Licenses Expiring - This alarm triggers if the license for one or more features is going to expire within two weeks.
• Licensing- This alarm triggers if the Mobile Controller has no license installed for its currently configured model.
Note: The licenses expiring and licenses expired alarms are triggered per feature. For example, if you install two license keys for a feature, LK1-FOO-xxx (expired) and LK1- FOO-yyy (not expired), the alarms do not trigger, because the feature has one valid license.
By default, this alarm is enabled.
Link Duplex Enables an alarm and sends an email notification when an interface was not configured for half-duplex negotiation but has negotiated half-duplex mode. Half-duplex
significantly limits the optimization service results.
The alarm displays which interface is triggering the duplex alarm. By default, this alarm is enabled.
You can enable or disable the alarm for a specific interface. To enable or disable an alarm, choose Configure > System Settings> Alarms and select or clear the check box next to the link name.
Link I/O Errors Enables an alarm and sends an email notification when the link error rate exceeds 0.1 percent while either sending or receiving packets. This threshold is based on the observation that even a small link error rate reduces TCP throughput significantly. A properly configured LAN connection experiences very few errors.
The alarm clears when the rate drops below 0.05 percent.
You can change the default alarm thresholds by entering the alarm link_errors err- threshold xxxxx CLI command at the system prompt. For details, see the Riverbed
Command-Line Interface Reference Manual.
By default, this alarm is enabled.
You can enable or disable the alarm for a specific interface: for example, you can disable the alarm for a link after deciding to tolerate the errors. To enable or disable an alarm, choose Configure > System Settings > alarms and select or clear the check box next to the link name.
Link State Enables an alarm and sends an email notification if an Ethernet link is lost due to a network event. Depending on which link is down, the system might no longer be optimizing and a network outage could occur.
• Interface aux Link Error - This alarm triggers if an Ethernet link is lost with the aux interface.
• Interface primary Link Error - This alarm triggers if an Ethernet link is lost with the primary interface.
This is often caused by surrounding devices, like routers or switches that are transitioning between interfaces. This alarm also accompanies system restarts on the Mobile Controller. By default, this alarm is disabled.
Memory Paging Enables an alarm and sends an email notification if memory paging is detected. If 100 pages are swapped every couple of hours, the system is functioning properly. If thousands of pages are swapped every few minutes, contact Riverbed Support at https://support.riverbed.com.
By default, this alarm is disabled. Process Dump Creation
Error
Enables an alarm and sends an email notification if the system detects an error while trying to create a process dump. This alarm indicates an abnormal condition in which the Mobile Controller cannot collect the core file after three retries. It can be caused when the /var directory is reaching capacity or other conditions. When the alarm is raised, the directory is blacklisted.
By default, this alarm is enabled.
Secure Vault Enables an alarm and sends an email notification if the system encounters a problem with the secure vault:
• Secure Vault Locked - Indicates that the secure vault is locked. To optimize SSL connections or to use Mobile Controller data store encryption, the secure vault must be unlocked. Go to Configure > Security > Secure Vault and unlock the secure vault. By default, this alarm is enabled.
SSL Enables an alarm if an error is detected in your SSL configuration.
• SSL Certificates - Indicates that an SSL peering certificate has failed to re-enroll automatically within the Simple Certificate Enrollment Protocol (SCEP) polling interval.
3. Click Apply to apply your changes to the running configuration.
4. Click Save to save your settings permanently.
Configuring Date and Time
Riverbed recommends that you use NTP time synchronization for Date and Time.
Temperature Enables an alarm if the temperature of your system exceeds the rising threshold. • Critical Temperature - Enables an alarm and sends an email notification if the CPU
temperature exceeds the rising threshold. When the CPU returns to the reset threshold, the critical alarm is cleared. The default value for the rising threshold temperature is 70º C; the default reset threshold temperature is 67º C.
• Warning Temperature - Enables an alarm and sends an email notification if the CPU temperature approaches the rising threshold. When the CPU returns to the reset threshold, the warning alarm is cleared.
– Rising Threshold - Specify the rising threshold (º C). When an alarm reaches the rising threshold, it is activated. The default value is 70º.
– Reset Threshold - Specify the reset threshold (º C). When an alarm reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold. The default value is 67º. Under-provisioned VM Memory, data storage, or CPU resources are insufficient for the maximum number of
endpoints. For VSMC only (VSMC-VSP and VSMC-ESX).
Valid Platform Enables an alarm to be triggered if the hardware platform does not support SteelCentral Controller for SteelHead Mobile - Virtual Edition (VSMC-VSP). SteelHead EX is required for VSMC-VSP.
By default, this alarm is enabled.
Valid VM Enables an alarm to be triggered if the virtual machine is unavailable. For VSMC and VSMC-VSP only.
By default, this alarm is enabled.
To use Network Time Protocol (NTP) time synchronization
1. Choose Configure > System Settings > Date and Time to display the Date and Time page.
Figure 3-2. Date and Time Page
2. Under Date and Time, click Use NTP Time Synchronization.
3. As a best practice, you should configure your own internal NTP servers; however, if you want to use the Mobile Controller-provided NTP server, the hard-coded IP address that is preconfigured into every Mobile Controller is 208.70.196.25. This IP address appears in the NTP server list.
4. To add a new NTP server, complete the configuration as described in this table.
Control Description
Add a New NTP Server Displays the controls to add a server.
5. Click Save to save your settings permanently.
Note: To modify server properties, select the server name in the server table row.
To set the time and date manually
1. Choose Configure > System Settings > Date and Time to display the Date and Time page.
2. Under Date and Time, click Set Time Manually. Complete the configuration as described in this table.
3. Click Apply to apply your changes to the running configuration.
4. Click Save to save your settings permanently.
Note: After you apply your settings, you can verify whether changes have had the desired effect by reviewing related reports. After this verification, you can write the active configuration that is stored in memory to the active
configuration file (or save it with any filename you choose). For details on saving configurations, see “Managing
Configurations” on page 85.
Configuring Monitored Ports
You specify the TCP ports that you want to monitor in the Configure > System Settings > Monitored Ports page. The ports you specify appear in the Desktop Traffic report. Make sure that the description you provide helps you identify the type of traffic on the port.
Enabled/Disabled Select Enabled from the drop-down list to connect to the NTP server. Select Disabled from the drop-down list to disconnect from the NTP server. Key ID Specify the MD5 or SH1 key identifier to use to authenticate the NTP server.
The valid range is from 1 - 65534. The key ID must appear on the trusted keys list.
Add Adds the NTP server to the server list.
Remove Selected Select the check box next to the name and click Remove Selected.
Control Description
Time Zone Select a time zone from the drop-down list. The default value is GMT.
Note: If you change the time zone, log messages retain the previous time zone until you reboot.
Change Date Specify the date in this format: YYYY/MM/DD. Change Time Specify military time in this format: HH:MM:SS.
The SteelHead Mobile reports all ports that have traffic to the Mobile Controller. Discovered ports, with a label (if one exists), are added to the Desktop Traffic report. If a label does not exist, then an unknown label is added to the discovered port. To change the unknown label to a name representing the port, you must add the port with a new label. All statistics for this new port label are preserved from the time the port was discovered.
By default, traffic is monitored on ports 21 (FTP), 80 (HTTP), 139 (CIFS:NetBIOS), 443 (SSL), 445 (CIFS:TCP), 1352 (Lotus Notes), 1433 (SQL:TDS), 7830 (MAPI), 8777 (RCU), and 10566 (SnapMirror).
To set monitored ports
1. Choose Configure > System Settings > Monitored Ports to display the Monitored Ports page.
Figure 3-3. Monitored Ports Page
2. Complete the configuration as described in this table.
3. To modify a monitored port, click the magnifying glass icon next to the port and complete the configuration as described in this table.
.
Control Description
Add Port Displays the controls to add a new port. Port Number Specify the port to be monitored.
Port Description Specify a description of the type of traffic on the port. Add Displays the controls for adding a port.
4. Click Save to save your settings permanently.
Configuring SNMP Settings
You configure SNMP contact and trap receiver settings to allow events to be reported to an SNMP entity in the Configure > System Settings > SNMP Basic page.
Traps are messages sent by an SNMP entity that indicate the occurrence of an event. The default system configuration does not include SNMP traps.
Mobile Controller 4.7 provides support for the following:
SNMP Version 1
SNMP Version 2c
SNMP Version 3, which provides authentication through the User-based Security Model (USM)
View-Based Access Control Mechanism (VACM), which provides richer access control
SNMP Version 3 authentication using AES 128 and DES encryption privacy
For a summary of the SNMP traps sent to configured trap receivers, see Appendix D, “SNMP Traps.” For details on MIBs, see Appendix D, “Mobile Controller MIB.”