190
LiveNX 7 ADMINISTRATION GUIDE LiveAction, Inc. 3500 WEST BAYSHORE ROAD PALO ALTO, CA 94303 LIVEACTION, INC.

LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

Embed Size (px)

Citation preview

Page 1: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

1 | LiveNX 7

LiveNX 7

ADMINISTRATION GUIDE

LiveAction, Inc. 3500 WEST BAYSHORE ROAD PALO ALTO, CA 94303

LIVEACTION, INC.

Page 2: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

2 | LiveNX 7

Table of Contents

1. Introduction ............................................................................................................................ 5

2. LiveNX Server Deployment Planning and Sizing ..................................................................... 6 Overview ...........................................................................................................................................................6 Architecture ......................................................................................................................................................6 Client Sizing and OS ..........................................................................................................................................6 Installer Specification and Performance Details...............................................................................................8

Platform Type: ..............................................................................................................................................8 Node/Server Installer Specifications: ...........................................................................................................9 Examples: .....................................................................................................................................................9 Node/Server Storage Sizing .........................................................................................................................9

Virtual Appliance Specifications .................................................................................................................... 11 Number of Deployed Instances Guideline ..................................................................................................... 12 Hardware and Operating System Requirements ........................................................................................... 13 Deployment Options ...................................................................................................................................... 13 Appendix A: TCP /UDP Ports .......................................................................................................................... 14 Appendix B: NetFlow Deployment Considerations ....................................................................................... 15

3. LiveNX Server Install.............................................................................................................. 18 LiveNX All-In-One (AIO) Deployment ............................................................................................................. 18 Starting up the All-In-One OVA ...................................................................................................................... 26 LiveNX Server Installation for Windows ........................................................................................................ 30 LiveNX Server Installation for Linux ............................................................................................................... 31 Upgrading to LiveNX 6.1 Server AIO OVA via WebUI .................................................................................... 32 Upgrading to LiveNX 6.1 Node AIO OVA via WebUI ...................................................................................... 33

4. LiveNX Licensing .................................................................................................................... 34 Step 1: Loading LiveNX Permanent License .............................................................................................. 39 Step 2: Activate LiveNX Permanent License ............................................................................................. 39 Online Activation ....................................................................................................................................... 39 Offline Activation ...................................................................................................................................... 39 Load the Activation Key into LiveNX ......................................................................................................... 39

Cloud Licensing .............................................................................................................................................. 40 Obtaining a Permanent License ..................................................................................................................... 41 Traditional Licensing via the WebUI .............................................................................................................. 44 Cloud Licensing via the WebUI ...................................................................................................................... 47 System Diagnostics ........................................................................................................................................ 48

5. Installing LiveNX Nodes (Optional) ....................................................................................... 51

6. LiveSensor Install (Optional) ................................................................................................. 56 LiveAction LiveSensor Deployment ............................................................................................................... 56

Here Are the Prerequisite Steps................................................................................................................ 56 Hardware Requirements for the LiveSensor OVA..................................................................................... 56 Create Virtual Machine Port Group and Configure Promiscuous Mode .................................................. 56 Deployment of LiveSensor ........................................................................................................................ 62 Configuration of LiveSensor ...................................................................................................................... 64

Page 3: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

3 | LiveNX 7

7. LiveNX Client Installation ...................................................................................................... 66 Java Web Start Client Installation .................................................................................................................. 68

Windows Java Web Start .......................................................................................................................... 68 Mac Java Web Start ................................................................................................................................... 68 HTTP Proxy Configuration Support ........................................................................................................... 69 Secure Web Login Configuration .............................................................................................................. 70 Unsecured Web Service ............................................................................................................................ 72 Telemetry .................................................................................................................................................. 73

8. Basic Setup and Operation .................................................................................................... 79 Add Devices to the Topology ......................................................................................................................... 79

Adding Devices Using Device Discovery .................................................................................................... 79 Configure Cisco Devices for QoS, Flow and IP SLA ........................................................................................ 89 Managing Device Interfaces .......................................................................................................................... 95 Managing Devices ........................................................................................................................................ 101

Adding Generic Network Objects and Annotations ................................................................................ 108 Annotation Only ...................................................................................................................................... 109 IP Address End Point ............................................................................................................................... 111 Merged Clouds ........................................................................................................................................ 113

Saving Changes to the Device’s Startup Configuration ............................................................................... 119 Advanced Add Bulk Device .......................................................................................................................... 119 Expand/Collapse .......................................................................................................................................... 124

Defining Sites and Tags ........................................................................................................................... 124 Filtering the Device/Interface Tree.............................................................................................................. 133 Flow Probe Support ..................................................................................................................................... 134

Complete the Device Wizard Configuration ........................................................................................... 135 Adding Devices into LiveNX That Don’t Support SNMP .......................................................................... 139

9. Role-Based Access ............................................................................................................... 144 Role-Based Access Control .......................................................................................................................... 144

Administrator Role—Admin .................................................................................................................... 144 Full Configuration Role—Full Config ....................................................................................................... 145 Partial Configuration Role—Partial Config .............................................................................................. 146 Clerk Role—Clerk..................................................................................................................................... 146 Monitor Only Role—Monitor Only ......................................................................................................... 146 Demo User Role—Demo User ................................................................................................................. 146

Global Versus Per-User Settings .................................................................................................................. 146 Initial Administrator User Creation ............................................................................................................. 147 Log-in ........................................................................................................................................................... 147 Managing Role-Based Access ...................................................................................................................... 148 Manage Users .............................................................................................................................................. 149

Username Parameters ............................................................................................................................ 149 Timeouts ...................................................................................................................................................... 150 Authentication Options ............................................................................................................................... 152 Configuring User Device Access ................................................................................................................... 153 User Management through LDAP via WebUI .............................................................................................. 154

LDAP Management WebUI ..................................................................................................................... 155 User Management WebUI ...................................................................................................................... 161

All-Access Section ........................................................................................................................................ 164 Configure ................................................................................................................................................. 164 View Setting ............................................................................................................................................ 164 Configure Settings ................................................................................................................................... 166

Page 4: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

4 | LiveNX 7

Storing Credentials Settings .................................................................................................................... 167 Defaults Section ...................................................................................................................................... 167

Configuring LDAP User Authentication........................................................................................................ 167 Caveats .................................................................................................................................................... 169 Specifying Multiple Subtrees (Base DNs) ................................................................................................ 169 Username Configuration ......................................................................................................................... 170 Adding LDAP Users without Browsing LDAP/AD..................................................................................... 172 Remapping Users .................................................................................................................................... 172

Managing Active User Sessions ................................................................................................................... 173 Lost Passwords ............................................................................................................................................. 173 Resetting the Application Configuration ..................................................................................................... 173

Windows.................................................................................................................................................. 173 Linux ........................................................................................................................................................ 173

10. APIC-EM Integration ........................................................................................................... 174

11. LiveNX Server Backup.......................................................................................................... 178 Snapshot of VM Deployment....................................................................................................................... 181 Recovering from VM Snapshot .................................................................................................................... 182 Backing Up LiveNX Configuration Only ........................................................................................................ 183 Backing Up LiveNX Data Store ..................................................................................................................... 185 Extract the Backup and Configuration to a Remote Backup ....................................................................... 188

12. LiveNX Server Startup Troubleshooting .............................................................................. 189

Page 5: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

5 | LiveNX 7

1. Introduction

LiveNX is an advanced visual analytics platform for network performance monitoring and diagnostics. The software is designed to simplify network management for multivendor networks. To ensure that you are making the most out of LiveNX 6.2.0, we’ve created this administration guide. The LiveNX administration guide will walk you through the necessary steps to properly set up the LiveNX software, as well as the network configuration needed, to ensure LiveNX can collect relevant data from the network and deliver end-to-end visibility.

This document will also provide steps and directions to install LiveNX Application Server onto your Windows or Linux Environment. After the installation, has been completed, please reference the LiveNX 6.2.0 User Guide for further operation instructions.

Page 6: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

6 | LiveNX 7

2. LiveNX Server Deployment Planning and Sizing

Overview

LiveNX uses a scalable distributed computing architecture to allow for scaling to the largest enterprise networks. The architecture is split into 3 layers: the client application, Server and collection Nodes to allow for distributed deployments and horizontal scaling for performance.

Architecture

LiveNX uses a 3-tier architecture consisting of the client application, Server and collection Nodes. The main difference between the previous versions is that the collection capabilities were separated from the Server into individual Nodes at the bottom of the architecture.

Client Application

The client application can be run via Web Start directly from the LiveNX Web Server or can be installed as a 64-bit client application for Windows or Mac. For large scale deployments, the client application installer is recommended as it can scale and perform to higher capacity than the Web Start versions.

Client Sizing and OS

LiveNX client runs on a standard Windows 64-bit based PC and Windows 7, 8, 32-bit Windows for Web Start. LiveNX Mac client runs on OSX 10.9+ utilizing LiveAction client 3.14+. The specifications for each type is below:

Windows Client Requirements Small Install Medium Install Large Install

Number of Network Devices Up to 25 25-500 500+

OS Type Win 7 Pro or greater

Win 7 Pro or greater

Win 7 Pro/Win Server 2012 R2

Page 7: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

7 | LiveNX 7

OS Size 32 bit 64 bit 64 bit

Processor Type Intel i3 type Intel i5 type Intel i7 type

Minimum Memory 4GB 8GB 16GB

Server Installer

LiveNX Server runs on a Linux or Windows Server or VM. The LiveNX Server has a built-in collection Node and is fully useable without any additional installations.

Node Installer

The Node provides the ability to add additional collection and other capabilities and helps scale horizontally by providing additional processing. The Node runs on Linux or Windows and communicates to the central LiveNX Server.

Server Virtual Appliance (OVA)

LiveNX Server primarily deploys on ESXi. The Server has a built-in Node as well as Web UI and is fully operational right out of the box. The Server operating system runs on a Linux platform.

Node Virtual Appliance (OVA)

LiveNX Node deploys on ESXi as well. The Node utilizes the ability to collect and send data out to the Server Virtual Appliance. The Node operating system runs on a Linux platform.

Page 8: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

8 | LiveNX 7

Installer Specification and Performance Details

Platform Type:

Client

1.1.1.1.1.1.1.1 Mac OS X Maverick 10.9+

OS

1.1.1.1.1.1.1.2 Cores

1.1.1.1.1.1.1.3 Memory

32 bit

1.1.1.1.1.1.1.4 4 or higher

1.1.1.1.1.1.1.5 8GB RAM or higher

1.1.1.1.1.1.1.6 Windows 7 Professional+ for 25 devices

1.1.1.1.1.1.1.7 OS

1.1.1.1.1.1.1.8 Cores Memory

1.1.1.1.1.1.1.9 32 bit

1.1.1.1.1.1.1.10 4 or Higher

1.1.1.1.1.1.1.11 8G RAM or higher

1.1.1.1.1.1.1.12 Windows 7 Professional+ for 25-500 Devices

1.1.1.1.1.1.1.13 OS

1.1.1.1.1.1.1.14 Cores

1.1.1.1.1.1.1.15 Memory

64 bit 8 or Higher

1.1.1.1.1.1.1.16 8G RAM or higher

1.1.1.1.1.1.1.17 Windows 7 Professional+ for 500+ Devices

1.1.1.1.1.1.1.18 OS

1.1.1.1.1.1.1.19 Cores

1.1.1.1.1.1.1.20 Memory

1.1.1.1.1.1.1.21 64 bit

1.1.1.1.1.1.1.22 8 or Higher

1.1.1.1.1.1.1.23 16G RAM or higher

Server/Node

OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+ or Linux RHEL/CENTOS 6.4 or 6.5 with GNOME UI

Network Minimum 5 Mbps between LiveNX Server and LiveNX Node, < 200 ms one- way latency NAT is not supported for LiveNX Server to Node communication

Sizing See sizing tables

VM Use Adequate core and storage allocation, no vMotion Store, local store preferred, virtual thick disk setting Compatible on most VM systems VMware, VirtualBox, Hyper-V, Xen

Page 9: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

9 | LiveNX 7

Node/Server Installer Specifications:

Node/Server Installer Sizing Low Mid* High*

Number of Devices 100 or less 500 or less 1000 or less

Peak Flow Rate < 100K/sec < 200K/sec > 200K/sec

Minimum Virtual Cores 8 16 32

Minimum Memory 8Gb 16Gb 32Gb

Examples:

• Xeon X5650 has 6 physical and 12 virtual cores with hyper-threading

• Xeon used in BOM has 8 physical and 16 virtual cores with hyper-threading

• Average SNMP poll of 5 minutes (interface, technology, poll rate affect performance)

Node/Server Storage Sizing

The following is the storage sizing specifications for both Node and Servers based on flow type ingestion.

• Testing Platform: LiveNX 5.3.0

• Standard Basic v9 NetFlow Template

• Formula: Monthly Disk Usage = Flow Size * number of FPS * 30

NetFlow v9 Basic Raw Flows Disk Usage

Case MB/FPS/Day GB/6K FPS/Day GB/6K FPS/30 days

Worse 4.35 26.1 783

Average 1.47 8.83 265

Best .06 .353 10.8

Standard LiveNX NetFlow v9 Basic Template flow record LIVEACTION-FLOWRECORD description DO NOT MODIFY. USED BY LIVEACTION. match ipv4 tos match ipv4 protocol match ipv4 source address match ipv4 destination address match transport source-port match transport destination-port match interface input match flow direction collect routing source as collect routing destination as collect routing next-hop address ipv4 collect ipv4 dscp collect ipv4 id collect ipv4 source prefix collect ipv4 source mask collect ipv4 destination mask collect transport tcp flags collect interface output collect flow sampler collect counter bytes collect counter packets collect timestamp sys-uptime first collect timestamp sys-uptime last collect application name

Page 10: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

10 | LiveNX 7

NetFlow v9 AVC Raw Flows Disk Usage

*AVC flows usually don’t account for more than 10% of the total amount of flows.

Case In MB/FPS/Day GB/6K FPS/Day GB/6K FPS/30 days

Worse 14.5 86.6 2600 Average N/A N/A N/A

Best .15 .9 27

Standard LiveNX NetFlow v9 AVC Template flow record type performance-monitor LIVEACTION-FLOWRECORD-AVC description DO NOT MODIFY. USED BY LIVEACTION. match application name account-on-resolution match connection client ipv4 address match connection Server ipv4 address match connection Server transport port match ipv4 protocol match routing vrf input collect application http host collect application http uri statistics collect connection client counter bytes long collect connection client counter bytes network long collect connection client counter packets long collect connection client counter packets retransmitted collect connection delay application sum collect connection delay network client-to-Server sum collect connection delay network to-client sum collect connection delay network to-Server sum collect connection delay response client-to-Server sum collect connection delay response to-Server histogram late collect connection delay response to-Server sum collect connection initiator collect connection new-connections collect connection Server counter bytes long collect connection Server counter bytes network long collect connection Server counter packets long collect connection Server counter responses collect connection sum-duration collect connection transaction counter complete collect connection transaction duration max collect connection transaction duration min collect connection transaction duration sum collect interface input collect interface output collect ipv4 destination address collect ipv4 dscp collect ipv4 source address collect ipv4 ttl

NetFlow v9 Medianet Raw Flows Disk Usage

*Medianet flows usually don’t account for more than 20% of the total amount of flows

Case MB/FPS/Day GB/6K FPS/Day GB/6K FPS/30 days

Worse 6.2 36.7 1100 Average N/A N/A N/A

Best .068 .408 12.24

Standard LiveNX NetFlow v9 Medianet Template flow record type performance-monitor LIVEACTION-FLOW RECORD-MEDIANET description DO NOT MODIFY. USED BY LIVEACTION. match flow direction match ipv4 1100110estination address match ipv4 protocol match ipv4 source address match transport destination-port match transport rtp ssrc match transport source-port collect application media bytes counter collect application media bytes rate collect application media event collect application media packets counter collect application media packets rate collect application name collect counter bytes collect counter bytes rate collect counter packets

Page 11: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

11 | LiveNX 7

collect interface input collect interface output collect ipv4 dscp collect ipv4 ttl collect monitor event collect routing forwarding-status collect timestamp interval collect transport event packet-loss counter collect transport packets expected counter collect transport packets lost counter collect transport packets lost rate collect transport rtp jitter maximum collect transport rtp jitter mean collect transport rtp jitter minimum

• Disk usage will be the sum of all flow types o Basic, AVC and Medianet flows

• Local Drive Preferred o Minimum equivalent to SATA 6GB/s performance o 7200 RPM based for 10K RPM for better performance o RAID 10 for better performance o SSD for better performance

• SAN and/or NAS o Meet performance and latency specification of local drive o Support sustained writes at high speed o Support sequential reads at high speed for sequential blocks

Virtual Appliance Specifications

Server OVA Specifications: Network admin can Start with Custom and modify CPU, memory and HDD as required. CPU and memory specification need to match the Small, Med or Large flavors.

Server OVA Sizing Custom Small Medium Large

Number of Devices < 25 25 - 100 100 - 500 500 - 1000

Peak Flow Rate (K = 1000 Flows) < 25K/sec < 100K/sec < 200K/sec > 200K/sec

Minimum Virtual Cores 2 8 16 32

Minimum Memory (LiveNX Heap Size) 4GB (2GB) 16GB (8GB) 32GB (16GB) 32GB (16GB)

Disk Storage - Built-in 250GB 4TB 6TB 8TB

Page 12: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

12 | LiveNX 7

Node OVA Specifications

Node OVA Sizing Small Medium Large

Number of Devices 25 - 100 100 - 500 500 - 1000

Peak Flow Rate (K = 1000 Flows) < 100K/sec < 200K/sec > 200K/sec

Minimum Virtual Cores 8 16 32

Minimum Memory (LiveNX Heap Size) 16GB (8GB) 32GB (16GB) 32GB (16GB)

Disk Storage - Built-in 4TB 6TB 8TB

Number of Deployed Instances Guideline

Number of Devices 500 1000 5000 10000

Number of Server 1-Mid 1-High 1-High 1-High

Number of Node 4-High 9-High

Page 13: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

13 | LiveNX 7

Hardware and Operating System Requirements

LiveNX is a Client/Server application with optional Nodes. The LiveNX Client software runs on Windows, Mac OSX, or accessed via supported browsers.

LiveNX Servers and Nodes have the following minimum software requirements:

Server and Node OS and Browser

Server and Node OS Windows Server 2012 R2 (64-bit) Server 2008 R2 (64-bit) 7 Professional (64-bit) 7 Ultimate (64-bit) Linux RHEL with GNOME UI installed CentOS 6.4 (64-bit) with GNOME UI installed CentOS 6.5 (64-bit) with GNOME UI installed NOTE: LiveNX instances that are installed on Windows Server or Windows Clients require Microsoft.NET Framework v3.5.1+ This is typically installed by default when installing a Windows Operating System. If .NET Framework is not installed, LiveNX Flow Technology will have errors when being utilized. Microsoft.NET Framework can be downloaded from: http://www.microsoft.com/download/en/details.aspx?id=22

Web Browsers Internet Explorer v8 Firefox v8 Chrome v16 Chrome has a bug with Web Start NOTE: Chrome has a bug where it has problems utilizing Web Start http://code.google.com/p/chromium/issues/detail?id=92846

Java Version Supported version of Java – Version 8 Update 111 (build 1.8.0_111)

Deployment Options

Single Server

Single Server deployment of LiveNX consists of installing the Server on a Linux or Windows Server or VM. Since the LiveNX Server has a built-in collection Node, it is fully useable without any additional installations.

Distributed Deployment

In distributed deployments, a single Server is deployed as usual, but additional collection Nodes can be deployed and associated with the Server.

Virtual Appliance

LiveNX currently has options for Virtual Appliances that are prebuilt and ready to go.

Deployment Decisions

Page 14: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

14 | LiveNX 7

The use and location of additional Nodes are based on three criteria:

• Performance o Off load performance to another Node

• Location o Place Node near devices being polled o Place at a branch site so data is not polled across the WAN to the DC where the Server exists

• Security o Place Node for different security zone, DMZ o Node will initiate communication from security zone to Server o In case of communication loss, Server of Node may initiate communication to reestablish

Appendix A: TCP /UDP Ports

LiveNX Server Ports

Service Port

Client Access TCP 7000

NetFlow UDP 2055

IPFIX UDP 2055

sFlow UDP 6343

Web Dashboard TCP 8092

Node Communication TCP 7026

Page 15: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

15 | LiveNX 7

Appendix B: NetFlow Deployment Considerations

NetFlow data is sent by network infrastructure devices (routers/switches/etc.) across the network to LiveNX collector Nodes. This important technology does consume a minimal amount of network bandwidth to deliver the data management it provides. The purpose of this document is to provide examples of NetFlow bandwidth consumption rates from real networks that LiveNX is managing to assist network architects with data points for capacity planning.

LiveNX can be used to track both the flow rate per second and the actual bandwidth consumption of NetFlow by using its own NetFlow Reports. The volume of NetFlow data that is placed on the wire by a device is proportional to two main factors:

• Number of interfaces enabled for NetFlow

• Volume of end-user data (voice/video/web/etc.) on the network

LiveNX recommends enabling flow on the fewest interfaces possible that still provides the fullest view of network traffic. Most Cisco devices support NetFlow being configured bi-directionally on an interface –in both the input and output directions. If flow is configured bi-directionally on two interfaces, for example, on the LAN and WAN interface of a WAN router, then two flow records will be created and sent to LiveNX for each minute that a conversation is active. One record will be created as the conversation enters the LAN interface and a second record will be created as the conversation leaves the WAN interface. This means that flow will consume twice the bandwidth required to report on that one event. To limit the bandwidth utilization of NetFlow, LiveNX recommends enabling flow bi-directionally on only the WAN interface(s) of WAN devices.

Some Cisco devices only support flow configured in the input direction. For these devices, the same principles apply, configured flow on the fewest number of interfaces that still provide the fullest view of the network traffic.

The second main factor for determining the volume of bandwidth consumed by NetFlow is bandwidth usage. One must determine whether the bandwidth is proportional to the volume of user data that is traversing the network. For example, NetFlow has the capability to consume less bandwidth on a low T1/E1 WAN link than a 100Mb WAN link. But if there is only a T1/E1s volume of end-user data on a 100Mb link, its NetFlow consumption would be like a physical T1/E1.

Page 16: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

16 | LiveNX 7

Example Flow Bandwidths

The following table contains data taken from LiveNX running in production networks. The values represent sample utilizations from actual WAN environments. Each of these examples have flow configured bi-directionally on only the WAN interface.

Device Type Flows/Sec Full-Duplex User Bandwidth Avg.-Peak

NetFlow Bandwidth Average

NetFlow Bandwidth Peak

WAN Router .61 158-309Kbps 2Kbps (1%) 14.8Kbps (4%)

WAN Router 34 505K-1.1Mbps 27Kbps (5%) 42.4Kbps (3%)

WAN Router 27 820K-2.6Mbps 22Kbps (2%) 36Kbps (1%)

WAN Router 197 ~21-39Mbps 85Kbps (.04%) 117Kbps (.03%)

WAN Router 366 ~37-72Mbps 161Kbps (.04%) 219Kbps (.03%)

WAN Router 474 ~80-125Mbps 280kbps (.03%) 396Kbps (.03%)

Internet Router 593 ~75-115Mbps 317Kbps (.04%) 418Kbps (.03%)

Core Switch 633 ~146-335Mbps 470Kbps (.03%) 578Kbps (.01%)

Core WAN Router

22,000 ~4-4.2Gbps 11Mbps (.02%) 12Mbps (.02%)

NOTE: The percentages represent the percent of bandwidth utilized by flow compared to rest of the end-user bandwidth.

Page 17: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

17 | LiveNX 7

Example Node/Server Bandwidth

LiveNX can be deployed in distributed architecture. When using this model, LiveNX Node collectors will receive NetFlow and SNMP data from infrastructure devices (routers/switches/etc.) and store it locally. The LiveNX Server will request specific data from the Nodes on demand to render end-user views, dashboards and reports. There is also minimal synchronization communication between the Server and Node(s). The volume of bandwidth used by the LiveNX Server and Node(s) is proportional to the number of devices being monitored by each Node and the number of end-users actively monitoring LiveNX. The following table provides bandwidth examples of this communication:

Devices Per Node

Node to Server Traffic (Avg./Peak)

Server to Node Traffic (Avg./Peak)

100 125Kbps/1.2Mbps 5Kbps-25Kbps

500 625Kbps/ 1.75Mbps 25Kbps-125Kbps

1000 1.25Mbps/ 2.25Mbps 50Kbps/ 250Kbps

NOTE: These are typical bandwidth estimates that one would expect to see with LiveNX. Each network is different, so results may vary.

Page 18: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

18 | LiveNX 7

3. LiveNX Server Install

This section provides step-by-step details for installing the LiveNX Server. LiveNX Server installation is Java-based and runs on both Windows and Linux OS platforms. In addition, LiveNX can also be deployed on ESX(i).

LiveNX All-In-One (AIO) Deployment

The LiveNX All-In-One installation is deployed on ESX(i). Please follow the steps below to deploy the All-In-One. NOTE: The OVA installation has LiveNX integrated, there will NOT be a software installation step.

A. Download the OVA from www.liveaction.com

B. Deploy the OVA onto ESX(i)

• Example is an ESX(i) installation

• Tiny Servers can be installed on laptops with VMware Player and/or VMware Workstation

1. Log into vSphere

Page 19: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

19 | LiveNX 7

2. Deploy the OVA

2a. Click on File > Deploy OVF Template > Browse to the OVA file

Page 20: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

20 | LiveNX 7

2b. Review the Image Description and click Next

Page 21: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

21 | LiveNX 7

2c. Name the Deployment Image and click Next

Page 22: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

22 | LiveNX 7

2d. Choose a data store and click Next

2e. Review and Select Changes to the Disk Format

i. Thick Provision Lazy Zeroed

1. Recommended if the physical disk space is available

ii. Thick Provision Eager Zeroed

1. Recommended if the physical disk space is available

iii. Thin Provision

1. Recommended if in a test environment where data storage is not as important

Page 23: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

23 | LiveNX 7

iv. Explanation of Thick Provision vs. Thin Provision

http://blogs.vmware.com/vsphere/2014/05/thick-vs-thin-disks-flash-arrays.html

2f. Choose a Destination Network and click Next

2g. Review all previous choices and click Finish

Page 24: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

24 | LiveNX 7

3. VMware will begin deploying the Virtual Appliance based on the configuration

4. Power on the OVA

5. Configure the Network

NOTE: LiveNX comes with the ability to pick up DHCP on a local network as well as utilize a static IP

Page 25: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

25 | LiveNX 7

5a. Static IP Option

1. Recommended for Production Environments

2. Configure Static IP and Select “y”

Page 26: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

26 | LiveNX 7

5b. DHCP Option

NOTE: DHCP Option will have the above fields filled in if there is a DHCP Server to distribute IPs

1. Recommended for Test Environments

2. Configure DHCP Option

Once the network configuration portion is completed, the LiveNX Appliance will be reachable. The next steps would be to log into the appliance and launch the LiveAction Management Console.

Starting up the All-In-One OVA

The All-In-One OVA was designed to quickly startup LiveNX on the OVA platform as quick and as easy as possible. The user must first launch the LiveAction Management Console through the OVA’s Console local to ESX(i). By launching the LiveAction Management Console, the user will be able configure LiveNX to start the appliance up.

Page 27: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

27 | LiveNX 7

From All-In-One OVA Login Screen

A. Use Option 3 to Log into the Appliance

B. There will be 2 icons at the bottom of the screen, select the Management Console

NOTE: Since the platform will already have the LiveAction installed, there will not be a need to run an installer.

1. Launch the LiveAction Management Console

A. LiveAction’s All-In-One has both the new HTML5 Web UI available as well as the Java Client.

2. Licensing the LiveAction Management Console

A. Once the LiveAction Management Console is open there are two options

1. Utilize a Temporary License

a. There will be a pop-up once the LiveAction Management Console opens.

b. Click > Yes

1) This Temporary License is only good for two weeks

2. Utilize a Permanent License (Provided from the purchase of LiveNX)

1) All-In-One OVA utilizes scp (secure copy)/sftp.

I. Username: admin

II. Password: changeme

2) Upload Location for the All-In-One: /opt/jidoteki/tinyadmin/home/

3) There will be a pop-up once the LiveAction Management Console opens. Click > No

Page 28: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

28 | LiveNX 7

4) Click I have a valid license file > Next

5) Click … > find /opt/jidoteki/tinyadmin/home/ > Click Finish

6) The Permanent License has been installed

3. Verify that the minimal changes to the OVA has been made to connect to both Web UI and the

Java Client

1) Properties Tab > httpServer.api.enabled = True

2) Properties Tab > httpServer.secure = True

3) Click > Apply

4) Turn on LiveAction

Page 29: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

29 | LiveNX 7

5) Click > Manage

6) Click > Start Service

4. Change Administrative Password (Recommended)

a. Click on the Terminal icon that is next to the LiveAction Management Console icon

b. In the terminal type > passwd

c. Type the old Password: changeme

d. Change the Password to a new Password

e. Type backup

1) NOTE: backup should be used any time a system level change is made to the instance

to keep the changes persistent

5. To exit from the OVA desktop

a. Click an empty space on the desktop

b. Click > exit to prompt

Page 30: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

30 | LiveNX 7

LiveNX Server Installation for Windows

Step 1: Download LiveNX Server Application to the Server

1. Download the LiveNX Server application at www.liveaction.com a. The application comes with a temporary license.

2. Download the LiveNX file(s) and license key file to the Server 3. Upgrading LiveNX Server application from an earlier LiveNX version? Please see the upgrade guide,

located in the same directory as the software download at www.liveaction.com.

Step 2: Run the LiveNX Server Installer

1. Run the Server installer file: LiveActionServer_windows-x64<VERSION>setup.exe.

• Follow the installation wizard:

A. Start B. Accept License Agreement C. Select Server Location

1. 2. 3. D. Select Data Directory E. Select Server IP Address F. Select Memory Allocation

4. 5. 6. G. Select Start Menu Folder H. Select Service Options I. Finish

7. 8. 9.

Page 31: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

31 | LiveNX 7

2. When the installation has finished, please launch the LiveAction Management Console. a. Start Menu > All Programs/All Apps > LiveAction Server [Version] > Management Console

3. The first time starting the LiveAction Management Console, you will be prompted with a choice to install a temporary license or a permanent license. If the permanent license has not been received by support after purchase, please activate the temporary license. This license is good for 2 weeks.

4. For installation and activation of LiveNX license, please see the Licensing section.

LiveNX Server Installation for Linux

Step 1: Download LiveNX Server Application to the Server

1. Download the LiveNX Server application at www.liveaction.com a. The application comes with a temporary license.

2. Download the LiveNX file(s) and license key file to the Server 3. Upgrading LiveNX Server application from an earlier LiveNX version? Please see the upgrade guide,

LiveNX Upgrade Guide from v5.3x to v6.0.1, located in the same directory as the software download at www.liveaction.com.

Step 2: Run the LiveNX Server Installer

1. chmod +x LiveNXServer-<version>. x86_64.sh

2. Run the Server installer file: LiveNXServer-<version>.x86_64.sh

• Follow the installation wizard o Enter the IP Address of the LiveNX Server o Enter the Data Directory o Verify the entries

Page 32: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

32 | LiveNX 7

3. When the installation has finished, please launch the LiveAction Management Console

a. cd /opt/LiveActionServer/<version>/ b. ./LAManagementconsole

4. The first time starting the LiveAction Management Console, you will be prompted with a choice to install a temporary license or a permanent license. If the permanent license has not been received by support after purchase, please activate the temporary license. This license is good for two weeks.

5. For installation and activation of LiveNX license, please see the Licensing section.

Upgrading to LiveNX 7.0 Server AIO OVA via WebUI

Users can now upgrade LiveNX from a previous 6.0 version to 7.0 version via the WebUI. You can do an offline update or an online update. Simply download the file and do a offline update or provide the AIO OVA file location (eg: liveaction.software_package-livenx-server-6.1.0-full.enc) for an online update.

Online Update

Page 33: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

33 | LiveNX 7

Offline Update

Upgrading to LiveNX 7.0 Node AIO OVA via WebUI

Users can now upgrade LiveNX Node AIO OVA from a previous 6.0 version to 7.0 version via the WebUI. You can access the LiveNX remote node WebUI by entering https://<LiveNXRemoteNodeIPAdress>:10.1.2.26:8443/. This provides the user with the following dashboard.

Go to the update tab to update to the 6.1.0 release with the AIO OVA File.

Page 34: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

34 | LiveNX 7

4. LiveNX Licensing

If you have the permanent license from LiveAction, use the following steps to install:

Uploading the License to LiveNX on the All-In-One Platform

Out-of-the-box, LiveNX allows users to scp/ssh/sftp files onto the platform to easily integrate. The following shows an example of using an ftp client as well as commands on Linux platform:

Windows

1. Use an FTP/SFTP/SCP client

a. Common flavors for Windows: filezilla, winscp

2. Connect to the platform through the file transfer clients

a. Username and password

▪ Username: admin

▪ Password: changeme

b. Port: 22

c. Upload location: /opt/jidoteki/tinyadmin/home/

3. Upload the License

Page 35: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

35 | LiveNX 7

Linux 1. Open a terminal

2. scp <license file> admin@<ip-of-All-In-One>:/opt/jidoteki/tinyadmin/home/

a. Example: scp license.txt [email protected]:/opt/jidoteki/admin/home/

3. Type in the password

4. License will automatically upload

Page 36: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

36 | LiveNX 7

1. To install the permanent license a. Click > No to the pop-up message b. Click I have a valid license file > Next c. Click … > find the license in the system > Click Finish d. Click Activate Online > Finish

i) Step 2 will provide options for online and offline activation e. Skip Step 1

2. To install the Temporary Two-week License a. Click > Yes to the pop-up message b. Follow Step 3

3. Go to the properties tab and configure the LiveAction Management Console before starting LiveNX. The following is the minimal changes needed to enable common features. a. To connect the OVA to LiveNX

i) httpserver.api.enabled = True b. To connect with https

i) httpserver.secure = true c. Click Apply

Page 37: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

37 | LiveNX 7

4. When finished, reboot the Server or start the LiveNX service manually with the LiveAction Management Console as shown below.

• Run Manage > Start Service.

5. During the Start Service or Shutdown Service process, LiveAction Management Console provides a progress indicator at the bottom of the LiveAction Management Console window. Depending on the amount of LiveNX data handling, these processes may take a few minutes.

Page 38: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

38 | LiveNX 7

10.

6. When the message on the bottom of the LiveAction Management Console changes to “The Server is currently running” the LiveNX Server installation is complete.

Page 39: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

39 | LiveNX 7

Step 1: Loading LiveNX Permanent License

NOTE: Skip this step if a permanent license has already been installed

1. Ensure that the LiveNX license is on a local desktop before starting 2. Start the LiveAction Management Console and Click Licensing > Click Change License 3. Follow the Licensing Assistant instructions to load the valid license file 4. Activate the LiveNX permanent license as described in Step 2 below

Step 2: Activate LiveNX Permanent License Activating the permanent license is the final step in the LiveNX installation. This process registers the license and the computer with LiveNX and permanently unlocks the features that have been purchased. There are two ways to activate the license—Online Activation and Offline Activation.

If the PC running LiveNX has an Internet connection, use Online Activation If the PC running LiveNX DOES NOT have an Internet connection (e.g., sandbox or lab), use Offline Activation Users can register the LiveNX license with the License Team via email at [email protected].

NOTE: After loading the permanent license, the system will have 14 days to activate it before LiveNX stops operating. However, the user can still activate a permanent license any time after the 14 days to permanently restore LiveNX operation.

Online Activation

1. From the LiveAction Management Console License tab, select Activate License to start the License Activation Assistant

2. Select Activate Online > Next 3. Select Direct Connection

a. Select Use proxy, if there is a proxy in use to reach the Internet 4. Click Next 5. The Activating License will be successful 6. Click Finish to complete the Activation

Offline Activation

Collect and send information to LiveNX:

1. From the LiveAction Management Console License tab, select Activate License to start the License Activation Assistant

2. Select Activate Offline, and then click Next 3. The License Number and Activation Key will be displayed. This information must be sent to the LiveAction

License Team to complete offline activation. Click Copy to store the information to the Windows clipboard and paste it into a text file to send to the LiveAction License Team.

4. Click Cancel to exit the License Activation Assistant. a. The temporary license will be in use for up to 14 days.

5. Using another computer that does have an Internet connection, e-mail your contact information and the saved License Number and Activation key to [email protected]. The LiveAction License Team will then process the request and reply with the permanent key for the next step.

Load the Activation Key into LiveNX

1. When the new Activation Key file is received, copy it to a location that can be reached by the LiveNX Server installation

2. Start the Management Console > select the License tab. 3. Select Upgrade License to restart the Licensing Assistant

Page 40: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

40 | LiveNX 7

4. Select I have a valid license file, and then click Next 5. On the License Location screen, browse to locate the Activation Key file 6. Click Finish to complete license activation

NOTE: A user cannot run two instances of LiveNX simultaneously on the same computer. Before running a previous installation on the same computer, shut down the LiveNX service using the LiveAction Management Console.

Cloud Licensing

How to get a temporary license from the cloud:

1. Licensing for the new cloud

a. Keep the "cloud licensing" selected.

2. Go to the LiveNX login and associate your device with your LiveNX deployment. 3. Log into LiveNX for the first time using admin/admin.

Page 41: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

41 | LiveNX 7

4. Fill in the new user registration information (this will create your account and provide you with account information to obtain a temporary license).

5. Automatically, the temporary license will associate to your account.

Obtaining a Permanent License

1. Licensing for the new cloud a. Keep the "cloud licensing" selected.

Page 42: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

42 | LiveNX 7

2. Go to the LiveNX login and associate your device with your LiveNX deployment. 3. Log into LiveNX for the first time using admin/admin.

4. Skip this step if you have an account and go to 5. If you do not have an account yet, fill in the new user registration information (this will create your account and provide you with account information to obtain a temporary license).

5. If you do have an account, click where it indicates “here.”

Page 43: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

43 | LiveNX 7

6. You will be taken to this page to obtain a key and secret.

Obtain the License Key and Secret

7. Waiting for the email to send over, to obtain a license key

8. Log into the site https://stage-livecc.liveaction.com

9. Choose the license you received when purchasing the product, and click on the “eye.”

Page 44: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

44 | LiveNX 7

10. Find the key and secret.

11. Fill it back into the Configure NX License Page (from step 4b). 12. Review the license and activate it.

Traditional Licensing via the WebUI

LiveNX Admin can update the traditional license from the Web interface. By clicking on the option on the WebUI page, it will open the About or information page. This page contains the License Management Section.

Page 45: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

45 | LiveNX 7

Click Browse to select the traditional license file, then Next

Complete Online Activation

Offline Activate Traditional License (.key) Select Offline Activation, then click Next

Click Browse to Upload your license file, then click Done

Page 46: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

46 | LiveNX 7

Email Activation Key to [email protected] to obtain an offline activated license key. Once you receive Offline key, Upload Your License File and file via the Activation Wizard

Once License is activated, you will be redirected to the License page. Check License Status to verify License

Page 47: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

47 | LiveNX 7

Cloud Licensing via the WebUI

Admins can manage LiveNX license from the Web Interface. By clicking on the option on the WebUI page, it will open the About or information page. This page contains the License Management Section.

The Manage License button take the user to the License Manager page.

The switch from traditional license to Cloud License or vice-versa can be done from this screen. To change, modify licence, click on the chance license button and Log into user’s LiveAction Licensing Portal account to obtain the key and secret for your license and activate your license.

Page 48: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

48 | LiveNX 7

System Diagnostics

With 6.1.0 release, user can download system, functional and error logs via the WebUI. This page also has details on the LiveNX server CPU, OS-RAM and JVm-RAM and disk size. RTT gives the server-node communication round trip time.

With the 6.1.1 release, there is some new widgets added, Long term store size, flow store size,

snmp store size and alert store size. These are tracked for the last 30 days.

Page 49: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

49 | LiveNX 7

Specification recommendations or conformance status are based on number of devices and

flows/sec recommendations for ova spec. Flows per sec recommendation are based on previous day's 24 hours’ report.

Information on the Data-Store can be found in the system diagnostic page

Page 50: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

50 | LiveNX 7

Page 51: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

51 | LiveNX 7

5. Installing LiveNX Nodes (Optional)

Nodes are used by LiveNX to provide additional collection and processing capabilities in networks with many devices. The Nodes run on Linux OS or Windows Server and communicate to the central LiveNX Server.

1. Download the LiveNX Node from: http://liveaction.com 2. Install the LiveNX Node software of a Windows or Linux Server. 3. For Windows, follow the installer directions. 4. For Linux, use the shell script LiveActionNode-<VERSION>.x86_64.sh on a Linux computer or VM.

a. chmod +x LiveActionNode-<version>.x86_64.sh b. ./LiveActionNode-<version>.x86_64.sh

c. Enter the LiveNX Node and Server IP addre

Page 52: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

52 | LiveNX 7

d. Enter the LiveNX data directory. For consistency, name the data directory to correspond with the Server data directory. Type y to create a new data directory. When complete, the LiveNX Node is installed.

5. Define the Nodes using the LiveNX Server and then start the LiveNX Node Console to load the Node configuration.

a. Return to the LiveAction Management Console and click on Add Node in the Nodes tab. Define a Node Name and type in the IP Address on the Linux computer or VM. If desired, create a password to protect the connection file or uncheck the Encrypt checkbox. Click on the Browse button to save the *.nodeconn file.

b. After clicking on Add Node, LiveNX will provide a success notification.

Page 53: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

53 | LiveNX 7

c. Verify the new Node’s name, IP address and status in the LiveAction Management Console.

d. Start the LiveNX Node Console on the Linux PC or VM by typing:/opt/LiveActionNode/4.2/LANodeManagementConsole

e. Once the LiveNX Node Console is running, import the LiveNX Node connection file by clicking on: Manage > Import Connection File

Page 54: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

54 | LiveNX 7

Click on Browse to select the saved *.nodeconn file. In this example, the *.nodeconn file was copied onto the

desktop of the Linux machine containing the LiveNX Node.

f. Click on OK and then re-enter the password used to create the *.nodeconn file. Click on Import.

g. On the LiveNX Node Console, go to Manage > Start Service. When completed, a green LED appears in the bottom of the Node Console with “Node is currently running.”Verify that the Node Name and Node ID matches the Node Name and Node ID in the Node tab in the Management Console and that the Node status in the Management Console is connected.

NOTE: If the LiveNX Node daemon fails to start up and the log shows an error with setting the Node-name property in ‘akka.conf’ file, then it is likely that Cent OS failed to statically configure the loopback IP address in the

Page 55: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

55 | LiveNX 7

/etc/hosts file. This issue is OS dependent. To resolve, type “hostname” to retrieve the hostname.

h. Edit /etc/hosts file and type in the hostname.

i. Restart the LiveNX Node Console by clicking on Manage > Start Service.

Page 56: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

56 | LiveNX 7

6. LiveSensor Install (Optional)

LiveAction LiveSensor Deployment

LiveAction LiveSensor deployment involves a simple black box tool that takes very little resources to run. The LiveSensor allows an administrator to deploy a VM and monitor mirrored/span traffic and have the LiveAction LiveSensor send flows to LiveNX for analysis.

There are several prerequisites required before deploying a Sensor. These prerequisites require the administrator to know and understand how to span as well as connect the physical Server to a mirrored port.

Here Are the Prerequisite Steps

• 1 Physical port from the Server must be connected to an unused port on a router or switch. This is

preferably at the egress/ingress of each site.

• Span needs to be configured to the physically connected port from the Server where the VM resides.

• The VMNIC from vSphere that is connected should also be configured in promiscuous mode. This will

allow for the traffic to be read through the NIC specified.

o There will be a short step-by-step to describe the VM portion of the configuration through

vSphere.

Hardware Requirements for the LiveSensor OVA

• 4 vCPU

• 8GB of RAM

• 50GB Disk

Create Virtual Machine Port Group and Configure Promiscuous Mode

This section assumes that the physical port of the VMNIC has already been connected to a span port on a physical router or switch, and a vSwitch has already been configured. If this has not been performed, please consult VMware to configure a vSwitch before moving forward.

1. Log into vSphere

2. Select the target ESXi Server

3. Click > Configuration

a. Located on the right panel

4. Click > Networking

5. Find the vSwitch that is configured for the span port

6. Click > Properties

Page 57: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

57 | LiveNX 7

7. Add a Virtual Machine Port Group to the vSwitch

8. Select Virtual Machine > Next

Page 58: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

58 | LiveNX 7

9. Provide it a Name > Next

Page 59: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

59 | LiveNX 7

10. Click > Finish

Page 60: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

60 | LiveNX 7

11. Click > the new Virtual Machine Port Group > Edit

12. Click > Security

Page 61: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

61 | LiveNX 7

13. Check Promiscuous Mode > Accept

14. Check MAC Address Changes > Accept

15. Check Forged Transmits > Accept

16. Click > OK

Page 62: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

62 | LiveNX 7

17. Under vSwitch Properties > Close

Deployment of LiveSensor

1. Download the LiveAction LiveSensor OVA at: xxxxxxxxxxxxxxxxxxxx

2. Open vSphere and choose a local Server

3. Click on File > Deploy OVF Template

4. Search for the LiveSensor and follow the installation wizard

a. The Sensor deployment is almost identical to the Node and AIO deployment on ESX

Page 63: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

63 | LiveNX 7

5. After the OVA has finished deploying the VM on the ESXi Server power it on

6. Deployment of LiveSensor has been completed

Page 64: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

64 | LiveNX 7

Configuration of LiveSensor

1. Wait until the LiveSensor has finished booting and there will be a menu screen that shows you 6 options:

a. Static IP

b. Install Sensor License

c. Configure Sensor

d. Restart Sensor

e. Download Logs

f. Reboot

2. For Static IP > 1

NOTE: The NIC configuration will be for eth0, eth1 will be your span port and will automatically be in promiscuous mode

a. Configure the Hostname

b. Configure the IP Address

c. Configure the NetMask

d. Configure the Gateway

e. Configure the 1st DNS

f. Configure the 2nd DNS

Page 65: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

65 | LiveNX 7

g. Configure NTP Server

h. Verify the settings are correct

i. There will be a check against a previous backup (Hostname and Network)

i. Type “y” or “Y” if you want to backup previous configuration

ii. Type “n” or “N” if you want to not backup the previous configuration

j. An automatic reboot will be done to have the new configuration take effect

3. Install Sensor License > 2

a. Upload License

i. Uploading the license will require an ssh connection directly to the machine that

contains the LiveSensor License

b. Manually Type in the License

i. This will require the license to be typed in manually, since it’s an alphanumeric hash,

this may be possible for offline activation

c. Return

4. Configure Sensor > 3

a. Configure the Target Server to receive flow

b. Configure the Target Server’s Port to receive flow

i. NOTE: The target Server will be LiveNX Server or LiveNX Node or LiveNX AIO

c. The Sensor will restart the configured services and push you back to the splash screen

5. Reboot > 6

a. This reboots LiveAction LiveSensor

Page 66: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

66 | LiveNX 7

7. LiveNX Client Installation

Copy the LiveNX client installer (LiveActionClient_<OS>_<VERSION>_setup) to the PC or Mac that LiveNX will be used from and run the installer. Follow the instructions in the installation wizard. The installation should take less than 10 minutes to complete.

Installing on Macs is the same as Windows except the Mac installer is a dmg file.

A. Start B. Accept License Agreement C. Select Client Location

D. Select Client Start Menu Folder E. Select Additional Tasks A. Finish

Start the client by clicking on the desktop shortcut. The user login prompt will appear. Click Configure to enter the Server IP address and application port number. The default port number to use is 7000. The first-time username and password are admin and admin. After the initial login completes the user will be prompted to create a stronger password.

NOTE: Forgetting the passwords for all administrative accounts will require resetting all LiveNX settings and rebuilding the configuration. Refer to Chapter 3 for more information on resetting the LiveNX configuration.

• When a user logs in for the first time, the welcome screen will pop up. Click > Start: Discover Devices

Page 67: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

67 | LiveNX 7

Page 68: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

68 | LiveNX 7

Java Web Start Client Installation

Client software can also be installed by opening a web browser to the LiveNX Server.

The client software can also be downloaded from the web user interface

Windows Java Web Start

Click the link Launch the LiveNX Client

1. Accept the Java Web Start installation.

i. This may take several minutes while all the files are downloaded and installed.

2. Once installed the user will be prompted to run the client and receive a LiveNX login prompt.

a. Please note that there are issues with Google Chrome where the initial web start may work but subsequent ones may fail. This is a known issue in Chrome that may be fixed in the future by Google.

Mac Java Web Start

The Mac Java web start can be more involved due to security restrictions for Java web start.

1. Typically, this will require changing the settings in System Preference > Security and Privacy settings to allow running the Java web start program. Please refer to detailed Mac installer documentation for more specifics.

2. Login into LiveNX with the default administrative account.

Username: admin Password: admin

Page 69: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

69 | LiveNX 7

3. Go to Users > User Management to create user accounts with the appropriate roles. NOTE: See Chapter 3 Role-Based Access for information on creating user accounts. NOTE: A fully operational trial version of the software will operate for up to 14 days. The user will have an option to purchase LiveNX when the Trial License expires.

HTTP Proxy Configuration Support

1. LiveNX 6.0.1 version onwards can configure a HTTP(S) proxy for outgoing web requests. This is useful during geo-lookups, get license and for sending telemetry data. Some assumptions to consider for this implementation.

a. HTTP clients respect the following environment variables like Linux/UNIX OS. i. HTTP_PROXY / http_proxy ii. HTTPS_PROXY / https_proxy

iii. NO_PROXY / no_proxy b. Only admin users can edit the proxy settings. c. Only basic level of authentication is supported. d. Single proxy entry for both HTTP and HTTPS requests and hence all HTTP and HTTPS request will

go through the same proxy.

2. The new proxy settings are exposed in the Management Console properties tab. a. When the Management Console is run from within an OVA, these property settings are not

editable, but will have a tooltip explaining that the settings should be changed using the Web UI. b. When the Management Console is run from a regular OS environment, these settings can

be edited.

Page 70: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

70 | LiveNX 7

3. User Interaction: Users can add the HTTP Proxy configuration and authentication entries from the Web Interface. The web application uses the request NPM module as an HTTP client.

Secure Web Login Configuration

Secure Login to LiveNX can be enabled through the LiveAction Server Management Console.

1. To enable Secure Web Login a. Click Properties > httpserver.secure

i. Change this option to True b. Click httpserver.port

i. Default is 8092 [Typical Options are 443 or 8443] c. Click Apply

2. To ensure that configuration takes effect a. Click Manage > Shutdown Service b. Click Manage > Start Service

Page 71: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

71 | LiveNX 7

• Open a web browser and type in https://localhost:8092 [Default Port = 8092]. Depending on the browser, there will be a warning with a similar message below.

Click Continue. This will bring up a secure web page. Enter the administrative LiveNX username and password and click on Login.

Page 72: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

72 | LiveNX 7

The help dropdown components (Quick Start, User Guide, and Launch Client) are available without logging in. All other menu items (QoS Reports, NetFlow Reports, IP SLA Reports, Routing Reports, LAN Reports) require valid log-in credentials to continue.

Unsecured Web Service

To return LiveNX to unsecured web service, go to the LiveAction Management Console > Properties > httpserver.secure Change true to false (or leave the field blank). Click away from the httpserver.secure field to ensure that the false value is maintained during this process. Click on Manage > Shutdown Service. After the service shuts down, restart the service by clicking on Manage > Start Service and then Manage > Connect to Service. The title menu bar of the LiveAction Management Console should say Connected. Once the Server is restarted, open a web browser and type in http://localhost:8092. The webpage will now hide any login entries, and all the menu items are available without any login prompts.

Page 73: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

73 | LiveNX 7

Telemetry

In LiveNX 6.0.1 version, sending out user Telemetry data is enabled by default. Users can disable, if required from the Management Console interface.

Management Console Access via the WebUI

The management console mentioned above and the properties page can be access via the web page also.

The various users sessions/ logins can be viewed and monitored at the following page. Caveat: Users with a timeout of "Never" will never be logged out from the web, even if closing the browser. They must be manually logged out either by pressing the "Logout" button or having their sessions terminated through the Session Management dashboard.

Page 74: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

74 | LiveNX 7

The properties page can be accessed here and all the LiveNX server related parameter changes can be made here. Once a change is made the server needs to be restarted.

Page 75: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

75 | LiveNX 7

Mounted Data Management: User can mount a data directory that contains flow, alert, or QoS data by clicking on the mount directory button. All directories in the list below are grouped together by type. Mounted data directories on server can be related to data of Flow, Qos and Snmp. Changes to priority of individual directories in the list can also managed over here.

Page 76: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

76 | LiveNX 7

Node Management: Addition or modification of LiveNX nodes can be managed in this section. Exporting node configuration file and updating address of node can also be managed here.

Troubleshooting: A heap dump is a snapshot of the memory of a Java™ process. The snapshot contains information about the Java objects and classes in the heap when the snapshot is triggered. User can Sanitize

existing heap dump

Email Configuration: This is mainly required for configuration of alert page.

Page 77: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

77 | LiveNX 7

• Configuration Mangement: User can import/ export required or current system configuration. Importing a configuration will prompt the user to restart the ova. The restart process takes a few minutes during which time the user will be unable to login.

Page 78: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

78 | LiveNX 7

Page 79: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

79 | LiveNX 7

8. Basic Setup and Operation

NOTE: If prompted, enter your LiveNX administrative login and password to continue.

Add Devices to the Topology via the Java Client

The first step when using LiveNX is to add your network devices to the topology. You can add multiple devices in one operation using the device discovery function or add devices one at a time.

Adding Devices Using Device Discovery

1. Click the Discover link or select Discover Devices from the File Menu.

2. Step 1: Specify how you want LiveNX to discover your devices. You can specify a range of IP address from lowest to highest separated by a hyphen. You can also include a list of individual IP addresses (one per line). If you want to discover devices connected to a seed device instead, specify the IP address of the seed device. Then specify the connected devices you want to include by indicating the number of hops they are from the seed device. Step 2: Specify SNMP settings using either default or device settings Step 3: Specify Node that will be collecting the device information. Use the dropdown to select among the defined Nodes or the LiveNX Server. Step 4: Click OK to continue. LiveNX will search the network and list the devices in the Device Discovery window.

Page 80: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

80 | LiveNX 7

Page 81: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

81 | LiveNX 7

3. Select the discovered devices you want to add to the LiveNX topology by checking them in the leftmost column of the Device Discovery window and clicking the Add Devices button. You can select (or deselect) all devices by right clicking inside the Select column.

NOTE: Cisco and other network devices considered compatible with LiveNX will be checked automatically. All other network devices will be labeled “Unknown” and will not be checked automatically.

Adding Non-RFC1213 Compliant Devices

LiveNX 6.0.1 extends the device coverage to support a multivendor network environment. LiveNX discovers network topology using SNMP. For LiveNX to propagate and draw the flows correctly on the system topology, LiveNX needs to discover the IP address of the interface. Since every vendor does not conform to RFC1213, these devices do not have the IP Address Table implemented. Thus, LiveNX is not able to add the network element as an SNMP capable device. As a workaround, we have removed the IP Address Table check allowing a non-conforming device to be added as an SNMP capable device, thereby collecting interface statistics. The added capability to configure interface IP address and mask allows the flows to be drawn correctly. With this enhancement, users should be able to add any network devices to LiveNX.

To add a device, go to File -> Discover Devices. Specify the IP address or range along with the SNMP community string of the device.

Page 82: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

82 | LiveNX 7

The network device is discovered and added.

Page 83: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

83 | LiveNX 7

Click Add Devices or Advanced Add to select the interfaces to manage.

NOTE: The IP address cannot be modified in the Advanced Add table view.

Page 84: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

84 | LiveNX 7

Click Add/Update Devices. You will be prompted again for the SNMP credentials.

The network device is now added to LiveNX.

To work around certain device issues where the vendor does not populate the IP address and subnet of the interfaces:

• Right click on the device

• Select Edit Device Settings or Add or Remove Interfaces

Page 85: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

85 | LiveNX 7

Notice how the sp_land and sp_wan interfaces do not have the IP address/subnet mask settings. This implies that the device is not populating the SNMP IP Address Table information.

Page 86: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

86 | LiveNX 7

As shown below, the IP address and subnet mask information is now added for the sp_lan and sp_wan interfaces.

Page 87: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

87 | LiveNX 7

Clicking Next will take you through the remaining options.

Page 88: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

88 | LiveNX 7

Once you have gone through the process, you can validate that the interfaces now show up on the Topology along with flow information.

Page 89: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

89 | LiveNX 7

SNMP based reports are also available for these network devices as defined in the User Guide.

Configure Cisco Devices for QoS, Flow and IP SLA

After any supported Cisco devices are added to the topology they need to be configured for advanced monitoring and control of technologies such as QoS, NetFlow, IP SLA and NBAR. The Device Discovery wizard will prompt you to configure the devices you have just added. Click “Yes” to configure them with the device setup wizard.

NOTE: If only one device is added, the Device Discovery wizard will skip 4b. If multiple devices are added, the Device Discovery wizard will skip 4a.

Page 90: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

90 | LiveNX 7

1. SNMP Settings 2. CLI Settings (Configuring) 3. CLI Settings (Monitoring)

4a. Validating Current Devices 4b. Validating Devices 5. Select Interfaces

6. Select VLANs 7. Select Features 8. Enable Polling

9. Review Configuration 10. Device Updated

Page 91: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

91 | LiveNX 7

SNMP Settings

SNMP Connection Settings

1.1.1.1.1.1.1.24 There are two options for SNMP connection settings:

• Use default SNMP settings (and reuse them for other devices; click Edit to create or change default settings).

• Enter specific SNMP information for this device.

• These credentials are used by the LiveNX Server for monitoring.

SNMP Version • Select either V2C or V3.

SNMP Version 2 (V2C) Settings

• Enter the port number to use to communicate to the device. This does not need to be changed unless the device uses a non-standard port.

• Enter the Community String.

SNMP Version 3 (V3) Settings

• Enter the port number to use to communicate to the device. This does not need to be changed unless the device uses a non-standard port.

• Enter the User Name for the user who can access SNMP. This is the ADD-USER-NAME found in “Setup SNMPv3” on Cisco’s Help Site. Utilize show SNMP user on the device to show all users.

• Select an HMAC authentication algorithm: MD5 or SHA and password.

• Select a Privacy Protocol and Password: None (no encryption), DES (use 56-bit Data Encryption Standard algorithm), or AES 128-bit (use 128-bit Advanced Encryption Standard algorithm).

CLI Settings (Configuring)

Configuration CLI Connection Settings

1.1.1.1.1.1.1.25 LiveNX generates command line interface (CLI) commands and sends them to the devices. There are two options for connecting to the device for CLI control:

• Use default Configuration CLI connection settings (To reuse these for other devices, click Edit to create or change default settings). Each user who can configure the device must use their specific CLI credentials to do so. The default credential which will be used for all devices, is for their own use only.

• Enter specific connection settings for this device.

If Entering Specific CLI Connection Settings for This Device…

• Select connection type: Telnet or SSH and specify Port number.

• Enter the username and password for the device as well as the Enable password. Each user who can configure the device must use their specific CLI credentials to do so. The administrator that added the device specified his/her credentials. Other users, as they make modifications and try to save the configuration to the device, will be prompted to provide their own credentials on a per device basis.

• Indicate if you want to save these settings to disk.

Page 92: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

92 | LiveNX 7

• Indicate if you want to use the same settings for the next step: CLI Settings (Monitoring).

CLI Settings (Monitoring)

Monitor-Only CLI Connection Settings

1.1.1.1.1.1.1.26 LiveNX generates command line interface (CLI) commands and sends them to the devices. There are two options for connecting to the device for CLI control:

• Use default Monitor-only CLI connection settings (To reuse these for other devices, click Edit to create or change default settings).

• Use the previous page (CLI configuration) connection settings.

• Enter specific connection settings for this device.

• These credentials are used by the LiveNX Server for CLI commands for monitoring and by all users for gathering information. When configuring, the individual user Configuration CLI settings are used.

If Entering Specific CLI Connection Settings for This Device…

• Select connection type: Telnet or SSH and specify Port number.

• Enter the username and password for the device as well as the Enable password.

NOTE: If LiveNX is unable to connect to the device in the CLI Settings (Configuring) step, the user can choose to Retry or to skip the step and continue to the CLI Settings (Monitoring) step.

Validating Devices

Validating Devices

• LiveNX will proceed to test and validate your devices. If you selected multiple devices, LiveNX will list the status of each device.

• The following indicates the possible outcomes of each test.

Failed Critical test failure—This device cannot be managed by LiveNX.

Page 93: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

93 | LiveNX 7

Not Supported

This feature is not supported on this device.

Pending The test has not started yet.

Skipped Test skipped—not applicable to this device.

Succeeded Test passed.

Testing Test still in progress.

Warning Non-critical test has failed but will not affect LiveNX.

Select Interfaces

Select Interfaces

• If you selected only one device, LiveNX will list its interfaces. Check the ones you want to manage with LiveNX (up to 50 for interfaces per device).

• If you selected multiple devices, LiveNX will ask you to specify the number of interfaces (by type) and any specific VLAN interfaces to add. You can add up to 1,000 interfaces per device.

Select VLANs

Select VLANs

• If you selected only one device, LiveNX will list the VLANs numbers and their descriptions. Use the checkbox to select the VLANs to monitor (max = 25).

• If you selected multiple devices, LiveNX will ask you to specify the number of interfaces (by type) and any specific VLAN interfaces to add. You can add up to 1,000 interfaces per device.

Select Features

Select Features

• LiveNX will display available features for your devices such as CEF, NBAR. NetFlow and Mediatrace. Check the features you want to enable.

• If you selected only one device, LiveNX may request a switch from traditional NetFlow to Flexible NetFlow (FNF). FNF provides enhancements over NetFlow v5 or v9 in its ability to selectively export data. FNF also supports deep packet inspection, NBAR, IPv6, VoIP and video traffic monitoring.

• For NetFlow type, the default setting will be MIB if your device supports MIB polling. Otherwise the setting will be COLLECTOR. If the interfaces are switched to FNF, LiveNX will reconfigure the interfaces from traditional NetFlow to Flexible NetFlow using the LIVEACTION-FLOWMONITOR input and output CLI commands. With FNF,

Page 94: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

94 | LiveNX 7

NBAR support will also be enabled provided it is supported by the device.

• You can also disable NetFlow by selecting NONE.

Enable Polling

Enable Polling

• LiveNX will display polling options for each of your devices. First indicate if you want to enable or disable polling for each device by checking or unchecking poll.

• Indicate the polling frequency from the drop-down selection.

• Check the appropriate boxes to indicate if you want to poll Flows, QoS, IP SLA, Routing and/or LAN.

Update Device

Update Device

• LiveNX will indicate which devices require updates to match your previous selections. Clicking on Update required will display the configuration commands LiveNX will send to the device.

• To send updates to the devices, click the Send button

• If you want to configure the devices manually instead, select this option and click Next. LiveNX will add the devices, but you will need to update the configuration settings manually.

Page 95: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

95 | LiveNX 7

Managing Device Interfaces

LiveNX automatically selects and displays the highest bandwidth interfaces for display and for monitoring. To manually add or remove interfaces, right click on a device in the device tree and select Add or Remove Interfaces.

Use the checkbox to add or to remove interfaces that you want to monitor. Up to 1,000 interfaces may be selected. LiveNX lists all port channels, VLANs, switched virtual interfaces, trunks and any interfaces with an IP address. LiveNX automatically selects the top three interfaces with the highest bandwidths for monitor and display. Loopback and Null interfaces are default to off to indicate no monitoring or display. Click on Next after selecting the desired interfaces.

Page 96: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

96 | LiveNX 7

For details on selecting VLANs, please see Section 10 – LAN.

Additional features can be selected at a device or interface level. Device features are individually selectable for Cisco Express Forwarding (CEF), MediaTrace and Probe Association. Default is enabled provided the device supports the feature. CEF must be enabled in the device for NBAR to be enabled at the interface. Details for the Associate Probe feature are covered later in this chapter.

Each of the selected interfaces can be configured to support NBAR (Network Based Application Recognition) and/or NetFlow. Default is all enabled. Click on Next.

Page 97: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

97 | LiveNX 7

Page 98: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

98 | LiveNX 7

Enable Polling provides user-control on the polling rate: 10 seconds, 30 seconds, 1 minute or 5 minutes, and provides individual selection to poll by technology: Flows, QoS, IP SLA, Routing and/or LAN. The LAN polling is available at 15-minute intervals. Click on Next.

A CLI listing is generated based on the device and interface configuration settings selected.

Choose the Send the configuration commands to device to automatically use LiveNX to send the CLI commands. Once sent, LiveNX returns the results of the sent commands.

Choose I will manually configure the device myself to continue to the next step without using LiveNX to configure the device. Click on Next.

Page 99: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

99 | LiveNX 7

If the Send the configuration commands to device was selected, then a Save Startup Config dialog offers the option to automatically save the desired configuration to the startup configuration. Choose Yes to save and No to ignore. The Do not show again checkbox allows you to bypass this Save Startup Config screen; the configuration does not get saved to the startup configuration.

Page 100: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

100 | LiveNX 7

Once updated, the Device Setting table will display the results of the configuration. The interface settings list NBAR and NetFlow capability for each interface. A green LED means that the interface is successfully configured; a red LED means that the interface is not successfully configured. Check to see that the NetFlow collector is pointing correctly to the LiveNX Server. Click on Finish to complete the Add/Edit Interface Wizard.

Page 101: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

101 | LiveNX 7

Managing Devices

To manage the devices, you have added to LiveNX, click the Manage link in the toolbar, or select File > Manage Devices.

To add devices to a new group or to an existing group, enable the Select checkbox next to the desired devices, then click on Add to Group and use the dropdown to add to a new group or to an existing group.

Page 102: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

102 | LiveNX 7

To remove devices from a group, select the desired devices that are already assigned to groups and then click on Remove from Group.

Page 103: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

103 | LiveNX 7

Click on Edit Groups to modify the topology groups. Three options are available:

Page 104: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

104 | LiveNX 7

Add – Displays the Add Group dialog box used to add another group.

Edit – Select the group to edit and click on the Edit button to bring up the Edit Group dialog box. Use this dialog box to rename the group, modify the group description, or to add or remove devices from the group.

Remove – Select the group and click on the Remove button to delete the group and remove the group designation for the devices.

Page 105: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

105 | LiveNX 7

Size—Describes the number of devices within that group.

Groups are displayed in the topology view as collapsed or as expanded. In the expanded view, a shaded background border is displayed encompassing the devices that make up the group. The tab at the left-hand top corner displays the group name. Collapse a group by double clicking in the background border or right clicking on the group name in the device tree and selecting Collapse. Expand a group by double clicking within the group boundary or by right clicking on the group name in the device tree and selecting Expand.

In the collapsed view, the group background is replaced by a solid rectangle equivalent in size to the shaded background border that encompassed the devices in expanded view. Right click on either the rectangle in the topology or the group name in the device tree view and select Use Small Collapsed Groups to maintain a consistent size rectangle, independent of the spread of devices in the topology. The rectangle color is the color of highest alarmed device within the group.

Page 106: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

106 | LiveNX 7

Zoom – While in the topology view, highlight a group or a device in the tree view, right click and then select Zoom or Zoom to device, respectively, to position the topology so the selected group or device is in the center of the window.

For a large topology, zooming out may result in visualization challenges due to the size of each individual device. LiveNX will automatically change the individual devices to groups for visibility purposes. The transition from devices to groups can be user-defined by zooming out to the desired zoom level and then right clicking

Page 107: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

107 | LiveNX 7

on the topology and selecting Group Management > Set Auto-Collapse/Expand Groups at this Zoom level. Click on Reset Auto-Collapse/Expand Zoom Level to return to the default LiveNX zoom level.

To keep a group expanded regardless of zoom level, click on the desired group and then right click on the Group Management > Persistent Expand (disable auto-collapse/expand).

Page 108: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

108 | LiveNX 7

Click on Persistent Expand All to keep your topology from collapsing to the Group level. Click on Persistent Collapse All to keep your topology from expanding to the device view. These group visibility settings can be done per individual user.

Adding Generic Network Objects and Annotations

Right click in the system topology and select Create Network Object to add a network object with descriptive text. To edit or delete a network object, right click on the object and select Edit Network Object or Delete Network Object, respectively. Objects may be connected using the Connect icon in the topology view toolbar.

Three types of Network Objects are available: Annotation only, IP address end point or Merged clouds.

Page 109: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

109 | LiveNX 7

Annotation Only

An Annotation Only network object appears only as an annotation in the topology and does not affect functionality.

Page 110: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

110 | LiveNX 7

Type in the Network Object name, choose the Annotation only type, select the desired object from the object/shape dropdown, click and drag the Size slider to increase or decrease the size of the object and type in a string that will be displayed as a Tooltip in the system topology (optional). Click on OK.

Page 111: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

111 | LiveNX 7

IP Address End Point

An IP address end point represents an IP end point in the topology. The IP end point must be connected to/associated with an interface, subnet, or merged cloud for flows to be drawn to the network object.

Page 112: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

112 | LiveNX 7

Type in the Network Object name, choose the IP address end point, select the desired object from the object/shape dropdown, click and drag the Size slider to increase or decrease the size of the object and type in a string that will be displayed as a Tooltip in the system topology (optional). Click on OK. The IP address will be included in the Tooltip.

Page 113: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

113 | LiveNX 7

Merged Clouds

A merged cloud replaces the member clouds in the topology with a single object. When used with flows, the merged cloud serves as a bridge between different clouds where the same flows traversing those clouds are connected via the merged cloud network object.

Page 114: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

114 | LiveNX 7

To merge clouds together, right click on the system topology, and select Create Network Object. Type in the Network Object name, choose Merge clouds and select the desired object from the object/shape dropdown, click on the clouds in the topology that you wish to combine, drag the Size slider to increase or decrease the size of the object and type in a string that will be displayed as a Tooltip in the system topology (optional). Click on OK. The IP addresses of the merged objects will be included in the Tooltip.

Page 115: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

115 | LiveNX 7

The cloud choices can also be selected using the Find button. Click on Find and then click on the desired clouds to be merged.

Page 116: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

116 | LiveNX 7

The resultant cloud maintains the end-to-end flow behavior; a flow terminating in one cloud and emanating from another cloud is now shown as a single flow entering and exiting the merged cloud. Tooltip also includes the IP addresses of the merged clouds.

Page 117: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

117 | LiveNX 7

Merge clouds can also be accessed directly through the system topology by shift-clicking on clouds to be merged and then use the right click and choose Merge Clouds. The Create Network Object window will automatically populate with the selected clouds.

Page 118: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

118 | LiveNX 7

Adding, editing, or deleting annotations or annotated network objects will have no impact on the system topology or LiveNX operation.

Page 119: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

119 | LiveNX 7

Saving Changes to the Device’s Startup Configuration

When a device is added to LiveNX, the software makes changes automatically to the device’s running configuration, but not to the startup configuration file. If you want to make these changes permanent, select the device from the list on the left side of the LiveNX screen, and then select Save to Startup Config from the File menu and click Yes to save them to the startup configuration file.

Advanced Add Bulk Device

LiveNX supports a method to add or update many devices, while precisely controlling which interface, polling rates and other user-defined information.

The discovery and add should be done for devices on a per Node basis.

Click on File > Discover Devices. Then specify the IP range to scan, SNMP settings and Node. Click OK.

Page 120: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

120 | LiveNX 7

Click Advanced Add… to add or update devices.

Page 121: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

121 | LiveNX 7

The Advanced Add dialog allows the user to add or update values in the matrix or to export the values to a CSV file, make edits and then import the CSV back into LiveNX. Columns that can be edited directly in the matrix are shaded.

Click on Add/Update Devices and then follow the wizard to add or update the devices.

Page 122: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

122 | LiveNX 7

Click on Export to CSV to export the device values into a CSV file for further editing.

Save the edited file and then go to File > Import Devices. Use the import picker to locate the saved CSV file and click on Import.

Page 123: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

123 | LiveNX 7

Review your device modifications in the Add/Update Devices window.

Page 124: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

124 | LiveNX 7

Expand/Collapse

Click on the Expand button next to Manage to show additional details of the devices, interfaces and VLANs listed in the Device/Interface Tree Table. The Expand button is used to define sites and tags.

Defining Sites and Tags

Sites, tags and labels are used to help with understanding data shown in dashboard, reports and alerts. Start by defining key site devices and the key WAN interfaces on the devices. One or more devices can be specified for a site and one or more WAN interfaces can be defined per device. Using these definitions, the site dashboard widgets, reports and alerts can get populated. Also, not all devices and interfaces need to be defined.

For groups of devices, you can define a group site and a Site IP range designation once and it becomes valid for all devices within that group.

Set capacity and labels for WAN interfaces which are used in various reports and dashboards. The capacity is used to determine what maximum capacity the current bandwidth should be compared against, so that percentages can be calculated rather than using the line interface rate. This is useful if WAN interfaces connect to a service that is limited in capacity below the level of the line rate.

Page 125: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

125 | LiveNX 7

Set tags on interfaces for quick searches. The tags work like tagging you find in various internet sites for searching pictures, tweets and other information. You can tag similar interfaces in any way that is desired. For example, all interfaces that are linked to a service provider could be tagged with “Sprint” (for instance) or all interfaces that constitute the “East” region could be tagged and reported on.

The image below illustrates the expanded view of the Device/Interface Tree Table showing additional characteristics of the network devices, interfaces and VLANs.

• IP Address: IP address of the device, interface or applicable VLAN.

• Node: Name of the LiveNX Server or LiveNX collection Node associated with the device.

• Label: User-defined name on the device’s interface is for descriptive purposes and is used in dashboard widgets and reports for user-defined labeling. (This used to be called Destination in LiveNX versions prior to 3.0.). Customers that upgraded from an earlier version to 3.0 will see their interface destinations now show up as an interface label.

• Capacity: User-defined numeric value for each interface. Set this value to either the line rate or WAN link capacity for calculating % of use in various reports. Values are entered in Kbps.

• WAN: User-defined checkbox to label wide-area network interfaces, which are then used in WAN reports and for tag-based filtering.

• Service Provider: User-defined alpha-numeric string to label an interface with a service provider name.

• Site: User-defined alpha-numeric string to label a device or a group of devices by location. There is one site tag for a group of devices. All devices and interfaces within that group inherit the site tag. If a device site tag is defined and then a group tag is added for that device, the group tag will take precedence over the device tag. If no group site tag is chosen, then the devices within that group may have individually defined site tags. Devices not assigned to a group can have individually defined site tags. For clarity, the site tag information is not replicated for inherited devices or interfaces in the Device/Interface Tree Table.

• Site IP: User-defined tag to correlate the site tag to a site IP or IP range, specified in CIDR format. To define a site range, first define the site tag. Once a site is correlated with a site IP range, all subsequent site tags will automatically use the same site IP range tag. If the site IP range is defined at the group level, all devices and interfaces within that group inherit the site IP tag. There is one site IP range designation for a given site tag. All devices and interfaces within that group inherit the site IP tag. For clarity, the site IP tag information is not replicated for inherited devices or interfaces in the Device/Interface Tree Table.

• Tags: User-defined alpha-numeric string(s) provide additional labeling for a given interface.

• Description: Description value from the device MIB.

• Polling: Polling rate on the device in seconds.

• CPU: Device CPU LED. (Default turns red when CPU utilization exceeds 80%).

• Memory: Device memory LED. (Default turns red when memory usage exceeds 95%).

• Interface drop: Interface LED. (Default set to > 0.000 pps).

• Class drop: Class LED. (Default set to > 0.000 Kbps).

• Date changed: Most recent device configuration date. The orange highlighting indicates that the running configuration has not been saved to the startup configuration since the last modification.

Page 126: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

126 | LiveNX 7

To modify the group Site tag, select the group and then enter the alphanumeric string in the Site field in the Details window as shown below. Use the dropdown to select among previously defined Site tag choices.

To modify the group Site IP tag, first select the group, then create a Site tag and then enter the IP address or range of IP addresses in the IP field in the Details window in the image below. Since there can be one Site IP tag for a given Site tag, adding previously defined Site tags into the Device/Interface Tree Table will cause LiveNX to fill in the corresponding Site IP tag. Changes to a defined Site IP tag will change that Site IP tag throughout the Device/Interface Tree Table.

Page 127: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

127 | LiveNX 7

To modify the device’s site tag, select the device by clicking on it and then enter the alphanumeric string in the Site field in the Details column in the image below. The resultant string will appear in the Site column corresponding to the selected device. Use the dropdown to select other pre-defined sites or type in a few alphanumeric characters and LiveNX will auto-fill based on previous site definitions. If this device is part of a group with a defined group Site or group Site IP tag, then the group tag will already be listed in the Site and Site IP fields, respectively, in read only mode. Creating and modifying the Site and Site IP tags are available to Administrator user roles.

Page 128: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

128 | LiveNX 7

To modify the interface’s label, capacity, WAN, Service Provider or tags fields, click on any interface in the Device/Interface Tree Table and input the information in the Interface Details column on the right-hand side of the table. Creating and modifying the label, capacity, WAN, Service Provider, Site and Tags fields are available to Administrator user roles.

Label: Type an alphanumeric string in the Label text box or double click on the label cell to enter the label in the table.

Capacity: Type any numeric value in the Capacity test box or double click directly on the Capacity cell to enter the value (in Kbps) directly into the table. With the 6.1.1 software release, onwards, user can enter both input and output capacity on a single interface of a router.

Input and output capacities will be visible on the webui, stories device inventory interfaces.

WAN: Check on the WAN checkbox either in the Interface Details column or directly in the WAN cell in the table.

Service Provider: Type any alphanumeric string in the Service Provider Name text box. Once entered, click on the dropdown arrow on the right-hand side of the text box to select an existing alphanumeric string.

Page 129: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

129 | LiveNX 7

Tags: Enter the tag in the Enter tag here entry box. Tags are entered one at a time; typing in a space will result in an underscore in the tag definition. LiveNX stores each tagged value. Use the checkbox to select previously defined tags. The # column to the right of the Tag list column indicates the number of times an interface in your LiveNX system uses that defined tag. Right click on a defined tag to delete the tag from the system; this will remove the tag from all interfaces in the system. Click on the Remove unused tags to remove any tag that has no interface associated with it. Like the delete tag, the remove unused tags button removes this tag for the system.

Following is a portion of the Device/Interface Tree Table view with added labels, capacity, WAN, service provider, site, site IP and tags.

Group details are shown by highlighting a group in the Device/Interface Tree Table. Editable fields are:

• Site tag

• Site IP tag

• Tags

Page 130: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

130 | LiveNX 7

Device details are shown by highlighting a device in the Device/Interface Tree Table. Editable fields are:

• Site tag

• Site IP tag

• Tags

Page 131: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

131 | LiveNX 7

The following image shows the details section for an interface or switched virtual interface. Editable parameters are:

• Label

• Capacity

• WAN Enable • Service Provider

• Tags

Page 132: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

132 | LiveNX 7

Click Collapse to hide the Device/Interface Tree Table and Details Section.

Page 133: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

133 | LiveNX 7

Filtering the Device/Interface Tree

Click on the magnifying glass next to the text field to provide filtering capability for the Device/Interface Tree Table.

Select All, Name, IP Address, Node, Label, Capacity, WAN, Service Provider, Site, Site IP, Tags, Interface drop or Class drop and then enter alphanumeric data into the adjacent text box to filter the list based only on the selected column of data. The filter matches against hidden data as well. For example, if the Device/Interface Tree Table is in collapsed mode, the filter will operate on hidden columns. Default is All.

Case sensitive, Case insensitive – Select Case sensitive or Case insensitive to filter the list based on matching the text and case or just the text, respectively. Default is Case insensitive.

Match from start, Match exactly, Match anywhere – Select Match from start, Match exactly or Match anywhere to determine whether the filter matches the entered text on the beginning of the data in the field, on exactly the data in the field or anywhere within the field, respectively. Default is Match anywhere.

Keep parent row if any of the children match – Select this to filter the list to display the parent row of hierarchy based data if the entered data matches any of the children rows and unselect this to not display the parent row. Default is enabled.

Keep the children if any of their ancestors’ match – Select this to filter the list to display all the children rows of any hierarchy based data if the entered data matches the ancestor row, and unselect this, to not display the children rows. Default is enabled.

Page 134: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

134 | LiveNX 7

Flow Probe Support

LiveNX provides integrated support for NetFlow probes such as ntop’s nProbeTM product. nProbeTM is a software application that can be used as a NetFlow probe and collector. Details for installing and using nProbeTM can be found at http://www.ntop.org/products/nprobe/.

To integrate with LiveNX, run the device discovery process using the Device Wizard as depicted in the Configure Device Wizard shown earlier in this chapter.

During Select Features for the desired device, enable Associate Probe at IP Address and type in the probe IP Address.

Page 135: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

135 | LiveNX 7

Complete the Device Wizard Configuration

A probe can also be configured by first discovering the device, right clicking on the device to Add and Remove Interfaces.

During the Select Features step, enable the Associate Probe at IP Address checkbox and enter the probe’s IP address.

Page 136: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

136 | LiveNX 7

In the Enable Polling step, please ensure that a Polling Rate is selected and that Flows are enabled.

Ensure that nProbeTM is running and exporting to LiveNX and you should start seeing flows drawn to the associated device.

All standard NetFlow V9 fields are supported. In addition, the following nProbeTM fields are supported.

Field Field Name Description

Page 137: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

137 | LiveNX 7

Id

57552 FRAGMENTS Number of fragmented flow packets

57554 CLIENT_NW_DELAY_SEC Network latency client nprobe

(sec)

57555 CLIENT_NW_DELAY_USEC Network latency client nprobe

(usec)

57556 SERVER_NW_DELAY_SEC Network latency nprobe Server

(sec)

57557 SERVER_NW_DELAY_USEC Network latency nprobe Server

(usec)

57558 APPL_LATENCY_SEC Application latency (sec)

57559 APPL_LATENCY_USEC Application latency (usec)

57573 SRC_IP_COUNTRY Country where the source IP is

located

57574 SRC_IP_CITY City where the source IP is located

57575 DST_IP_COUNTRY Country where the destination IP is

located

57576 DST_IP_CITY City where the destination IP is

located

57577 FLOW_PROTO_PORT L7 port that identifies the flow

protocol or 0 if unknown

57579 LONGEST_FLOW_PKT Longest packet (bytes) of the flow

57580 SHORTEST_FLOW_PKT Shortest packet (bytes) of the flow

57581 RETRANSMITTED_IN_PKTS Number of retransmitted TCP flow

packets

(source destination)

57582 RETRANSMITTED_OUT_PKTS Number of retransmitted TCP flow

packets

(destination source)

57583 OOORDER_IN_PKTS Number of out of order TCP flow

packets

(destination source)

57584 OOORDER_OUT_PKTS Number of out of order TCP flow

Page 138: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

138 | LiveNX 7

packets

(destination source)

57585 UNTUNNELED_PROTOCOL Untunneled IP protocol byte

57586 UNTUNNELED_IPV4_SRC_ADDR Untunneled IPv4 source address

57587 UNTUNNELED_L4_SRC_PORT Untunneled IPv4 source port

57588 UNTUNNELED_IPV4_DST_ADDR Untunneled IPv4 destination address

57589 UNTUNNELED_L4_DST_PORT Untunneled IPv4 destination port

57590 L7_PROTO Layer 7 protocol (numeric)

57591 L7_PROTO_NAME Layer 7 protocol name

LiveNX supports visualization of devices that don’t support SNMP and the projection and reporting of flow information for these types of devices.

Page 139: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

139 | LiveNX 7

Adding Devices into LiveNX That Don’t Support SNMP

Go to File > Add Device. Since the virtual devices do not support SNMP, choose No SNMP connection settings available. Type in the IP Address of the device. Click on Next.

At the Add a Virtual Device dialog box, enter the System Name.

In the map interfaces to indexes, add the interface to be visualized.

• ifIndex: Represents the index of the associated interface.

o This is in the index that is exported in the flow record and is used to project the flows across

the device in the system and device flow views. See your device manufacturer’s

documentation on how to get the ifIndex used for flow export.

• Interface: The interface name

• Description: The description of the interface (Optional)

• IP Address: The IP of the interface (Optional)

• Subnet: The subnet of the interface (Optional)

NOTE: If no IP and subnet is supplied there will be no interconnections between other devices in the system topology.

Page 140: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

140 | LiveNX 7

After clicking on Finish, the following dialog box will appear.

Page 141: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

141 | LiveNX 7

The system and device flow views should contain the device labeled “NoSNMPDevice.”

Enhancements to Device Auto Discovery process:

In 7.0.0 LiveNX has added the ability to discover devices that LiveNX was receiving flows from (but

had not already added). From within the Java client user get notifications if flows are received from

an IP address that is not a managed device. Rather than just notifying the user of these flows, LiveNX

will go one step further and automatically discover/add this device to LiveNX.

Any user interaction will be done via the Web UI. There will be no UI components in the java client,

although the services in the managers can be called by anyone with the right capability. The

Operations Dashboard takes advantage of the REST API and exposes a user-friendly interface which

lists out the devices that have been automatically discovered and provides the ease of adding them

into LiveNX. Every 5 minutes, each LiveNX node will attempt to discover all new devices using the

default SNMP credentials. If a flow was received from an unknown IP, LiveNX will batch this IP with

other IPs during the 5-minute window and attempt to discover all of them at the same time. Any IP

that has already been attempted and discovered will not attempt discovery again until the Node is

restarted.

If the default SNMP credentials are not set in LiveNX, then no automatic discovery will occur.

Page 142: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

142 | LiveNX 7

Select the devices that wish to be added using the checkbox in the table, and click Select Interfaces.

This will bring you to choose the interfaces to select. Click on Add Selected to then add the device.

Page 143: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

143 | LiveNX 7

The device should then be added to the system:

Page 144: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

144 | LiveNX 7

9. Role-Based Access

Role-Based Access Control

LiveNX provides a role-based access control (RBAC) login facility that controls the various functions of the application. Authentication can be handled locally by LiveNX or by using a Lightweight Directory Access Protocol (LDAP) service. The table below shows the RBAC privileges for each user type:

Administrator Full

Configuration

Partial

Configuration Clerk

Monitor

Only

Demo

User

Manage Users X X

Configure Login

Settings X

Add and Remove

Devices X

Edit Device

Settings X

Configure Devices X X

Configure Devices

Using Templates X X X

Monitor Devices X X X X X X

Enable DNS

Resolution X

Manage Reports X X

Manage IP

Mappings X X

Manage Port

Assignments X X

Manage Flow

Filters X X

Manage Alerts X

Manage Topology X

Manage Database X

Configuring IP

SLA Dashboard X

Save Topology

Changes Upon Exit X X X X X

Administrator Role—Admin

Page 145: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

145 | LiveNX 7

The Administrator role controls all aspects of LiveNX. Multiple administrators may be logged in at the same time.

Adding, deleting, or changing user accounts Configuring login settings, including setting the session timeout interval for users Adding or removing the devices that will be accessed and controlled by LiveNX Configuring device settings managed by LiveNX Full device-configuration capabilities Access to pre-defined configuration templates for the various technologies Monitoring devices accessed by LiveNX Enabling DNS resolution for resolving IP addresses to hostnames within charts and other parts of the user interface Creating and deleting reports, and scheduling periodic reports Defining address-to-name mappings and adding addresses to a blacklist, for customizing the appearance of IP addresses within application views and reports Redefining the default mapping of port numbers to application names, for customizing the appearance of ports within application views and reports Creating and managing filters for use in flow reports Enabling alerts, configuring alert thresholds, and configuring how alerts are delivered to the user, including configuring an outgoing email account for email-based alert delivery Managing the topology, including managing the master topology layout, managing groups, creating/editing generic network objects, creation/editing annotations Managing internal databases, including purging, backing up, and restoring data Customizing warning thresholds on the IP SLA dashboard view

Certain features are available for all administrators, but only one administrator can work on certain aspects of LiveNX at a time. This includes:

• Discover, add, edit and remove device

• Configure login settings

• Configure session settings

• Manage DNS settings

• Manage alerts

• Configure e-mail

• Export and import configurations

• Group management

• Master topology layout management

• Schedule reports Full Configuration Role—Full Config

The Full Configuration role allows configuration and monitoring control of the devices added by the Administrator, but has no user-management capabilities.

Full device-configuration capabilities Access to pre-defined configuration templates for the various technologies Monitoring devices accessed by LiveNX Creating and deleting reports Defining address-to-name mappings and adding addresses to a blacklist, for customizing the appearance of IP addresses within application views and reports Redefining the default mapping of port numbers to application names, for customizing the appearance of ports within application views and reports Creating and managing filters for use in flow reports

Page 146: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

146 | LiveNX 7

Partial Configuration Role—Partial Config

The Partial Configuration role is limited to monitoring and utilizing pre-defined configuration templates found in LiveNX.

Access to pre-defined configuration templates for the various technologies Monitoring devices accessed by LiveNX

Clerk Role—Clerk

The Clerk role is limited to basic monitoring and managing user accounts.

NOTE: The Clerk role is provided to enable trusted non-technical staff to assist the Administrator with managing user accounts. Because this role can create Administrator-level users, use proper precautions, training, and screening before assigning this role to any user.

Adding, deleting, or changing user accounts Monitoring devices accessed by LiveNX

Monitor Only Role—Monitor Only

The Monitor Only role provides an access control category which permits a user to log into LiveNX to monitor devices, review reports and save topology changes upon LiveNX exit.

Access to the various technologies Monitoring devices accessed by LiveNX Topology modifications are saved upon user log out

Demo User Role—Demo User

The Demo User role provides an access control category which permits a user to log into LiveNX to monitor devices and review reports without allowing any of this user’s changes to get saved. The demo user has:

Access to the various technologies Monitoring devices accessed by LiveNX No modifications are saved upon user logout

For the following technologies, the demo user can open these dialogs and change parameters, but will not be able to save any changes to the device.

QoS: Create policy from template, create policy from application (NBAR), adjust Input/Output QoS, manage QoS settings, copy policies to devices, manage NBAR, set max reserved bandwidth Flow: Configure flow Routing: Manage policy-based routing IP SLA: Set up quick test, show IP SLA test status, manage tests, manage system tests

Global Versus Per-User Settings

Some LiveNX settings are customizable on a per-user basis. These include:

System topology layout, which can also be synced with the master topology layout at any time Showing/not showing individual confirmation dialogs Individual technology view settings (window sizes, locations, flow filter used, color mapping used, QoS chart type, IPSLA chart type, etc.)

Page 147: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

147 | LiveNX 7

Initial Administrator User Creation

The first time the LiveNX Server is started, a default administrator account will be automatically created, with a username of “admin” and a temporary password of “admin.” Upon logging in, you will be prompted to change this password.

Log-in

When the LiveNX Client is started, the user will be prompted to log into the application. Upon first logging in, each user will be asked to change his or her password to restrict password knowledge to the individual user.

If a locally installed LiveNX Client was launched, the user may choose which LiveNX Server instance to connect to on the Client Login dialog by clicking “Configure” and then specifying a hostname and port number. This option is not available if the LiveNX Client was launched via the web.

Page 148: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

148 | LiveNX 7

Managing Role-Based Access

Role-based access is configured from the Users menu.

Which brings up the User Management Dialog showing the list of users, role and device access.

Adding or editing an existing user brings up the Editing Dialog.

Page 149: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

149 | LiveNX 7

NOTE: All device login and RBAC information is encrypted and then stored in an encrypted file by LiveNX using the Advanced Encryption Standard (AES) cipher.

Manage Users

The Users > Manage Users dialog allows the following actions:

Creation of a user account and password Editing of a user account Deletion of a user account Activation of a user account Deactivation of a user account Configuration of user device access Configuration of LDAP authentication

Username Parameters

Usernames and passwords are case sensitive and may include special characters and spaces. Usernames must be unique. An error dialog pops up to prevent the same username from being used.

Page 150: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

150 | LiveNX 7

Timeouts

A user’s login session expires after he or she has been inactive for the configured timeout interval, requiring the user to log in again. Only Administrators can change the configured timeout interval.

The global timeout interval applies to all users for whom a user-specific timeout interval has not been configured. By default, the global timeout interval is five minutes. To change the global timeout interval, go to the Tools menu and select Options > Security, then enter the desired setting in the Login Options section.

Page 151: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

151 | LiveNX 7

A user-specific timeout interval may be set on the Edit User dialog. The session timeout setting on this dialog is only visible to Administrators. By default, a user’s timeout interval will be the global timeout interval, described above.

Page 152: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

152 | LiveNX 7

Authentication Options

The Administrator can set password restrictions globally for all user accounts by going to Tools > Options > Security. Select the desired properties and click Apply.

Item Description

Password expires after

Sets the number of days that a user’s password is valid, after which time the password will expire.

Allow password change once in

Restricts the interval, in days, that must elapse before a password may be changed (e.g. if this property is set to 2 day(s), a user may change his/her password once in 2 days).

Number of previous passwords to save

Tracks the previous passwords used per account, to prevent reuse.

Minimum characters required

Required property. Sets the minimum number of required characters.

Number of uppercase

characters required Sets the number of uppercase characters that are required in the password.

Number of lowercase characters

required Sets the number of lowercase characters that are required in the password.

Number of numeric characters required

Sets the number of numeric characters that are required in the password.

Number of special characters required

Sets the number of special characters (e.g., ! * + , - / : ? &) that are required in the password.

Default session timeout

Required property. Sets the global session timeout interval after which an inactive user is automatically logged out of LiveNX. This setting may be overridden on a per-user basis.

Page 153: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

153 | LiveNX 7

Item Description

Number of failed consecutive login

attempts

Required property. Sets the number of consecutive failed login attempts a user is allowed before he/she is locked out.

Lock user if number of failed attempts

occur

If a user reaches the number of failed consecutive login attempts within the number of hours specified, he/she will be locked out (e.g. if Number of failed consecutive login attempts is set to 3 attempts and Lock user if number of failed attempts occur in is set to 2 hour(s), a user will be locked out if he/she has 3 failed consecutive login attempts within 2 hours).

Show recent login results

Displays a message indicating whether the user was successful or unsuccessful at last login.

Show login banner A customized login message can be displayed to users. Click Edit to manually enter a message, or cut and paste text from another source.

Configuring User Device Access

Users can be configured to allow all or partial view and configure access to devices depending on the user’s role through the Device Configuration Access dialog box. The User Management dialog has a list with a “Device Access” column indicating the level of access the user currently has. Select the user from the User Management window and click Modify Device Access to modify the device access. Note that admin users by default have access to all devices so the button is not enabled.

The device configuration access dialog configures which devices the user can view, configure and store credentials for. These options are dependent on ther users role, but also the capabilities of the device. Be aware that certain columns and checkboxes in rows and options will be enabled and disabled based on these rules: 1. Monitor only users will not be allowed to set the configure or store credentials options per device. 2. Monitor only device will not be configurable to allow configure or store credentials for any user until the

device is added as a configureable device.

Page 154: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

154 | LiveNX 7

3. The option to configure all devices is not allowed for monitor only users. 4. Setting the view all or configure all options at the top of the dialog will disable the default add device

settings at the bottom of the dialog.

User Management through LDAP via WebUI

With the LiveNX 6.0.2 release, user management in conjunction with Lightweight Directory Access (LDAP) management can be done via the application Web Interface. The application can authenticate users against an external LDAP servers. LDAP authentication allows authorized LiveNX users to take advantage of their LDAP server to add, manage and authenticate users to access the application. Active Directory is a user information directory services database. LDAP is an application protocol for querying and modifying entries in an Active Directory (AD). Single or Multiple LDAP servers can be added and per user role permissions can also be managed at a group level or per individual user level.

Page 155: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

155 | LiveNX 7

The user management feature is for both LDAP user management and local user management. Bulk user addition and role permissions can be managed via the WebUI (i.e. Set of users belong to a group can be given appropriate role permissions per access requirements). SSL/ TLS certificates are implicitly added. The session timeout would be the same value as used in the Java client. All user management properties such as addition, deletion, deactivation and what devices can be managed by a which user can be done via the WebUI.

To use the user management authentication via LDAP, the LiveNX application needs to be able to connect to the external LDAP server. The LDAP server needs to be added to the application. The next section goes over the integration steps on how to properly configure LDAP authentication within the WebUI of LiveNX Application.

Note: The LDAP integration in the Java Client is independent of the WebUI LDAP integration, i.e.; depending on what application you are using to monitor devices, the LDAP integration should be done on that specific application (Java client or WebUI). The LDAP server added on the Java client will not be seen on the LiveNX Web user interface and vice-versa. Administrator can add only one LDAP server on Java client, but multiple LDAP servers can be added on the WebUI.

LDAP Management WebUI

There is some initial information required to be gathered by the administrator before integrating the LDAP server with the LiveNX application. The requirements to add the User information is provided in the User Management section in a later section below.

• LDAP Server IP Address o To receive the LDAP Server information, you must either know, or find out the IP Address of the

server from the LDAP system administrator. • Systems Administrator credentials to add appropriate LDAP server

• Bind DN or Search Base information. o The Bind DN information can be discovered by connecting to the LDAP server and opening the

Active Directory Users and Computers window, right click on the user that is being authenticated against, and select Properties.

• Base DN Information o These are the containers in which you are allowing LiveAction to look for LDAP users.

• Attribute Mappings for searching database for username or identity strings. To integrate user management with the application, the LDAP server network needs to be reachable and added to the application. The LDAP Management interface can be found on the top left corner LiveNX WebUI Configure tab LDAP Management.

Page 156: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

156 | LiveNX 7

Clicking the LDAP management, will open the LDAP General Settings page, as shown below. The LDAP General Settings shows the status on the LDAP integration with the server application. This can be set to ON/ OFF at the edit section (Enable LDAP Poller). Administrator can control the LDAP background polling interval, poll time and time zone settings. This feature is specific to the Web Interface and not present in the java client screen. Poll interval is set to a default value of daily update and is a background process.

The below figure shows the LDAP general server settings.

Changes to the LDAP user database polling interval, polling time can be defined or modified at this edit section.

Page 157: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

157 | LiveNX 7

From the LDAP Management section. Click on the sign to add a New LDAP server.

The below section shows a detailed view on adding a new LDAP server.

LDAP Server Main Settings tab:

Name: This field is any free text string that identifies the configuration engine. (e.g.: HQ-Ldap, DC-Ldap)

Search base: A search base defines the location from which LDAP search begins in the directory. A base dn is the point where a server will search for the directory users. Multiple search bases can be added to limit to multiple subtrees of LDAP directory.

Page 158: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

158 | LiveNX 7

From within the Attribute Editor, you can see the Base DN information:

This is in LDAP standard format (format e.g.. DC=liveaction,DC=qa,DC=com). This means that are only giving the permission to look in those specific folders for users.

If you wanted to look at all User folders for the specific tree, then you could use DC=liveaction,DC=qa,DC=com as the Base DN.

The LDAP API can reference an LDAP object by its Distinguished Name (DN). DC or Domain Component is the DNS domain name, CN or Common Name is the Relative Distinguished Name of user administrator.

LDAP Server Address: In this field the admin can enter the IP address of the required LDAP server. Make sure the LDAP server is reachable. (e.g.: 172.78.1.48)

LDAP server port 389. This is the default port for LDAP connection without SSL/TLS. SSL/ TLS certificates will be searched on port 443 by default. Administrator will be asked to check for trust of certificate and fetch certificate. After trust is accepted the LDAP settings is saved and port 636 is used by default. The LDAP connection with SSL/ TLS is via port 636 by default.

Page 159: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

159 | LiveNX 7

Identity: This will be a user who can browse the application LDAP/AD forest. Typical example: CN=AD-Auth,CN=Users,DC=liveaction,DC=com

Click on the LDAP Advanced Settings to do any advanced LDAP search functions.

LDAP Server Advanced Settings tab:

It is necessary to find the Attribute Mappings for Username & Full Name. To find this, you will need to look at LiveAction’s properties and browse to the Attribute Editor tab.

Username: This is an attribute that will be utilized to have names mapped into LiveNX. Admin can specify which LDAP attribute of user object to use as username of the LiveNX user entry. Typical example: [sAMAccountName / userPrincipalName / mail]. Search for sAMAccountName in the Attribute column, and in the Value column, we used “LiveAction” for its “Username”. After, scroll down to “displayName” for the “Full Name”.

Page 160: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

160 | LiveNX 7

User Search String: By default, application searches for all user objects from MS Active Directory, but this can be customized for other LDAP providers like OpenLDAP servers. User search string, in addition to search base, can also be a way to limit LDAP search. Typical example: [(&(objectCategory=Person)(objectClass=User)(memberOf=CN=NETWORK ADMINS,DC=liveaction,DC=com))]

Limit search query to members belonging to a security group.

Group search string: By default this will retrieve all groups from LDAP. This is not used specifically for User management. This is used together with the report sharing section for sharing a report to an individual or a group.

Displace name: This is an attribute to commonly show the username field. This field is to specify which LDAP attribute of user object to use as Display Name of the LiveNX user entry.

Once the LDAP server is added, the entry will show up under the LDAP Server Management section. Another new LDAP server can be added as well in this section in the same way as described above. The complete user view and modifications of can be done at the LDAP Management screen.

Page 161: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

161 | LiveNX 7

User Management WebUI

In this section admins can manage the users from the linked LDAP server connection. Managing users can include adding local users, LDAP users and LDAP group users and setting user roles to each user or group.

There is some initial planning required to be gathered by the administrator before adding the LDAP users with the LiveNX application.

• Are there individual local users to be added for local authentication without LDAP binding.

• Do we know the LDAP servers associated with the list of users to be added?

• Are we adding individual LDAP users or users by the group from the LDAP server?

• Do we know what roles each user needs to be provisioned? (admin, monitor only, clerk…)

The User Management interface can be found at the Configure User Management tab.

We can add an individual local user or an individual LDAP user or a group of LDAP users.

Page 162: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

162 | LiveNX 7

Username: This is the LiveNX username. Session Timeout: By default, this is 15 minutes. Timeout for each user from the application. The role for users or a LDAP group can be added or modified at this section. Roles are 6 pre-defined roles as mentioned previously in the document.

To add a group of users or individual users, administrator can go to the Groups View tab or Users View tab.

User Management – Groups view. To make changes per group dropdown menu to select the specific LDAP server. The group is by search base. Choose role.

The User Management - Users view

Page 163: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

163 | LiveNX 7

To add an individual user from the LDAP server, select the specific user and click Add User.

Complete view of users and the roles can be views at the User Management screen and changes to a specific user can also be done at this location.

User Management to modify device access per user. Select the specific user and click on the Modify Device.

Individual User addition, modification, deactivate can be done at this section.

Page 164: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

164 | LiveNX 7

All-Access Section

The all-access section at the top of the dialog allows a quick way to let users have view and/or configure access to all devices currently and any added in the future. Monitor only users have the option to only choose the view option. The selection of this option will override the behavior of “Defaults” section and will become disabled. NOTE: The configure all option also automatically enabled storing the credentials for the device as well.

Configure

The configure section sets indvidual device view, configure and storing credential access controls. The search field allows narrowing of the device list and right click options per column to enable and disable for all devices in the list for that particular setting. View Setting

The view setting allows the user to view the device in reports, dashboard, topology, alerts and search. When disabled, the device will not be viewable by the user nor have the option to set the configure setting. A device has to be viewable to be able to set the configure setting. The following limitations are applied for devices that are not viewable:

• Device Tree o The device will not show in the device management tree

Page 165: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

165 | LiveNX 7

• Topology o The device will not show in the topology view in any of the technology tabs

• Reports o The device is not selectable from the device selection list o When all devices are selected, the non-viewale devices are excluded

• Alerts

o Any alerts that contain that a device are not shown in the alert widows

Page 166: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

166 | LiveNX 7

• Dashboard o The dashboard will not show information from the device

• Search o Device will be excluded from the search results from reports, topologies and filters

• Device Lists o Devices lists used to select devices will exclude non-viewable devices

Configure Settings

The configure setting allows the user to configure the device based on the user’s role as admin, full config or partial config user allowed capabilities. A device must have the viewable setting enabled before configure is allowed. Devices that are not viewable have no way to be seen and configured.

Page 167: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

167 | LiveNX 7

Storing Credentials Settings

Device configuration requires having credentials to access the device. Typically these credentials are stored once so that the user doesn’t have to keep typing them in. When the store credential option is not a selection, this will override the default behavior, which means, that for every configuration attempt to the device, that user is required to enter his/her credentials.

Defaults Section

The defaults section is when new devices are added, if the devices should be added with view, and the configure and storing credentials option is enabled. NOTE: If all device capabilities are set, they override this behavior. This setting allows for new devices to be added, but doesn’t require users to continuously add the devices to the device access list.

Configuring LDAP User Authentication

LiveNX supports single sign-on by utilizing LDAP/Active Directory Integration. Utilizing single sign-on methods provides domain administrators a simplistic way of managing user integration with LiveNX.

NOTE: It’s also recommended to have at least 1 local administrative user, to manage the system for backup. To enable and configure LDAP/AD Authentication, here are some brief instructions:

1. Log into LiveNX with the current local administrative account 2. Click Users > User Management

3. Click LDAP Authentication Settings

Page 168: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

168 | LiveNX 7

4. Check Enable LDAP Authentication a. OPTIONAL: Click Certificate Manager

i. Certificate Manager Allows the import of certificates from the domain for LDAPS transport from the remote Server on port 636

5. Go to LDAP Connection Settings and fill in a. LDAP Server

i. This will be the Hostname or IP of the LDAP/AD Server b. Port

i. Default LDAP Port = 389 ii. Default LDAPS Port = 636

c. Bind DN i. This will be a user who is capable of browsing your LDAP/AD forest

1. Format: CN=myadministrator,CN=myusergroup,DC=mydomain,DC=domainextension d. Password

i. Password of the User indicated under Bind DN 6. Go to Base DN and fill in

a. Base DN i. This represents the base tree of your domain in order to browse users ii. Users are capable of implementing multiple Base DNs in order to browse portions of the

domain to pick out users from different groups. 7. Go to Attribute Mappings and fill in

a. Username i. This is an attribute that will be utilized to have names mapped into LiveNX ii. Typically this is: sAMAccountName / userPrincipalName / mail

Page 169: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

169 | LiveNX 7

b. Display Name i. This is an attribute to commonly show the username field ii. Typically this is: cn, displayName, name

8. Click Test Connection Settings a. This will allow you to test your configuration before completing the configuration to allow you to

correct any settings if there are mistakes.

9. Click OK 10. Back to User Management > Click Add 11. Under Add LDAP Users > Uncheck Add

a. Click on the + Next to the Base DN i. This will expand the current LDAP tree and will allow you to select users who you want

to add into LiveNX from LDAP/AD 12. Select users by checking under Add next to the users you would like to import 13. Click Add Users 14. The users will be added at this point to the list under User Management

a. You have options to edit Users for Role, Device Access, Session Timeout, Deactivate, Modify Device Access

i. Modify Device Access allows you to control which users has access to what device in LiveNX

15. Click Close Caveats

If the Bind DN or the password fields are blank, the user is prompted to enter a username and password based on the Bind DN and password of the LDAP administrator.

Specifying Multiple Subtrees (Base DNs)

The Base DNs allow the user to specify several different DN groups within the LDAP directory. Click on the Subtree Search to traverse users in subgroups under the selected DN group. Default is checked.

Page 170: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

170 | LiveNX 7

Username Configuration

Usernames between the two directories must be unique. An error dialog pops up to prevent the same username from being used in both directories.

If you fail to log-in with your credentials you will be locked out of LiveNX and will need to reset your configuration. It is recommended that you make a copy of your configuration before enabling LDAP. The users selected via the Add LDAP Users dialog will get added to the User Management dialog with Directory = LDAP and Status = Active. Click on a user and click on Edit to modify the Active, Role, Device Access or Session Timeout settings.

Page 171: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

171 | LiveNX 7

Page 172: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

172 | LiveNX 7

Adding LDAP Users without Browsing LDAP/AD

The LiveNX administrator can add LDAP directory users without connecting to the LDAP Server by using the LiveNX Username feature. In the User Management window, click on Add. Type in the username, click on the desired Role, click on LDAP Directory and then select LiveAction Username as the Authentication Method. LiveNX will automatically fill the remaining DN information from any of the defined Base DN definitions. During the LiveNX login process, the user will login using the same user name and password stored in the LDAP Server.

Remapping Users

The LiveNX administrator can rename LDAP directory users without connecting to the LDAP Server by using the map to another LDAP username feature. In the User Management window, click on Add. Type in the new LiveAction only username, choose the Role, choose LDAP Directory, select Map to Another LDAP Username and then type in the desired LDAP user. During the LiveNX login process, the user will login as LiveActionAlias and use the password stored in the LDAP Server corresponding to LDAPUser to authenticate.

Page 173: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

173 | LiveNX 7

Managing Active User Sessions

User sessions can be actively monitored and managed from the LiveAction Management Console installed on the LiveNX Server PC. Launch the LiveAction Management Console from the LiveAction program group. If the Console is not connected to the LiveNX Server instance, select Manage > Connect to Server. Currently active sessions can be viewed in the Sessions tab. To forcefully log out users, click on the session and select Logout User.

Lost Passwords

For security reasons, Administrators cannot recover user passwords. If a user forgets his or her password, the Administrator or Clerk must delete the user’s account and then recreate it using a new password. If all Administrator and Clerk passwords are forgotten, the application configuration must be reset.

Resetting the Application Configuration

To reset the application configuration, shut down the LiveNX Server and delete the server.conf configuration file. This will cause all application settings, including the list of devices and associated login credentials, to be lost. The next time the LiveNX Server is started, the default Administrator account will be automatically created again (username “admin”, password “admin”), and all devices and configurations will need to be re-entered as if this were a new installation.

server.conf location:

Windows

• C:\LiveAction Server Data\XX\server.conf Linux

• /var/LiveActionServer/data/XX/server.conf

Page 174: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

174 | LiveNX 7

10. APIC-EM Integration

Users can integrate Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) controller with LiveNX application. APIC-EM is a Cisco software-defined networking (SDN) controller designed to orchestrate and manage Cisco LAN and WAN devices. LiveNX retrieves network inventory information and device metadata from APIC-EM.

“The APIC-EM IWAN Application guides successful Cisco Intelligent WAN (IWAN) deployments through automation directed by a highly intuitive, policy-based interface that helps IT abstract network complexity and design for business intent. Business policy becomes network configuration at the speed of now with Cisco SDN solution. IWAN App automatically builds, deploys, updates and monitors network devices and configurations, accelerating the transition to hybrid WAN, and quickly realizing the benefits of lowered WAN transport costs while increasing available usable throughput, simplified IT, increased security, and optimized application performance based directly on business outcomes (*).”

* This section was taken from the Cisco-Dcloud apic-em-iwan-app-lab documentation.

APIC-EM Integration and Device Learning

To add the APIC-EM Controller, click on the APIC-EM Management button.

It opens the following credentials page, where you enter the APIC-EM controller Hostname, username and password.

Page 175: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

175 | LiveNX 7

Once it is saved, user can click on the discover devices.

Click Discover to add the devices in the APIC-EM device list.

Page 176: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

176 | LiveNX 7

Click on a right arrow to expand one of the listings. Information includes the site, the IP mappings, and the interfaces.

Close the details and select all devices. Click Add Devices. This automatically adds the devices into the LiveNX listing. From the menu, select Main > Devices to show that the device inventory is now full of all the devices being managed by LiveNX.

The Java Client will also show the devices discovered from the APIC-EM integration.

Page 177: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

177 | LiveNX 7

Page 178: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

178 | LiveNX 7

11. Cisco (Viptela) SD-WAN Integration

With LiveNX 7 release onwards, Easy On-Boarding of Viptela Devices integration is a key feature. With Rest API, LiveNX can integrate with the VManage device and pull VEdge inventory and network semantics, Site information based on VEdge hostname and WAN tags. Access the Cisco-Viptela SD-WAN integration tab from the following location.

Under integrations point to the Cisco SD-WAN tab.

On the hostname section, enter the hostname/ ip address of the VManage Device and enter username and password. Pressing the save button will validate the settings. Once validated, user will see the Discover devices button,

Page 179: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

179 | LiveNX 7

From here the user will be taken through the Device Discovery process, add the VEdge, V-Controllers to the device section. LiveNX with the integration of Rest API’s is not able to pull up site-id, WAN tags, interface capacity and other network semantics and populate the device information. User will be presented with the following table, where you can modify or verify the individual tabs, rows or columns.

The interface information will be presented in the next tab as follows:

Page 180: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

180 | LiveNX 7

12. LiveNX Server Backup

LiveNX automatically backs up the Server configuration and the system level topology layout files. If the LiveNX Server requires these backup files, the default location is:

Server configuration backup: \[LiveNX Server Data]\data\x.x\backup

• Where x.x is the LiveNX major release version

System topology backup: \[LiveNX Server Data]\data\x.x\backup\topology-layouts

• Where x.x is the LiveNX major release version

This guide will show how to back up a LiveNX deployment in several ways. The importance of backup is critical

to monitoring tools. This helps ensure that users have a way for disaster recovery with minimal or no loss of

data, depending on the situation.

Always test this in a lab environment before putting these steps in place for production. This will minimize issues and a secure plan can be put in place to ensure maximum efficiency.

Backup Methods:

• Snapshot of VM deployment

• Backup of LiveNX configuration only

• Backup of LiveNX configuration and storage

Page 181: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

181 | LiveNX 7

Snapshot of VM Deployment

This is one of the easier methods of backing up LiveNX, the only tradeoff is that the snapshot will be controlled outside of the LiveNX deployment and requires knowledge of VMware ESXi.

Caveat: Make sure that the user who will be performing the snapshot has enough privileges to create the VM snapshot.

1. Log into ESXi and locate your LiveNX deployment

2. Right Click the Virtual Machine

3. Click Snapshot > Take Snapshot

Page 182: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

182 | LiveNX 7

4. In the pop-up: Type in the name for the new snapshot

5. Type a description for the new snapshot

a. Recommends: Adding a date + Time description

b. Example: Apr 1st, 2016 / 15:34 / Before 5.4 Upgrade

6. Check Box > Snapshot the virtual Machine’s memory

7. Click OK.

This will quickly snapshot your VM and backup the current state. It’s recommended that a consistent schedule be utilized when backing up, so that recovery may not result in a larger loss of data. The more frequent the snapshot, the more data can be retained. The more infrequent the snapshots, the more data loss can incur when performing the disaster recovery. Find a happy medium if storage becomes a problem.

NOTE: If you delete the VM deployment, you will lose all your snapshots.

Recovering from VM Snapshot

With the snapshots being created on vCenter, this recovery may be the fastest way to retain as much data as possible without much effort.

1. Log into ESXi and locate your LiveNX deployment

2. Right Click the Virtual Machine

3. Click Snapshot > Snapshot Manager

Page 183: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

183 | LiveNX 7

4. Select the snapshot you will revert to

5. Click > Go To

6. Click > Yes on the pop-up

The VM snapshot will begin to apply and the machine will go back to the last state in the snapshot.

Backing Up LiveNX Configuration Only

There are times where LiveNX’s historical data is not needed and can be dumped. Having a consistent backup of the configuration is necessary to get things up and running again. Having the convenience of just backing up the LiveNX configuration is great.

It’s recommended to perform this during off hours, due to users being disconnected when configuration is being performed.

1. Log into the LiveNX LAN Management Console

2. Click > Manage

3. Click > Export Configuration

Page 184: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

184 | LiveNX 7

4. Click > Yes [Warning about logging off users]

a. Create a password to protect the file

5. Click > Browse

6. Select the location of where to save the configuration file

Page 185: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

185 | LiveNX 7

7. Save the file

Backing Up LiveNX Data Store

LiveNX and its Nodes have their own data store. If the historical data is useful to keep, there are options to save them at a remote location if storage becomes an issue. Because LiveNX Data Store truncates the oldest date out when the disk fills up, it’s wise to back up and maybe even sync the data across to a remote repository. For Nodes and Server, it’s best to make sure that both are backed up separately.

Directories that are associated with Data Store on both Nodes and the LiveNX Server:

Path and Folders

• Windows

o Server

▪ Alertstore2

▪ Flowstore

▪ Longtermstore-fivemin

▪ snmpstore

o Node

Page 186: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

186 | LiveNX 7

▪ Alertstore2

▪ Flowstore

▪ Longtermstore-fivemin

▪ snmpstore

• Linux

o Server

▪ Alertstore2

▪ Flowstore

▪ Longtermstore-fivemin

▪ snmpstore

o Node

Page 187: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

187 | LiveNX 7

▪ Alertstore2

▪ Flowstore

▪ Longtermstore-fivemin

▪ snmpstore

• All-In-One

o Server

▪ Alertstore2

▪ Flowstore

▪ Longtermstore-fivemin

▪ Snmpstore

▪ Node

Page 188: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

188 | LiveNX 7

▪ Alertstore2

▪ Flowstore

▪ Longtermstore-fivemin

▪ snmpstore

The directories store all the historical data associated with the discovered devices in the infrastructure.

Extract the Backup and Configuration to a Remote Backup

If the location of the backup and configuration is local to the VM deployment, the best thing to perform next is to move the file to a remote location, to ensure that you can pull the backup at any time and load it into another LiveNX instance.

The basic guideline is to be able to relocate the config to a secure remote repository for reference in the future.

Options:

• NFS mount and Rsync periodically

• Rsync the files to a remote repository without NFS mount

• Manually copy into a remote repository

Page 189: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

189 | LiveNX 7

13. LiveNX Server Startup Troubleshooting

The LiveNX Server displays a status LED and messages in the left bottom corner of the Management Console

to indicate progress during the Server start-up process, or to assist in troubleshooting any anomalous start-up

conditions.

Server Status Messaging Conditions

Red: The Server is currently down Server state after successful installation/successful shutdown

Yellow: The Server is currently starting up Server state after Manage > Start Service

Green: The Server is currently running Server state during normal operations

Yellow: The Server is currently shutting down. Server state after Manage > Stop Service

Yellow: Upgrading database... Server state if an older version of QoS data is detected. Please stand by until the upgrade is complete.

If an anomalous condition occurs, the following outlines a few troubleshooting ideas to help remedy the

situation. Please contact LiveAction Technical Support at [email protected] or 408-217-6501 if these

issues persist.

Page 190: LiveNX 7cdnx.liveaction.com/PDFs/LiveNX-7-Admin-Guide.pdf · LiveNX Server Installation for Windows ... OS Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+

190 | LiveNX 7

Server Status Messaging Condition

Red: Port number is currently in use by another process.

The LiveNX Server uses the following ports (default port number in parenthesis). Kill any processes that use these ports, or go to the Properties tab in the LiveAction Management Console and change the default settings. Click Apply Click Manage > Shutdown Service Click Manage > Start Service snmp.localPort (0) clientgateway.ssl.port (7000) management.console.port (7001)

Red: LiveNX versions do not match. Server: Server version. Management Console: Management Console version.

The LiveNX Server is running an older version than the Management Console. Reinstall the LiveNX Server using a more recent version or downgrade the Management Console. Start LiveAction Management Console. Manage > Start Service

Red: Failed to initialize QoS database.

The QoS database could not start up. Call support for further troubleshooting.

Red: Failed to initialize flow database.

The Flowstore database could not start up. Check that read/write permissions are enabled for the Flow store directory. Shut down the LiveNX Server: Manage > Shutdown Service Start the LiveNX Server: Manage > Start Service

Red: Failed to initialize alerts database.

The Alertstore database could not start up. Check that read/write permissions are enabled for the Alert store directory. Shut down the LiveNX Server: Manage > Shutdown Service Start the LiveNX Server: Manage > Start Service

Red: The application configuration file filename may be corrupted.

The server.conf file or the registry key value used to decrypt the server.conf file may be corrupted. If available, restore the server.conf file using a backup copy. If the default location is used, the server.conf file is stored in LiveNX Server under the subdirectory Data/XX XX = Version based on default installation