Allot NX Installation and Admin Guide R13 (13.4)
description
Transcript of Allot NX Installation and Admin Guide R13 (13.4)
-
NetXplorer
Installation & Administration Guide P/N D354005 R13
-
NetXplorer Installation and Administration Guide i
Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of
action, whether in contract, tort (including negligence), strict liability or otherwise.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT
ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN
THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.
Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate.
WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,
REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE),
STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Copyright Copyright 1997-2014 Allot Communications. All rights reserved. No part of this document may
be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other
language without a written permission and specific authorization from Allot Communications Ltd.
Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or
copyrights of their respective companies, and are used only for identification or explanation and to
the owners' benefit, without intent to infringe.
Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.
-
NetXplorer Installation and Administration Guide ii
Version History Each document has a version and a build number. You can tell the exact version and build
of this document by checking the top row of the table below.
Document updates are released in electronic form from time to time and the most up to date
version of this document will always be found on Allots online Knowledge Base. To check for more recent versions, login to the support area www.allot.com/support.html and from
the knowledgebase tab, enter the title of this document into the search field.
Doc
Revision
Internal
Build
Product
Version
Published Summary of Changes
13 v13b4 NX13.4 29.01.15 CLI Clarified
13 v13b3 NX13.4 07.12.14 General edits
13 v13b2 NX13.4 13.10.14 V3700 RAID Storage added
13 v13b1 NX13.4 30.09.14 Install instructions updated
-
NetXplorer Installation and Administration Guide iii
Important Notice ............................................................................................................................ i Copyright ...................................................................................................................................... i Trademarks ................................................................................................................................... i
Version History .............................................................................................................................. ii
CHAPTER 1: GETTING STARTED .......................................................................... 1-1 Overview...................................................................................................................................... 1-1 Terms and Concepts ................................................................................................................... 1-1 NetXplorer Architecture ............................................................................................................ 1-4 Administration Role ................................................................................................................... 1-6
CHAPTER 2: INSTALLATION .................................................................................. 2-1 NetXplorer Server Installation .................................................................................................. 2-1
Allot Appliance Installation ...................................................................................................... 2-1 Alternate Hardware ................................................................................................................. 2-14
NetXplorer Client Installation................................................................................................. 2-31 Java, WebStart and the NetXplorer Client .............................................................................. 2-31 Accessing NetXplorer ............................................................................................................. 2-34 Enabling NetXplorer Servers .................................................................................................. 2-35
NX Accounting Installation ..................................................................................................... 2-36 Linux Server ........................................................................................................................... 2-36 Windows Server ...................................................................................................................... 2-38
NPP Installation ........................................................................................................................ 2-42 Linux Server ........................................................................................................................... 2-42 Windows Server ...................................................................................................................... 2-46
NX High Availability Platform Installation ........................................................................... 2-49 Connecting NX-SRV-HAP ..................................................................................................... 2-50 Configuring NX-SRV-HAP .................................................................................................... 2-56
CHAPTER 3: CONFIGURATION .............................................................................. 3-1 Overview...................................................................................................................................... 3-1 Working with Devices ................................................................................................................ 3-1 Configuring NetXplorer Users ................................................................................................ 3-10
Internal User Configuration .................................................................................................... 3-11 External Authentication Configuration ................................................................................... 3-13 Password Management ........................................................................................................... 3-15
CHAPTER 4: MONITORING COLLECTORS ........................................................ 4-1 Overview...................................................................................................................................... 4-1
Data Collection Process ............................................................................................................ 4-2 Collector Redundancy ............................................................................................................... 4-2 Extended Mode ......................................................................................................................... 4-3 NetXplorer Support................................................................................................................... 4-5
Installing Monitoring Collectors ............................................................................................... 4-6 Collector Groups ..................................................................................................................... 4-15
-
NetXplorer Installation and Administration Guide iv
Configuring Monitoring Collectors ........................................................................................ 4-16 Troubleshooting the Collector ................................................................................................. 4-19
Command Line Interface ........................................................................................................ 4-19 Processes ................................................................................................................................. 4-19 Logs and Snapshots ................................................................................................................ 4-19 Recreating Databases .............................................................................................................. 4-20 Changing IP Addresses ........................................................................................................... 4-21
CHAPTER 5: NETXPLORER ACCOUNTING ........................................................ 5-1 Overview...................................................................................................................................... 5-1 Configuring NetXplorer Accounting ........................................................................................ 5-1
CHAPTER 6: DATABASE MANAGEMENT ............................................................ 6-1 Backup Terms ........................................................................................................................... 6-1 Using Backups to Achieve NX Redundancy ............................................................................ 6-2
Database Management on Windows ......................................................................................... 6-2 Cold Backup ............................................................................................................................. 6-2 Hot Backup ............................................................................................................................... 6-4 Aligning Protocol Pack Versions ............................................................................................ 6-16
Database Management on Linux ............................................................................................ 6-17 Cold Backup ........................................................................................................................... 6-17 Hot Backup ............................................................................................................................. 6-18 Aligning Protocol Pack Versions ............................................................................................ 6-27
Data Collection and Profiles .................................................................................................... 6-28 Data Collection - Overview .................................................................................................... 6-28 Profiles - Overview ................................................................................................................. 6-29 Profiles Available Options ................................................................................................... 6-30 Profiles - Configuration .......................................................................................................... 6-32
CHAPTER 7: COMMAND LINE INTERFACE (CLI) ............................................ 7-1 Provisioning CLI ........................................................................................................................ 7-2
Topology CLI ........................................................................................................................... 7-3 Catalog CLI .............................................................................................................................. 7-8 Policy CLI ............................................................................................................................... 7-30 Web Updates CLI ................................................................................................................... 7-43 Configuration CLI................................................................................................................... 7-48 Alarms CLI ............................................................................................................................. 7-50 Subsciber CLI ......................................................................................................................... 7-93
Monitoring CLI ........................................................................................................................ 7-94 Export to CLI .......................................................................................................................... 7-95
CHAPTER 8: TROUBLESHOOTING ....................................................................... 8-1 Troubleshooting Basics .............................................................................................................. 8-1
First Steps ................................................................................................................................. 8-1 Processes ................................................................................................................................... 8-1
-
NetXplorer Installation and Administration Guide v
Log Files ................................................................................................................................... 8-2 Snapshots .................................................................................................................................. 8-5 How to restore CFG (allot_cfg) database from the Snapshot-File ............................................ 8-6
Login Errors ............................................................................................................................... 8-7 Incorrect Java Version .............................................................................................................. 8-7 Lack of Connectivity ................................................................................................................ 8-7 Antivirus Conflict ..................................................................................................................... 8-8
Policy Saving Errors .................................................................................................................. 8-8 Data Display Errors ................................................................................................................. 8-10
Data Transmission .................................................................................................................. 8-11 Data Reception ........................................................................................................................ 8-11 Data Loss ................................................................................................................................ 8-12 Stress ....................................................................................................................................... 8-13
Add Device Errors .................................................................................................................... 8-14 NX-HAP Troubleshooting ....................................................................................................... 8-16
Synchronizing Each Node with an NTP Server ...................................................................... 8-16 Viewing Available Resources ................................................................................................. 8-16 Stopping Pacemaker/Heartbeat Service .................................................................................. 8-17
CHAPTER 9: APPENDICES ....................................................................................... 9-1 Appendix A Server Hardware Specifications ....................................................................... 9-1
NX (P/N SNX-SRV-GEN4) ..................................................................................................... 9-1 NX-HAP (P/N SNX-SRV-HAP-GEN4)................................................................................... 9-1 NX-HAP (DC) (P/N SNX-SRV-HAP-GEN4-DC) .................................................................. 9-2 STC (P/N STC-NX-GEN4-DC) ............................................................................................... 9-2 Enhanced STC (P/N STC-NX-ENH-GEN4) ............................................................................ 9-3 ASRA Server (P/N ASRA-SRV-GEN4-DC) ........................................................................... 9-3
Appendix B IBM DS Storage Manager ................................................................................. 9-4 Installing Storage Manager Client on NX Servers ................................................................... 9-4 Configuring Storage Manager to Send SNMP Traps from the Storage Device ....................... 9-9 Storage Battery Status ............................................................................................................. 9-10
Appendix B - Configuring NX to Work Behind an HTTP Proxy ........................................ 9-12 Appendix C - Events and Recommended Actions ................................................................. 9-14 Appendix D NX IP Address for UI Script ........................................................................... 9-22
Changing the NetXplorer IP Address ..................................................................................... 9-22 Selecting a NetXplorer IP Address for the GUI ..................................................................... 9-22 Running the Script .................................................................................................................. 9-23
Appendix E Communication Protocols ............................................................................... 9-24 Data Flow from NX Client to NX Server ............................................................................... 9-24 Data Flow from NX Server to NE/SG .................................................................................... 9-28 Data Flow from STC to NX Server and NE/SG ..................................................................... 9-31 Data Flow from SMP to NX Server and NE/SG .................................................................... 9-38 Data Flow to and from the Data Mediator .............................................................................. 9-47 Additional Protocols ............................................................................................................... 9-48 IMM Connection..................................................................................................................... 9-66
Appendix F: Using the IMM ................................................................................................... 9-68
-
NetXplorer Installation and Administration Guide vi
Monitors .................................................................................................................................. 9-69 Tasks ....................................................................................................................................... 9-70 IMM Control ........................................................................................................................... 9-70
Appendix G: NX Audit Log ..................................................................................................... 9-72 logrotate.conf Example ........................................................................................................... 9-73 Audit Log Example ................................................................................................................. 9-73
-
NetXplorer Installation and Administration Guide vii
FIGURES
Figure 1-1: System Architecture .................................................................................................. 1-5
Figure 2-1: Connecting Keyboard and Screen ............................................................................. 2-1
Figure 2-2: Connecting Management and IMM ........................................................................... 2-2
Figure 2-3: IMM "System Management" Port ............................................................................. 2-3
Figure 2-4: IMM System Status Screen ....................................................................................... 2-4
Figure 2-5: IMM Network Interfaces ........................................................................................... 2-5
Figure 2-6: Connecting Keyboard and Screen ............................................................................. 2-6
Figure 2-7: Connecting Management and IMM ........................................................................... 2-6
Figure 2-8: CentOS UI ................................................................................................................. 2-7
Figure 2-9: Network Configuration dialog, Devices tab .............................................................. 2-7
Figure 2-10: Ethernet Device dialog box ..................................................................................... 2-8
Figure 2-11: Network Configuration dialog box, Hosts tab ......................................................... 2-9
Figure 2-12: Network Configuration dialog box, Add/Edit Hosts dialog .................................... 2-9
Figure 2-13: Network Configuration dialog box, DNS tab ........................................................ 2-10
Figure 2-14: IMM "System Management" Port ......................................................................... 2-11
Figure 2-15: IMM System Status Screen ................................................................................... 2-12
Figure 2-16: IMM Network Interfaces ....................................................................................... 2-13
Figure 2-17: Open Network Configuration ................................................................................ 2-16
Figure 2-18: Select eth0.............................................................................................................. 2-17
Figure 2-19: Ethernet Device dialog box ................................................................................... 2-17
Figure 2-20: Network Configuration dialog box, Hosts tab ....................................................... 2-18
Figure 2-21: Network Configuration dialog box, Add/Edit Hosts dialog .................................. 2-18
Figure 2-22: Network Configuration dialog box, DNS tab ........................................................ 2-19
Figure 2-23: Date/Time Properties dialog box, Network Time Protocol tab ............................. 2-20
Figure 2-24: Local Area Connection Properties ......................................................................... 2-25
Figure 2-25: Security Warning ................................................................................................... 2-27
Figure 2-26: NetXplorer InstallShield Wizard Welcome Window ............................................ 2-27
Figure 2-27: Choose Setup Type ................................................................................................ 2-28
-
NetXplorer Installation and Administration Guide viii
Figure 2-28: Choose Destination Location - Custom ................................................................. 2-28
Figure 2-29: Choose NTP configuration option - Custom ......................................................... 2-29
Figure 2-30: Choose Destination Location - Typical ................................................................. 2-29
Figure 2-31: Ready to Install the Program ................................................................................. 2-30
Figure 2-32: Setup Initializing.................................................................................................... 2-30
Figure 2-33: NetXplorer InstallShield Wizard Complete ........................................................... 2-30
Figure 2-34: NetXplorer Java Installation Screen ...................................................................... 2-33
Figure 2-35: NetXplorer Log On Window ................................................................................. 2-33
Figure 2-36: NetXplorer Application Server Registration Dialog ............................................. 2-35
Figure 2-37: Security Warning ................................................................................................... 2-40
Figure 2-38: Accounting Manager InstallShield Welcome Window ......................................... 2-40
Figure 2-39: Choose Destination Location ................................................................................. 2-41
Figure 2-40: Ready to Install Window ....................................................................................... 2-41
Figure 2-41: NetXplorer InstallShield Wizard Complete ........................................................... 2-42
Figure 2-42: Security Warning ................................................................................................... 2-47
Figure 2-43: NetPolicy Provisioner InstallShield Welcome Window ........................................ 2-48
Figure 2-44: Choose Destination Location ................................................................................. 2-48
Figure 2-45: NetXplorer IP Address Window ............................................................................ 2-48
Figure 2-46: Ready to Install Window ....................................................................................... 2-49
Figure 2-47: NPP InstallShield Wizard Complete ..................................................................... 2-49
Figure 2-48: Cable Connections for NX High Availability Platform (IBM M4 Hardware) ...... 2-52
Figure 2-49: Cables for NX HAP Connectivity ......................................................................... 2-52
Figure 2-50: Cable Connections for NX High Availability Platform (IBM X3550 M3 Hardware)
............................................................................................................................................ 2-54
Figure 2-51: Cables for NX HAP Connectivity ......................................................................... 2-54
Figure 2-52: Specifying NX-HAP IP for Receipt of SNMP Traps ............................................ 2-61
Figure 3-1: NetEnforcer Properties New Dialog ....................................................................... 3-2
Figure 3-2: NetEnforcer Properties Import Dialog .................................................................... 3-3
Figure 3-3: Monitoring Collector Properties New Dialog ......................................................... 3-4
-
NetXplorer Installation and Administration Guide ix
Figure 3-4: Monitoring Collector Properties New Dialog ......................................................... 3-5
Figure 3-5: Collector Group Properties New Dialog ................................................................. 3-5
Figure 3-6: SMP Properties New Dialog ................................................................................... 3-6
Figure 3-7: Device Properties Update dialog ............................................................................... 3-7
Figure 3-8: System Message ........................................................................................................ 3-8
Figure 3-9: NetEnforcer Configuration ........................................................................................ 3-9
Figure 3-10: User Authentication Configuration screen ............................................................ 3-11
Figure 3-11: User Editor ............................................................................................................. 3-12
Figure 3-12: User Authentication Configuration screen ............................................................ 3-14
Figure 3-13: Add External Authentication Entry dialog ............................................................ 3-15
Figure 3-14: Password Management dialog box ........................................................................ 3-16
Figure 4-1: Collector Front View (M4) .................................................................................... 4-1
Figure 4-2: Collector Rear View (M4) ...................................................................................... 4-1
Figure 4-3: Updating an Extended Collector ................................................................................ 4-4
Figure 4-4: Connecting Keyboard and Screen ............................................................................. 4-6
Figure 4-5: Connecting the Collector Front View .................................................................... 4-7
Figure 4-6: Open Network Configuration .................................................................................... 4-8
Figure 4-7: Select eth0 ................................................................................................................. 4-9
Figure 4-8: Ethernet Device dialog box ....................................................................................... 4-9
Figure 4-9: Network Configuration dialog box, Hosts tab ......................................................... 4-10
Figure 4-10: Network Configuration dialog box, Add/Edit Hosts dialog .................................. 4-10
Figure 4-11: Network Configuration dialog box, DNS tab ........................................................ 4-11
Figure 4-12: Monitoring Collectors Properties dialog General tab ......................................... 4-12
Figure 4-13: NetEnforcer Properties dialog ............................................................................... 4-14
Figure 4-14: Monitoring Collector Properties - Update ............................................................. 4-15
Figure 4-15: Collector Group Properties New Dialog ............................................................. 4-15
Figure 4-16: Collector Configuration Window - Identification Tab .......................................... 4-16
Figure 4-17: SNMP Tab ............................................................................................................. 4-17
Figure 4-18: Date/Time Tab ....................................................................................................... 4-17
-
NetXplorer Installation and Administration Guide x
Figure 4-19: IP Properties Tab ................................................................................................... 4-18
Figure 4-20: Monitoring Collector Properties Update Dialog ................................................. 4-18
Figure 5-1: Network Configuration - NetAccounting .................................................................. 5-2
Figure 6-1: Length of time for which data is stored under different profiles ............................. 6-31
Figure 8-1: Database Logs............................................................................................................ 8-3
Figure 8-2: Key Database Logs .................................................................................................... 8-3
Figure 8-3: Application Server Logs ............................................................................................ 8-4
Figure 8-4: NMS.log Example ..................................................................................................... 8-4
Figure 8-5: Install Log .................................................................................................................. 8-5
Figure 8-6: Snapshot File ............................................................................................................. 8-5
Figure 8-7: Restore Policy and Catalogs Dialog .......................................................................... 8-9
Figure 8-8: Events Log ............................................................................................................... 8-11
Figure 8-9: Bucket Manifest ....................................................................................................... 8-12
Figure 8-10: Data Logs ............................................................................................................... 8-13
Figure 9-1: SNMP Traps Sent from Storage Controllers ............................................................. 9-4
Figure 9-2: Storage Manager Installation Wizard ........................................................................ 9-5
Figure 9-3: Select Installation Type ............................................................................................. 9-6
Figure 9-4: Select Addition Method ............................................................................................. 9-6
Figure 9-5: Devices Hierarchy Tree ............................................................................................. 9-7
Figure 9-6: Devices Tab Menu ..................................................................................................... 9-7
Figure 9-7: Configure Alerts ........................................................................................................ 9-9
Figure 9-8: Storage Manager Support Tab ................................................................................. 9-10
Figure 9-9: Battery Expired Message ......................................................................................... 9-11
Figure 9-10: Data Flow from Corporate to Admin Network ...................................................... 9-24
Figure 9-11: Connectivity Requirements from NX GUI to NX Server ...................................... 9-28
Figure 9-12: Data Flow from NX Server to NE/SG ................................................................... 9-28
Figure 9-13: Connectivity Requirements between NX and NE/SG ........................................... 9-31
Figure 9-14: Data Flow Between STC and NX/NE/SG ............................................................. 9-31
Figure 9-15: Communication Requirements between STC and NX/NE/SG .............................. 9-38
-
NetXplorer Installation and Administration Guide xi
Figure 9-16: Data Flow Between SMP and NX/NE/SG ............................................................ 9-38
Figure 9-17: Communications Requirements Between SMP and NX/NE/SG ........................... 9-47
Figure 9-18: Communications Requirements Between DM and NX ......................................... 9-48
Figure 9-19: Data Flow Between Additional Network Elements ............................................... 9-49
Figure 9-20: Communication Requirements Between Different Network Elements ................. 9-66
Figure 9-21: Communication Requirements for IMM (User Definable) ................................... 9-66
Figure 9-22: Communication Requirements for IMM (Fixed)................................................... 9-67
Figure 9-23: Connection to the IMM on the rear of the M4 Server ........................................... 9-68
Figure 9-24: Connection to the IMM on the rear of the M3 Server ........................................... 9-68
Figure 9-25: IMM Monitors, System Status Screen ................................................................... 9-69
Figure 9-26: IMM Control, System Status Screen ..................................................................... 9-71
-
NetXplorer Installation and Administration Guide 1-1
Chapter 1: Getting Started
Overview NetXplorer is a highly scalable Network Business Intelligence system that enables
strategic decision-making based on comprehensive network application and subscriber
traffic analysis.
NetXplorer configures NetEnforcer or Service Gateway devices and a central catalog,
which enables global policy provisioning. Many network topologies can benefit from
more than one NetEnforcer or Service Gateway. In addition, NetXplorer provides a
centralized management system for all NetEnforcers or Service Gateways on the
network. It provides easy access to devices and configuration parameters via the device
tree.
NetXplorer enables both real time monitoring for network troubleshooting and problem
analysis, as well as long term reporting for capacity planning, tracking usage and trend
analysis. It allows for the proactive management of traffic and system-wide alarms and
for the collection and export of auditing data for billing and quota purposes.
Terms and Concepts This section introduces some of the basic terms and concepts used in NetXplorer.
NetXplorer
NetXplorer is a highly scalable Network Business Intelligence system that centrally
manages the NetEnforcer and Service Gateway product line. It enables strategic
decision-making based on comprehensive network application and subscriber traffic
analysis.
The NetXplorer can be purchased from Allot as an Appliance which is comprised of the
hardware and server software pre-installed. The available configurations are:
Standalone Server: Allot part number: NX-SRV-GENX.
Highly Available platform: Allot part number: NX-SRV-HAP-GENX.
For performance and device support information concerning Appliances supplied by
Allot, see the Release Notes for your software version.
If nessacery, customers can install the NetXplorer server software on any server
hardware that meets Allots minimum specifications. For hardware specifications see Alternate Hardware on page 2-14.
-
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-2
NetEnforcer
The NetEnforcer is a broadband optimization device which collects traffic statistics
from the network and can implement quality of service per application and per
subscriber. Traffic statistics are collected in order to provide both real-time and long-
term data about the network. As well as collecting detailed information about the traffic
passing through, it, the NetEnforcer can also shape that traffic, applying quality of
service parameters which have been pre-defined by the user.
Service Gateway
The Service Gateway is a platform for enhancing service optimization and service
deployment. The Service Gateway provides an open, carrier-grade solution for
broadband service providers to manage multiple 10 or 1 Gigabit lines and deploy value
added services in one integrated platform. Application and subscriber information
within the Service gateway is identified for each traffic flow and subsequently the flow
is dispatched to an array of additional services and actions using a single DPI process.
Monitoring Collector
The Monitoring Collector (STC) is an Allot appliance that should be added between the
NetXplorer Servers and the NetEnforcers or Service Gateways in order to support large
numbers of NetEnforcers or Service Gateways or those installed in remote geographic
locations. One Monitoring Collector must be deployed for each Service Gateway in the
network.
QoS
QoS (Quality of Service) is the ability to define a level of performance in a data
communications system. In NetXplorer, QoS is an action applied to a connection when
the conditions of a filter are satisfied.
The QoS specified can include the following:
Prioritized Bandwidth: Delivers levels of service based on class levels. During peak traffic periods, the NetXplorer will slow down lower priority applications,
resulting in increased bandwidth delivery to higher priority applications.
Guaranteed Bandwidth: Enables the assignment of fixed minimum and maximum amounts of bandwidth to specific Pipes, Virtual Channels and
connections. By borrowing excess bandwidth when it is available, connections
are able to burst above guaranteed minimum limits, up to the maximum
guaranteed rate. Guaranteed rates also assure predictable service quality by
enabling time-critical applications to receive constant levels of service during
peak and non-peak traffic periods.
-
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-3
Reserved Bandwidth on Demand: Enables the reservation of the minimum bandwidth from the first packet of a connection until the connection ends. This is
useful when the bottleneck is not at the link governed by the NetEnforcer or
Service Gateway. By limiting other connections (non-guaranteed), the
NetEnforcer or Service Gateway reserves enough bandwidth for the required
Pipe or Virtual Channel.
TOS Marking: Enables the user to set the ToS bytes in the transmitted frame according to the DiffServ standard or free format.
Access Control: Determines whether a connection is accepted, dropped or rejected (Supported on AC-400 and AC-800 only). For example, you can specify
the following policy: accept 1000 ICMP connections to Server1 and drop the
rest. A NetEnforcer or Service Gateway policy can also be to drop all P2P
connections or accept new connections with a lower priority
Admission Control: Determines the bandwidth granted to a flow based on your demand (for example, allocated minimum of 10kbps) and the available
bandwidth on the line.
Catalog Editors
Catalog Editors enable you to define values to define your policy. The possible values
for each condition of a filter and for actions are defined in the Catalog entries in the
Catalog Editors. A Catalog Editor enables you to give a logical name to a
comprehensive set of parameters (a Catalog entry). This logical name then becomes a
possible value for a condition or action
Lines
A Line represents a physical or logical media in the system. A line provides a way of
classifying traffic that enables you to divide the total bandwidth and then manage every
Line as if it was an independent link. A Line consists of one or more sets of conditions
and a set of actions that apply when all of the conditions are met. A line is an address-
based or VLAN-based entity, and is not service-based.
A Line can aggregate several Pipes, acting like a container of Pipes from a QoS point of
view. The filter of the Fallback Line cannot be modified or deleted. A connection
coming into the NetEnforcer or Service Gateway is matched to a Line according to
whether the characteristics of the connection match all of the Conditions of the Line.
The connection is then further matched to the Conditions of a Pipe under the Line. The
actions defined for the Line influence all the Pipes under the Line. The actions defined
for a Pipe are enforced together with the actions of the Line.
Pipes
A Pipe provides a way of classifying traffic that enables you to divide the total
bandwidth and then manage every Pipe as if it was an independent link. Pipes cannot
stand alone and are always contained within a Line. A Pipe consists of one or more sets
of conditions and a set of actions that apply when all of the conditions are met. A Pipe
-
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-4
can aggregate several Virtual Channels, acting like a container of Virtual Channels from
a QoS point of view.
When you add a new Pipe, it always includes at least one Virtual Channel, the Fallback
Virtual Channel. The Fallback Virtual Channel filter cannot be modified or deleted. A
connection coming into a line is matched to a Pipe according to whether the
characteristics of the connection match all of the Conditions of the Pipe. The connection
is then further matched to the Conditions of a Virtual Channel under the Pipe. The
actions defined for the Pipe influence all the Virtual Channels under the Pipe. The
actions defined for a Virtual Channel are enforced together with the actions of the Pipe.
Virtual Channels
A Virtual Channel provides a way of classifying traffic and consists of one or more sets
of Conditions and a set of actions that apply when all of the Conditions are met. A
Virtual Channel is defined within a Pipe and cannot stand alone. A connection matched
to a Pipe is further matched to a Virtual Channel according to whether the
characteristics of the connection match all of the Conditions of the Virtual Channel.
Conditions
A Condition is defined at the Line level, Pipe level or Virtual Channel level. NetXplorer
matches connections to conditions, first at the Line level then at Pipe level and then
again at the Virtual Channel level within a Pipe.
Templates
Templates enable you to create a "master" Pipe or Virtual Channel that upon saving will
create multiple Pipes or Virtual Channels similar to one another. Templates work with
host group entries defined in the Host Catalog. For example, if a host group entry in the
Host Catalog called Gold Customers consists of Company X, Company Y and
Company Z, you could define a Pipe template to be expanded for Gold Customers. This
would result in Pipes being created for Company X, Company Y and Company Z when
the Policy Editor is saved.
A Pipe or Virtual Channel template enables the fast creation of Pipes and Virtual
Channels on source/destination differentiation. This means that you do not need to
define similar Pipes and Virtual Channels when the only difference between them is the
IP address in the source or destination.
NetXplorer Architecture This section introduces the NetXplorer concept and explains its components and
architecture.
NetXplorer uses a highly scalable architecture that enables the monitoring of all
NetEnforcer or Service Gateway devices from a single user interface. In addition,
NetXplorer can utilize distributed monitoring collectors, which increase the scalability
of your deployment. The collectors gather short-term network usage statistics from the
NetEnforcers or Service Gateways.
-
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-5
NetXplorer's server-based, distributed architecture consists of four tiers: multiple
NetEnforcer or Service Gateways and associated distributed collectors, a NetXplorer
server and GUI clients.
Figure 1-1: System Architecture
NetXplorer architecture consists of four layers:
1. Real-time Service Layer: NetEnforcers or Service Gateways are the traffic management devices that inspect and monitor network traffic. There can be one
or more NetEnforcers or Service Gateways on a network. They manage network
policies and collect network usage data.
2. Collection Layer: Monitoring collectors increase scalability by supporting large numbers of NetEnforcers or Service Gateways or those installed in remote
geographic locations. Monitoring collectors are fully managed via the NetXplorer
GUI.
3. Application Layer: The NetXplorer server is the actual application, which includes the databases and an integrated data collector. The NetXplorer server
manages and communicates with the different clients that access the system, and
facilitates NetEnforcer or Service Gateway configuration, policy provisioning,
alarms, monitoring and reporting. The integrated data collector included in the
NetXplorer streamlines the required collection of data from the managed
NetEnforcer or Service Gateway devices. The Server layer includes additional
servers such as SMP Servers, NPP Servers and stand along Accounting Servers.
NOTE The NetXplorer Server should be installed behind a firewall for optimal security.
4. Interface Layer: The different clients connected to the NetXplorer Server are the NetXplorer GUI application users. Any network computer capable of
connecting to the NetXplorer server can support the GUI interface.
-
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-6
The system offers simple integration with external systems using a wide range of
interfaces, including SNMP, CSV Files (for report data export), XML and CLI.
Administration Role NetXplorer uses a role-based security model. The role defined for each authorized user
indicates the scope of operations that can be performed by that user. The Administrator
role gives Admin users complete read/write privileges in the NetXplorer application
including read/write configuration privileges.
The main functions of the Administrator role include:
User Registration
Device and Network Management
Monitoring Collectors Management
Database Maintenance
This document defines the main concepts and describes the various activities related to
the installation and configuration of NetEnforcer or Service Gateways and the
NetXplorer, Monitoring Collectors, as well as the main tasks associated with Database
Maintenance, such as backup and restore, changing location and installing the
NetXplorer on a remote data base.
-
NetXplorer Installation and Administration Guide 2-1
Chapter 2: Installation
NetXplorer Server Installation
Allot Appliance Installation
NX-SRV is shipped to the customer as an Allot Appliance consisting of the hardware
with server software pre-installed on a CentOS operating system.
After unpacking the hardware, installation consists of 4 steps:
1. Connecting directly to the Server with a keyboard and monitor
2. Changing the IP address of the server
3. Changing the IP address in the NetXplorer application server
4. Configuring the IMM Settings
M4 Server (CentOS v6.x)
Connecting to NX-SRV
Connect a keyboard and monitor to the front panel of the NX-SRV as shown below.
Figure 2-1: Connecting Keyboard and Screen
Connect the management and IMM links to the rear panel of the NX-SRV as follows:
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-2
Figure 2-2: Connecting Management and IMM
1. Each NX server is connected to the management network via eth2 and may be connected to an optional second
management network for redundancy purposes via eth3.
2. Each NetXplorer server can be directly managed from the IMM port by connecting this port to an external switch with
an additional ethernet management cable.
NOTE Following installation you must make sure you have the most recent Protocol Pack installed. For information on installing Protocol Packs see the NetXplorer Operation Guide.
Changing the IP Address (CentOS 6.x)
Follow the procedure below to change the IP address from the factory default
(11.11.11.1) to your required address.
To change the address
1. Insert the Allot Disk-On Key.
2. Copy the netwconf.sh script to the root directory of the server, run it using the following command and enter the
appropriate network information when prompted:
/root/netwconf.sh
Output Example [root@localhost ~]# /root/netwconf.sh
Please type the IP ADDRESS [ 11.11.11.11 ]
10.4.3.65
Please type NETMASK [ 255.255.0.0 ]
Please type the GATEWAY [ 11.11.0.1 ]
10.4.0.1
Please type hostname [ localhost ]
Server1
Please type domain name [ ]
mydomain.com
Please type ip address of DNS [ 198.168.254.2 ]
8.8.8.8
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-3
Please check the values entered
The host: Server1 10.4.3.65
NETMASK: 255.255.0.0, DOMAIN: mydomain.com
GATEWAY: 10.4.0.1
DNS: 8.8.8.8
Continue with these values (y/n) [y]?
Y
Please type ip address of additional DNS or press Enter to
continue:
8.8.4.4
Please type ip address of additional DNS or press Enter to
continue:
194.90.1.5
Please type ip address of additional DNS or press Enter to
continue:
Restarting network service...
Done.
3. Reboot the server.
Changing the IP Address (NetXplorer)
In order to change the IP address on the NetXplorer application server, from the default
11.11.11.1, you will need to run the set_nx_ip4ui.sh script. For full instructions, refer
to Appendix D NX IP Address for UI Script below.
Configuring IMM Network Settings
The default details of the IMM are as follows:
Default IP: 192.168.70.125
Default User Name: USERID
Default Password: PASSW0RD (where the 0 is not o but zero)
To configure the network settings of the Integrated Management Module, follow the
steps below:
1. Connect directly from a laptop to the IMM interface on the rear of the NX-SRV. The interface is labeled SYSTEM MGMT as shown below:
Figure 2-3: IMM "System Management" Port
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-4
2. Open a web browser. In the address field, type, type the IP address or host name of the IMM to which you want to connect.
NOTE If you are logging in to the IMM for the first time after installation, it uses the default static IP address 192.168.70.125. You can obtain the the static IP address from the server BIOS or from your network administrator.
3. Enter User ID and Password
4. You will be prompted to specify an inactive session timeout value. Choose a value from the dropdown list and click on Continue.
5. You will see the IMM User Interface, with the default System Status in view, as seen in below
Figure 2-4: IMM System Status Screen
6. Select Network Interfaces from the system tree on the left side of the screen.
7. In the Ethernet section, make sure that interface is enabled, and IPv6 DHCP is disabled. In addition, DDNS status should be set to
Disabled and Domain Name Used should be set to manual.
8. In the IPv4 section, make sure that the DHCP field is set to: Disabled Use Static IP configuration. Assign an IP, mask and default gateway as seen above and click Save. You can now access the IMM remotely using these network
settings.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-5
Figure 2-5: IMM Network Interfaces
NOTE The IBM Advanced Settings Utility (ASU) enables you to remotely modify IMM firmware settings from the command line of the operating system. On Allot NetXplorer appliances which are shipped to the customer (NX-SRV and NX-HAP), the ASU software will be pre-installed. However, when you are installing NetXplorer software on your own hardware, you should also install the appropriate ASU software package. The package can be downloaded from the IBM website here:
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASU
M3 Server (CentOS v5.x)
Connecting to NX-SRV
Connect a keyboard and monitor to the front panel of the NX-SRV as shown in Figure
2-6 below.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-6
Figure 2-6: Connecting Keyboard and Screen
Connect the management and IMM links to the rear panel of the NX-SRV as follows:
Figure 2-7: Connecting Management and IMM
1. Each NX server is connected to the management network via Port 1 and may be connected to an optional second
management network for redundancy purposes via Port 2.
2. Each NetXplorer server can be directly managed from the IMM port by connecting this port to an external switch with
an additional ethernet management cable.
NOTE Following installation you must make sure you have the most recent Protocol Pack installed. For information on installing Protocol Packs see the NetXplorer Operation Guide.
Changing the IP Address (CentOS)
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-7
After connecting directly to the NX-SRV, you will see the CentOS User interface.
Enter root for the login and bagabu for the password. Follow the procedure below to
change the IP address from the factory default (11.11.11.1) to your required address.
To change the address
3. From the system menu, select Administration > Network as shown in Figure 2-8 below:
Figure 2-8: CentOS UI
The Network Configuration dialog will appear.
Figure 2-9: Network Configuration dialog, Devices tab
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-8
4. Open the Devices tab and double click on the appropriate network card.
The Ethernet Device dialog appears.
Figure 2-10: Ethernet Device dialog box
5. In the General tab set the IP address, Subnet mask and Default Gateway in the Statically set IP addresses section.
NOTE The Default Gateway MUST be set during the initial configuration.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-9
6. Click OK to save and return to the Network Configuration dialog.
Figure 2-11: Network Configuration dialog box, Hosts tab
7. Open the Hosts tab and click Add to create a new Host.
The Add/Edit Hosts dialog appears.
Figure 2-12: Network Configuration dialog box, Add/Edit Hosts dialog
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-10
8. Enter the IP Address, Host name and Alias for the new host and click OK to return to the Network Configuration dialog.
The new host will appear in the Hosts tab. To edit an
existing Host, click the Edit button.
Figure 2-13: Network Configuration dialog box, DNS tab
9. Open the DNS tab and enter the Host name and DNS IP addresses.
NOTE The Hostname entered in the DNS tab must be the same as was added in the Hosts tab.
10. Select Save from the File menu to save all changes.
Changing the IP Address (NetXplorer)
In order to change the IP address on the NetXplorer application server, from the default
11.11.11.1, you will need to run the set_nx_ip4ui.sh script. For full instructions, refer
to Appendix D NX IP Address for UI Script below.
Configuring IMM Network Settings
The default details of the IMM are as follows:
Default IP: 192.168.70.125
Default User Name: USERID
Default Password: PASSW0RD (where the 0 is not o but zero)
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-11
To configure the network settings of the Integrated Management Module, follow the
steps below:
9. Connect directly from a laptop to the IMM interface on the rear of the NX-SRV. The interface is labeled SYSTEM MGMT as shown below:
Figure 2-14: IMM "System Management" Port
10. Open a web browser. In the address field, type, type the IP address or host name of the IMM to which you want to connect.
NOTE If you are logging in to the IMM for the first time after installation, it uses the default static IP address 192.168.70.125. You can obtain the the static IP address from the server BIOS or from your network administrator.
11. Enter User ID and Password
12. You will be prompted to specify an inactive session timeout value. Choose a value from the dropdown list and click on Continue.
13. You will see the IMM User Interface, with the default System Status in view, as seen in below
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-12
Figure 2-15: IMM System Status Screen
14. Select Network Interfaces from the system tree on the left side of the screen.
15. In the Ethernet section, make sure that interface is enabled, and IPv6 DHCP is disabled. In addition, DDNS status should be set to
Disabled and Domain Name Used should be set to manual.
16. In the IPv4 section, make sure that the DHCP field is set to: Disabled Use Static IP configuration. Assign an IP, mask and default gateway as seen above and click Save. You can now access the IMM remotely using these network
settings.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-13
Figure 2-16: IMM Network Interfaces
NOTE The IBM Advanced Settings Utility (ASU) enables you to remotely modify IMM firmware settings from the command line of the operating system. On Allot NetXplorer appliances which are shipped to the customer (NX-SRV and NX-HAP), the ASU software will be pre-installed. However, when you are installing NetXplorer software on your own hardware, you should also install the appropriate ASU software package. The package can be downloaded from the IBM website here:
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=TOOL-ASU
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-14
Alternate Hardware
If necessary, it is possible to install NetXplorer Server software on hardware that is not
provided by Allot, assuming that the server used meets the requirements defined below.
Linux Installation
Installation Prerequisites
This section describes the minimum hardware and software requirements for installing
NetXplorer on a Linux Server that is not provided by Allot.
Server Hardware Requirements
Minimum Specifications
Intel Xeon, 4 core, 2.0 GHz or equivilent
6 GB RAM DDR Dual channel
RAID (0 or 10) Controller with 256MB Battery Backed Write Cache (BBWC)
600GB HDD 10k RPM or larger (capacity depends on overall storage needs)
CentOS Linux 5.8 or 6.4 64-bit x86 (Recommended)
OR
Red Hat Enterprise Linux 5.8 or 6.4 - 64-bit x86
Recommended Specifications
Intel Xeon, 6 core, 2.0 GHz or equivilent
16 GB RAM DDR Dual channel
RAID (0 or 10) Controller with 256MB Battery Backed Write Cache (BBWC)
600GB HDD 15k RPM or larger (capacity depends on overall storage needs)
CentOS Linux 5.8 or 6.4 64-bit x86 (Recommended)
OR
Red Hat Enterprise Linux 5.8 or 6.4 - 64-bit x86
NOTE For sizing and performance information, see the relevant NMS Software Release Notes.
Software Requirements
Any Real-Time Virus Protection programs or automatic Defragmentation/Backup software must be disabled on the NetXplorer server or
the Allot folder needs to be excluded from protection/defragmentation.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-15
No other database applications (for example, SQL database) should be installed on the NetXplorer server machine.
No application should be listening to port 80 at the time of the installation.
FQDN of the server should be defined (to check run hostname -f).
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-16
Installing the Operating System
CentOS 5.8
1. Confirm all the hardware and software requirements.
2. Confirm that there is at least 20GB of free space on the /opt directory.
3. Install CentOS v5.8 according to instructions provided by CentOS.
4. During the install process, select the Customize Now radio button during software selection and add the following
two packages:
net-snmp-utils from the System Tools group
xorg-x11-server-Xvfb from the X Window system group
Figure 2-17: Open Network Configuration
5. Once the OS is installed and rebooted, select Administration > Network from the System menu as shown above.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-17
Figure 2-18: Select eth0
6. Open the Devices tab and double click on the appropriate network card.
The Ethernet Device dialog appears.
Figure 2-19: Ethernet Device dialog box
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-18
7. In the General tab set the IP address, Subnet mask and Default Gateway in the Statically set IP addresses section.
NOTE The Default Gateway MUST be set during the initial configuration.
8. Click OK to save and return to the Network Configuration dialog.
Figure 2-20: Network Configuration dialog box, Hosts tab
9. Open the Hosts tab and click Add to create a new Host.
The Add/Edit Hosts dialog appears.
Figure 2-21: Network Configuration dialog box, Add/Edit Hosts dialog
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-19
10. Enter the IP Address, Host name and Alias for the new host and click OK to return to the Network Configuration dialog.
The new host will appear in the Hosts tab. To edit an
existing Host, click the Edit button.
Figure 2-22: Network Configuration dialog box, DNS tab
11. Open the DNS tab and enter the Host name and DNS IP addresses.
NOTE The Hostname entered in the DNS tab must be the same as was added in the Hosts tab.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-20
12. Select Save from the File menu to save all changes.
13. From the system menu, select Administration > Security Level and Firewall to display the Security Level
Configuration dialog box. Open the SELinux tab and in the
SELinux Setting select Disabled, and then click OK.
14. From the system menu, select Administration > Date & Time and confirm the Time Zone is correct then open the
Network Time Protocol tab and select an NTP server. Be
sure to enable synchronization.
Figure 2-23: Date/Time Properties dialog box, Network Time Protocol tab
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-21
15. Set the Config ntp service to start when the unit is rebooted by entering the following command:
chkconfig --levels 35 ntpd on
16. Reboot the server.
CentOS 6.4
1. Confirm all the hardware and software requirements.
2. Confirm that there is at least 20GB of free space on the /opt directory.
3. Install CentOS v6.4 according to instructions provided by CentOS.
4. Insert the Allot Disk-On Key.
5. Copy the netwconf.sh script to the root directory of the server, run it using the following command and enter the
appropriate network information when prompted:
/root/netwconf.sh
Output Example [root@localhost ~]# /root/netwconf.sh
Please type the IP ADDRESS [ 11.11.11.11 ]
10.4.3.65
Please type NETMASK [ 255.255.0.0 ]
Please type the GATEWAY [ 11.11.0.1 ]
10.4.0.1
Please type hostname [ localhost ]
Server1
Please type domain name [ ]
mydomain.com
Please type ip address of DNS [ 198.168.254.2 ]
8.8.8.8
Please check the values entered
The host: Server1 10.4.3.65
NETMASK: 255.255.0.0, DOMAIN: mydomain.com
GATEWAY: 10.4.0.1
DNS: 8.8.8.8
Continue with these values (y/n) [y]?
Y
Please type ip address of additional DNS or press Enter to
continue:
8.8.4.4
Please type ip address of additional DNS or press Enter to
continue:
194.90.1.5
Please type ip address of additional DNS or press Enter to
continue:
Restarting network service...
Done.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-22
6. Reboot the server.
Installing NetXplorer
1. Install rsyslog as follows:
Locate the following package in the Installation/PACKAGES directory in the NetXplorer installation CD:
rsyslog-3.22.1-3.el5.x86_64.rpm
Run the following command to install the rsyslog package: rpm -ivh rsyslog-3.22.1-3.el5.x86_64.rpm
2. Set the Config ntp service to start when the unit is rebooted by entering the following command:
chkconfig --levels 35 ntpd on
3. Download Allot_nx_.tgz and Allot_nx.sh from the Allot ftp site.
4. Copy Allot_nx_.tgz and Allot_nx.sh to the local directory on the server.
5. Run the following command: chmod +x Allot_nx.sh
6. Run the following command: ./Allot_nx.sh -i
7. Configure the rsyslog Audit Log by running the following script:
/opt/allot/bin/nx_rsyslog_cfg.sh To enable the rsyslog Audit Log, run the following
commands:
/opt/allot/bin/nx_auditlog.sh on
service netxplorer restart
To disable the rsyslog Audit Log, run the following commands:
/opt/allot/bin/nx_auditlog.sh off
service netxplorer restart
8. Configure the NTP service to start on system start by entering the following command:
chkconfig --levels 35 ntpd on
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-23
9. Manually edit the /etc/hosts files as follows: 127.0.0.1 localhost.localdomain localhost
10.50.18.1 NX1-lin.allot.local NX1-lin
10. Verify that the maximum number of files that can be open is set to 8192. This is done from the /etc/security/limits.conf
file. Run vi /etc/security/limits.conf . The descriptor limits
must be set according to following pattern:
soft nofile 8192
hard nofile 8192
11. For the changes in 6 and 7 above to take effect, the server must be rebooted. Reboot the machine. Confirm that NTP
and NetXplorer services are running.
12. To start/stop/check the status of the services use commands such as:
service ntpd start
service netxplorer stop
service netxplorer status
NOTE Following installation you must make sure you have the most recent Protocol Pack installed. For information on installing Protocol Packs see the NetXplorer Operation Guide.
Uninstalling NetXplorer
1. Run the following command: ./Allot_nx.sh -r
Windows Installation
Installation Prerequisites
This section describes the minimum hardware and software requirements for installing
NetXplorer on a Windows Server.
Server Hardware Requirements
Minimum Specifications
Intel Xeon, 4 core, 2.0 GHz or equivilent
6 GB RAM DDR Dual channel
RAID (0 or 10) Controller with 256MB Battery Backed Write Cache (BBWC)
600GB HDD 10k RPM or larger (capacity depends on overall storage needs)
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-24
Windows Server 2008 SP2 Standard and Enterprise editions 64 bit (Recommended)
OR
Windows Server 2003 Standard or Enterprise Editions 64 bit
Recommended Specifications
Intel Xeon, 6 core, 2.0 GHz or equivilent
16 GB RAM DDR Dual channel
RAID (0 or 10) Controller with 256MB Battery Backed Write Cache (BBWC)
600GB HDD 15k RPM or larger (capacity depends on overall storage needs)
Windows Server 2008 SP2 Standard and Enterprise editions 64 bit (Recommended)
OR
Windows Server 2003 Standard or Enterprise Editions 64 bit
NOTE For sizing and performance information, see the relevant NMS Software Release Notes.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-25
Software Requirements
Any Real-Time Virus Protection programs or automatic Defragmentation/Backup software must be disabled on the NetXplorer server or
the Allot folder needs to be excluded from protection/defragmentation.
Java JDK 7 should be installed on the Server machine. For details on how to install the Java JDK see Installing Java JDK 7 on page 2-26.
No other database applications (for example, SQL database) should be installed on the NetXplorer server machine.
No application should be listening to port 80 at the time of the installation.
On Windows Server 2008, IPv6 should be disabled by going to Control Panel > Network and Sharing Center > Manage Network Connections > Local Area
Connection Properties. Uncheck the Internet Protocol Version 6 checkbox to
disable the service.
Figure 2-24: Local Area Connection Properties
Pre-Installation Checklist
Before you begin the installation process, it is important that you perform the following
steps.
1. Verify that the minimum required space is available on the hard disk.
2. Verify that there is at least 4 GB of available Virtual Memory.
NOTE Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-26
3. Verify that Java JDK 7 is installed, including runtime environment. If it is not installed, install it now, as described
below.
Installing Java JDK 7
The Java JDK 7, including the run time environment, must be installed before you can
install NetXplorer.
To install the Java JDK:
1. Browse to and run the jdk-7u2-windows-i586-p.exe file on the installation CD. The Security
Warning is displayed.
2. Click Run. The License Agreement is displayed.
3. Read the license agreement and select I accept the terms to indicate your agreement, and then click Next. The Custom Setup dialog is displayed.
4. Click Next to accept the default installation location,
OR
Click Change to browse and select an alternate installation location, and
then click Next.
NOTE The necessary program features are selected by default. You do not need to change these default settings.
The Browser Registration dialog is displayed.
5. Verify that Microsoft Internet Explorer is selected and click Install. The Installing Java JDK dialog is displayed. The
progress bar indicates the status of the installation process.
6. When the installation process is done, the Complete window is displayed.
7. Click Finish.
Installation Instructions
After you have performed the pre-installation checks and have verified that the Java
JDK is installed, you are ready to install NetXplorer.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-27
To install NetXplorer:
1. Run the setup.exe file on the installation CD or from a net-mounted disk.
NOTE Do not attempt to run the setup file from a net long address, such as \\file_server\.
2. The following dialog is displayed.
Figure 2-25: Security Warning
3. Click Run. The following window is displayed.
Figure 2-26: NetXplorer InstallShield Wizard Welcome Window
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-28
4. Click Next to continue.
5. The NetXplorer License Agreement is displayed.
6. Click Next to continue
7. Read the license agreement and select I accept the term to indicate your agreement, and then click Next. The
Choose Setup Type dialog is displayed.
Figure 2-27: Choose Setup Type
8. To install all program components in a single location, select Typical and click Next. Then skip ahead to step 10.
OR
To install each component in a different location, select Custom and click
Next.
NOTE Allot strongly recommends using the Custom installation option.
9. If you selected Custom in step 5, the following dialogs are displayed.
Figure 2-28: Choose Destination Location - Custom
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-29
10. Accept the default destination locations or browse and select an alternate location for one or more of the components, and
then click Next. The Choose NTP configuration option
dialog is displayed.
NOTE If alternate locations are chosen for one or more components, they must be in a subdirectory on one of the root directories (like C:\Allot or D:\Allot) and not on the root directory itself (C:\ or D:\).
NOTE It is recommended that the system files and the different monitoring files be installed on different physical drives in order to improve overall performance.
Figure 2-29: Choose NTP configuration option - Custom
11. Select either the Use local clock or the Use External NTP server radio button. If you select an external NTP server,
enter the servers IP address in the field provided. Click Next.
NOTE Allot strongly recommends using an external NTP server.
12. If you selected Typical in step 5 the following dialog is displayed.
Figure 2-30: Choose Destination Location - Typical
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-30
13. Accept the default destination location or browse and select an alternate location, and then click Next.
Figure 2-31: Ready to Install the Program
14. Click Install to begin the installation. The Setup Status dialog is displayed.
After a few moments the following popup is displayed.
Figure 2-32: Setup Initializing
NOTE The installation may take up to 30 minutes to complete.
15. When the installation is complete the following dialog is displayed.
Figure 2-33: NetXplorer InstallShield Wizard Complete
NOTE Following installation you must make sure you have the most recent Protocol Pack installed. For information on installing Protocol Packs see the NetXplorer Operation Guide.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-31
NetXplorer Client Installation
Java, WebStart and the NetXplorer Client
NetXplorer works with a technology known as WebStart from Sun Microsystems.
WebStart enables you to run the NetXplorer Client software by simply double-clicking
an icon on your computers desktop. This mode of operation is more convenient than having to access the NetXplorer Client through an Internet browser.
Hardware Requirements
It is recommended that the NetXplorer Client be installed on a machine with the
following minimum specifications:
Pentium 4
512MB RAM
Windows XP/Microsoft Internet Explorer
NOTE: History logs will be kept on the client and can consume up to 150M
Software Requirements
NetXplorer Client software should be installed on a machine running Windows XP Professional (or later) and Microsoft Internet Explorer.
Any Real-Time Virus Protection programs or automatic Defragmentation/Backup software must be disabled on the NetXplorer client or
the Allot folder needs to be excluded from protection/defragmentation.
Java JRE 7.0 should be installed on the client machine. For details on how to install the Java JRE see Installing Java 7.0 JRE below.
NOTE If the machine on which you are installing NX Client is running a 64 bit OS (x64), the Java installation must also be 64 bit. If the machine is running a 32 bit OS (x86), then the Java version must be 32 bit.
No application should be listening to port 80 at the time of the installation.
Firewall Settings
In some networks, workstations running the NetXplorer Client can be separated from
the NetXplorer server by a firewall for security reasons. In order to allow the client to
communicate with the NetXplorer server the following ports should be opened in the
Firewall:
TCP/80 HTTP
TCP/3873 Catalog Interaction with the Server
TCP/443 SSL
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-32
TCP/1098 The RMI service bind address
TCP/1099 JNP server bind address
TCP/4446 RMI Object ports
TCP/4457 Alarms
TCP/50010 Alarms
Likewise, a firewall could be situated between the NetXplorer and the In-Line Platform.
To enable the communication between the NetXplorer and the In-line platform the
following ports in the Firewall should be opened:
TCP/80 HTTP
TCP/443 SSL
UDP/161 SNMP
UDP/162 SNMP Trap
UDP/123 NTP
TCP/123 NTP
Installing Java 7.0 JRE
The Java 7.0 JRE must be installed on your computer as a prerequisite to working with
the NetXplorer User Interface.
To install Java 7.0 JRE:
1. Open your Internet browser, and access http:// The following window is displayed.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-33
Figure 2-34: NetXplorer Java Installation Screen
2. Click the Install Java JRE First link if you do not have Java 7.0 JRE installed on your computer.
Clicking the link will allow you to choose an appropriate
version of the JRE.
3. Click on the appropriate link and follow the on-screen instructions to install the Java 6.0 JRE on your computer.
Initializing WebStart
1. With the Java 7.0 JRE installed, access http://
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-34
Under tasks/java, look for the args option, and set it as shown below, inserting the fqdn
hostname in the relevant place.
-Djava .rmi.server.hostname= -Dremoting.bind_by_host=true
If the NetXplorer Server is running on a Linux machine then you must also change the
hostname to netxplorer instead of the fqnd (netxplorer.example.com) in the following
file on the server: /etc/sysconfig/network
The file should appear as follows: cat /etc/sysconfig/network NETWORKING=yes NETWORKING_IPV6=yes HOSTNAME=netxplorer
Once the file has been changed, restart the Network service and the NetXplorer server
service.
Accessing NetXplorer
Once you have completed the initial setup, as described above, you can access the
NetXplorer via your Web browser. The first time that you connect to NetXplorer, you
may be prompted to install Java plug-in 6.0. Refer to Installing Java 7.0 JRE below, for
further information.
To connect to NetXplorer:
1. In Internet Explorer, browse to http: and select Launch NetXplorer in the NetXplorer Control
Panel.
OR
Double click the shortcut icon on the desktop or in the systems Start menu.
2. The Java Application Starting window is displayed.
3. The NetXplorer Log On dialog is displayed.
4. In the User Name field, enter admin and in the Password field, enter allot or the password that was established at set
up. This is the default user name and password. They may
be different if you changed them during the initial
configuration.
5. Click Log On. The NetXplorer GUI is displayed.
NOTE It may take a few moments for the NetXplorer GUI to load.
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-35
Enabling NetXplorer Servers
In order to manage more than one NetEnforcer or Service Gateway as well as certain
features using NetXplorer, NetXplorer Server must be enabled by entering the
appropriate key. This key may be entered at installation or at any time following. For
more information concerning the NetXplorer Server contact Allot Customer Support at
To enable NetXplorer Server:
1. Select Tools > NetXplorer Application Server Registration from the NetXplorer Menu bar.
The NetXplorer Application Server Registration dialog box
appears.
Figure 2-36: NetXplorer Application Server Registration Dialog
2. Enter the Activation Key and Serial Number provided by Allot to enable the NetXplorer Server functionality.
NOTE: The serial number is the box number of the product you used to generate the key.
For managing a single unit, it will be the box number of the NE/SG.
For managing multiple units, it will be the box number of the SNX (starts with 44X)
-
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-36
3. A Key Version, Marketing Version and Expiration Date will be generated automatically after clicking Save.
4. The number of devices supported by the key is indicated.
5. If Policy Provisioning is enabled by the key that has been entered, it will be indicated (along with the maximum
number of accounts) after NPP. For more information, see
the NPP User Guide.
6. If Classification of Hosts by Country is enabled by the key that has been entered, it will be indicated after Country
Classification Subscription.
7. If Accounting information is enabled by the key that has been entered, it will be indicated after Net Accounting.
8. If Service Catalog updates via the web are enabled by the key that has been entered, it will be indicated after APU.