LIVEACTION, INC.
LiveNX 6.1.1
ADMINISTRATION GUIDE
LiveAction, Inc.
3500 WEST BAYSHORE ROAD
1 |ALTO,
LiveNXCA
6.1.1
PALO
94303
Table of Contents
1. Introduction ................................................................................................................ 5
2. LiveNX Server Deployment Planning and Sizing ..................................................... 6
Overview ......................................................................................................................................................... 6
Architecture..................................................................................................................................................... 6
Client Sizing and OS ......................................................................................................................................... 7
Installer Specification and Performance Details ............................................................................................. 8
Platform Type: ............................................................................................................................................ 8
Node/Server Installer Specifications: ......................................................................................................... 9
Examples: .................................................................................................................................................... 9
Node/Server Storage Sizing ........................................................................................................................ 9
Virtual Appliance Specifications .................................................................................................................... 11
Number of Deployed Instances Guideline..................................................................................................... 12
Hardware and Operating System Requirements........................................................................................... 13
Deployment Options ..................................................................................................................................... 13
Appendix A: TCP /UDP Ports ......................................................................................................................... 14
Appendix B: NetFlow Deployment Considerations ....................................................................................... 15
3. LiveNX Server Install ................................................................................................ 18
LiveNX All-In-One (AIO) Deployment............................................................................................................. 18
Starting up the All-In-One OVA ..................................................................................................................... 26
LiveNX Server Installation for Windows ........................................................................................................ 30
LiveNX Server Installation for Linux............................................................................................................... 31
Upgrading to LiveNX 6.1 Server AIO OVA via WebUI .................................................................................... 32
Upgrading to LiveNX 6.1 Node AIO OVA via WebUI ...................................................................................... 33
4. LiveNX Licensing ....................................................................................................... 34
Step 1: Loading LiveNX Permanent License .............................................................................................. 39
Step 2: Activate LiveNX Permanent License ............................................................................................. 39
Online Activation ...................................................................................................................................... 39
Offline Activation ...................................................................................................................................... 39
Load the Activation Key into LiveNX ......................................................................................................... 39
Cloud Licensing .............................................................................................................................................. 40
Obtaining a Permanent License .................................................................................................................... 41
Traditional Licensing via the WebUI .............................................................................................................. 44
Cloud Licensing via the WebUI ...................................................................................................................... 47
System Diagnostics ........................................................................................................................................ 48
5. Installing LiveNX Nodes (Optional) ........................................................................ 50
6. LiveSensor Install (Optional) ................................................................................... 55
LiveAction LiveSensor Deployment ............................................................................................................... 55
Here Are the Prerequisite Steps ............................................................................................................... 55
Hardware Requirements for the LiveSensor OVA .................................................................................... 55
Create Virtual Machine Port Group and Configure Promiscuous Mode .................................................. 55
Deployment of LiveSensor ........................................................................................................................ 61
Configuration of LiveSensor ...................................................................................................................... 63
2 | LiveNX 6.1.1
7. LiveNX Client Installation ........................................................................................ 65
Java Web Start Client Installation.................................................................................................................. 67
Windows Java Web Start .......................................................................................................................... 67
Mac Java Web Start .................................................................................................................................. 67
HTTP Proxy Configuration Support ........................................................................................................... 68
Secure Web Login Configuration .............................................................................................................. 69
Unsecured Web Service ............................................................................................................................ 71
Telemetry .................................................................................................................................................. 72
8. Basic Setup and Operation ...................................................................................... 73
Add Devices to the Topology......................................................................................................................... 73
Adding Devices Using Device Discovery ................................................................................................... 73
Configure Cisco Devices for QoS, Flow and IP SLA ........................................................................................ 83
Managing Device Interfaces .......................................................................................................................... 89
Managing Devices ......................................................................................................................................... 95
Adding Generic Network Objects and Annotations ................................................................................ 102
Annotation Only...................................................................................................................................... 103
IP Address End Point ............................................................................................................................... 105
Merged Clouds ........................................................................................................................................ 107
Saving Changes to the Device’s Startup Configuration ............................................................................... 113
Advanced Add Bulk Device .......................................................................................................................... 113
Expand/Collapse .......................................................................................................................................... 118
Defining Sites and Tags ........................................................................................................................... 118
Filtering the Device/Interface Tree ............................................................................................................. 127
Flow Probe Support ..................................................................................................................................... 128
Complete the Device Wizard Configuration ........................................................................................... 129
Adding Devices into LiveNX That Don’t Support SNMP .......................................................................... 133
9. Role-Based Access .................................................................................................. 136
Role-Based Access Control .......................................................................................................................... 136
Administrator Role—Admin ................................................................................................................... 137
Full Configuration Role—Full Config ....................................................................................................... 137
Partial Configuration Role—Partial Config.............................................................................................. 138
Clerk Role—Clerk .................................................................................................................................... 138
Monitor Only Role—Monitor Only ......................................................................................................... 138
Demo User Role—Demo User ................................................................................................................ 138
Global Versus Per-User Settings .................................................................................................................. 138
Initial Administrator User Creation ............................................................................................................. 139
Log-in ........................................................................................................................................................... 139
Managing Role-Based Access ...................................................................................................................... 140
Manage Users .............................................................................................................................................. 141
Username Parameters ............................................................................................................................ 141
Timeouts ...................................................................................................................................................... 142
Authentication Options ............................................................................................................................... 144
Configuring User Device Access .................................................................................................................. 145
User Management through LDAP via WebUI .............................................................................................. 147
LDAP Management WebUI ..................................................................................................................... 147
User Management WebUI ...................................................................................................................... 153
All-Access Section ........................................................................................................................................ 156
Configure ................................................................................................................................................ 156
View Setting ............................................................................................................................................ 156
Configure Settings ................................................................................................................................... 159
3 | LiveNX 6.1.1
Storing Credentials Settings .................................................................................................................... 159
Defaults Section ...................................................................................................................................... 160
Configuring LDAP User Authentication ....................................................................................................... 160
Caveats.................................................................................................................................................... 162
Specifying Multiple Subtrees (Base DNs) ................................................................................................ 163
Username Configuration......................................................................................................................... 164
Adding LDAP Users without Browsing LDAP/AD..................................................................................... 166
Remapping Users .................................................................................................................................... 166
Managing Active User Sessions ................................................................................................................... 168
Lost Passwords ............................................................................................................................................ 168
Resetting the Application Configuration ..................................................................................................... 168
Windows ................................................................................................................................................. 168
Linux........................................................................................................................................................ 168
10. APIC-EM Integration ............................................................................................... 169
11. LiveNX Server Backup ............................................................................................ 172
Snapshot of VM Deployment ...................................................................................................................... 173
Recovering from VM Snapshot.................................................................................................................... 174
Backing Up LiveNX Configuration Only........................................................................................................ 176
Backing Up LiveNX Data Store ..................................................................................................................... 177
Extract the Backup and Configuration to a Remote Backup ....................................................................... 182
12. LiveNX Server Startup Troubleshooting .............................................................. 183
4 | LiveNX 6.1.1
1.
Introduction
LiveNX is a visual analytics platform for network performance monitoring and diagnostics. The software is
designed to simplify network management for multivendor networks. To ensure that you are making the most
out of LiveNX 6.0.1, we’ve created this administration guide. The LiveNX administration guide will walk you
through the necessary steps to properly set up the LiveNX software, as well as the network configuration
needed, to ensure LiveNX can collect relevant data from the network and deliver end-to-end visibility.
This document will also provide steps and directions to install LiveNX Application Server onto your Windows or
Linux Environment. After the installation, has been completed, please reference the LiveNX 6.0.1 User Guide
for further operation instructions.
5 | LiveNX 6.1.1
2.
LiveNX Server Deployment Planning and Sizing
Overview
LiveNX uses a scalable distributed computing architecture to allow for scaling to the largest enterprise
networks. The architecture is split into 3 layers: the client application, Server and collection Nodes to allow for
distributed deployments and horizontal scaling for performance.
Architecture
LiveNX uses a 3-tier architecture consisting of the client application, Server and collection Nodes. The main
difference between the previous versions is that the collection capabilities were separated from the Server
into individual Nodes at the bottom of the architecture.
6 | LiveNX 6.1.1
Client Application
The client application can be run via Web Start directly from the LiveNX Web Server or can be installed as a 64bit client application for Windows or Mac. For large scale deployments, the client application installer is
recommended as it can scale and perform to higher capacity than the Web Start versions.
Client Sizing and OS
LiveNX client runs on a standard Windows 64-bit based PC and Windows 7, 8, 32-bit Windows for Web Start.
LiveNX Mac client runs on OSX 10.9+ utilizing LiveAction client 3.14+. The specifications for each type is below:
Windows Client Requirements
Small Install
Medium Install
Large Install
Number of Network Devices
Up to 25
25-500
500+
OS Type
Win 7 Pro or
greater
Win 7 Pro or
greater
Win 7 Pro/Win
Server 2012 R2
OS Size
32 bit
64 bit
64 bit
Processor Type
Intel i3 type
Intel i5 type
Intel i7 type
Minimum Memory
4GB
8GB
16GB
Server Installer
LiveNX Server runs on a Linux or Windows Server or VM. The LiveNX Server has a built-in collection Node and
is fully useable without any additional installations.
Node Installer
The Node provides the ability to add additional collection and other capabilities and helps scale horizontally by
providing additional processing. The Node runs on Linux or Windows and communicates to the central LiveNX
Server.
Server Virtual Appliance (OVA)
LiveNX Server primarily deploys on ESXi. The Server has a built-in Node as well as Web UI and is fully
operational right out of the box. The Server operating system runs on a Linux platform.
Node Virtual Appliance (OVA)
LiveNX Node deploys on ESXi as well. The Node utilizes the ability to collect and send data out to the Server
Virtual Appliance. The Node operating system runs on a Linux platform.
7 | LiveNX 6.1.1
Installer Specification and Performance Details
Platform Type:
Client
1
6
12
17
OS
Mac OS X Maverick 10.9+
Windows 7 Professional+ for 25 devices
Windows 7 Professional+ for 25-500
Devices
Windows 7 Professional+ for 500+
Devices
32 bit
2
Cores
4
4 or higher
3
Memory
5
8GB RAM or higher
7
OS
9
32 bit
8
Cores
Memory
10
4 or Higher
11
8G RAM or higher
13
OS
14
Cores
15
Memory
16
8G RAM or higher
18
OS
21
64 bit
19
Cores
22
8 or Higher
20
Memory
23
16G RAM or higher
64 bit
8 or Higher
Server/Node
OS
Windows Server 64 bit 2012, 2008, Windows 7 with .NET framework v3.5.1+
or Linux RHEL/CENTOS 6.4 or 6.5 with GNOME UI
Network
Minimum 5 Mbps between LiveNX Server and LiveNX Node, < 200 ms one- way latency
NAT is not supported for LiveNX Server to Node communication
Sizing
See sizing tables
VM Use
Adequate core and storage allocation, no vMotion
Store, local store preferred, virtual thick disk setting
Compatible on most VM systems VMware, VirtualBox, Hyper-V, Xen
8 | LiveNX 6.1.1
Node/Server Installer Specifications:
Node/Server Installer Sizing
Low
Mid*
High*
Number of Devices
100 or less
500 or less
1000 or less
Peak Flow Rate
< 100K/sec
< 200K/sec
> 200K/sec
Minimum Virtual Cores
8
16
32
Minimum Memory
8Gb
16Gb
32Gb
Examples:
• Xeon X5650 has 6 physical and 12 virtual cores with hyper-threading
• Xeon used in BOM has 8 physical and 16 virtual cores with hyper-threading
• Average SNMP poll of 5 minutes (interface, technology, poll rate affect performance)
Node/Server Storage Sizing
The following is the storage sizing specifications for both Node and Servers based on flow type ingestion.
•
•
•
Testing Platform: LiveNX 5.3.0
Standard Basic v9 NetFlow Template
Formula: Monthly Disk Usage = Flow Size * number of FPS * 30
NetFlow v9 Basic Raw Flows Disk Usage
Case
MB/FPS/Day
GB/6K FPS/Day
GB/6K FPS/30 days
Worse
4.35
26.1
783
Average
1.47
8.83
265
Best
.06
.353
10.8
9 | LiveNX 6.1.1
Standard LiveNX NetFlow v9 Basic Template
flow record LIVEACTION-FLOWRECORD
description DO NOT MODIFY. USED BY LIVEACTION.
match ipv4 tos
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
match interface input
match flow direction
collect routing source as
collect routing destination as
collect routing next-hop address ipv4
collect ipv4 dscp
collect ipv4 id
collect ipv4 source prefix
collect ipv4 source mask
collect ipv4 destination mask
collect transport tcp flags
collect interface output
collect flow sampler
collect counter bytes
collect counter packets
collect timestamp sys-uptime first
collect timestamp sys-uptime last
collect application name
NetFlow v9 AVC Raw Flows Disk Usage
Case
In MB/FPS/Day
GB/6K FPS/Day
GB/6K FPS/30 days
Worse
Average
14.5
N/A
86.6
N/A
2600
N/A
Best
.15
.9
27
*AVC flows usually don’t account for more than 10% of the total amount of
flows.
Standard LiveNX NetFlow v9 AVC Template
flow record type performance-monitor LIVEACTIONFLOWRECORD-AVC
description DO NOT MODIFY. USED BY LIVEACTION.
match application name account-on-resolution
match connection client ipv4 address
match connection Server ipv4 address
match connection Server transport port
match ipv4 protocol
match routing vrf input
collect application http host
collect application http uri statistics
collect connection client counter bytes long
collect connection client counter bytes network long
collect connection client counter packets long
collect connection client counter packets retransmitted
collect connection delay application sum
collect connection delay network client-to-Server sum
collect connection delay network to-client sum
collect connection delay network to-Server sum
collect connection delay response client-to-Server sum
collect connection delay response to-Server histogram la
collect connection delay response to-Server sum
collect connection initiator
collect connection new-connections
collect connection Server counter bytes long
collect connection Server counter bytes network long
collect connection Server counter packets long
collect connection Server counter responses
collect connection sum-duration
collect connection transaction counter complete
collect connection transaction duration max
collect connection transaction duration min
collect connection transaction duration sum
collect interface input
collect interface output
collect ipv4 destination address
collect ipv4 dscp
collect ipv4 source address
collect ipv4 ttl
NetFlow v9 Medianet Raw Flows Disk Usage
Case
MB/FPS/Day
GB/6K FPS/Day
GB/6K FPS/30 days
Worse
Average
6.2
N/A
36.7
N/A
1100
N/A
Best
.068
.408
12.24
*Medianet flows usually don’t account for more than 20% of the total
amount of flows
10 | LiveNX 6.1.1
Standard LiveNX NetFlow v9 Medianet Template
flow record type performance-monitor LIVEACTIONFLOW RECORD-MEDIANET
description DO NOT MODIFY. USED BY LIVEACTION.
match flow direction
match ipv4 1100110estination address
match ipv4 protocol
match ipv4 source address
match transport destination-port
match transport rtp ssrc
match transport source-port
collect application media bytes counter
collect application media bytes rate
collect application media event
collect application media packets counter
collect application media packets rate
collect application name
collect counter bytes
collect counter bytes rate
collect counter packets
collect interface input
•
•
•
collect interface output
collect ipv4 dscp
collect ipv4 ttl
collect monitor event
collect routing forwarding-status
collect timestamp interval
collect transport event packet-loss counter
collect transport packets expected counter
collect transport packets lost counter
collect transport packets lost rate
collect transport rtp jitter maximum
collect transport rtp jitter mean
collect transport rtp jitter minimum
Disk usage will be the sum of all flow types
o Basic, AVC and Medianet flows
Local Drive Preferred
o Minimum equivalent to SATA 6GB/s performance
o 7200 RPM based for 10K RPM for better performance
o RAID 10 for better performance
o SSD for better performance
SAN and/or NAS
o Meet performance and latency specification of local drive
o Support sustained writes at high speed
o Support sequential reads at high speed for sequential blocks
Virtual Appliance Specifications
Server OVA Specifications: Network admin can Start with Custom and modify CPU, memory and HDD as
required. CPU and memory specification need to match the Small, Med or Large flavors.
Server OVA Sizing
Custom
Small
Medium
Number of Devices
< 25
25 - 100
100 - 500
500 - 1000
Peak Flow Rate (K = 1000 Flows)
< 25K/sec
< 100K/sec
< 200K/sec
> 200K/sec
Minimum Virtual Cores
2
8
16
32
Minimum Memory (LiveNX Heap Size)
4GB (2GB)
16GB (8GB)
32GB (16GB)
32GB (16GB)
Disk Storage - Built-in
250GB
4TB
6TB
8TB
11 | LiveNX 6.1.1
Large
Node OVA Specifications
Node OVA Sizing
Small
Medium
Large
Number of Devices
25 - 100
100 - 500
500 - 1000
Peak Flow Rate (K = 1000 Flows)
< 100K/sec
< 200K/sec
> 200K/sec
Minimum Virtual Cores
8
16
32
Minimum Memory (LiveNX Heap Size)
16GB (8GB)
32GB (16GB)
32GB (16GB)
Disk Storage - Built-in
4TB
6TB
8TB
Number of Deployed Instances Guideline
Number of Devices
Number of Server
Number of Node
12 | LiveNX 6.1.1
500
1000
5000
10000
1-Mid
1-High
1-High
1-High
4-High
9-High
Hardware and Operating System Requirements
LiveNX is a Client/Server application with optional Nodes. The LiveNX Client software runs on Windows, Mac
OSX, or accessed via supported browsers.
LiveNX Servers and Nodes have the following minimum software requirements:
Server and Node OS and Browser
Server and Node OS
Windows
Server 2012 R2 (64-bit)
Server 2008 R2 (64-bit)
7 Professional (64-bit)
7 Ultimate (64-bit)
Linux
RHEL with GNOME UI installed
CentOS 6.4 (64-bit) with GNOME UI installed
CentOS 6.5 (64-bit) with GNOME UI installed
NOTE: LiveNX instances that are installed on Windows Server or Windows Clients require
Microsoft.NET Framework v3.5.1+
This is typically installed by default when installing a Windows Operating System. If .NET
Framework is not installed, LiveNX Flow Technology will have errors when being utilized.
Microsoft.NET Framework can be downloaded from:
http://www.microsoft.com/download/en/details.aspx?id=22
Web Browsers
Internet Explorer v8
Firefox v8
Chrome v16
Chrome has a bug with Web Start
NOTE: Chrome has a bug where it has problems utilizing Web Start
http://code.google.com/p/chromium/issues/detail?id=92846
Java Version
Supported version of Java – Version 8 Update 111 (build 1.8.0_111)
Deployment Options
Single Server
Single Server deployment of LiveNX consists of installing the Server on a Linux or Windows Server or VM. Since
the LiveNX Server has a built-in collection Node, it is fully useable without any additional installations.
Distributed Deployment
In distributed deployments, a single Server is deployed as usual, but additional collection Nodes can be
deployed and associated with the Server.
Virtual Appliance
LiveNX currently has options for Virtual Appliances that are prebuilt and ready to go.
13 | LiveNX 6.1.1
Deployment Decisions
The use and location of additional Nodes are based on three criteria:
•
•
•
Performance
o Off load performance to another Node
Location
o Place Node near devices being polled
o Place at a branch site so data is not polled across the WAN to the DC where the Server exists
Security
o Place Node for different security zone, DMZ
o Node will initiate communication from security zone to Server
o In case of communication loss, Server of Node may initiate communication to reestablish
Appendix A: TCP /UDP Ports
LiveNX Server Ports
Service
Port
Client Access
TCP 7000
NetFlow
UDP 2055
IPFIX
UDP 2055
sFlow
UDP 6343
Web Dashboard
TCP 8092
Node Communication
TCP 7026
14 | LiveNX 6.1.1
Appendix B: NetFlow Deployment Considerations
NetFlow data is sent by network infrastructure devices (routers/switches/etc.) across the network to LiveNX
collector Nodes. This important technology does consume a minimal amount of network bandwidth to deliver
the data management it provides. The purpose of this document is to provide examples of NetFlow bandwidth
consumption rates from real networks that LiveNX is managing to assist network architects with data points
for capacity planning.
LiveNX can be used to track both the flow rate per second and the actual bandwidth consumption of NetFlow
by using its own NetFlow Reports. The volume of NetFlow data that is placed on the wire by a device is
proportional to two main factors:
•
•
Number of interfaces enabled for NetFlow
Volume of end-user data (voice/video/web/etc.) on the network
LiveNX recommends enabling flow on the fewest interfaces possible that still provides the fullest view of
network traffic. Most Cisco devices support NetFlow being configured bi-directionally on an interface –in both
the input and output directions. If flow is configured bi-directionally on two interfaces, for example, on the
LAN and WAN interface of a WAN router, then two flow records will be created and sent to LiveNX for each
minute that a conversation is active. One record will be created as the conversation enters the LAN interface
and a second record will be created as the conversation leaves the WAN interface. This means that flow will
consume twice the bandwidth required to report on that one event. To limit the bandwidth utilization of
NetFlow, LiveNX recommends enabling flow bi-directionally on only the WAN interface(s) of WAN devices.
Some Cisco devices only support flow configured in the input direction. For these devices, the same principles
apply, configured flow on the fewest number of interfaces that still provide the fullest view of the network
traffic.
The second main factor for determining the volume of bandwidth consumed by NetFlow is bandwidth usage.
One must determine whether the bandwidth is proportional to the volume of user data that is traversing the
network. For example, NetFlow has the capability to consume less bandwidth on a low T1/E1 WAN link than a
100Mb WAN link. But if there is only a T1/E1s volume of end-user data on a 100Mb link, its NetFlow
consumption would be like a physical T1/E1.
15 | LiveNX 6.1.1
Example Flow Bandwidths
The following table contains data taken from LiveNX running in production networks. The values represent
sample utilizations from actual WAN environments. Each of these examples have flow configured bidirectionally on only the WAN interface.
Device Type
Flows/Sec
Full-Duplex User
Bandwidth
Avg.-Peak
NetFlow
Bandwidth
Average
NetFlow Bandwidth
Peak
WAN Router
.61
158-309Kbps
2Kbps (1%)
14.8Kbps (4%)
WAN Router
34
505K-1.1Mbps
27Kbps (5%)
42.4Kbps (3%)
WAN Router
27
820K-2.6Mbps
22Kbps (2%)
36Kbps (1%)
WAN Router
197
~21-39Mbps
85Kbps (.04%)
117Kbps (.03%)
WAN Router
366
~37-72Mbps
161Kbps (.04%)
219Kbps (.03%)
WAN Router
474
~80-125Mbps
280kbps (.03%)
396Kbps (.03%)
Internet Router
593
~75-115Mbps
317Kbps (.04%)
418Kbps (.03%)
Core Switch
633
~146-335Mbps
470Kbps (.03%)
578Kbps (.01%)
Core WAN
Router
22,000
~4-4.2Gbps
11Mbps (.02%)
12Mbps (.02%)
NOTE: The percentages represent the percent of bandwidth utilized by flow compared to rest of the end-user
bandwidth.
16 | LiveNX 6.1.1
Example Node/Server Bandwidth
LiveNX can be deployed in distributed architecture. When using this model, LiveNX Node collectors will receive
NetFlow and SNMP data from infrastructure devices (routers/switches/etc.) and store it locally. The LiveNX
Server will request specific data from the Nodes on demand to render end-user views, dashboards and
reports. There is also minimal synchronization communication between the Server and Node(s). The volume of
bandwidth used by the LiveNX Server and Node(s) is proportional to the number of devices being monitored
by each Node and the number of end-users actively monitoring LiveNX. The following table provides
bandwidth examples of this communication:
Devices
Per
Node
Node to Server
Traffic
(Avg./Peak)
Server to Node
Traffic
(Avg./Peak)
100
125Kbps/1.2Mbps
5Kbps-25Kbps
500
625Kbps/ 1.75Mbps
25Kbps-125Kbps
1000
1.25Mbps/ 2.25Mbps
50Kbps/ 250Kbps
NOTE: These are typical bandwidth estimates that one would expect to see with LiveNX. Each network is different, so
results may vary.
17 | LiveNX 6.1.1
3.
LiveNX Server Install
This section provides step-by-step details for installing the LiveNX Server. LiveNX Server installation is Javabased and runs on both Windows and Linux OS platforms. In addition, LiveNX can also be deployed on ESX(i).
LiveNX All-In-One (AIO) Deployment
The LiveNX All-In-One installation is deployed on ESX(i). Please follow the steps below to deploy the All-InOne.
NOTE: The OVA installation has LiveNX integrated, there will NOT be a software installation step.
A. Download the OVA from www.liveaction.com
B. Deploy the OVA onto ESX(i)
• Example is an ESX(i) installation
• Tiny Servers can be installed on laptops with VMware Player and/or VMware Workstation
1. Log into vSphere
18 | LiveNX 6.1.1
2.
Deploy the OVA
2a. Click on File > Deploy OVF Template > Browse to the OVA file
19 | LiveNX 6.1.1
2b. Review the Image Description and click Next
20 | LiveNX 6.1.1
2c. Name the Deployment Image and click Next
21 | LiveNX 6.1.1
2d. Choose a data store and click Next
2e. Review and Select Changes to the Disk Format
i. Thick Provision Lazy Zeroed
1. Recommended if the physical disk space is available
ii. Thick Provision Eager Zeroed
1. Recommended if the physical disk space is available
iii. Thin Provision
1. Recommended if in a test environment where data storage is not as important
22 | LiveNX 6.1.1
iv. Explanation of Thick Provision vs. Thin Provision
http://blogs.vmware.com/vsphere/2014/05/thick-vs-thin-disks-flash-arrays.html
2f. Choose a Destination Network and click Next
2g. Review all previous choices and click Finish
23 | LiveNX 6.1.1
3.
VMware will begin deploying the Virtual Appliance based on the configuration
4.
Power on the OVA
5.
Configure the Network
NOTE: LiveNX comes with the ability to pick up DHCP on a local network as well as utilize a static IP
24 | LiveNX 6.1.1
5a. Static IP Option
1. Recommended for Production Environments
2. Configure Static IP and Select “y”
25 | LiveNX 6.1.1
5b. DHCP Option
NOTE: DHCP Option will have the above fields filled in if there is a DHCP Server to distribute IPs
1. Recommended for Test Environments
2. Configure DHCP Option
Once the network configuration portion is completed, the LiveNX Appliance will be reachable. The next steps
would be to log into the appliance and launch the LiveAction Management Console.
Starting up the All-In-One OVA
The All-In-One OVA was designed to quickly startup LiveNX on the OVA platform as quick and as easy as
possible. The user must first launch the LiveAction Management Console through the OVA’s Console local to
ESX(i). By launching the LiveAction Management Console, the user will be able configure LiveNX to start the
appliance up.
26 | LiveNX 6.1.1
From All-In-One OVA Login Screen
A. Use Option 3 to Log into the Appliance
B. There will be 2 icons at the bottom of the screen, select the Management Console
NOTE: Since the platform will already have the LiveAction installed, there will not be a need to run an installer.
1.
2.
Launch the LiveAction Management Console
A. LiveAction’s All-In-One has both the new HTML5 Web UI available as well as the Java Client.
Licensing the LiveAction Management Console
A. Once the LiveAction Management Console is open there are two options
1. Utilize a Temporary License
a. There will be a pop-up once the LiveAction Management Console opens.
b. Click > Yes
1) This Temporary License is only good for two weeks
2. Utilize a Permanent License (Provided from the purchase of LiveNX)
1) All-In-One OVA utilizes scp (secure copy)/sftp.
I.
Username: admin
II.
Password: changeme
2) Upload Location for the All-In-One: /opt/jidoteki/tinyadmin/home/
3) There will be a pop-up oncee the LiveAction Management Console opens. Click > No
27 | LiveNX 6.1.1
3.
4) Click I have a valid license file > Next
5) Click … > find /opt/jidoteki/tinyadmin/home/ > Click Finish
6) The Permanent License has been installed
Verify that the minimal changes to the OVA has been made to connect to both Web UI and the
Java Client
1)
2)
3)
4)
28 | LiveNX 6.1.1
Properties Tab > httpServer.api.enabled = True
Properties Tab > httpServer.secure = True
Click > Apply
Turn on LiveAction
4.
5.
5) Click > Manage
6) Click > Start Service
Change Administrative Password (Recommended)
a. Click on the Terminal icon that is next to the LiveAction Management Console icon
b. In the terminal type > passwd
c. Type the old Password: changeme
d. Change the Password to a new Password
e. Type backup
1) NOTE: backup should be used any time a system level change is made to the instance
to keep the changes persistent
To exit from the OVA desktop
a. Click an empty space on the desktop
b. Click > exit to prompt
29 | LiveNX 6.1.1
LiveNX Server Installation for Windows
Step 1: Download LiveNX Server Application to the Server
1. Download the LiveNX Server application at www.liveaction.com
a. The application comes with a temporary license.
2. Download the LiveNX file(s) and license key file to the Server
3. Upgrading LiveNX Server application from an earlier LiveNX version? Please see the upgrade guide,
located in the same directory as the software download at www.liveaction.com.
Step 2: Run the LiveNX Server Installer
1. Run the Server installer file: LiveActionServer_windows-x64<VERSION>setup.exe.
• Follow the installation wizard:
A. Start
B.
Accept License Agreement
C.
Select Server Location
D. Select Data Directory
E.
Select Server IP Address
F.
Select Memory Allocation
G. Select Start Menu Folder
H. Select Service Options
I.
Finish
30 | LiveNX 6.1.1
2.
When the installation has finished, please launch the LiveAction Management Console.
a. Start Menu > All Programs/All Apps > LiveAction Server [Version] > Management Console
3.
The first time starting the LiveAction Management Console, you will be prompted with a choice to install
a temporary license or a permanent license. If the permanent license has not been received by support
after purchase, please activate the temporary license. This license is good for 2 weeks.
4.
For installation and activation of LiveNX license, please see the Licensing section.
LiveNX Server Installation for Linux
Step 1: Download LiveNX Server Application to the Server
1. Download the LiveNX Server application at www.liveaction.com
a. The application comes with a temporary license.
2. Download the LiveNX file(s) and license key file to the Server
3. Upgrading LiveNX Server application from an earlier LiveNX version? Please see the upgrade guide,
LiveNX Upgrade Guide from v5.3x to v6.0.1, located in the same directory as the software download at
www.liveaction.com.
Step 2: Run the LiveNX Server Installer
1. chmod +x LiveNXServer-<version>. x86_64.sh
2. Run the Server installer file: LiveNXServer-<version>.x86_64.sh
• Follow the installation wizard
o Enter the IP Address of the LiveNX Server
o Enter the Data Directory
o Verify the entries
31 | LiveNX 6.1.1
3.
When the installation has finished, please launch the LiveAction Management Console
a. cd /opt/LiveActionServer/<version>/
b. ./LAManagementconsole
4.
The first time starting the LiveAction Management Console, you will be prompted with a choice to install
a temporary license or a permanent license. If the permanent license has not been received by support
after purchase, please activate the temporary license. This license is good for two weeks.
5.
For installation and activation of LiveNX license, please see the Licensing section.
Upgrading to LiveNX 6.1 Server AIO OVA via WebUI
Users can now upgrade LiveNX from a previous 6.0 version to 6.1.0 version via the WebUI. You can do an
offline update or an online update. Simply download the file and do a offline update or provide the AIO OVA file
location (eg: liveaction.software_package-livenx-server-6.1.0-full.enc) for an online update.
Online Update
32 | LiveNX 6.1.1
Offline Update
Upgrading to LiveNX 6.1 Node AIO OVA via WebUI
Users can now upgrade LiveNX Node AIO OVA from a previous 6.0 version to 6.1.0 version via the WebUI. You
can access the LiveNX remote node WebUI by entering
https://<LiveNXRemoteNodeIPAdress>:10.1.2.26:8443/. This provides the user with the following dashboard.
Go to the update tab to update to the 6.1.0 release with the AIO OVA File.
33 | LiveNX 6.1.1
4.
LiveNX Licensing
If you have the permanent license from LiveAction, use the following steps to install:
Uploading the License to LiveNX on the All-In-One Platform
Out-of-the-box, LiveNX allows users to scp/ssh/sftp files onto the platform to easily integrate. The following
shows an example of using an ftp client as well as commands on Linux platform:
Windows
1.
2.
3.
Use an FTP/SFTP/SCP client
a. Common flavors for Windows: filezilla, winscp
Connect to the platform through the file transfer clients
a. Username and password
 Username: admin
 Password: changeme
b. Port: 22
c. Upload location: /opt/jidoteki/tinyadmin/home/
Upload the License
34 | LiveNX 6.1.1
Linux
1. Open a terminal
2. scp <license file> admin@<ip-of-All-In-One>:/opt/jidoteki/tinyadmin/home/
a. Example: scp license.txt [email protected]:/opt/jidoteki/admin/home/
3. Type in the password
4. License will automatically upload
35 | LiveNX 6.1.1
1.
2.
3.
To install the permanent license
a. Click > No to the pop-up message
b. Click I have a valid license file > Next
c. Click … > find the license in the system > Click Finish
d. Click Activate Online > Finish
i) Step 2 will provide options for online and offline activation
e. Skip Step 1
To install the Temporary Two-week License
a. Click > Yes to the pop-up message
b. Follow Step 3
Go to the properties tab and configure the LiveAction Management Console before starting LiveNX. The
following is the minimal changes needed to enable common features.
a. To connect the OVA to LiveNX
i) httpserver.api.enabled = True
b. To connect with https
i) httpserver.secure = true
c. Click Apply
36 | LiveNX 6.1.1
4.
When finished, reboot the Server or start the LiveNX service manually with the LiveAction Management
Console as shown below.
•
Run Manage > Start Service.
5.
During the Start Service or Shutdown Service process, LiveAction Management Console provides a
progress indicator at the bottom of the LiveAction Management Console window. Depending on the
amount of LiveNX data handling, these processes may take a few minutes.
37 | LiveNX 6.1.1
10.
6.
When the message on the bottom of the LiveAction Management Console changes to “The Server is
currently running” the LiveNX Server installation is complete.
38 | LiveNX 6.1.1
Step 1: Loading LiveNX Permanent License
NOTE: Skip this step if a permanent license has already been installed
1.
2.
3.
4.
Ensure that the LiveNX license is on a local desktop before starting
Start the LiveAction Management Console and Click Licensing > Click Change License
Follow the Licensing Assistant instructions to load the valid license file
Activate the LiveNX permanent license as described in Step 2 below
Step 2: Activate LiveNX Permanent License
Activating the permanent license is the final step in the LiveNX installation. This process registers the license
and the computer with LiveNX and permanently unlocks the features that have been purchased. There are
two ways to activate the license—Online Activation and Offline Activation.
If the PC running LiveNX has an Internet connection, use Online Activation
If the PC running LiveNX DOES NOT have an Internet connection (e.g., sandbox or lab), use Offline
Activation
Users can register the LiveNX license with the License Team via email at [email protected].
NOTE: After loading the permanent license, the system will have 14 days to activate it before LiveNX stops
operating. However, the user can still activate a permanent license any time after the 14 days to permanently
restore LiveNX operation.
Online Activation
1. From the LiveAction Management Console License tab, select Activate License to start the License
Activation Assistant
2. Select Activate Online > Next
3. Select Direct Connection
a. Select Use proxy, if there is a proxy in use to reach the Internet
4. Click Next
5. The Activating License will be successful
6. Click Finish to complete the Activation
Offline Activation
Collect and send information to LiveNX:
1. From the LiveAction Management Console License tab, select Activate License to start the License
Activation Assistant
2. Select Activate Offline, and then click Next
3. The License Number and Activation Key will be displayed. This information must be sent to the LiveAction
License Team to complete offline activation. Click Copy to store the information to the Windows clipboard
and paste it into a text file to send to the LiveAction License Team.
4. Click Cancel to exit the License Activation Assistant.
a. The temporary license will be in use for up to 14 days.
5. Using another computer that does have an Internet connection, e-mail your contact information and the
saved License Number and Activation key to [email protected]. The LiveAction License Team will
then process the request and reply with the permanent key for the next step.
Load the Activation Key into LiveNX
1. When the new Activation Key file is received, copy it to a location that can be reached by the LiveNX
Server installation
2. Start the Management Console > select the License tab.
3. Select Upgrade License to restart the Licensing Assistant
4. Select I have a valid license file, and then click Next
39 | LiveNX 6.1.1
5.
6.
On the License Location screen, browse to locate the Activation Key file
Click Finish to complete license activation
NOTE: A user cannot run two instances of LiveNX simultaneously on the same computer. Before running a previous
installation on the same computer, shut down the LiveNX service using the LiveAction Management Console.
Cloud Licensing
How to get a temporary license from the cloud:
1.
Licensing for the new cloud
a. Keep the "cloud licensing" selected.
2.
3.
Go to the LiveNX login and associate your device with your LiveNX deployment.
Log into LiveNX for the first time using admin/admin.
40 | LiveNX 6.1.1
4.
Fill in the new user registration information (this will create your account and provide you with
account information to obtain a temporary license).
5.
Automatically, the temporary license will associate to your account.
Obtaining a Permanent License
1.
Licensing for the new cloud
a. Keep the "cloud licensing" selected.
41 | LiveNX 6.1.1
2.
3.
Go to the LiveNX login and associate your device with your LiveNX deployment.
Log into LiveNX for the first time using admin/admin.
4.
Skip this step if you have an account and go to 5. If you do not have an account yet, fill in the new
user registration information (this will create your account and provide you with account information
to obtain a temporary license).
5.
If you do have an account, click where it indicates “here.”
42 | LiveNX 6.1.1
6.
You will be taken to this page to obtain a key and secret.
Obtain the License Key and Secret
7.
Waiting for the email to send over, to obtain a license key
8.
Log into the site https://stage-livecc.liveaction.com
9.
Choose the license you received when purchasing the product, and click on the “eye.”
43 | LiveNX 6.1.1
10. Find the key and secret.
11. Fill it back into the Configure NX License Page (from step 4b).
12. Review the license and activate it.
Traditional Licensing via the WebUI
LiveNX Admin can update the traditional license from the Web interface. By clicking on the
option on the
WebUI page, it will open the About or information page. This page contains the License Management Section.
44 | LiveNX 6.1.1
Click Browse to select the traditional license file, then Next
Complete Online Activation
Offline Activate Traditional License (.key)
Select Offline Activation, then click Next
Click Browse to Upload your license file, then click Done
45 | LiveNX 6.1.1
Email Activation Key to [email protected] to obtain an offline activated license key. Once you receive
Offline key, Upload Your License File and file via the Activation Wizard
Once License is activated, you will be redirected to the License page. Check License Status to verify License
46 | LiveNX 6.1.1
Cloud Licensing via the WebUI
Admins can manage LiveNX license from the Web Interface. By clicking on the
option on the WebUI page, it
will open the About or information page. This page contains the License Management Section.
The Manage License button take the user to the License Manager page.
The switch from traditional license to Cloud License or vice-versa can be done from this screen. To change, modify
licence, click on the chance license button and Log into user’s LiveAction Licensing Portal account to obtain the key
and secret for your license and activate your license.
47 | LiveNX 6.1.1
System Diagnostics
With 6.1.0 release, user can download system, functional and error logs via the WebUI. This page also has
detailsl on the LiveNX server CPU, OS-RAM and JVm-RAM and disk size. RTT gives the server-node
communication round trip time.
With the 6.1.1 release, there is some new widgets added, Long term store size, flow store size,
snmp store size and alert store size. These are tracked for the last 30 days.
48 | LiveNX 6.1.1
Specification recommendations or conformance status are based on number of devices and
flows/sec recommendations for ova spec. Flows per sec recommendation are based on previous
day's 24 hours’ report.
49 | LiveNX 6.1.1
5.
Installing LiveNX Nodes (Optional)
Nodes are used by LiveNX to provide additional collection and processing capabilities in networks with many
devices. The Nodes run on Linux OS or Windows Server and communicate to the central LiveNX Server.
1.
2.
3.
4.
Download the LiveNX Node from: http://liveaction.com
Install the LiveNX Node software of a Windows or Linux Server.
For Windows, follow the installer directions.
For Linux, use the shell script LiveActionNode-<VERSION>.x86_64.sh on a Linux computer or VM.
a. chmod +x LiveActionNode-<version>.x86_64.sh
b. ./LiveActionNode-<version>.x86_64.sh
c.
Enter the LiveNX Node and Server IP addre
50 | LiveNX 6.1.1
d.
5.
Enter the LiveNX data directory. For consistency, name the data directory to correspond with the
Server data directory. Type y to create a new data directory. When complete, the LiveNX Node is
installed.
Define the Nodes using the LiveNX Server and then start the LiveNX Node Console to load the Node
configuration.
a.
Return to the LiveAction Management Console and click on Add Node in the Nodes tab. Define a
Node Name and type in the IP Address on the Linux computer or VM. If desired, create a password to
protect the connection file or uncheck the Encrypt checkbox. Click on the Browse button to save the
*.nodeconn file.
b.
After clicking on Add Node, LiveNX will provide a success notification.
51 | LiveNX 6.1.1
c.
Verify the new Node’s name, IP address and status in the LiveAction Management Console.
d.
Start the LiveNX Node Console on the Linux PC or VM by
typing:/opt/LiveActionNode/4.2/LANodeManagementConsole
e.
Once the LiveNX Node Console is running, import the LiveNX Node connection file by clicking on:
Manage > Import Connection File
52 | LiveNX 6.1.1
Click on Browse to select the saved *.nodeconn file. In this example, the *.nodeconn file was copied onto the
desktop of the Linux machine containing the LiveNX Node.
f.
Click on OK and then re-enter the password used to create the *.nodeconn file. Click on Import.
g.
On the LiveNX Node Console, go to Manage > Start Service. When completed, a green LED appears in
the bottom of the Node Console with “Node is currently running.”Verify that the Node Name and
Node ID matches the Node Name and Node ID in the Node tab in the Management Console and that
the Node status in the Management Console is connected.
NOTE: If the LiveNX Node daemon fails to start up and the log shows an error with setting the Node-name property
in ‘akka.conf’ file, then it is likely that Cent OS failed to statically configure the loopback IP address in the
53 | LiveNX 6.1.1
/etc/hosts file. This issue is OS dependent. To resolve, type “hostname” to retrieve the hostname.
h.
Edit /etc/hosts file and type in the hostname.
i.
Restart the LiveNX Node Console by clicking on Manage > Start Service.
54 | LiveNX 6.1.1
6.
LiveSensor Install (Optional)
LiveAction LiveSensor Deployment
LiveAction LiveSensor deployment involves a simple black box tool that takes very little resources to run. The
LiveSensor allows an administrator to deploy a VM and monitor mirrored/span traffic and have the LiveAction
LiveSensor send flows to LiveNX for analysis.
There are several prerequisites required before deploying a Sensor. These prerequisites require the
administrator to know and understand how to span as well as connect the physical Server to a mirrored port.
Here Are the Prerequisite Steps
• 1 Physical port from the Server must be connected to an unused port on a router or switch. This is
preferably at the egress/ingress of each site.
• Span needs to be configured to the physically connected port from the Server where the VM resides.
• The VMNIC from vSphere that is connected should also be configured in promiscuous mode. This will
allow for the traffic to be read through the NIC specified.
o There will be a short step-by-step to describe the VM portion of the configuration through
vSphere.
Hardware Requirements for the LiveSensor OVA
• 4 vCPU
• 8GB of RAM
• 50GB Disk
Create Virtual Machine Port Group and Configure Promiscuous Mode
This section assumes that the physical port of the VMNIC has already been connected to a span port on a
physical router or switch, and a vSwitch has already been configured. If this has not been performed, please
consult VMware to configure a vSwitch before moving forward.
1.
2.
3.
4.
5.
6.
Log into vSphere
Select the target ESXi Server
Click > Configuration
a. Located on the right panel
Click > Networking
Find the vSwitch that is configured for the span port
Click > Properties
55 | LiveNX 6.1.1
7.
8.
Add a Virtual Machine Port Group to the vSwitch
Select Virtual Machine > Next
56 | LiveNX 6.1.1
9.
Provide it a Name > Next
57 | LiveNX 6.1.1
10. Click > Finish
58 | LiveNX 6.1.1
11. Click > the new Virtual Machine Port Group > Edit
12. Click > Security
59 | LiveNX 6.1.1
13.
14.
15.
16.
17.
Check Promiscuous Mode > Accept
Check MAC Address Changes > Accept
Check Forged Transmits > Accept
Click > OK
Under vSwitch Properties > Close
60 | LiveNX 6.1.1
Deployment of LiveSensor
1. Download the LiveAction LiveSensor OVA at: xxxxxxxxxxxxxxxxxxxx
2. Open vSphere and choose a local Server
3. Click on File > Deploy OVF Template
4.
Search for the LiveSensor and follow the installation wizard
a. The Sensor deployment is almost identical to the Node and AIO deployment on ESX
61 | LiveNX 6.1.1
5.
6.
After the OVA has finished deploying the VM on the ESXi Server power it on
Deployment of LiveSensor has been completed
62 | LiveNX 6.1.1
Configuration of LiveSensor
1.
2.
Wait until the LiveSensor has finished booting and there will be a menu screen that shows you 6 options:
a. Static IP
b. Install Sensor License
c. Configure Sensor
d. Restart Sensor
e. Download Logs
f. Reboot
For Static IP > 1
NOTE: The NIC configuration will be for eth0, eth1 will be your span port and will automatically be in
promiscuous mode
a.
b.
c.
d.
e.
f.
Configure the Hostname
Configure the IP Address
Configure the NetMask
Configure the Gateway
Configure the 1st DNS
Configure the 2nd DNS
63 | LiveNX 6.1.1
g.
h.
i.
3.
Configure NTP Server
Verify the settings are correct
There will be a check against a previous backup (Hostname and Network)
i. Type “y” or “Y” if you want to backup previous configuration
ii. Type “n” or “N” if you want to not backup the previous configuration
j. An automatic reboot will be done to have the new configuration take effect
Install Sensor License > 2
a.
4.
Upload License
i. Uploading the license will require an ssh connection directly to the machine that
contains the LiveSensor License
b. Manually Type in the License
i. This will require the license to be typed in manually, since it’s an alphanumeric hash,
this may be possible for offline activation
c. Return
Configure Sensor > 3
a.
b.
5.
Configure the Target Server to receive flow
Configure the Target Server’s Port to receive flow
i. NOTE: The target Server will be LiveNX Server or LiveNX Node or LiveNX AIO
c. The Sensor will restart the configured services and push you back to the splash screen
Reboot > 6
a. This reboots LiveAction LiveSensor
64 | LiveNX 6.1.1
7.
LiveNX Client Installation
Copy the LiveNX client installer (LiveActionClient_<OS>_<VERSION>_setup) to the PC or Mac that LiveNX will
be used from and run the installer. Follow the instructions in the installation wizard. The installation should
take less than 10 minutes to complete.
Installing on Macs is the same as Windows except the Mac installer is a dmg file.
A. Start
B.
D. Select Client Start Menu Folder E.
Accept License Agreement
C.
Select Client Location
Select Additional Tasks
A. Finish
Start the client by clicking on the desktop shortcut. The user login prompt will appear. Click Configure to enter
the Server IP address and application port number. The default port number to use is 7000. The first-time
username and password are admin and admin. After the initial login completes the user will be prompted to
create a stronger password.
NOTE: Forgetting the passwords for all administrative accounts will require resetting all LiveNX settings and rebuilding
the configuration. Refer to Chapter 3 for more information on resetting the LiveNX configuration.
65 | LiveNX 6.1.1
•
When a user logs in for the first time, the welcome screen will pop up. Click > Start: Discover Devices
66 | LiveNX 6.1.1
Java Web Start Client Installation
Client software can also be installed by opening a web browser to the LiveNX Server.
Windows Java Web Start
Click the link Launch the LiveNX Client
1.
Accept the Java Web Start installation.
i.
2.
This may take several minutes while all the files are downloaded and installed.
Once installed the user will be prompted to run the client and receive a LiveNX login prompt.
a.
Please note that there are issues with Google Chrome where the initial web start may work but
subsequent ones may fail. This is a known issue in Chrome that may be fixed in the future by
Google.
Mac Java Web Start
The Mac Java web start can be more involved due to security restrictions for Java web start.
1.
Typically, this will require changing the settings in System Preference > Security and Privacy settings to
allow running the Java web start program. Please refer to detailed Mac installer documentation for more
specifics.
2.
Login into LiveNX with the default administrative account.
Username: admin
Password: admin
3.
Go to Users > User Management to create user accounts with the appropriate roles.
NOTE: See Chapter 3 Role-Based Access for information on creating user accounts.
NOTE: A fully operational trial version of the software will operate for up to 14 days. The user will have an option
to purchase LiveNX when the Trial License expires.
67 | LiveNX 6.1.1
HTTP Proxy Configuration Support
1.
LiveNX 6.0.1 version onwards can configure a HTTP(S) proxy for outgoing web requests. This is useful
during geo-lookups, get license and for sending telemetry data. Some assumptions to consider for this
implementation.
a. HTTP clients respect the following environment variables like Linux/UNIX OS.
i. HTTP_PROXY / http_proxy
ii. HTTPS_PROXY / https_proxy
iii. NO_PROXY / no_proxy
b. Only admin users can edit the proxy settings.
c. Only basic level of authentication is supported.
d. Single proxy entry for both HTTP and HTTPS requests and hence all HTTP and HTTPS request will
go through the same proxy.
2.
The new proxy settings are exposed in the Management Console properties tab.
a. When the Management Console is run from within an OVA, these property settings are not
editable, but will have a tooltip explaining that the settings should be changed using the Web UI.
b. When the Management Console is run from a regular OS environment, these settings can
be edited.
68 | LiveNX 6.1.1
3.
User Interaction: Users can add the HTTP Proxy configuration and authentication entries from the Web
Interface. The web application uses the request NPM module as an HTTP client.
Secure Web Login Configuration
Secure Login to LiveNX can be enabled through the LiveAction Server Management Console.
1. To enable Secure Web Login
a. Click Properties > httpserver.secure
i. Change this option to True
b. Click httpserver.port
i. Default is 8092 [Typical Options are 443 or 8443]
c. Click Apply
2. To ensure that configuration takes effect
a. Click Manage > Shutdown Service
b. Click Manage > Start Service
69 | LiveNX 6.1.1
• Open a web browser and type in https://localhost:8092 [Default Port = 8092]. Depending on the browser,
there will be a warning with a similar message below.
Click Continue. This will bring up a secure web page.
Enter the administrative LiveNX username and password and click on Login.
70 | LiveNX 6.1.1
The help dropdown components (Quick Start, User Guide, and Launch Client) are available without logging in.
All other menu items (QoS Reports, NetFlow Reports, IP SLA Reports, Routing Reports, LAN Reports) require
valid log-in credentials to continue.
Unsecured Web Service
To return LiveNX to unsecured web service, go to the LiveAction Management Console > Properties >
httpserver.secure
Change true to false (or leave the field blank). Click away from the httpserver.secure field to ensure that the
false value is maintained during this process. Click on Manage > Shutdown Service.
After the service shuts down, restart the service by clicking on Manage > Start Service and then Manage >
Connect to Service. The title menu bar of the LiveAction Management Console should say Connected.
Once the Server is restarted, open a web browser and type in http://localhost:8092. The webpage will now
hide any login entries, and all the menu items are available without any login prompts.
71 | LiveNX 6.1.1
Telemetry
In LiveNX 6.0.1 version, sending out user Telemetry data is enabled by default. Users can disable, if required
from the Management Console interface.
72 | LiveNX 6.1.1
8.
Basic Setup and Operation
NOTE: If prompted, enter your LiveNX administrative login and password to continue.
Add Devices to the Topology
The first step when using LiveNX is to add your network devices to the topology. You can add multiple devices
in one operation using the device discovery function or add devices one at a time.
Adding Devices Using Device Discovery
1. Click the Discover link or select Discover Devices from the File Menu.
2.
Step 1: Specify how you want LiveNX to discover your devices.
You can specify a range of IP address from lowest to highest separated by a hyphen. You can also include
a list of individual IP addresses (one per line). If you want to discover devices connected to a seed device
instead, specify the IP address of the seed device. Then specify the connected devices you want to include
by indicating the number of hops they are from the seed device.
Step 2: Specify SNMP settings using either default or device settings
Step 3: Specify Node that will be collecting the device information. Use the dropdown to select among the
defined Nodes or the LiveNX Server.
Step 4: Click OK to continue. LiveNX will search the network and list the devices in the
Device Discovery window.
73 | LiveNX 6.1.1
74 | LiveNX 6.1.1
3.
Select the discovered devices you want to add to the LiveNX topology by checking them in the leftmost
column of the Device Discovery window and clicking the Add Devices button. You can select (or deselect)
all devices by right clicking inside the Select column.
NOTE: Cisco and other network devices considered compatible with LiveNX will be checked automatically. All other
network devices will be labeled “Unknown” and will not be checked automatically.
Adding Non-RFC1213 Compliant Devices
LiveNX 6.0.1 extends the device coverage to support a multivendor network environment. LiveNX discovers
network topology using SNMP. For LiveNX to propagate and draw the flows correctly on the system topology,
LiveNX needs to discover the IP address of the interface. Since every vendor does not conform to RFC1213,
these devices do not have the IP Address Table implemented. Thus, LiveNX is not able to add the network
element as an SNMP capable device. As a workaround, we have removed the IP Address Table check allowing
a non-conforming device to be added as an SNMP capable device, thereby collecting interface statistics. The
added capability to configure interface IP address and mask allows the flows to be drawn correctly. With this
enhancement, users should be able to add any network devices to LiveNX.
To add a device, go to File -> Discover Devices. Specify the IP address or range along with the SNMP
community string of the device.
75 | LiveNX 6.1.1
The network device is discovered and added.
76 | LiveNX 6.1.1
Click Add Devices or Advanced Add to select the interfaces to manage.
NOTE: The IP address cannot be modified in the Advanced Add table view.
77 | LiveNX 6.1.1
Click Add/Update Devices. You will be prompted again for the SNMP credentials.
The network device is now added to LiveNX.
To work around certain device issues where the vendor does not populate the IP address and subnet of the
interfaces:
•
•
Right click on the device
Select Edit Device Settings or Add or Remove Interfaces
78 | LiveNX 6.1.1
Notice how the sp_land and sp_wan interfaces do not have the IP address/subnet mask settings. This implies
that the device is not populating the SNMP IP Address Table information.
79 | LiveNX 6.1.1
As shown below, the IP address and subnet mask information is now added for the sp_lan and sp_wan
interfaces.
80 | LiveNX 6.1.1
Clicking Next will take you through the remaining options.
81 | LiveNX 6.1.1
Once you have gone through the process, you can validate that the interfaces now show up on the Topology
along with flow information.
82 | LiveNX 6.1.1
SNMP based reports are also available for these network devices as defined in the User Guide.
Configure Cisco Devices for QoS, Flow and IP SLA
After any supported Cisco devices are added to the topology they need to be configured for advanced
monitoring and control of technologies such as QoS, NetFlow, IP SLA and NBAR. The Device Discovery wizard
will prompt you to configure the devices you have just added. Click “Yes” to configure them with the device
setup wizard.
NOTE: If only one device is added, the Device Discovery wizard will skip 4b. If multiple devices are added,
the Device Discovery wizard will skip 4a.
83 | LiveNX 6.1.1
1. SNMP Settings
2. CLI Settings (Configuring)
3. CLI Settings (Monitoring)
4a. Validating Current Devices
4b. Validating Devices
5. Select Interfaces
6. Select VLANs
7. Select Features
8. Enable Polling
9. Review Configuration
10. Device Updated
84 | LiveNX 6.1.1
SNMP Settings
1.24 There are two options for SNMP connection settings:
SNMP
Connection
Settings
SNMP Version
SNMP Version 2
(V2C) Settings
SNMP Version 3
(V3) Settings
•
Use default SNMP settings (and reuse them for other devices; click Edit to create or
change default settings).
•
Enter specific SNMP information for this device.
•
These credentials are used by the LiveNX Server for monitoring.
•
Select either V2C or V3.
•
Enter the port number to use to communicate to the device. This does not need to
be changed unless the device uses a non-standard port.
•
Enter the Community String.
•
Enter the port number to use to communicate to the device. This does not need to
be changed unless the device uses a non-standard port.
•
Enter the User Name for the user who can access SNMP. This is the
ADD-USER-NAME found in “Setup SNMPv3” on Cisco’s Help Site. Utilize show SNMP
user on the device to show all users.
•
Select an HMAC authentication algorithm: MD5 or SHA and password.
•
Select a Privacy Protocol and Password: None (no encryption), DES (use 56-bit Data
Encryption Standard algorithm), or AES 128-bit (use 128-bit Advanced Encryption
Standard algorithm).
CLI Settings (Configuring)
1.25 LiveNX generates command line interface (CLI) commands and sends them to the
devices. There are two options for connecting to the device for CLI control:
Configuration CLI
Connection
Settings
If Entering
Specific CLI
Connection
Settings for This
Device…
85 | LiveNX 6.1.1
•
Use default Configuration CLI connection settings (To reuse these for other devices,
click Edit to create or change default settings). Each user who can configure the
device must use their specific CLI credentials to do so. The default credential which
will be used for all devices, is for their own use only.
•
Enter specific connection settings for this device.
•
Select connection type: Telnet or SSH and specify Port number.
•
Enter the username and password for the device as well as the Enable password.
Each user who can configure the device must use their specific CLI credentials to do
so. The administrator that added the device specified his/her credentials. Other
users, as they make modifications and try to save the configuration to the device, will
be prompted to provide their own credentials on a per device basis.
•
Indicate if you want to save these settings to disk.
•
Indicate if you want to use the same settings for the next step: CLI Settings
(Monitoring).
CLI Settings (Monitoring)
1.26 LiveNX generates command line interface (CLI) commands and sends them to the
devices. There are two options for connecting to the device for CLI control:
Monitor-Only CLI
Connection
Settings
If Entering
Specific CLI
Connection
Settings for This
Device…
•
Use default Monitor-only CLI connection settings (To reuse these for other devices,
click Edit to create or change default settings).
•
Use the previous page (CLI configuration) connection settings.
•
Enter specific connection settings for this device.
•
These credentials are used by the LiveNX Server for CLI commands for monitoring
and by all users for gathering information. When configuring, the individual user
Configuration CLI settings are used.
•
Select connection type: Telnet or SSH and specify Port number.
•
Enter the username and password for the device as well as the Enable password.
NOTE: If LiveNX is unable to connect to the device in the CLI Settings (Configuring) step, the user can choose to Retry or
to skip the step and continue to the CLI Settings (Monitoring) step.
Validating Devices
Validating
Devices
•
LiveNX will proceed to test and validate your devices. If you selected multiple
devices, LiveNX will list the status of each device.
•
The following indicates the possible outcomes of each test.
Failed
86 | LiveNX 6.1.1
Critical test failure—This device cannot be managed by
LiveNX.
Not
Supported
This feature is not supported on this device.
Pending
The test has not started yet.
Skipped
Test skipped—not applicable to this device.
Succeeded
Test passed.
Testing
Test still in progress.
Warning
Non-critical test has failed but will not affect LiveNX.
Select Interfaces
Select Interfaces
•
If you selected only one device, LiveNX will list its interfaces. Check the ones you
want to manage with LiveNX (up to 50 for interfaces per device).
•
If you selected multiple devices, LiveNX will ask you to specify the number of
interfaces (by type) and any specific VLAN interfaces to add. You can add up to 1,000
interfaces per device.
•
If you selected only one device, LiveNX will list the VLANs numbers and their
descriptions. Use the checkbox to select the VLANs to monitor (max = 25).
•
If you selected multiple devices, LiveNX will ask you to specify the number of
interfaces (by type) and any specific VLAN interfaces to add. You can add up to 1,000
interfaces per device.
•
LiveNX will display available features for your devices such as CEF, NBAR. NetFlow
and Mediatrace. Check the features you want to enable.
•
If you selected only one device, LiveNX may request a switch from traditional
NetFlow to Flexible NetFlow (FNF). FNF provides enhancements over NetFlow v5 or
v9 in its ability to selectively export data. FNF also supports deep packet inspection,
NBAR, IPv6, VoIP and video traffic monitoring.
•
For NetFlow type, the default setting will be MIB if your device supports MIB polling.
Otherwise the setting will be COLLECTOR. If the interfaces are switched to FNF,
LiveNX will reconfigure the interfaces from traditional NetFlow to Flexible NetFlow
using the LIVEACTION-FLOWMONITOR input and output CLI commands. With FNF,
Select VLANs
Select VLANs
Select Features
Select Features
87 | LiveNX 6.1.1
NBAR support will also be enabled provided it is supported by the device.
•
You can also disable NetFlow by selecting NONE.
•
LiveNX will display polling options for each of your devices. First indicate if you want
to enable or disable polling for each device by checking or unchecking poll.
•
Indicate the polling frequency from the drop-down selection.
•
Check the appropriate boxes to indicate if you want to poll Flows, QoS, IP SLA,
Routing and/or LAN.
•
LiveNX will indicate which devices require updates to match your previous selections.
Clicking on Update required will display the configuration commands LiveNX will
send to the device.
•
To send updates to the devices, click the Send button
•
If you want to configure the devices manually instead, select this option and click
Next. LiveNX will add the devices, but you will need to update the configuration
settings manually.
Enable Polling
Enable Polling
Update Device
Update Device
88 | LiveNX 6.1.1
Managing Device Interfaces
LiveNX automatically selects and displays the highest bandwidth interfaces for display and for monitoring. To
manually add or remove interfaces, right click on a device in the device tree and select Add or Remove
Interfaces.
Use the checkbox to add or to remove interfaces that you want to monitor. Up to 1,000 interfaces may be
selected. LiveNX lists all port channels, VLANs, switched virtual interfaces, trunks and any interfaces with an IP
address. LiveNX automatically selects the top three interfaces with the highest bandwidths for monitor and
display. Loopback and Null interfaces are default to off to indicate no monitoring or display. Click on Next after
selecting the desired interfaces.
89 | LiveNX 6.1.1
For details on selecting VLANs, please see Section 10 – LAN.
Additional features can be selected at a device or interface level. Device features are individually selectable for
Cisco Express Forwarding (CEF), MediaTrace and Probe Association. Default is enabled provided the device
supports the feature. CEF must be enabled in the device for NBAR to be enabled at the interface. Details for
the Associate Probe feature are covered later in this chapter.
Each of the selected interfaces can be configured to support NBAR (Network Based Application Recognition)
and/or NetFlow. Default is all enabled. Click on Next.
90 | LiveNX 6.1.1
91 | LiveNX 6.1.1
Enable Polling provides user-control on the polling rate: 10 seconds, 30 seconds, 1 minute or 5 minutes, and
provides individual selection to poll by technology: Flows, QoS, IP SLA, Routing and/or LAN. The LAN polling is
available at 15-minute intervals. Click on Next.
A CLI listing is generated based on the device and interface configuration settings selected.
Choose the Send the configuration commands to device to automatically use LiveNX to send the CLI
commands. Once sent, LiveNX returns the results of the sent commands.
Choose I will manually configure the device myself to continue to the next step without using LiveNX to
configure the device. Click on Next.
92 | LiveNX 6.1.1
If the Send the configuration commands to device was selected, then a Save Startup Config dialog offers the
option to automatically save the desired configuration to the startup configuration. Choose Yes to save and
No to ignore. The Do not show again checkbox allows you to bypass this Save Startup Config screen; the
configuration does not get saved to the startup configuration.
93 | LiveNX 6.1.1
Once updated, the Device Setting table will display the results of the configuration. The interface settings list
NBAR and NetFlow capability for each interface. A green LED means that the interface is successfully
configured; a red LED means that the interface is not successfully configured. Check to see that the NetFlow
collector is pointing correctly to the LiveNX Server. Click on Finish to complete the Add/Edit Interface Wizard.
94 | LiveNX 6.1.1
Managing Devices
To manage the devices, you have added to LiveNX, click the Manage link in the toolbar, or select
File > Manage Devices.
To add devices to a new group or to an existing group, enable the Select checkbox next to the desired devices,
then click on Add to Group and use the dropdown to add to a new group or to an existing group.
95 | LiveNX 6.1.1
To remove devices from a group, select the desired devices that are already assigned to groups and then click
on Remove from Group.
96 | LiveNX 6.1.1
Click on Edit Groups to modify the topology groups. Three options are available:
97 | LiveNX 6.1.1
Add – Displays the Add Group dialog box used to add another group.
Edit – Select the group to edit and click on the Edit button to bring up the Edit Group dialog box. Use this
dialog box to rename the group, modify the group description, or to add or remove devices from the group.
Remove – Select the group and click on the Remove button to delete the group and remove the group
designation for the devices.
98 | LiveNX 6.1.1
Size—Describes the number of devices within that group.
Groups are displayed in the topology view as collapsed or as expanded. In the expanded view, a shaded
background border is displayed encompassing the devices that make up the group. The tab at the left-hand
top corner displays the group name. Collapse a group by double clicking in the background border or right
clicking on the group name in the device tree and selecting Collapse. Expand a group by double clicking within
the group boundary or by right clicking on the group name in the device tree and selecting Expand.
In the collapsed view, the group background is replaced by a solid rectangle equivalent in size to the shaded
background border that encompassed the devices in expanded view. Right click on either the rectangle in the
topology or the group name in the device tree view and select Use Small Collapsed Groups to maintain a
consistent size rectangle, independent of the spread of devices in the topology. The rectangle color is the color
of highest alarmed device within the group.
99 | LiveNX 6.1.1
Zoom – While in the topology view, highlight a group or a device in the tree view, right click and then select
Zoom or Zoom to device, respectively, to position the topology so the selected group or device is in the center
of the window.
For a large topology, zooming out may result in visualization challenges due to the size of each individual
device. LiveNX will automatically change the individual devices to groups for visibility purposes. The transition
from devices to groups can be user-defined by zooming out to the desired zoom level and then right clicking
100 | LiveNX 6.1.1
on the topology and selecting Group Management > Set Auto-Collapse/Expand Groups at this Zoom level.
Click on Reset Auto-Collapse/Expand Zoom Level to return to the default LiveNX zoom level.
To keep a group expanded regardless of zoom level, click on the desired group and then right click on the
Group Management > Persistent Expand (disable auto-collapse/expand).
101 | LiveNX 6.1.1
Click on Persistent Expand All to keep your topology from collapsing to the Group level. Click on Persistent
Collapse All to keep your topology from expanding to the device view. These group visibility settings can be
done per individual user.
Adding Generic Network Objects and Annotations
Right click in the system topology and select Create Network Object to add a network object with descriptive
text. To edit or delete a network object, right click on the object and select Edit Network Object or Delete
Network Object, respectively. Objects may be connected using the Connect icon in the topology view toolbar.
Three types of Network Objects are available: Annotation only, IP address end point or Merged clouds.
102 | LiveNX 6.1.1
Annotation Only
An Annotation Only network object appears only as an annotation in the topology and does not affect
functionality.
103 | LiveNX 6.1.1
Type in the Network Object name, choose the Annotation only type, select the desired object from the
object/shape dropdown, click and drag the Size slider to increase or decrease the size of the object and type in
a string that will be displayed as a Tooltip in the system topology (optional). Click on OK.
104 | LiveNX 6.1.1
IP Address End Point
An IP address end point represents an IP end point in the topology. The IP end point must be connected
to/associated with an interface, subnet, or merged cloud for flows to be drawn to the network object.
105 | LiveNX 6.1.1
Type in the Network Object name, choose the IP address end point, select the desired object from the
object/shape dropdown, click and drag the Size slider to increase or decrease the size of the object and type in
a string that will be displayed as a Tooltip in the system topology (optional). Click on OK. The IP address will be
included in the Tooltip.
106 | LiveNX 6.1.1
Merged Clouds
A merged cloud replaces the member clouds in the topology with a single object. When used with flows, the
merged cloud serves as a bridge between different clouds where the same flows traversing those clouds are
connected via the merged cloud network object.
107 | LiveNX 6.1.1
To merge clouds together, right click on the system topology, and select Create Network Object. Type in the
Network Object name, choose Merge clouds and select the desired object from the object/shape dropdown,
click on the clouds in the topology that you wish to combine, drag the Size slider to increase or decrease the
size of the object and type in a string that will be displayed as a Tooltip in the system topology (optional). Click
on OK. The IP addresses of the merged objects will be included in the Tooltip.
108 | LiveNX 6.1.1
The cloud choices can also be selected using the Find button. Click on Find and then click on the desired clouds
to be merged.
109 | LiveNX 6.1.1
The resultant cloud maintains the end-to-end flow behavior; a flow terminating in one cloud and emanating
from another cloud is now shown as a single flow entering and exiting the merged cloud. Tooltip also includes
the IP addresses of the merged clouds.
110 | LiveNX 6.1.1
Merge clouds can also be accessed directly through the system topology by shift-clicking on clouds to be
merged and then use the right click and choose Merge Clouds. The Create Network Object window will
automatically populate with the selected clouds.
111 | LiveNX 6.1.1
Adding, editing, or deleting annotations or annotated network objects will have no impact on the system
topology or LiveNX operation.
112 | LiveNX 6.1.1
Saving Changes to the Device’s Startup Configuration
When a device is added to LiveNX, the software makes changes automatically to the device’s running
configuration, but not to the startup configuration file. If you want to make these changes permanent, select
the device from the list on the left side of the LiveNX screen, and then select Save to Startup Config from the
File menu and click Yes to save them to the startup configuration file.
Advanced Add Bulk Device
LiveNX supports a method to add or update a large number of devices, while precisely controlling which
interface, polling rates and other user-defined information.
The discovery and add should be done for devices on a per Node basis.
Click on File > Discover Devices. Then specify the IP range to scan, SNMP settings and Node. Click OK.
113 | LiveNX 6.1.1
Click Advanced Add… to add or update devices.
114 | LiveNX 6.1.1
The Advanced Add dialog allows the user to add or update values in the matrix or to export the values to a
CSV file, make edits and then import the CSV back into LiveNX. Columns that can be edited directly in the
matrix are shaded.
Click on Add/Update Devices and then follow the wizard to add or update the devices.
115 | LiveNX 6.1.1
Click on Export to CSV to export the device values into a CSV file for further editing.
Save the edited file and then go to File > Import Devices. Use the import picker to locate the saved CSV file
and click on Import.
116 | LiveNX 6.1.1
Review your device modifications in the Add/Update Devices window.
117 | LiveNX 6.1.1
Expand/Collapse
Click on the Expand button next to Manage to show additional details of the devices, interfaces and VLANs
listed in the Device/Interface Tree Table. The Expand button is used to define sites and tags.
Defining Sites and Tags
Sites, tags and labels are used to help with understanding data shown in dashboard, reports and alerts. Start
by defining key site devices and the key WAN interfaces on the devices. One or more devices can be specified
for a site and one or more WAN interfaces can be defined per device. Using these definitions, the site
dashboard widgets, reports and alerts can get populated. Also, not all devices and interfaces need to be
defined.
For groups of devices, you can define a group site and a Site IP range designation once and it becomes valid for
all devices within that group.
Set capacity and labels for WAN interfaces which are used in various reports and dashboards. The capacity is
used to determine what maximum capacity the current bandwidth should be compared against, so that
percentages can be calculated rather than using the line interface rate. This is useful if WAN interfaces
connect to a service that is limited in capacity below the level of the line rate.
118 | LiveNX 6.1.1
Set tags on interfaces for quick searches. The tags work like tagging you find in various internet sites for
searching pictures, tweets and other information. You can tag similar interfaces in any way that is desired. For
example, all interfaces that are linked to a particular service provider could be tagged with “Sprint” (for
instance) or all interfaces that constitute the “East” region could be tagged and reported on.
The image below illustrates the expanded view of the Device/Interface Tree Table showing additional
characteristics of the network devices, interfaces and VLANs.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
IP Address: IP address of the device, interface or applicable VLAN.
Node: Name of the LiveNX Server or LiveNX collection Node associated with the device.
Label: User-defined name on the device’s interface is for descriptive purposes and is used in dashboard
widgets and reports for user-defined labeling. (This used to be called Destination in LiveNX versions prior
to 3.0.). Customers that upgraded from an earlier version to 3.0 will see their interface destinations now
show up as an interface label.
Capacity: User-defined numeric value for each interface. Set this value to either the line rate or WAN link
capacity for calculating % of use in various reports. Values are entered in Kbps.
WAN: User-defined checkbox to label wide-area network interfaces, which are then used in WAN reports
and for tag-based filtering.
Service Provider: User-defined alpha-numeric string to label an interface with a service provider name.
Site: User-defined alpha-numeric string to label a device or a group of devices by location. There is one
site tag for a group of devices. All devices and interfaces within that group inherit the site tag. If a device
site tag is defined and then a group tag is added for that device, the group tag will take precedence over
the device tag. If no group site tag is chosen, then the devices within that group may have individually
defined site tags. Devices not assigned to a group can have individually defined site tags. For clarity, the
site tag information is not replicated for inherited devices or interfaces in the Device/Interface Tree Table.
Site IP: User-defined tag to correlate the site tag to a site IP or IP range, specified in CIDR format. To
define a site range, first define the site tag. Once a site is correlated with a site IP range, all subsequent
site tags will automatically use the same site IP range tag. If the site IP range is defined at the group level,
all devices and interfaces within that group inherit the site IP tag. There is one site IP range designation
for a given site tag. All devices and interfaces within that group inherit the site IP tag. For clarity, the site
IP tag information is not replicated for inherited devices or interfaces in the Device/Interface Tree Table.
Tags: User-defined alpha-numeric string(s) provide additional labeling for a given interface.
Description: Description value from the device MIB.
Polling: Polling rate on the device in seconds.
CPU: Device CPU LED. (Default turns red when CPU utilization exceeds 80%).
Memory: Device memory LED. (Default turns red when memory usage exceeds 95%).
Interface drop: Interface LED. (Default set to > 0.000 pps).
Class drop: Class LED. (Default set to > 0.000 Kbps).
Date changed: Most recent device configuration date. The orange highlighting indicates that the running
configuration has not been saved to the startup configuration since the last modification.
119 | LiveNX 6.1.1
To modify the group Site tag, select the group and then enter the alphanumeric string in the Site field in the
Details window as shown below. Use the dropdown to select among previously defined Site tag choices.
To modify the group Site IP tag, first select the group, then create a Site tag and then enter the IP address or
range of IP addresses in the IP field in the Details window in the image below. Since there can be one Site IP
tag for a given Site tag, adding previously defined Site tags into the Device/Interface Tree Table will cause
LiveNX to fill in the corresponding Site IP tag. Changes to a defined Site IP tag will change that Site IP tag
throughout the Device/Interface Tree Table.
120 | LiveNX 6.1.1
To modify the device’s site tag, select the device by clicking on it and then enter the alphanumeric string in the
Site field in the Details column in the image below. The resultant string will appear in the Site column
corresponding to the selected device. Use the dropdown to select other pre-defined sites or type in a few
alphanumeric characters and LiveNX will auto-fill based on previous site definitions. If this device is part of a
group with a defined group Site or group Site IP tag, then the group tag will already be listed in the Site and
Site IP fields, respectively, in read only mode. Creating and modifying the Site and Site IP tags are available to
Administrator user roles.
121 | LiveNX 6.1.1
To modify the interface’s label, capacity, WAN, Service Provider or tags fields, click on any interface in the
Device/Interface Tree Table and input the information in the Interface Details column on the right-hand side
of the table. Creating and modifying the label, capacity, WAN, Service Provider, Site and Tags fields are
available to Administrator user roles.
Label: Type an alphanumeric string in the Label text box or double click on the label cell to enter the label in
the table.
Capacity: Type any numeric value in the Capacity test box or double click directly on the Capacity cell to enter
the value (in Kbps) directly into the table. With the 6.1.1 software release, onwards, user can enter both input
and output capacity on a single interface of a router.
Input and output capacities will be visible on the webui, stories  device inventory  interfaces.
WAN: Check on the WAN checkbox either in the Interface Details column or directly in the WAN cell in
the table.
Service Provider: Type any alphanumeric string in the Service Provider Name text box. Once entered, click on
the dropdown arrow on the right-hand side of the text box to select an existing alphanumeric string.
122 | LiveNX 6.1.1
Tags: Enter the tag in the Enter tag here entry box. Tags are entered one at a time; typing in a space will result
in an underscore in the tag definition. LiveNX stores each tagged value. Use the checkbox to select previously
defined tags. The # column to the right of the Tag list column indicates the number of times an interface in
your LiveNX system uses that defined tag. Right click on a defined tag to delete the tag from the system; this
will remove the tag from all interfaces in the system. Click on the Remove unused tags to remove any tag that
has no interface associated with it. Like the delete tag, the remove unused tags button removes this tag for
the system.
Following is a portion of the Device/Interface Tree Table view with added labels, capacity, WAN, service
provider, site, site IP and tags.
Group details are shown by highlighting a group in the Device/Interface Tree Table. Editable fields are:
•
•
•
Site tag
Site IP tag
Tags
123 | LiveNX 6.1.1
Device details are shown by highlighting a device in the Device/Interface Tree Table. Editable fields are:
•
•
•
Site tag
Site IP tag
Tags
124 | LiveNX 6.1.1
The following image shows the details section for an interface or switched virtual interface. Editable
parameters are:
•
•
•
•
•
Label
Capacity
WAN Enable
Service Provider
Tags
125 | LiveNX 6.1.1
Click Collapse to hide the Device/Interface Tree Table and Details Section.
126 | LiveNX 6.1.1
Filtering the Device/Interface Tree
Click on the magnifying glass next to the text field to provide filtering capability for the Device/Interface
Tree Table.
Select All, Name, IP Address, Node, Label, Capacity, WAN, Service Provider, Site, Site IP, Tags, Interface drop
or Class drop and then enter alphanumeric data into the adjacent text box to filter the list based only on the
selected column of data. The filter matches against hidden data as well. For example, if the Device/Interface
Tree Table is in collapsed mode, the filter will operate on hidden columns. Default is All.
Case sensitive, Case insensitive – Select Case sensitive or Case insensitive to filter the list based on matching
the text and case or just the text, respectively. Default is Case insensitive.
Match from start, Match exactly, Match anywhere – Select Match from start, Match exactly or Match
anywhere to determine whether the filter matches the entered text on the beginning of the data in the field,
on exactly the data in the field or anywhere within the field, respectively. Default is Match anywhere.
Keep parent row if any of the children match – Select this to filter the list to display the parent row of
hierarchy based data if the entered data matches any of the children rows and unselect this to not display the
parent row. Default is enabled.
Keep the children if any of their ancestors match – Select this to filter the list to display all the children rows
of any hierarchy based data if the entered data matches the ancestor row, and unselect this, to not display the
children rows. Default is enabled.
127 | LiveNX 6.1.1
Flow Probe Support
LiveNX provides integrated support for NetFlow probes such as ntop’s nProbeTM product. nProbeTM is a
software application that can be used as a NetFlow probe and collector. Details for installing and using
nProbeTM can be found at http://www.ntop.org/products/nprobe/.
To integrate with LiveNX, run the device discovery process using the Device Wizard as depicted in the
Configure Device Wizard shown earlier in this chapter.
During Select Features for the desired device, enable Associate Probe at IP Address and type in the probe IP
Address.
128 | LiveNX 6.1.1
Complete the Device Wizard Configuration
A probe can also be configured by first discovering the device, right clicking on the device to Add and Remove
Interfaces.
During the Select Features step, enable the Associate Probe at IP Address checkbox and enter the
probe’s IP address.
129 | LiveNX 6.1.1
In the Enable Polling step, please ensure that a Polling Rate is selected and that Flows are enabled.
Ensure that nProbeTM is running and exporting to LiveNX and you should start seeing flows drawn to the
associated device.
All standard NetFlow V9 fields are supported. In addition, the following nProbeTM fields are supported.
130 | LiveNX 6.1.1
Field Id Field Name
Description
57552 FRAGMENTS
Number of fragmented flow packets
57554 CLIENT_NW_DELAY_SEC
Network latency client  nprobe (sec)
57555 CLIENT_NW_DELAY_USEC
Network latency client  nprobe (usec)
57556 SERVER_NW_DELAY_SEC
Network latency nprobe  Server (sec)
57557 SERVER_NW_DELAY_USEC
Network latency nprobe  Server (usec)
57558 APPL_LATENCY_SEC
Application latency (sec)
57559 APPL_LATENCY_USEC
Application latency (usec)
57573 SRC_IP_COUNTRY
Country where the source IP is located
57574 SRC_IP_CITY
City where the source IP is located
57575 DST_IP_COUNTRY
Country where the destination IP is located
57576 DST_IP_CITY
City where the destination IP is located
57577 FLOW_PROTO_PORT
L7 port that identifies the flow protocol or 0 if unknown
57579 LONGEST_FLOW_PKT
Longest packet (bytes) of the flow
57580 SHORTEST_FLOW_PKT
Shortest packet (bytes) of the flow
57581 RETRANSMITTED_IN_PKTS
Number of retransmitted TCP flow packets
(source destination)
57582 RETRANSMITTED_OUT_PKTS
Number of retransmitted TCP flow packets
(destination  source)
57583 OOORDER_IN_PKTS
Number of out of order TCP flow packets
(destination  source)
57584 OOORDER_OUT_PKTS
Number of out of order TCP flow packets
(destination  source)
57585 UNTUNNELED_PROTOCOL
Untunneled IP protocol byte
57586 UNTUNNELED_IPV4_SRC_ADDR
Untunneled IPv4 source address
57587 UNTUNNELED_L4_SRC_PORT
Untunneled IPv4 source port
57588 UNTUNNELED_IPV4_DST_ADDR
Untunneled IPv4 destination address
131 | LiveNX 6.1.1
57589 UNTUNNELED_L4_DST_PORT
Untunneled IPv4 destination port
57590 L7_PROTO
Layer 7 protocol (numeric)
57591 L7_PROTO_NAME
Layer 7 protocol name
LiveNX supports visualization of devices that don’t support SNMP and the projection and reporting of flow
information for these types of devices.
132 | LiveNX 6.1.1
Adding Devices into LiveNX That Don’t Support SNMP
Go to File > Add Device. Since the virtual devices do not support SNMP, choose No SNMP connection settings
available. Type in the IP Address of the device. Click on Next.
At the Add a Virtual Device dialog box, enter the System Name.
In the map interfaces to indexes, add the interface to be visualized.
•
•
•
•
•
ifIndex: Represents the index of the associated interface.
o This is in the index that is exported in the flow record and is used to project the flows across
the device in the system and device flow views. See your device manufacturer’s
documentation on how to get the ifIndex used for flow export.
Interface: The interface name
Description: The description of the interface (Optional)
IP Address: The IP of the interface (Optional)
Subnet: The subnet of the interface (Optional)
NOTE: If no IP and subnet is supplied there will be no interconnections between other devices in the system
topology.
133 | LiveNX 6.1.1
After clicking on Finish, the following dialog box will appear.
134 | LiveNX 6.1.1
The system and device flow views should contain the device labeled “NoSNMPDevice.”
135 | LiveNX 6.1.1
9.
Role-Based Access
Role-Based Access Control
LiveNX provides a role-based access control (RBAC) login facility that controls the various functions of the
application. Authentication can be handled locally by LiveNX or by using a Lightweight Directory Access
Protocol (LDAP) service. The table below shows the RBAC privileges for each user type:
Administrator
Full
Configuration
Partial
Configuration
Monitor
Only
Clerk
Manage Users
X
Configure Login
Settings
X
Add and Remove
Devices
X
Edit Device Settings
X
Configure Devices
X
X
Configure Devices
Using Templates
X
X
X
Monitor Devices
X
X
X
X
X
Enable DNS
Resolution
X
Manage Reports
X
X
Manage IP
Mappings
X
X
Manage Port
Assignments
X
X
Manage Flow Filters
X
X
Manage Alerts
X
Manage Topology
X
Manage Database
X
Configuring IP SLA
Dashboard
X
Save Topology
Changes Upon Exit
X
X
X
X
136 | LiveNX 6.1.1
Demo
User
X
X
X
Administrator Role—Admin
The Administrator role controls all aspects of LiveNX. Multiple administrators may be logged in at the
same time.
Adding, deleting, or changing user accounts
Configuring login settings, including setting the session timeout interval for users
Adding or removing the devices that will be accessed and controlled by LiveNX
Configuring device settings managed by LiveNX
Full device-configuration capabilities
Access to pre-defined configuration templates for the various technologies
Monitoring devices accessed by LiveNX
Enabling DNS resolution for resolving IP addresses to hostnames within charts and other parts of the user
interface
Creating and deleting reports, and scheduling periodic reports
Defining address-to-name mappings and adding addresses to a blacklist, for customizing the appearance
of IP addresses within application views and reports
Redefining the default mapping of port numbers to application names, for customizing the appearance of
ports within application views and reports
Creating and managing filters for use in flow reports
Enabling alerts, configuring alert thresholds, and configuring how alerts are delivered to the user,
including configuring an outgoing email account for email-based alert delivery
Managing the topology, including managing the master topology layout, managing groups,
creating/editing generic network objects, creation/editing annotations
Managing internal databases, including purging, backing up, and restoring data
Customizing warning thresholds on the IP SLA dashboard view
Certain features are available for all administrators, but only one administrator can work on certain aspects of
LiveNX at a time. This includes:
•
•
•
•
•
•
•
•
•
•
Discover, add, edit and remove device
Configure login settings
Configure session settings
Manage DNS settings
Manage alerts
Configure e-mail
Export and import configurations
Group management
Master topology layout management
Schedule reports
Full Configuration Role—Full Config
The Full Configuration role allows configuration and monitoring control of the devices added by the
Administrator, but has no user-management capabilities.
Full device-configuration capabilities
Access to pre-defined configuration templates for the various technologies
Monitoring devices accessed by LiveNX
Creating and deleting reports
Defining address-to-name mappings and adding addresses to a blacklist, for customizing the appearance
of IP addresses within application views and reports
Redefining the default mapping of port numbers to application names, for customizing the appearance of
ports within application views and reports
137 | LiveNX 6.1.1
Creating and managing filters for use in flow reports
Partial Configuration Role—Partial Config
The Partial Configuration role is limited to monitoring and utilizing pre-defined configuration templates found
in LiveNX.
Access to pre-defined configuration templates for the various technologies
Monitoring devices accessed by LiveNX
Clerk Role—Clerk
The Clerk role is limited to basic monitoring and managing user accounts.
NOTE: The Clerk role is provided to enable trusted non-technical staff to assist the Administrator with managing user
accounts. Because this role can create Administrator-level users, use proper precautions, training, and screening before
assigning this role to any user.
Adding, deleting, or changing user accounts
Monitoring devices accessed by LiveNX
Monitor Only Role—Monitor Only
The Monitor Only role provides an access control category which permits a user to log into LiveNX to monitor
devices, review reports and save topology changes upon LiveNX exit.
Access to the various technologies
Monitoring devices accessed by LiveNX
Topology modifications are saved upon user log out
Demo User Role—Demo User
The Demo User role provides an access control category which permits a user to log into LiveNX to monitor
devices and review reports without allowing any of this user’s changes to get saved. The demo user has:
Access to the various technologies
Monitoring devices accessed by LiveNX
No modifications are saved upon user logout
For the following technologies, the demo user can open these dialogs and change parameters, but will not be
able to save any changes to the device.
QoS: Create policy from template, create policy from application (NBAR), adjust Input/Output QoS,
manage QoS settings, copy policies to devices, manage NBAR, set max reserved bandwidth
Flow: Configure flow
Routing: Manage policy-based routing
IP SLA: Set up quick test, show IP SLA test status, manage tests, manage system tests
Global Versus Per-User Settings
Some LiveNX settings are customizable on a per-user basis. These include:
System topology layout, which can also be synced with the master topology layout at any time
Showing/not showing individual confirmation dialogs
Individual technology view settings (window sizes, locations, flow filter used, color mapping used, QoS
chart type, IPSLA chart type, etc.)
138 | LiveNX 6.1.1
Initial Administrator User Creation
The first time the LiveNX Server is started, a default administrator account will be automatically created, with
a username of “admin” and a temporary password of “admin.” Upon logging in, you will be prompted to
change this password.
Log-in
When the LiveNX Client is started, the user will be prompted to log into the application. Upon first logging in,
each user will be asked to change his or her password to restrict password knowledge to the individual user.
If a locally installed LiveNX Client was launched, the user may choose which LiveNX Server instance to connect
to on the Client Login dialog by clicking “Configure” and then specifying a hostname and port number. This
option is not available if the LiveNX Client was launched via the web.
139 | LiveNX 6.1.1
Managing Role-Based Access
Role-based access is configured from the Users menu.
Which brings up the User Management Dialog showing the list of users, role and device access.
Adding or editing an existing user brings up the Editing Dialog.
140 | LiveNX 6.1.1
NOTE: All device login and RBAC information is encrypted and then stored in an encrypted file by LiveNX using the
Advanced Encryption Standard (AES) cipher.
Manage Users
The Users > Manage Users dialog allows the following actions:
Creation of a user account and password
Editing of a user account
Deletion of a user account
Activation of a user account
Deactivation of a user account
Configuration of user device access
Configuration of LDAP authentication
Username Parameters
Usernames and passwords are case sensitive and may include special characters and spaces. Usernames must
be unique. An error dialog pops up to prevent the same username from being used.
141 | LiveNX 6.1.1
Timeouts
A user’s login session expires after he or she has been inactive for the configured timeout interval, requiring
the user to log in again. Only Administrators can change the configured timeout interval.
The global timeout interval applies to all users for whom a user-specific timeout interval has not been
configured. By default, the global timeout interval is five minutes. To change the global timeout interval, go to
the Tools menu and select Options > Security, then enter the desired setting in the Login Options section.
142 | LiveNX 6.1.1
A user-specific timeout interval may be set on the Edit User dialog. The session timeout setting on this dialog
is only visible to Administrators. By default, a user’s timeout interval will be the global timeout interval,
described above.
143 | LiveNX 6.1.1
Authentication Options
The Administrator can set password restrictions globally for all user accounts by going to Tools > Options >
Security. Select the desired properties and click Apply.
Item
Description
Password expires
after
Sets the number of days that a user’s password is valid, after which time
the password will expire.
Allow password
change once in
Restricts the interval, in days, that must elapse before a password may be
changed (e.g. if this property is set to 2 day(s), a user may change his/her
password once in 2 days).
Number of previous
passwords to save
Tracks the previous passwords used per account, to prevent reuse.
Minimum characters
required
Required property. Sets the minimum number of required characters.
Number of
uppercase
characters required
Sets the number of uppercase characters that are required in the password.
Number of
lowercase characters
required
Sets the number of lowercase characters that are required in the password.
Number of numeric
characters required
Sets the number of numeric characters that are required in the password.
Number of special
characters required
Sets the number of special characters (e.g., ! * + , - / : ? &) that are required
in the password.
Default session
timeout
144 | LiveNX 6.1.1
Required property. Sets the global session timeout interval after which an
inactive user is automatically logged out of LiveNX. This setting may be
overridden on a per-user basis.
Item
Number of failed
consecutive login
attempts
Lock user if number
of failed attempts
occur
Description
Required property. Sets the number of consecutive failed login attempts a
user is allowed before he/she is locked out.
If a user reaches the number of failed consecutive login attempts within the
number of hours specified, he/she will be locked out (e.g. if Number of
failed consecutive login attempts is set to 3 attempts and Lock user if
number of failed attempts occur in is set to 2 hour(s), a user will be locked
out if he/she has 3 failed consecutive login attempts within 2 hours).
Show recent login
results
Displays a message indicating whether the user was successful or
unsuccessful at last login.
Show login banner
A customized login message can be displayed to users. Click Edit to
manually enter a message, or cut and paste text from another source.
Configuring User Device Access
Users can be configured to allow all or partial view and configure access to devices depending on the user’s
role through the Device Configuration Access dialog box. The User Management dialog has a list with a
“Device Access” column indicating the level of access the user currently has. Select the user from the User
Management window and click Modify Device Access to modify the device access. Note that admin users by
default have access to all devices so the button is not enabled.
The device configuration access dialog configures which devices the user can view, configure and store
credentials for. These options are dependent on ther users role, but also the capabilities of the device.
Be aware that certain columns and checkboxes in rows and options will be enabled and disabled based on
these rules:
1.
2.
Monitor only users will not be allowed to set the configure or store credentials options per device.
Monitor only device will not be configurable to allow configure or store credentials for any user until the
device is added as a configureable device.
145 | LiveNX 6.1.1
3.
4.
The option to configure all devices is not allowed for monitor only users.
Setting the view all or configure all options at the top of the dialog will disable the default add device
settings at the bottom of the dialog.
146 | LiveNX 6.1.1
User Management through LDAP via WebUI
With the LiveNX 6.0.2 release, user management in conjunction with Lightweight Directory Access (LDAP)
management can be done via the application Web Interface. The application can authenticate users against an
external LDAP servers. LDAP authentication allows authorized LiveNX users to take advantage of their LDAP
server to add, manage and authenticate users to access the application. Active Directory is a user information
directory services database. LDAP is an application protocol for querying and modifying entries in an Active
Directory (AD). Single or Multiple LDAP servers can be added and per user role permissions can also be
managed at a group level or per individual user level.
The user management feature is for both LDAP user management and local user management. Bulk user
addition and role permissions can be managed via the WebUI (i.e. Set of users belong to a group can be given
appropriate role permissions per access requirements). SSL/ TLS certificates are implicitly added. The session
timeout would be the same value as used in the Java client. All user management properties such as addition,
deletion, deactivation and what devices can be managed by a which user can be done via the WebUI.
To use the user management authentication via LDAP, the LiveNX application needs to be able to connect to
the external LDAP server. The LDAP server needs to be added to the application. The next section goes over
the integration steps on how to properly configure LDAP authentication within the WebUI of LiveNX
Application.
Note: The LDAP integration in the Java Client is independent of the WebUI LDAP integration, i.e.; depending
on what application you are using to monitor devices, the LDAP integration should be done on that specific
application (Java client or WebUI). The LDAP server added on the Java client will not be seen on the LiveNX
Web user interface and vice-versa. Administrator can add only one LDAP server on Java client, but multiple
LDAP servers can be added on the WebUI.
LDAP Management WebUI
There is some initial information required to be gathered by the administrator before integrating the LDAP
server with the LiveNX application. The requirements to add the User information is provided in the User
Management section in a later section below.
•
•
•
•
•
LDAP Server IP Address
o To receive the LDAP Server information, you must either know, or find out the IP Address of the
server from the LDAP system administrator.
Systems Administrator credentials to add appropriate LDAP server
Bind DN or Search Base information.
o The Bind DN information can be discovered by connecting to the LDAP server and opening the
Active Directory Users and Computers window, right click on the user that is being authenticated
against, and select Properties.
Base DN Information
o These are the containers in which you are allowing LiveAction to look for LDAP users.
Attribute Mappings for searching database for username or identity strings.
To integrate user management with the application, the LDAP server network needs to be reachable and
added to the application. The LDAP Management interface can be found on the top left corner LiveNX WebUI
 Configure tab  LDAP Management.
147 | LiveNX 6.1.1
Clicking the LDAP management, will open the LDAP General Settings page, as shown below. The LDAP General
Settings shows the status on the LDAP integration with the server application. This can be set to ON/ OFF at
the edit section (Enable LDAP Poller). Administrator can control the LDAP background polling interval, poll
time and time zone settings. This feature is specific to the Web Interface and not present in the java client
screen. Poll interval is set to a default value of daily update and is a background process.
The below figure shows the LDAP general server settings.
Changes to the LDAP user database polling interval, polling time can be defined or modified at this edit
section.
148 | LiveNX 6.1.1
From the LDAP Management section. Click on the
sign to add a New LDAP server.
The below section shows a detailed view on adding a new LDAP server.
LDAP Server Main Settings tab:
Name: This field is any free text string that identifies the configuration engine. (e.g.: HQ-Ldap, DC-Ldap)
Search base: A search base defines the location from which LDAP search begins in the directory. A base dn
is the point where a server will search for the directory users. Multiple search bases can be added to limit
to multiple subtrees of LDAP directory.
149 | LiveNX 6.1.1
From within the Attribute Editor, you can see the Base DN information:
This is in LDAP standard format (format e.g.. DC=liveaction,DC=qa,DC=com). This means that are only
giving the permission to look in those specific folders for users.
If you wanted to look at all User folders for the specific tree, then you could use
DC=liveaction,DC=qa,DC=com as the Base DN.
The LDAP API can reference an LDAP object by its Distinguished Name (DN). DC or Domain Component is
the DNS domain name, CN or Common Name is the Relative Distinguished Name of user administrator.
LDAP Server Address: In this field the admin can enter the IP address of the required LDAP server. Make
sure the LDAP server is reachable. (e.g.: 172.78.1.48)
LDAP server port 389. This is the default port for LDAP connection without SSL/TLS. SSL/ TLS certificates
will be searched on port 443 by default. Administrator will be asked to check for trust of certificate and
fetch certificate. After trust is accepted the LDAP settings is saved and port 636 is used by default. The
LDAP connection with SSL/ TLS is via port 636 by default.
150 | LiveNX 6.1.1
Identity: This will be a user who can browse the application LDAP/AD forest. Typical example: CN=ADAuth,CN=Users,DC=liveaction,DC=com
Click on the LDAP Advanced Settings to do any advanced LDAP search functions.
LDAP Server Advanced Settings tab:
It is necessary to find the Attribute Mappings for Username & Full Name. To find this, you will need to look at
LiveAction’s properties and browse to the Attribute Editor tab.
Username: This is an attribute that will be utilized to have names mapped into LiveNX. Admin can specify
which LDAP attribute of user object to use as username of the LiveNX user entry.
Typical example: [sAMAccountName / userPrincipalName / mail]. Search for sAMAccountName in the
Attribute column, and in the Value column, we used “LiveAction” for its “Username”. After, scroll down to
“displayName” for the “Full Name”.
151 | LiveNX 6.1.1
User Search String: By default, application searches for all user objects from MS Active Directory, but this can
be customized for other LDAP providers like OpenLDAP servers. User search string, in addition to search base,
can also be a way to limit LDAP search.
Typical example:
[(&(objectCategory=Person)(objectClass=User)(memberOf=CN=NETWORK ADMINS,DC=liveaction,DC=com))]
Limit search query to members belonging to a security group.
Group search string: By default this will retrieve all groups from LDAP. This is not used specifically for User
management. This is used together with the report sharing section for sharing a report to an individual or a
group.
Displace name: This is an attribute to commonly show the username field. This field is to specify which LDAP
attribute of user object to use as Display Name of the LiveNX user entry.
Once the LDAP server is added, the entry will show up under the LDAP Server Management section. Another new
LDAP server can be added as well in this section in the same way as described above. The complete user view and
modifications of can be done at the LDAP Management screen.
152 | LiveNX 6.1.1
User Management WebUI
In this section admins can manage the users from the linked LDAP server connection. Managing users can
include adding local users, LDAP users and LDAP group users and setting user roles to each user or group.
There is some initial planning required to be gathered by the administrator before adding the LDAP users with
the LiveNX application.
•
•
•
•
Are there individual local users to be added for local authentication without LDAP binding.
Do we know the LDAP servers associated with the list of users to be added?
Are we adding individual LDAP users or users by the group from the LDAP server?
Do we know what roles each user needs to be provisioned? (admin, monitor only, clerk…)
The User Management interface can be found at the Configure  User Management tab.
We can add an individual local user or an individual LDAP user or a group of LDAP users.
153 | LiveNX 6.1.1
Username: This is the LiveNX username.
Session Timeout: By default, this is 15 minutes. Timeout for each user from the application.
The role for users or a LDAP group can be added or modified at this section. Roles are 6 pre-defined roles as
mentioned previously in the document.
To add a group of users or individual users, administrator can go to the Groups View tab or Users View tab.
User Management – Groups view. To make changes per group  dropdown menu to select the specific LDAP
server. The group is by search base. Choose role.
The User Management - Users view
154 | LiveNX 6.1.1
To add an individual user from the LDAP server, select the specific user and click Add User.
Complete view of users and the roles can be views at the User Management screen and changes to a specific
user can also be done at this location.
User Management to modify device access per user. Select the specific user and click on the Modify Device.
Individual User addition, modification, deactivate can be done at this section.
155 | LiveNX 6.1.1
All-Access Section
The all-access section at the top of the dialog allows a quick way to let users have view and/or configure
access to all devices currently and any added in the future. Monitor only users have the option to only choose
the view option. The selection of this option will override the behavior of “Defaults” section and will become
disabled.
NOTE: The configure all option also automatically enabled storing the credentials for the device as well.
Configure
The configure section sets indvidual device view, configure and storing credential access controls. The search
field allows narrowing of the device list and right click options per column to enable and disable for all devices
in the list for that particular setting.
View Setting
The view setting allows the user to view the device in reports, dashboard, topology, alerts and search. When
disabled, the device will not be viewable by the user nor have the option to set the configure setting. A device
has to be viewable to be able to set the configure setting.
The following limitations are applied for devices that are not viewable:
•
Device Tree
o The device will not show in the device management tree
156 | LiveNX 6.1.1
•
Topology
o The device will not show in the topology view in any of the technology tabs
•
Reports
o The device is not selectable from the device selection list
o When all devices are selected, the non-viewale devices are excluded
157 | LiveNX 6.1.1
•
Alerts
o
•
Dashboard
o The dashboard will not show information from the device
•
Search
o Device will be excluded from the search results from reports, topologies and filters
•
Device Lists
o Devices lists used to select devices will exclude non-viewable devices
Any alerts that contain that a device are not shown in the alert widows
158 | LiveNX 6.1.1
Configure Settings
The configure setting allows the user to configure the device based on the user’s role as admin, full config or
partial config user allowed capabilities. A device must have the viewable setting enabled before configure is
allowed. Devices that are not viewable have no way to be seen and configured.
Storing Credentials Settings
Device configuration requires having credentials to access the device. Typically these credentials are stored
once so that the user doesn’t have to keep typing them in. When the store credential option is not a selection,
this will override the default behavior, which means, that for every configuration attempt to the device, that
user is required to enter his/her credentials.
159 | LiveNX 6.1.1
Defaults Section
The defaults section is when new devices are added, if the devices should be added with view, and the
configure and storing credentials option is enabled.
NOTE: If all device capabilities are set, they override this behavior. This setting allows for new devices to be
added, but doesn’t require users to continuously add the devices to the device access list.
Configuring LDAP User Authentication
LiveNX supports single sign-on by utilizing LDAP/Active Directory Integration. Utilizing single sign-on methods
provides domain administrators a simplistic way of managing user integration with LiveNX.
NOTE: It’s also recommended to have at least 1 local administrative user, to manage the system for backup.
To enable and configure LDAP/AD Authentication, here are some brief instructions:
1.
2.
Log into LiveNX with the current local administrative account
Click Users > User Management
3.
Click LDAP Authentication Settings
160 | LiveNX 6.1.1
4.
Check Enable LDAP Authentication
a. OPTIONAL: Click Certificate Manager
i. Certificate Manager Allows the import of certificates from the domain for LDAPS transport
from the remote Server on port 636
5.
Go to LDAP Connection Settings and fill in
a. LDAP Server
i. This will be the Hostname or IP of the LDAP/AD Server
b. Port
i. Default LDAP Port = 389
ii. Default LDAPS Port = 636
c. Bind DN
i. This will be a user who is capable of browsing your LDAP/AD forest
1. Format: CN=myadministrator,CN=myusergroup,DC=mydomain,DC=domainextension
161 | LiveNX 6.1.1
Password
i. Password of the User indicated under Bind DN
Go to Base DN and fill in
a. Base DN
i. This represents the base tree of your domain in order to browse users
ii. Users are capable of implementing multiple Base DNs in order to browse portions of the
domain to pick out users from different groups.
Go to Attribute Mappings and fill in
a. Username
i. This is an attribute that will be utilized to have names mapped into LiveNX
ii. Typically this is: sAMAccountName / userPrincipalName / mail
b. Display Name
i. This is an attribute to commonly show the username field
ii. Typically this is: cn, displayName, name
Click Test Connection Settings
a. This will allow you to test your configuration before completing the configuration to allow you to
correct any settings if there are mistakes.
d.
6.
7.
8.
9. Click
10. Back
11. Under
a.
12.
13.
14.
15.
OK
to User Management > Click Add
Add LDAP Users > Uncheck Add
Click on the + Next to the Base DN
i. This will expand the current LDAP tree and will allow you to select users who you want
to add into LiveNX from LDAP/AD
Select users by checking under Add next to the users you would like to import
Click Add Users
The users will be added at this point to the list under User Management
a. You have options to edit Users for Role, Device Access, Session Timeout, Deactivate, Modify
Device Access
i. Modify Device Access allows you to control which users has access to what device
in LiveNX
Click Close
Caveats
If the Bind DN or the password fields are blank, the user is prompted to enter a username and password based
on the Bind DN and password of the LDAP administrator.
162 | LiveNX 6.1.1
Specifying Multiple Subtrees (Base DNs)
The Base DNs allow the user to specify several different DN groups within the LDAP directory. Click on the
Subtree Search to traverse users in subgroups under the selected DN group. Default is checked.
163 | LiveNX 6.1.1
Username Configuration
Usernames between the two directories must be unique. An error dialog pops up to prevent the same
username from being used in both directories.
164 | LiveNX 6.1.1
If you fail to log-in with your credentials you will be locked out of LiveNX and will need to reset your
configuration. It is recommended that you make a copy of your configuration before enabling LDAP.
The users selected via the Add LDAP Users dialog will get added to the User Management dialog with
Directory = LDAP and Status = Active. Click on a user and click on Edit to modify the Active, Role, Device
Access or Session Timeout settings.
165 | LiveNX 6.1.1
Adding LDAP Users without Browsing LDAP/AD
The LiveNX administrator can add LDAP directory users without connecting to the LDAP Server by using the
LiveNX Username feature. In the User Management window, click on Add. Type in the username, click on the
desired Role, click on LDAP Directory and then select LiveAction Username as the Authentication Method.
LiveNX will automatically fill the remaining DN information from any of the defined Base DN definitions.
During the LiveNX login process, the user will login using the same user name and password stored in the
LDAP Server.
Remapping Users
The LiveNX administrator can rename LDAP directory users without connecting to the LDAP Server by using
the map to another LDAP username feature. In the User Management window, click on Add. Type in the new
LiveAction only username, choose the Role, choose LDAP Directory, select Map to Another LDAP Username
and then type in the desired LDAP user. During the LiveNX login process, the user will login as LiveActionAlias
and use the password stored in the LDAP Server corresponding to LDAPUser to authenticate.
166 | LiveNX 6.1.1
167 | LiveNX 6.1.1
Managing Active User Sessions
User sessions can be actively monitored and managed from the LiveAction Management Console installed on
the LiveNX Server PC. Launch the LiveAction Management Console from the LiveAction program group. If the
Console is not connected to the LiveNX Server instance, select Manage > Connect to Server. Currently active
sessions can be viewed in the Sessions tab. To forcefully log out users, click on the session and select Logout
User.
Lost Passwords
For security reasons, Administrators cannot recover user passwords. If a user forgets his or her password, the
Administrator or Clerk must delete the user’s account and then recreate it using a new password. If all
Administrator and Clerk passwords are forgotten, the application configuration must be reset.
Resetting the Application Configuration
To reset the application configuration, shut down the LiveNX Server and delete the server.conf configuration
file. This will cause all application settings, including the list of devices and associated login credentials, to be
lost. The next time the LiveNX Server is started, the default Administrator account will be automatically
created again (username “admin”, password “admin”), and all devices and configurations will need to be reentered as if this were a new installation.
server.conf location:
Windows
• C:\LiveAction Server Data\XX\server.conf
Linux
• /var/LiveActionServer/data/XX/server.conf
168 | LiveNX 6.1.1
10. APIC-EM Integration
With the LiveNX 6.1 release, users can now integrate Cisco Application Policy Infrastructure Controller
Enterprise Module (APIC-EM) controller with LiveNX application. APIC-EM is a Cisco software-defined
networking (SDN) controller designed to orchestrate and manage Cisco LAN and WAN devices.
“The APIC-EM IWAN Application guides successful Cisco Intelligent WAN (IWAN) deployments through
automation directed by a highly intuitive, policy-based interface that helps IT abstract network complexity and
design for business intent. Business policy becomes network configuration at the speed of now with Cisco SDN
solution. IWAN App automatically builds, deploys, updates and monitors network devices and configurations,
accelerating the transition to hybrid WAN, and quickly realizing the benefits of lowered WAN transport costs
while increasing available usable throughput, simplified IT, increased security, and optimized application
performance based directly on business outcomes (*).”
* This section was taken from the Cisco-Dclud apic-em-iwan-app-lab documentation.
To add the APIC-EM Controller, click on the APIC-EM Management button.
It opens the following credentials page, where you enter the APIC-EM controller Hostname, username and
password.
Once it is saved, user can click on the discover devices.
169 | LiveNX 6.1.1
Click Discover to add the devices in the APIC-EM device list.
Click on a right arrow to expand one of the listings. Information includes the site, the IP mappings, and the
interfaces.
Close the details and select all devices. Click Add Devices. This automatically adds the devices into the LiveNX
listing. From the menu, select Main > Devices to show that the device inventory is now full of all the devices
being managed by LiveNX.
170 | LiveNX 6.1.1
The Java Client will also show the devices discovered from the APIC-EM integration.
171 | LiveNX 6.1.1
11. LiveNX Server Backup
LiveNX automatically backs up the Server configuration and the system level topology layout files. If the
LiveNX Server requires these backup files, the default location is:
Server configuration backup: \[LiveNX Server Data]\data\x.x\backup
• Where x.x is the LiveNX major release version
System topology backup: \[LiveNX Server Data]\data\x.x\backup\topology-layouts
• Where x.x is the LiveNX major release version
This guide will show how to back up a LiveNX deployment in several ways. The importance of backup is critical
to monitoring tools. This helps ensure that users have a way for disaster recovery with minimal or no loss of
data, depending on the situation.
Always test this in a lab environment before putting these steps in place for production. This will minimize
issues and a secure plan can be put in place to ensure maximum efficiency.
Backup Methods:
•
•
•
Snapshot of VM deployment
Backup of LiveNX configuration only
Backup of LiveNX configuration and storage
172 | LiveNX 6.1.1
Snapshot of VM Deployment
This is one of the easier methods of backing up LiveNX, the only tradeoff is that the snapshot will be controlled
outside of the LiveNX deployment and requires knowledge of VMware ESXi.
Caveat: Make sure that the user who will be performing the snapshot has enough privileges to create the
VM snapshot.
1.
2.
3.
Log into ESXi and locate your LiveNX deployment
Right Click the Virtual Machine
Click Snapshot > Take Snapshot
173 | LiveNX 6.1.1
4.
In the pop-up: Type in the name for the new snapshot
5.
Type a description for the new snapshot
a. Recommends: Adding a date + Time description
b. Example: Apr 1st, 2016 / 15:34 / Before 5.4 Upgrade
Check Box > Snapshot the virtual Machine’s memory
Click OK.
6.
7.
This will quickly snapshot your VM and backup the current state. It’s recommended that a consistent schedule
be utilized when backing up, so that recovery may not result in a larger loss of data. The more frequent the
snapshot, the more data can be retained. The more infrequent the snapshots, the more data loss can incur
when performing the disaster recovery. Find a happy medium if storage becomes a problem.
NOTE: If you delete the VM deployment, you will lose all your snapshots.
Recovering from VM Snapshot
With the snapshots being created on vCenter, this recovery may be the fastest way to retain as much data as
possible without much effort.
1.
2.
3.
Log into ESXi and locate your LiveNX deployment
Right Click the Virtual Machine
Click Snapshot > Snapshot Manager
174 | LiveNX 6.1.1
4.
Select the snapshot you will revert to
5.
Click > Go To
175 | LiveNX 6.1.1
6.
Click > Yes on the pop-up
The VM snapshot will begin to apply and the machine will go back to the last state in the snapshot.
Backing Up LiveNX Configuration Only
There are times where LiveNX’s historical data is not needed and can be dumped. Having a consistent backup
of the configuration is necessary to get things up and running again. Having the convenience of just backing up
the LiveNX configuration is great.
It’s recommended to perform this during off hours, due to users being disconnected when configuration is
being performed.
1.
2.
3.
Log into the LiveNX LAN Management Console
Click > Manage
Click > Export Configuration
4.
Click > Yes [Warning about logging off users]
a. Create a password to protect the file
176 | LiveNX 6.1.1
5.
6.
Click > Browse
Select the location of where to save the configuration file
7.
Save the file
Backing Up LiveNX Data Store
LiveNX and its Nodes have their own data store. If the historical data is useful to keep, there are options to
save them at a remote location if storage becomes an issue. Because LiveNX Data Store truncates the oldest
date out when the disk fills up, it’s wise to back up and maybe even sync the data across to a remote
repository. For Nodes and Server, it’s best to make sure that both are backed up separately.
Directories that are associated with Data Store on both Nodes and the LiveNX Server:
Path and Folders
•
Windows
o Server
177 | LiveNX 6.1.1
o




Node
178 | LiveNX 6.1.1
Alertstore2
Flowstore
Longtermstore-fivemin
snmpstore




•
Linux
o
Server
179 | LiveNX 6.1.1
Alertstore2
Flowstore
Longtermstore-fivemin
snmpstore
o




Node
180 | LiveNX 6.1.1
Alertstore2
Flowstore
Longtermstore-fivemin
snmpstore




•
All-In-One
o Server





181 | LiveNX 6.1.1
Alertstore2
Flowstore
Longtermstore-fivemin
snmpstore
Alertstore2
Flowstore
Longtermstore-fivemin
Snmpstore
Node




Alertstore2
Flowstore
Longtermstore-fivemin
snmpstore
The directories store all the historical data associated with the discovered devices in the infrastructure.
Extract the Backup and Configuration to a Remote Backup
If the location of the backup and configuration is local to the VM deployment, the best thing to perform next is
to move the file to a remote location, to ensure that you can pull the backup at any time and load it into
another LiveNX instance.
The basic guideline is to be able to relocate the config to a secure remote repository for reference in the
future.
Options:
•
•
•
NFS mount and Rsync periodically
Rsync the files to a remote repository without NFS mount
Manually copy into a remote repository
182 | LiveNX 6.1.1
12. LiveNX Server Startup Troubleshooting
The LiveNX Server displays a status LED and messages in the left bottom corner of the Management Console
to indicate progress during the Server start-up process, or to assist in troubleshooting any anomalous start-up
conditions.
Server Status Messaging
Conditions
Red: The Server is currently down
Server state after successful installation/successful
shutdown
Yellow: The Server is currently starting up
Server state after Manage > Start Service
Green: The Server is currently running
Server state during normal operations
Yellow: The Server is currently shutting down.
Server state after Manage > Stop Service
Yellow: Upgrading database...
Server state if an older version of QoS data is
detected.
Please stand by until the upgrade is complete.
If an anomalous condition occurs, the following outlines a few troubleshooting ideas to help remedy the
situation. Please contact LiveAction Technical Support at [email protected] or 408-217-6501 if these
issues persist.
183 | LiveNX 6.1.1
Server Status Messaging
Condition
Red: Port number is currently in use
by another process.
The LiveNX Server uses the following ports (default port number in
parenthesis). Kill any processes that use these ports, or go to the
Properties tab in the LiveAction Management Console and change
the default settings.
Click Apply
Click Manage > Shutdown Service
Click Manage > Start Service
snmp.localPort (0)
clientgateway.ssl.port (7000)
management.console.port (7001)
Red: LiveNX versions do not match.
Server: Server version.
Management Console:
Management Console version.
The LiveNX Server is running an older version than the Management
Console.
Reinstall the LiveNX Server using a more recent version or
downgrade the Management Console. Start LiveAction
Management Console.
Manage > Start Service
Red: Failed to initialize QoS
database.
The QoS database could not start up. Call support for further
troubleshooting.
Red: Failed to initialize flow
database.
The Flowstore database could not start up.
Check that read/write permissions are enabled for the Flow store
directory.
Shut down the LiveNX Server: Manage > Shutdown Service
Start the LiveNX Server: Manage > Start Service
Red: Failed to initialize
alerts database.
The Alertstore database could not start up.
Check that read/write permissions are enabled for the Alert store
directory.
Shut down the LiveNX Server: Manage > Shutdown Service
Start the LiveNX Server: Manage > Start Service
Red: The application configuration
file filename may be corrupted.
The server.conf file or the registry key value used to decrypt the
server.conf file may be corrupted.
If available, restore the server.conf file using a backup copy.
If the default location is used, the server.conf file is stored in LiveNX
Server under the subdirectory Data/XX
XX = Version based on default installation
184 | LiveNX 6.1.1