ISNG QualCOTS v6x AG 733-1216
ISNG QualCOTS v6x AG 733-1216
x
Administrator Guide
73 3- 12 16 R e v. C
Ap ri l 2 3, 2 02 0
Web: http://www.netscout.com
Use of this product is subject to the End User License Agreement available at http://www.NetScout.com/legal/terms-andconditions or
which accompanies the product at the time of shipment or, if applicable, the legal agreement executed by and between NETSCOUT
SYSTEMS, Inc. or one of its wholly-owned subsidiaries (“NETSCOUT”) and the purchaser of this product (“Agreement”).
Government Use and Notice of Restricted Rights: In U.S. government (“Government”) contracts or subcontracts, Customer will provide
that the Products and Documentation, including any technical data (collectively “Materials”), sold or delivered pursuant to this Agreement
for Government use are commercial as defined in Federal Acquisition Regulation (“FAR”) 2.101 and any supplement and further is
provided with RESTRICTED RIGHTS. All Materials were fully developed at private expense. Use, duplication, release, modification, transfer,
or disclosure (“Use”) of the Materials is restricted by the terms of this Agreement and further restricted in accordance with FAR 52.227-14
for civilian Government agency purposes and 252.227-7015 of the Defense Federal Acquisition Regulations Supplement (“DFARS”) for
military Government agency purposes, or the similar acquisition regulations of other applicable Government organizations, as applicable
and amended. The Use of Materials is restricted by the terms of this Agreement, and, in accordance with DFARS Section 227.7202 and FAR
Section 12.212, is further restricted in accordance with the terms of NETSCOUT's commercial End User License Agreement. All other Use
is prohibited, except as described herein.
This Product may contain third-party technology. NETSCOUT may license such third-party technology and documentation (“Third-Party
Materials”) for use with the Product only. In the event the Product contains Third-Party Materials, or in the event you have the option to
use the Product in conjunction with Third-Party Materials (as identified by NETSCOUT in the applicable Documentation), then such third-
party materials are provided or accessible subject to the applicable third-party terms and conditions contained in the “Read Me” or “About”
file located on the Application CD for this Product. To the extent the Product includes Third-Party Materials licensed to NETSCOUT by third
parties, those third parties are third-party beneficiaries of, and may enforce, the applicable provisions of such third-party terms and
conditions.
Open-Source Software Acknowledgment: This product may incorporate open-source components that are governed by the GNU General
Public License (“GPL”) or licenses that are compatible with the GPL license (“GPL Compatible License”). In accordance with the terms of the
GPL or the applicable GPL Compatible License, NETSCOUT will make available a complete, machine-readable copy of the source code
components of this product covered by the GPL or applicable GPL Compatible License, if any, upon receipt of a written request. Please
identify the product and send a request to:
NETSCOUT SYSTEMS, INC.
GNU GPL Source Code Request
310 Littleton Road
Westford, MA 01886
Attn: Legal Department
No portion of this document may be copied, photocopied, reproduced, translated, or reduced to any electronic medium or machine form
without prior consent in writing from NETSCOUT. The information in this document is subject to change without notice and does not
represent a commitment on the part of NETSCOUT. The products and specifications, configurations, and other technical information
regarding the products described or referenced in this document are subject to change without notice and NETSCOUT reserves the right,
at its sole discretion, to make changes at any time in its technical information, specifications, service, and support programs. All
statements, technical information, and recommendations contained in this document are believed to be accurate and reliable but are
presented "as is" without warranty of any kind, express or implied. You must take full responsibility for their application of any products
specified in this document. NETSCOUT makes no implied warranties of merchantability or fitness for a purpose as a result of this
document or the information described or referenced within, and all other warranties, express or implied, are excluded.
Except where otherwise indicated, the information contained in this document represents the planned capabilities and intended
functionality offered by the product and version number identified on the front of this document. Screen images depicted in this
document are representative and intended to serve as example images only.
ii
Contacting NETSCOUT SYSTEMS, INC.
Customer Support
The best way to contact Customer Support is to submit a Support Request:
https://my.netscout.com/pages/mcplanding.aspx
E-mail: [email protected]
When you contact Customer Support, the following information can be helpful in diagnosing and
solving problems:
— Type of network platform
— Software versions
— Hardware model number
— License number and your organization’s name
— The text of any error messages
— Supporting screen images, logs, and error files, as appropriate
— A detailed description of the problem
Sales
Call 800-357-7666 for the sales office nearest your location.
Contents
iii
iv
Contents
v
Enabling PCIe Port Bifurcation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-25
Enabling Bifurcation on Dell PowerEdge Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Enabling Bifurcation on HP ProLiant Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-26
Configuring the Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-27
Monitoring Data Capture on the InfiniStreamNG Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
Confirming Data Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-29
Analyzing Network Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
Port to Interface Mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-30
vi
Upgrading Manually via Reimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-13
Upgrading by Reimaging Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-14
Verifying the Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Verifying the Software Version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Verifying Running Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Verifying Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Verify nGeniusONE Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Verifying NTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-15
Verifying RPM Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
Verifying Disk Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
Verifying System/RAID Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-16
Post Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-17
vii
viii
Chapter 1
Product Overview
1-1
About InfiniStreamNG Qualified COTS Appliances
NETSCOUT InfiniStreamNG appliances are intelligent deep packet capture and analysis appliances that
deliver dedicated, always on, monitoring and continuous capture capabilities for real-time and
back-in-time analysis. The appliances can be used with the nGeniusONE™ Unified Performance
Management platform to analyze all packets traversing the network for rapid problem isolation and
service delivery assurance.
InfiniStreamNG Software Appliances host Adaptive Service Intelligence™ (ASI) technology, a
high-performance deep packet inspection engine that analyzes network traffic in real-time and
generates highly scalable metadata that enables a comprehensive view of service, network,
application, and server performance across complex multi-tier, multi-domain service delivery
environments.
The appliances perform local real-time granular Layer 4-7 data mining as traffic crosses the wire,
eliminating the need for middleware and extensive backend processing while reducing management
traffic loads. In addition, the appliances capture, index and store packets crossing the wire for
comprehensive deep-dive forensic analysis activities.
InfiniStreamNG appliance software supports the following features:
• Multi-function platform operation: Real-time performance monitoring coupled with
continuous packet capture and recording increases the rate at which problems are
detected, diagnosed and resolved.
• Integration with nGeniusONE solutions: Provides the ability to work seamlessly with
nGeniusONE products to provide efficient top-down KPI-to-Flow-to-Packet analysis and
minimize mean time to resolution.
Note: InfiniStreamNG Qualified COTS appliances can run GeoProbe software and provide data to IrisView
servers; refer to InfiniStreamNG (Geo Mode) Deployment Guide for a list of supported models and instructions
for installing GeoProbe software.
• Real-time statistical monitoring and alerting: Enables users to know about potential
problems before they become business critical or affect end users.
• Industry leading decodes: Delivers detailed analysis down to the packet using unrivaled
decodes for well-known, complex, custom and web-based applications and services.
• Integration with high-performance hardware: Linux-based, security-hardened
appliances deliver reliable high-capacity data acquisition and storage capabilities.
Monitoring Ports
• Four 1/10 Gigabit ports or two 40 Gigabit ports (depending on the ASI NIC installed)
• Operate in promiscuous mode to capture traffic.
• Each port can receive a single flow by connecting directly to a network segment or receive
a stream of consolidated flows when connected to a switch port.
Manage Port
• 1 or 10 Gigabit port (varies by platform) recognized by the operating system as eth0
• Used by nGeniusONE server to communicate with the InfiniStream appliance and also used
for external access by administrators via SSH
Network Connections
Using taps or switch span ports, you can connect the appliance directly in most Ethernet
environments. InfiniStream appliances support the following:
• Monitoring on all network capture interfaces
• Recognition of ISL and 802.1Q VLANs
Note: NETSCOUT InfiniStreamNG Qualified COTS appliances consume the same Type 1 licenses
within nGeniusONE as InfiniStream hardware appliances. For example, an InfiniStreamNG Qualified
COTS appliance equipped with a four-port ASI NIC consumes four Type 1 licenses. If you already
have other InfiniStream appliances in your network and you have available Type 1 licenses, you do
not need purchase any additional licenses from NETSCOUT to install and operate an InfiniStreamNG
Qualified COTS appliance.
• System Preparation DVD that verifies that the server hardware you supplied meets the
minimum InfiniStreamNG appliance system requirements. The software on this DVD also
configures the RAID controller and storage arrays used to store packet data.
• Restore/Operating System & Drivers DVD that installs a customized, hardened Linux
operating system and loads the device driver for the ASI NIC. This OS replaces any existing
operating system already installed on the server.
• Application CD that installs the InfiniStream application software which performs packet
capture and storage. The current kit contains both InfiniStream and GeoProbe application
software to support nGeniusONE, nGenius Business Analytics, and IrisView OAM
applications.
Instructions for installing the ASI NIC in the server hardware you purchased are provided in Chapter 2
"Preparing the Hardware". To transform the server into an InfiniStream appliance using the three
discs, perform the steps in Chapter 3 "Installing Software on InfiniStreamNG Qualified COTS Servers"
. For information on known limitations and workarounds when installing/operating software on an
InfiniStreamNG Qualified COTS Appliance, refer to the InfiniStreamNG Qualified COTS Software Appliance
Release Notes.
This chapter describes the steps required to physically prepare a server chassis to become an
InfiniStreamNG Qualified COTS appliance and contains the sections listed in Table 2-1. Perform the
procedures in each section before moving on to the next section as shown in the flowchart in
Figure 2-1.
Section Description
"Verifying Site Requirements" on Describes space and power considerations for preparing your site prior to
page 2-3 installing an InfiniStreamNG Qualified COTS appliance.
"Installing the ASI Accelerator NIC" Provides general instructions for installing the ASI NIC supplied in the
on page 2-4 InfiniStreamNG Qualified COTS Appliance kit. For more detailed instructions
on installing adapters in the server you purchased, refer to the
documentation for that server.
"Connecting Management Ports" Describes how to make network or local connections for managing the
on page 2-5 InfiniStreamNG appliance. To access the InfiniStreamNG operating system
for the initial configuration described in Chapter 3, "Installing Software on
InfiniStreamNG Qualified COTS Servers", you can use the remote
management port.
"Cabling Network Capture Describes how to connect the monitor interfaces on InfiniStreamNG
Interfaces" on page 2-9 appliance for packet capture.
"Connecting Extended Storage Provides requirements and cabling instructions/diagrams for connecting
Units (ESUs)" on page 2-15 optional extended storage units to expand the storage capacity of the
InfiniStreamNG appliance.
"Connecting Power and Powering Provides basic instructions for cabling power and powering up your server.
Up Servers/Storage Enclosures" Refer to the documentation supplied with your server for more detailed
on page 2-17 instructions.
Once the server hardware is prepared, continue with the software installation and configuration
procedures provided in Chapter 3, "Installing Software on InfiniStreamNG Qualified COTS Servers".
2-1
START
2-2
Verifying Site Requirements
Before you begin setup of the InfiniStreamNG Qualified COTS appliance, verify the following:
• Space available in a rack or equipment enclosure to fit the server chassis
• Proximity to patch panels or network switches to connect network cables to the
InfiniStreamNG capture ports, Manage port, and Remote Management port
• Power available to run to the InfiniStreamNG appliance, either:
– A 110V or 240V AC power source, with two outlets available for the dual redundant
power supplies
– A -48V DC power source, with two sets of terminals available for dual redundant power
supplies
WARNING: Read all safety warnings and installation instructions in the documentation supplied with your
server before attempting to mount, install, or power up the server.
• Sufficient clearance space around all sides of the InfiniStreamNG appliance to allow the fan
to adequately exhaust air from the unit.
For site requirement information, refer to the documentation provided for your server, such as:
• HP DL360 Gen9: “Optimum Environment” section of the Setup chapter of the HP ProLiant
DL360 Gen9 Server User Guide
• HP DL380 Gen9: “Optimum Environment” section of the Setup chapter of the HP ProLiant
DL380 Gen9 Server User Guide
• HP DL380 Gen10: “Operational Environment” section of the Setup chapter of the HP
ProLiant DL380 Gen10 Server User Guide
• HP DL560 Gen9: “Optimum Environment” section of the Setup chapter of the HP ProLiant
DL380 Gen9 Server User Guide
• HP DL560 Gen10: “Operational Environment” section of the Setup chapter of the HP
ProLiant DL380 Gen10 Server User Guide
• Dell R430: Dell PowerEdge R430 Owner's Manual
• Dell R730xd: Dell PowerEdge R730 and R730xd Owner's Manual
• Dell R740xd: Dell EMC PowerEdge R740xd Installation and Service Manual
• Dell R830: Dell PowerEdge R830 Owner's Manual
• Dell R940: Dell EMC PowerEdge R940 Installation and Service Manual
• Dell R940xa: Dell EMC PowerEdge R940xa Installation and Service Manual
To mount your server in a rack, refer to the instructions provided in the rail kit provided with your
server, such as:
• HP DL360, DL380, or DL 560 (all generations): 2U Quick Deploy Rail System Installation
Instructions (rack-mounting videos are also available)
• Dell R430, R730xd, R740xd, R830, R940 or R940xa: Rack Installation sheet packaged with
the rail kit
3. To support bifurcation on 40 Gigabit ASI NICs, Dell R740xd servers should be equipped
with riser configuration 4. Note that 10 Gigabit ASI NICs do not support bifurcation but
can also be installed in a riser slot. To verify that bifurcation is enabled on the server,
refer to "Enabling PCIe Port Bifurcation" on page 3-25.
Note: The Manage port is not required to be connected prior to installing InfiniStreamNG software.
During the software installation process, if the Manage port is connected to a network with an active
DHCP server, a dynamic IP address is automatically assigned to the Manage (eth0) port. If the
Manage port is not connected or no DHCP server is available on the network, then the server boots
with no IP address assigned to the Manage port. You can assign a static IP address after inserting the
Restore/Operating System & Drivers DVD, rebooting the server, and then navigating to
the opt/platform/nGIPSetup directory and running the command ./nGIPSetUp.plx.
2 Connect the Remote Management port to the network 1-Gigabit Ethernet link. The port’s
location on certain qualified servers is shown in the figures that follow.
Important: For Dell servers, there are two types of iDRAC licenses: Enterprise and Express. With an
Enterprise license, you can assign either the dedicated iDRAC port or a shared LAN port (the eth0 Manage
port) for iDRAC remote access. With an Express license, you are limited to sharing the Manage port for
remote access. Refer to "Changing iDRAC Network Settings" on page 3-7 for instructions on how to
determine which license is installed and whether you can use the dedicated iDRAC port.
Dell R730xd
Rear Panel
Dell R830
Rear Panel
Manage
Port Dedicated Remote
(eth0) Management
(iDRAC) Port
Figure 2-2 Manage and Remote Management Ports on Qualified Intel Haswell/Broadwell Processor-based Dell Servers
Dell R940
Rear Panel
Dell R940xa
Rear Panel
Manage Manage
Port Port Dedicated Remote
(10 Gigabit) (1 Gigabit) Management
(iDRAC) Port
Figure 2-3 Manage and Remote Management Ports on Qualified Intel Skylake Processor-based Dell Servers
Remote Manage
Management Port
(iLo) Port (eth0)
HP DL380 Gen9
Rear Panel
Remote Manage
Management Port
(iLo) Port (eth0)
HP DL380 Gen10
Rear Panel
HP DL560 Gen9
Rear Panel
Manage Remote
Port Management
(eth0) (iLo) Port
HP DL560 Gen10
Rear Panel
10 Gigabit Remote
Manage Management
Port (iLo) Port
(eth0)
Figure 2-4 Manage and Remote Management Ports Certain Qualified HP Servers
Note: When directing traffic to an InfiniStream appliance using TAPs, you are collecting bidirectional
traffic streams. The cables provided with NETSCOUT TAPs are labeled to indicate DTE (Out) and
DCE (In) sides of the traffic stream. When configuring the traffic flow on the InfiniStream appliance,
use the ports connected to DTE, DCE on the TAP to configure bidirectional flow.
Figure 2-5 TAP Configuration: Four Port 10 Gigabit Full Duplex (FDX) Probe Mode
Figure 2-6 TAP Configuration: Two Port 40 Gigabit Full Duplex (FDX) Probe Mode
Figure 2-7 Span Configuration: Four Port 10 Gigabit Half Duplex (HDX) Probe Mode
Figure 2-8 Span Configuration: Two Port 40 Gigabit Half Duplex (HDX) Probe Mode
Figure 2-9 Mixed Configuration: Four Port Mixed Duplex (MDX) Probe Mode
Important: TAPs, cables, and transceivers are not included with the appliance. Contact NETSCOUT to
order these items. NETSCOUT does not support transceivers that are not supplied by NETSCOUT. Using
non-standard transceivers may cause operational problems with the appliance.
Table 2-3 lists the recommended minimum/maximum light levels and test wavelengths for NETSCOUT
fiber optic devices. Measure the light level input values at the device end of the TAP-to-Device cable
prior to connecting the cable to the device.
Recommended Recommended
Device Input Device Input
Minimum Value Maximum Value
Device Type Mode Wavelength (nm) (dBm) (dBm)
Note: Light levels above 0dBm for SR and 1.5dBm for LR can damage the device transceivers.
Activity LED Green Off Ethernet link is down or the port is disconnected
Link Status #2
Activity Port #2
Link Status #3
Note: The instructions below assume you are installing the ESUs and the same time as the Qualified
InfiniStreamNG Software (COTS) Appliance. If you have already installed the appliance, use the
instructions provided in "Removing an ASI Accelerator NIC" on page 6-4.
1 If they are not already present in the InfiniStreamNG Qualified COTS appliance, install the
RAID controller(s). Follow the instructions in the server’s documentation for installing
expansion cards. Table 2-6 lists the recommended slot location(s) for the RAID controller
for certain approved platforms. If your server model does not appear in the table, contact
NETSCOUT Customer Support as described in "Contacting NETSCOUT SYSTEMS, INC." on
page iii.
Note: Refer to the documentation and guidance provided by HPE and Dell for the location of internal
RAID controllers or any other PCI expansion boards. Ensure that the slot(s) used by these additional
PCI boards do not conflict with the slot required by the ASI NIC; refer to "Recommended NETSCOUT
ASI Accelerator Slot Locations" on page 2-4 for that slot.
WARNING: Read all safety warnings and installation instructions before you rackmount the ESUs or make
any power supply connections. Safety warnings are provided in the Compliance and Safety Warnings for
NETSCOUT Hardware Products available at:
https://my.netscout.com/mcp/AddlDocs/Pages/Technical-Documentation.aspx
3 Ensure that the InfiniStreamNG appliance and all ESUs are powered off.
4 Use SAS data cables to connect the ESU(s), following the instructions provided with the HP
or Dell storage enclosures.
Important: If you ever need to move the system, the ESUs must be reconnected to the same RAID
controller(s) on the InfiniStreamNG appliance as they were originally configured. NETSCOUT recommends
that you label the ESUs to indicate which RAID controller it is connected to for future reference.
Note: All stored data is lost when you repartition the appliance storage drives.
WARNING: Read all safety warnings and installation instructions before you make any power supply
connections or perform any maintenance tasks on a power supply. Refer to the documentation supplied with
your hardware for detailed information.
To connect AC power to the InfiniStreamNG Qualified COTS appliance and power up the system,
perform the following steps:
1 Connect the power cords supplied with the server to sockets on the two power supplies at
the rear of the server.
2 Connect the other end of the power cords to an AC outlet.
3 Ensure that you connect power cords to both power supplies to avoid false system alarms
related to the power supplies.
4 If your server is connected to one or more ESUs, power on the ESU(s) first. Power on
the InfiniStreamNG appliance only after the ESUs are fully powered up. Wait a few minutes
for the units to power on completely before proceeding to the next step.
5 To power up the server, press the power button on the front of the server. If you have
connected a keyboard and monitor to the server, observe the messages that appear to
ensure the server is booting properly.
Important: If you purchased a platform equipped with DC power supplies, read and follow all safety and
cabling instructions provided by the power supply manufacturer. You must ensure the proper external input
power cables, connectors, and connection are used between the DC power supply and the power inputs.
Connection of DC-Mains should be accomplished only by a licensed electrician and in accordance with local
codes.
You are now ready to convert the server into an InfiniStreamNG Qualified COTS appliance by installing
the necessary software as described in "Installing Software on InfiniStreamNG Qualified COTS
Servers" on page 3-1.
This chapter describes how to use the DVDs supplied in the InfiniStreamNG Qualified COTS kit to
install an operating system, drivers, and application software, and contains the sections listed in
Table 3-1. Use the procedures in this chapter to get a new InfiniStreamNG Qualified COTS appliance
configured and capturing data. Perform all the steps in each section before moving on to the next
section as shown in the flowchart in Figure 3-1.
Section Description
"Accessing the Appliance" on Describes both the local and remote management options available for
page 3-3 InfiniStreamNG Qualified COTS appliances.
"Verifying BIOS Settings" on Lists the BIOS settings to verify before attempting to install the
page 3-10 InfiniStreamNG appliance software.
"Preparing the System" on Discusses how to use the System Preparation DVD to verify that the server
page 3-18 meets the InfiniStreamNG appliance hardware requirements and also
initialize the RAID arrays on the system.
"Installing the Operating System Describes how to use the Restore/Operating System & Drivers DVD to install
and Drivers" on page 3-19 a customized, hardened Linux operating system on the server, as we ll as
installing the driver for the ASI NIC.
"Installing the InfiniStream Provides instructions for using the Application DVD to install
Application" on page 3-20 InfiniStreamNG application software, as well as information to help decide
which hard drive partitions you need for the consoles you plan to use with
the InfiniStreamNG appliance.
"Running the Appliance Describes how to run the nGApplianceConfig.plx script to configure IP
Configuration Script settings for the Manage Port, system time source settings, and the local
(nGApplianceConfig.plx)" on time zone for the InfiniStreamNG appliance.
page 3-23
"Enabling PCIe Port Bifurcation" Provides instructions for enabling bifurcation to enhanced performance on
on page 3-25 the latest generation of Dell (R740xd and R940) and HP (DL380 Gen10 and
DL560 Gen10) servers.
"Configuring the Agent" on Describes how to set basic options for the InfiniStreamNG agent using the
page 3-27 Agent Configuration utility. Refer to the detailed Agent Configuration Utility
for CDM/ASI Administrator Guide for complete reference on all agent options.
"Monitoring Data Capture on the Describes how to enable and confirm data collection on the InfiniStreamNG
InfiniStreamNG Appliance" on appliance using different consoles/applications, including nGeniusONE.
page 3-29
Once you have performed these installation steps, you can continue to Chapter 4, "Customizing the
InfiniStreamNG Appliance" for information on setting additional options.
3-1
START
3-2
Accessing the Appliance
To access the InfiniStreamNG Qualified COTS appliance for initial configuration, you can access the
appliance in one of two ways:
• Connecting to the Appliance Locally attaching a keyboard and monitor to the hardware
• Connecting to the Appliance Remotely using a dedicated network interface and remote
access utility offered by the platform manufacturer
After the initial configuration of the appliance’s network settings, you can also connect to the appliance
remotely by establishing an SSH session with the Manage port and perform the following functions:
• Starting and stopping the appliance, services, and processes
• Running the nGApplianceConfig script to modify appliance configurations
• Installing service packs
• Collecting data for troubleshooting
Note: It can take a few minutes for the prompt to appear while the system powers up and BIOS
messages display. If the login prompt does not appear, the system has not completed power up. Wait
a few minutes and try again.
4 If prompted, log in to the server’s current operating system (instructions vary depending on
the OS pre-installed in the factory).
5 Once you are logged in, you are ready to start installing InfiniStreamNG appliance software
as described in "Preparing the System" on page 3-18.
Opening an iLO Remote Console Window and Booting the Server from a DVD
As an alternative to connecting a local monitor and keyboard, you can establish a remote console
connection with the HP server to directly access the server OS and to install InfiniStreamNG software
on the system. Using the remote console, you can virtually mount an InfiniStreamNG software DVD in
your local computer’s drive, boot the HP server from the DVD and install software over the network.
To open a remote console window to the server system prompt, perform the following steps:
1 If you have not already, open a web browser and enter the IP address assigned to the iLO
network interface in the URL field.
2 Log into iLO using the pre-assigned default credentials or if you have changed the
credentials, enter the customized username and password you assigned.
3 From the menu on left side of the screen, click on Remote Console to expand its options
and click Remote Console underneath it to view the Remote Console - Integrated iLO
Remote Console screen.
4 From the Launch tab page, click Launch under the Java Integrated Remote Console (Java
IRC).
5 When a Java security warning appears, click Continue.
6 When asked if you want to run the Java Integrated Remote Console application, click Run.
The iLO Integrated Remote Console window appears.
7 If you want to boot the HP server from a DVD inserted into your local computer, do the
following:
a From the Virtual Drives menu in the iLO Integrated Remote Console window, place a
checkmark next to Image File CD/DVD-ROM.
b In the Choose Disk Image File window, use the file explorer to select the appropriate
InfiniStreamNG appliance ISO software file on the DVD and click OK.
– COTS_revX_XX_XX-PREP.iso (System Preparation DVD)
– ngenius-datasource-6xx0G-restore-64bit.iso or
ngenius-datasource-6xx0J-restore-64Bit.iso depending on your server type
(Restore/Operating System & Drivers DVD)
c From the Power Switch menu, choose Reset to reboot the HP server. The server
maintains the iLO remote console session while it reboots.
d When the HP ProLiant splash screen appears, press F11 to access the Boot Menu.
e From the One-Time Boot Menu, use the arrow keys to select iLO Virtual USB 2 : HP iLO
Virtual USB CD/DVD ROM and press Enter.
8 Before installing the InfiniStreamNG appliance software, check the system BIOS settings as
described in "Verifying BIOS Settings" on page 3-10.
Important: For Dell servers, there are two types of iDRAC licenses: Enterprise and Express. With an
Enterprise license, you can assign either the dedicated iDRAC port or a shared LAN port (the eth0 Manage
port) for iDRAC remote access. With an Express license, you are limited to sharing the Manage port for
remote access. The instructions below describe how to determine which license is installed and provide
instructions for selecting which port to use iDRAC remote access if you have an Enterprise license installed.
1 Attach a keyboard, monitor and mouse to the appropriate ports on the server.
2 Power up the hardware as described in "Connecting Power and Powering Up
Servers/Storage Enclosures" on page 2-17.
3 Watch the boot messages on the monitor and when prompted, press F2 to enter the
System Setup.
4 From the System Setup Main Menu, click iDRAC Settings.
5 From the iDRAC Settings menu, click Network.
6 The current network configuration is displayed. If you want to change the iDRAC IP address
from DHCP-assigned to a static IP address, do the following; otherwise, continue with
"Changing the Default iDRAC Password" on page 3-8:
a Change the setting for Enable DHCP to Disabled.
b In the Static IP Address field, enter an IP address for the server iDRAC network
interface.
c In the Static Gateway field, enter the IP address for the default gateway of the remote
management network.
d In the Subnet Mask field, enter the appropriate subnet mask for the IP address you
typed previously.
Opening a iDRAC Remote Console Window and Booting the Server from a DVD
1 Open a web browser and enter the IP address assigned to the iDRAC interface in the URL
field.
2 Log into iDRAC using the pre-assigned default credentials (username root, password
calvin) or if you have changed the credentials, enter the customized username and/or
password you assigned.
Note: Log in to the iDRAC interface with an account that possesses Administrator or Operator
privileges. The default root login account has Administrator privileges. For more information working
with iDRAC user accounts, refer to the appropriate Integrated Dell Remote Access Controller (iDRAC)
User's Guide for your server.
3 Click on the Server link in the left navigation pane of the web interface.
4 Click on the Console tab in the main body of the interface.
5 Click the link to Launch Virtual Console.
6 From the Virtual Console window, click the Virtual Media menu, select Connect Virtual
Media, and then select Map CD/DVD.
7 Do one of the following:
a If you are using a DVD and have not already inserted it to your local computer, do so
now. Select the letter associated with your local DVD drive and click Map Device.
b If you are using an ISO image that was copied to your hard drive, select the C: drive
and click Browse. Use the Open dialog to locate the ISO file on the drive and click
Open. In the Map CD/DVD dialog box, click Map Device. Possible names for the ISO
files are:
– COTS_revX_XX_XX-PREP.iso (System Preparation DVD)
– ngenius-datasource-6xx0G-restore-64bit.iso or
ngenius-datasource-6xx0J-restore-64Bit.iso depending on your server type
(Restore/Operating System & Drivers DVD)
After the selected drive/image is mapped to the server, you can boot from it as if though
the drive/ISO was located in the server itself.
8 From the Virtual Console Next Boot menu, select Virtual CD/DVD/ISO.
9 When prompted to confirm your Next Boot selection, click OK.
10 From the Virtual Console Power menu, select Reset System (warm boot).
11 When a Power Control dialog box appears, click OK to confirm that you want to reboot the
server and boot from the virtual drive. During the reboot, verify that Verify IPMI: Boot
to Virtual CD Requested is displayed and the messages Booting from Virtual Optical
Drive and Booting in insecure mode appear in the Virtual Console window.
12 Before installing the InfiniStreamNG appliance software, check the system BIOS settings as
described in "Verifying BIOS Settings" on page 3-10.
Table 3-2 Recommended BIOS/Platform Configuration (RBSU) Settings for HP ProLiant Servers
System Options Serial Port Embedded Serial Port COM1: IRQ4: I/O: 3F8h - 3FFh
Options
Virtual Serial Port COM2: IRQ3 I/O: 2F8h - 2FFh
SR-10V Enabled
HW Prefetcher Enabled
Server Security Server Security One-Time Boot Menu (F11 Prompt) Enabled
BIOS Serial Console and EMS BIOS Serial Console Port Physical Serial Port
BIOS Boot Settings Boot Sequence Integrated NIC 1 Port 1 Partition 1: IBA XE Slot
Boot Option Enable/Disable 0100 v2334
Hard Drive C:
C1E Enabled
C States Enabled
Monitor/Mwait Enabled
Note: If the server is equipped with two Solid State Drives (SSDs), only one SSD will be configured
as a RAID0 array and used as the operating system drive. The second SSD is not used in an
InfiniStreamNG Qualified COTS appliance.
Important: You must physically install the ASI NIC in the server BEFORE installing InfiniStream software.
If you attempt to prepare the system with no NIC present, the installation halts with an error message,
Error: NetScout NIC card not detected. If you try to use a NIC other than the one supplied in the
InfiniStreamNG Qualified COTS appliance kit, the installation halts with an error message, Error:
Unsupported NetScout NIC card.
To prepare the system hardware as the first stage of installing InfiniStreamNG appliance software,
perform the following steps:
1 If you have not already, establish a remote console session with the server as described in
"Accessing the Appliance" on page 3-3.
2 Insert the System Preparation DVD into your local computer’s drive or download the
COTS_revX_XX_XX-PREP.iso to the hASI NICard drive on your computer. Use the remote
management tool to create a virtual drive so that you can boot from the ISO file.
3 Reboot the server.
4 When the BIOS setup options appear, modify the boot options so that the server boots
from the DVD in the server or the ISO file that you mapped as a virtual drive.
5 Continue the boot process. The server extracts the ISO file, executes the preparation
scripts, and performs a series of hardware checks. This process requires approximately 10
minutes and does not require any input. When the process is complete, a summary is
displayed indicating the success or failure of the scripts. Figure 3-4 shows an example for
an HP DL380 server where the first two 2.5" SAS drives out of 24 are used as the operating
system drives (instead of a SSD drive).
6 Continue with "Installing the Operating System and Drivers" on page 3-19.
Note: During the OS and driver installation, particularly on HP platforms, your screen may
go blank for approximately 20 seconds. This is normal and you should allow the
installation to continue uninterrupted.
As the second stage of installing InfiniStreamNG appliance software, perform the following steps:
1 If you have not already, establish a remote console session with the server as described in
"Accessing the Appliance" on page 3-3. Insert the appropriate Restore/Operating System &
Drivers DVD into your local computer’s drive or download the appropriate file listed in
Table 3-4 to the hard drive on your computer. Use the remote management tool to create
a virtual drive so that you can boot the server from the ISO file on your computer.
Table 3-4 Restore ISO File for Specific Qualified COTS Servers
For this Qualified COTS server... Use this Restore/Operating System & Drivers DVD disk/file
Dell PowerEdge R430, R730xd or R830 Disc labeled: For "G" and "H" Platforms
HP DL360 Gen9, DL380 Gen9 or DL560 Gen9 (or with no platform indication)
File on disc: ngenius-datasource-6xx0G-restore-64bit.iso
Dell PowerEdge R740xd, R940 or R940xa Disc labeled: For "J" Platforms
HP DL380 Gen10 or DL560 Gen10 File on disc: ngenius-datasource-6xx0J-restore-64Bit.iso
2 When the BIOS setup options appear, modify the boot options so that the server boots
from the DVD or ISO file that you mapped as a virtual drive.
3 Installation requires approximately 20 minutes. For the most part, the OS and driver
installation is entirely automated but it is still recommended that you monitor the status
messages that appear. For example, if you attempt to install the wrong operating system
on the server (such as the J platform disk/file on an earlier G or H platform), the error
message Unsupported platform, aborting installation appears.
Note: The installation attempts to assign a dynamic IP address to the Manage (eth0) port using
DHCP. If the Manage port is connected to a network with an active DHCP server, a dynamic IP
address is automatically assigned. If the Manage port is not connected or no DHCP server is available
on the network, then the server boots with no IP address assigned to the Manage port. You can assign
a static IP address after the server reboots by navigating to the opt/platform/nGIPSetup directory
and running the command ./nGIPSetUp.plx.
4 Press Enter to reboot the server when instructed by the on screen message. Allow the
server to reboot uninterrupted until a Linux OS login prompt appears.
5 Continue with "Installing the InfiniStream Application" on page 3-20.
Note: Use the default username and password the first time you log in to the operating system. After you have
completed installing the InfiniStreamNG appliance software, change the default netscout password.
If you want to change the root user password, enter passwd at the OS command line
interface. Enter the new password and confirm it. Choose a password that a dictionary does
not recognize.
3 Insert the Application DVD into your local computer’s drive or download the appropriate
file listed in Table 3-5 to the hard drive on your computer. Use the remote management
tool to create a virtual drive so that you can access this file in your computer.
Dell PowerEdge R430, R730xd or R830 Disc labeled: For "G" and "H" Platforms
HP DL360 Gen9, DL380 Gen9 or DL560 Gen9 (or with no platform indication)
File on disc: is-6xx0-xxx-eth.bin
Dell PowerEdge R740xd, R940 or R940xd Disc labeled: For "J" Platforms
HP DL380 Gen10 or DL560 Gen10 File on disc: is-6xx0-xxx-eth-j.bin
Note: You must run the application installer file from the /opt directory. Do not copy this file to any
other directory such as /data, /metadata, /flow, /tmp, /home, or /opt/NetScout. If you try to run the
file from one of these directories, the installation fails and the file is deleted, forcing you to repeat the
process.
7 Launch the InfiniStreamNG application installer (refer to Table 3-5 for the appropriate file
name):
./is-6xx0-xxx-eth.bin
or
./is-6xx0-xxx-eth-j.bin
8 The installation script asks you to select your locale. Choose your language and press
Enter.
9 Press Enter on the Introduction screen.
10 Continue pressing Enter to read the End User License Agreement.
11 When prompted, press Y to accept the license agreement.
12 Choose the type of file system to use for the packet store partition. For new installations,
only the NetScout File System is supported. This file system that optimizes disk write and
retrieval performance for high-performance data recording and mining and stores packets
in a /raw partition.
13 The installation script asks you if you want to configure partitions on the InfiniStreamNG
appliance. For each partition, you can specify a size or accept the default size. For some
partitions, you can enter zero (0) to eliminate the partition entirely. These partitions are
located on the same drives used for packet storage. Because of this, the more space you
allocate for these partitions, the less space you will have available for packet storage. Use
Table 3-6 to help decide which partitions you need for the consoles/applications you plan
to use with the InfiniStreamNG appliance.
Note: On first time installations with v6.3 or later, you will be asked if the appliance is installed in an
Enterprise (default) or Service Provider network. The installer uses this network mode to optimize
packet storage on the appliance. If you choose Service Provider, an /archive partition is automatically
created with a fixed size (not configurable) to store certain mobile data. Once you choose the network
mode (Enterprise or Service Provider), the selection is preserved during future upgrades. To change
modes, you must reinstall the application software and choose to repartition the appliance.
14 The installation script displays a Pre-Installation Summary screen. Press Enter to continue.
15 Installation begins. The installer presents an Installation Complete message when finished.
Press Enter to exit the installation script and enter the following command to reboot the
InfiniStreamNG appliance:
shutdown -r now
Note: You can also install GeoProbe software on the InfiniStreamNG Qualified COTS appliance to provide
data to IrisView servers; refer to InfiniStreamNG (Geo Mode) Deployment Guide for instructions on enabling
this feature.
/xdr If the appliance will be configured to produce xDRs/ASRs (eXtended Data Default = 30% of
Records/Adaptive Session Records) and Conversation data for use by available storage.
nGeniusONE or nGenius Subscriber Intelligence, you MUST allocate an /xdr Range = 6 GB to 50% of
partition to store this session data. This partition can be eliminated if the available storage.
appliance will not be used to produce session data for use with those
applications. Enter 0 to eliminate.
An xDR stores metadata for mobile subscriber sessions. The nGenius Subscriber
Intelligence application uses mobile subscriber records to correlate mobile sessions
across multiple monitored legs. The more space you allocate to xDR storage, the
further back Subscriber Intelligence will be able to mine for mobile data session
correlation.
/metadata This partition is required for nGeniusONE, Performance Manager, and Default = 50 GB
InfiniStream Console features such as remote decode, data capture, and Range = 25 GB to 10% of
InfiniStreamNG trace file storage. available storage.
Set a size for this partition based on your anticipated usage listed below:
• nGeniusONE Decode View/Performance Manager Remote Decode stores
transient session data files in /data and <installdirectory>/rtm/pa/data. Although
these files are automatically removed when the decode session is closed, multiple
simultaneous decode sessions can also create temporary index files in the
/metadata partition consuming as much as 20 G of space.
• InfiniStream Console and Performance Manager users can save remote trace
files on the InfiniStreamNG appliance’s /metadata partition instead of
immediately moving mined packets to the InfiniStream Console system or
nGeniusONE Server, respectively.
Excluding the remote decode operations, files saved on this partition must be
managed manually. Users who anticipate heavy use of any of the above
features should increase the partition size to a greater percentage of the total
storage.
/asi This partition is dedicated to storing Adaptive Service Intelligence (ASI) Default = 50 GB
metadata. Range = 25 GB to 10% of
In releases prior to v5.5, ASI metadata was written to the /metadata partition. For available storage.
improved performance and to avoid contention for space in the /metadata partition
from saved trace and decode files, this partition is offered in new 6.x installations.
/flow This partition is required by the InfiniStream Console application. If you do not Default = 0 GB
use that application, you can eliminate this partition. Range = 1-35% of
InfiniStream Console users MUST allocate a /flow partition for the storage of RMON available storage.
data, 15-second flow records, and aggregated 5-minute statistics. All other users can Enter 0 to eliminate.
enter 0 to eliminate this partition or use the default value of 0 GB.
/data (XFS) or This partition is used for packet storage and is not configurable. Total remaining storage
/raw On XFS-formatted appliances, collected packets are stored in a /data partition. On space after space is
(NETSCOUT File NETSCOUT File System-formatted appliances, collected packets are stored in a /raw allocated to the other
System) partition. For new installations, only NETSCOUT File System formatted (/raw) partitions. Not
partitions can be created. configurable and cannot
be eliminated.
To configure your system, you will need to collect the following information:
• IP Configuration for the Manage Port, including IP address, subnet mask, and default
gateway
Note: You can assign either IPv4 or IPv6 (or both) addresses to the Manage (eth0) port, Gateway IP
address, and DNS server addresses. IPv6 addresses can be specified using one of five formats:
standard shortened, standard full, standard leading zero suppressed, short mixed notation, full mixed
notation. The last two formats (short mixed and full mixed notation) allow you to specify IPv4
addresses in IPv6 format.
1 If you have not already done so, establish a local or remote console connection to the
InfiniStreamNG Qualified COTS appliance. Log in as the root user to the operating system
using these credentials:
Username: root
Password: netscout
Note: Use the default username and password the first time you log in to the operating system. After
you log in the first time, change the default password.
9 Enter a valid subnet mask for the Manage port (required for IPv4 only) and press Enter.
10 Enter a valid gateway IP address for the Manage port and press Enter.
11 If you chose to assign both address types to the Manage port, repeat Step 8 and Step 10 for
the IPv6 address; otherwise, continue with the next step.
12 Supply a simple hostname for the appliance and press Enter.
13 Enter the domain name where the appliance’s Manage port is connected and press Enter.
14 Enter the IP address of a DNS server (nameserver). The script gives you the option of
entering multiple DNS server addresses to be used as backups in case the first DNS server
specified is unreachable.
15 Select the Time Source to be used for synchronization of the appliance’s system clock. You
can select from the options in Table 3-7.
.
Table 3-7 Time Source Options
NTP You will be prompted to enter the IP address of one or more NTP servers. Servers are used as fallbacks in the
same order they are specified.
Note: Only IPv4 addresses are supported for specifying time sources; IPv6 addresses are not supported
Important: While the system is being reconfigured, you are unable to log in to the appliance. Do not
manually reboot the appliance during this period. Doing so can cause undesirable results.
Note: Bifurcation is not needed nor supported on 4-port 1/10 Gigabit ASI NICs.
Use Figure 3-5 to determine if your 40 Gigabit ASI NIC supports bifurcation.
Important: If you change the SNMP Read / Write community strings on your InfiniStreamNG appliance, you
must update the strings on the corresponding device listing in the nGeniusONE Device Configuration
window.
8 When the InfiniStreamNG appliance is first installed, it is configured for use with
nGeniusONE only (nGeniusONE Managed enabled).
You can use the [9] Agent Options menu to change which consoles are supported. Toggle
flow collection for the [11] InfiniStream Console Support and/or the [14] nGeniusONE
Managed by entering the corresponding option numbers.
Important:
• The decision you make here directly affects performance. Simultaneous InfiniStream Console and
nGeniusONE/Performance Manager console flow recording is supported. However, performance is
optimized when only one or the other is enabled.
• InfiniStream Console logins are not authenticated locally on the InfiniStreamNG appliance if the
appliance has both InfiniStream Console and Performance Manager Console enabled. If both consoles
are enabled, the appliance automatically redirects InfiniStream Console login attempts to the
nGeniusONE server for authentication. With both consoles enabled, you only need to create user
accounts in the nGeniusONE user database.
• The appliance must have a /flow partition to be used with the InfiniStream Console.
• For security reasons, if the InfiniStream Console is not enabled, the port used for communication with
the InfiniStream Console client (IP listener port 4242) is automatically disabled on the InfiniStreamNG
appliance.
Important: InfiniStreamNG appliances are installed with a built-in root/netscout account. You should
change the root account credentials. This is especially true if the SNMP Community Strings in place on the
appliance are easy to guess or left at their default values. If you do not change this account’s credentials,
there is a potential for unintended access to the appliance and its data.
The nGeniusONE online help contains more information related to adding appliances and configuring
InfiniStream interfaces. You can access the online help by connecting a web browser to your
nGeniusONE server or by downloading the online Help from the MyNetScout.com website
(https://my.netscout.com/mcp/Pages/default.aspx).
Interface Mode 4-Port 1/10 Gigabit 2-Port 40 Gigabit 2-Port 100 Gigabit
(Duplex) Port # Interface # (ifn) Interface # (ifn) Interface # (ifn)
3 5 In/Out
4 6 In/Out
3 4 Out
4 4 In
3 5 Out
4 5 In
This chapter describes InfiniStreamNG appliance options that let you fine-tune or maintain the
appliance’s operations but are not strictly necessary for the initial deployment of the appliance.
Table 4-1 lists the sections in this chapter.
Section Description
"Accessing the InfiniStreamNG Provides instructions for establishing a secure shell (SSH) session to the
Appliance using SSH" on page 4-2 InfiniStreamNG appliance using the PuTTY remote client.
"Creating Custom Login Provides instructions for creating messages that are displayed to users
Messages" on page 4-3 when they log into the InfiniStreamNG appliance using SSH.
"Security Hardening Measures" on Describes how to modify configuration files or run custom scripts to enforce
page 4-10 more stringent security requirements on the InfiniStreamNG appliance.
"Configuring Authentication Describes how to configure the external authentication options for a
Options" on page 4-5 InfiniStreamNG appliance, including using nGeniusONE, RADIUS, or
TACACS+ to authenticate users trying to access the appliance.
"Secure Communication with Discusses how to enable HTTP and HTTPS communication between the
nGeniusONE Servers" on InfiniStreamNG appliance and nGeniusONE server for better performance
page 4-13 and more secure communication.
"Managing Appliance Time Discusses how to manage the system timing source option you assigned
Synchronization" on page 4-15 using the nGApplianceConfig.plx script with other scripts.
"Directing Log Messages to an Provides instructions on how to forward log messages from an
External Server" on page 4-17 InfiniStreamNG appliance to an external syslog server.
4-1
Accessing the InfiniStreamNG Appliance using SSH
Once you have performed the InfiniStreamNG appliance initial configuration, you can later access the
appliance remotely to customize the system using a secure client. Because the InfiniStreamNG
Qualified COTS appliance runs on a hardened Linux operating system, you must configure a client such
as PuTTY on a Windows remote system to access the appliance. PuTTY is a client connection program
for the Secure Shell (SSH), Telnet, and Rlogin network protocols.
Note: This message generally displays upon connecting for the first time from a specific Windows
remote system to the InfiniStreamNG appliance.
10 Log in as root user to the InfiniStreamNG operating system. The default values are as follows:
Username: root
Password: netscout
Action Command
Save changes :w
Method Notes
Step Summary
1. Configure Each type of authentication server has its own configuration file on the InfiniStreamNG
Authentication appliance:
Server • nGeniusONE: /etc/pmauth.config
Parameters
• RADIUS: /etc/radius_auth.config
• TACACS: /etc/pam.d/pam_tacacs_auth
Edit the file corresponding to the type of authentication server you want to use. You’ll need to
provide the server’s IP address as well as some additional settings that vary by server type.
Refer to the following sections for details:
• "Configuring nGeniusONE Authentication" on page 4-6,
• "Configuring RADIUS Authentication" on page 4-7
• "Configuring TACACS+ Authentication" on page 4-8
2. Specify Once you've configured the authentication server settings, you specify which type of
Authentication authentication you want to use for each login type by editing the SSH login file located in
Server Type /etc/pam.d/sshd.
The first line of the file specifies the authentication to use for the corresponding login type. It
should appear as follows for each authentication type:
• nGeniusONE (required for SSH logins only)
auth include pam_pm_auth
• RADIUS
auth include pam_radius_auth
• TACACS+
auth include pam_tacacs_auth
For SSH logins, you must add the appropriate line of text manually to the sshd file.
3. Add RADIUS / If you are using RADIUS/TACACS+ (versus nGeniusONE authentication), any account you want
TACACS+ Users in to authenticate must be defined with the same name in both the RADIUS/TACACS+
InfiniStreamNG authentication server and in the local InfiniStreamNG operating system.
Operating System Note: This limitation only applies to the standalone RADIUS/TACACS+ implementation. It does not
apply to nGeniusONE authentication.
Note: This procedure does not affect nGeniusONE logins. nGeniusONE client logins always use
nGeniusONE authentication, optionally integrated with third-party servers (RADIUS, TACACS+,
LDAP, or Active Directory – see the nGeniusONE online help for details on integrating with third-party
authentication products).
<USEPMAUTH> Change to TRUE to force Sniffer Analysis and/or SSH logins to be authenticated
against the nGeniusONE server specified by the <PMIP> argument. This value is
not required for Sniffer Analysis logins when the InfiniStream Console option is
enabled in the Agent Options menu of the Agent Configuration utility. In that
case, Sniffer Analysis logins are automatically authenticated by the nGeniusONE
server that manages this InfiniStreamNG appliance.
<PMIP> Enter the IP address of the nGeniusONE server to be used for authentication.
This value is not required for Sniffer Analysis logins when the InfiniStream
Console option is enabled in the Agent Options menu of the Agent
Configuration utility. In that case, Sniffer Analysis logins are automatically
authenticated by the nGeniusONE server that manages this InfiniStreamNG
appliance.
<SNMPPORT> By default, nGeniusONE uses listener port 162 for SNMP communication. If you
have modified the SNMP listener port on the nGeniusONE server, change this
value to match. Refer to Appendix A, "Network Listener Port Numbers" for
more information on listener ports used by NETSCOUT devices.
<SECURECONNECTION> Set this option to TRUE if nGeniusONE is configured to listen on a secure HTTP
port. Then, set <PMPORT> to the secure listener HTTP port (usually 443).
<ALLOWLOCALFALLBACK> Specifies whether local accounts should be accepted when the nGeniusONE
server is not available.
This option is enabled by default. When enabled (set to TRUE), users are
authenticated against the InfiniStreamNG local accounts when no managing
nGeniusONE server is available to authenticate users. When disabled (set to
FALSE), the InfiniStreamNG does not fall back to using local authentication
when the nGeniusONE server is unavailable to perform authentication.
Note: If you have upgraded your appliance from a version earlier than 4.9MR1 B818, you may need
to reboot the appliance to trigger an update of required jar files from the associated nGeniusONE
server.
Note: All parameters and terms added to these files are space delimited.
1 Log in to the InfiniStreamNG appliance with root privileges, either locally or in an SSH
window.
2 Add RADIUS users to the local operating system. Any account you want to authenticate
using RADIUS must be defined with the same name in both the local InfiniStreamNG
operating system and on the RADIUS authentication server. Verify the account(s) were
added:
cat /etc/passwd | grep "/home" | cut -d: -f1
The output will list the account usernames on this InfiniStreamNG appliance. If the
account(s) you added are present, continue to the next step.
Note: All parameters and terms added to these files are space delimited.
1 Log in to the InfiniStreamNG appliance with root privileges, either locally or in an SSH window.
2 Add TACACS+ users to the InfiniStreamNG operating system. Any account you want to
authenticate using TACACS+ must be defined with the same name in both the local
InfiniStreamNG operating system and on the TACACS+ authentication server.
aWhen you add a user to the local operating system, use the -G argument to assign it a
Group Name of admin, console, or monitor so that it receives the corresponding
privileges in the InfiniStream Console. For example, the following command adds
localuser to the Admin group:
useradd -G admin localuser
bVerify the account(s) were added:
cat /etc/passwd | grep "/home" | cut -d: -f1
The output will list the account usernames on this InfiniStreamNG appliance. If the account(s) you added
are present, continue to the next step.
3 Specify the TACACS+ server information to be used by the InfiniStreamNG appliance.
aChange directories to /etc/pam.d and open the pam_tacacs_auth file in a text editor
(for example, vi).
bAdd the following as the first line of the file:
auth sufficient pam_tacplus.so debug server=<TACACS server IP address> timeout=<timeout value in
seconds> secret=<shared secret> encrypt login=login
(For example: auth sufficient pam_tacplus.so debug server=10.20.30.10 timeout=5
secret=secretword encrypt login=login).
cSave and exit the pam_tacacs_auth file.
4 Enable SSH to use TACACS+ Authentication.
aChange directories to /etc/pam.d and open the sshd file in a text editor.
bEdit the first line to read:
auth include pam_tacacs_auth
cSave and exit the file.
5 Configure SSH to use PAM.
aChange directories to /etc/ssh and open the sshd_config file in a text editor.
bLocate the line UsePAM and ensure it is uncommented.
cEnsure the value for UsePAM is "yes."
6 Restart the SSHD service:
service sshd restart
You can now log in to the InfiniStreamNG appliance from an SSH session or the InfiniStream Console
using the TACACS+ accounts you configured above.
Hardening Passwords
To provide a simple means of hardening the password security on InfiniStreamNG appliances, a script
is available in the /opt/platform/security/harden_password/ directory. To run this script, log into
the appliance as the root user, change to that directory, and enter the command
./harden_password.sh.
The script replaces the existing system-auth-ac and login.defs system files on the InfiniStreamNG
with modified versions that enforce the password changes described in Table 4-8. If you want to
customize the settings after running the script, you can edit the system files located at:
• /etc/pam.d/system-auth-ac
• /etc/login.defs
Table 4-8 Password Changes with Hardening Enabled
Removes the "mininguser" account previously supported for SSH connections ("root" password
now required for SSH)
Password must contain a mix of upper case, lower case, numbers, and special characters
Password lockout after failed login attempts (default = 3 failed attempts, user-configurable)1
New password must differ by at least four characters from the previous password
InfiniStreamNG appliance uses FIPS-140-2 approved cryptographic hash algorithm for generating
account password hashes
1. To modify the default setting (lockout after 3 failed attempts), edit the deny parameter in
the line auth required pam_tally2.so onerr=fail deny=3 in the file
/etc/pam.d/system-auth-ac on the InfiniStreamNG appliance.
Note: For common editing commands used by the vi text editor, refer to "Using the vi Text Editor" on
page 4-4.
1 If you have not already, configure the nGeniusONE server to use HTTPS:
a Log into nGeniusONE.
b Click the icon for Device Configuration.
c Select the Devices tab (if necessary).
d Select the InfiniStreamNG appliance from the list of devices and click the Details
button.
e From the Communication Protocols drop-down menu, choose HTTPS.
f Click OK.
2 Log into the InfiniStreamNG appliance as the root user.
3 Navigate to the /opt/platform/security/fips directory.
4 To enable FIPS compliant mode, run the following script:
./netscout_fips.sh
5 Reboot the InfiniStreamNG appliance.
Time
Source Description
NTP NTP runs as a service, synchronizing with its NTP server every 16 seconds.
InfiniStreamNG appliances use version 4.1.2 of the NTPD program; there is
no need to patch the NTPD program.
Note: Even if a PTPv2 compliant switch is used, if timestamps are compared between two
InfiniStreamNG appliances, the timestamps for each appliance can be +1 or -1 microsecond from the
reference (PTPv2 Grandmaster) clock. Therefore, under the worst case scenario, the difference
between the two InfiniStreamNG appliances could be up to 2 microseconds.
Note: Except for the Ethernet port and PTPv2 transparent clock mode, all other configuration settings
in ptpv2.conf should be left at their default settings and must not be changed. Whenever you modify
the ptpv2.conf configuration file, restart the PTPv2 service by issuing the command service ptpv2d
start from the OS command line.
• The PTPv2 client (InfiniStreamNG appliance) and PTPv2 Grandmaster reference clock can
be configured to run in one of the two transparent clock modes:
– E2E (End-to-End) mode
– P2P (Peer-to-Peer) mode
NETSCOUT recommends using E2E mode because the number of P2P PTP nodes in one
physical network segment should not exceed two as determined by the IEEE 1588-2008
standard (Section 11.4.4). Additionally, the PTPv2 Grandmaster reference clock should
send a minimum of four PTPv2 SYNC messages per second for best accuracy.
# auditd audit.log
$InputFileName /var/log/audit/audit.log
$InputFileTag tag_audit_log:
$InputFileStateFile audit_log
$InputFileSeverity info
$InputFileFacility local7
$InputRunFileMonitor
d Replace the line that current reads *.info;mail.none;authpriv.none;cron.none;
/var/log/messages with the following:
*.info;mail.none;cron.none;local7.none;authpriv.* /var/log/messages
e Save and exit the file.
f Restart the rsyslog service:
service rsyslog restart
4 Edit the stunnel.conf file to enable the InfiniStreamNG to receive messages on port 514,
encrypt them, and send them out on port 1111 as follows:
a Open the file in a text editor.
b Locate the following block of text:
; Service-level configuration
[test]
accept = :::443
connect = ::1:80
c Add the following lines immediately after the text block:
; Use it for client mode
ciphers = AES128-SHA:DHE-RSA-AES128-SHA
ciphers = AES128-SHA:
DHE-RSA-AES128-SHA
[syslog]
accept=1111
connect=514
c Save and exit the file.
5 Navigate to the /etc/sysconfig directory.
6 Open ports 514 and 1111 in the firewall settings as follows:
a Open the iptables file in a text editor.
b Add the following lines of text before the COMMIT line:
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1111 -j
ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j
ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 514 -j
ACCEPT
c Save and exit the file.
7 Restart the modified services using the following commands:
service iptables restart
service rsyslog restart
service stunnel restart
This chapter describes how to upgrade or restore the software on InfiniStreamNG software appliances
and contains the sections listed in Table 5-1.
Section Description
"Upgrade Overview" on page 5-2 Describes the InfiniStreamNG appliance models and software versions that
can be upgraded to this release.
"Upgrading from nGeniusONE" on Describes how to remotely upgrade the InfiniStreamNG appliance from a
page 5-6 nGeniusONE Server.
"Verifying the Upgrade" on Provides a checklist for verifying appliance operation following a
page 5-15 restoration.
"Post Upgrade Tasks" on Describes additional steps to perform following an upgrade, such as
page 5-17 enabling InfiniStream Console access.
5-1
Upgrade Overview
This section provides the following topics for upgrading InfiniStreamNG appliances, and should be
carefully reviewed prior to starting an upgrade:
• "Upgrade Paths for InfiniStreamNG Qualified COTS Software Appliances" on page 5-2
• "Partitions and Data Preservation" on page 5-3
• "Custom Files to Back Up Before Reimaging" on page 5-5
Refer to the InfiniStreamNG Qualified COTS Software Appliance Release Notes for each release to
determine the upgrade paths supported by the release. In general, two upgrade options are available:
• Upgrade by installing the application file directly on top of the existing version as described
in "Upgrading Manually via Application Update" on page 5-10. All existing packet stores are
preserved using this upgrade method.
• Reimage the operating system and install the application file as described in "Upgrading
Manually via Reimage" on page 5-13. Be aware that all stored data is lost when using this
upgrade method.
Important:
•Stored data can be retained during an application update or Performance Manager
upgrade if you do not change partition settings or the type of file system used for the
packet store partition (/data).
•Any changes to optional partitions or the type of file system used for the packet store
partition results in the loss of all stored data and metadata. This includes:
–Changing the format of the packet store partition (for example, from XFS to the
NetScout File System (raw format)).
–Changing the size of any additional partition (/flow, /metadata, /asi or /xdr).
–Creating or deleting any additional partition (/flow, /metadata, /asi or /xdr).
•All stored data is lost when upgrading the appliance by reimaging.
XFS to NetScout File System Recreate only The only option presented is to Recreate
the partition. When you change file
NetScout File System to XFS system type, the partition must be
recreated. Data is not preserved in this
case.
/xdr If the appliance will be configured to produce xDRs/ASRs (eXtended Data Default = 30% of
Records/Adaptive Session Records) and Conversation data for use by available storage.
nGeniusONE or nGenius Subscriber Intelligence, you MUST allocate an /xdr Range = 6 GB to 50% of
partition to store this session data. This partition can be eliminated if the available storage.
appliance will not be used to produce session data for use with those
Enter 0 to eliminate.
applications.
An xDR stores metadata for mobile subscriber sessions. The nGenius Subscriber
Intelligence application uses mobile subscriber records to correlate mobile sessions
across multiple monitored legs. The more space you allocate to xDR storage, the
further back Subscriber Intelligence will be able to mine for mobile data session
correlation.
/metadata This partition is required for nGeniusONE, Performance Manager, and Default = 50 GB
InfiniStream Console features such as remote decode, data capture, and Range = 25 GB to 10% of
InfiniStreamNG trace file storage. available storage.
Set a size for this partition based on your anticipated usage of the features listed
below:
• nGeniusONE Decode View/Performance Manager Remote Decode
stores transient session data files in /data and
<installdirectory>/rtm/pa/data. Although these files are automatically
removed when the decode session is closed, multiple simultaneous decode
sessions can also create temporary index files in the /metadata partition
consuming as much as 20 G of space.
• InfiniStream Console and Performance Manager users can save
remote trace files on the InfiniStreamNG appliance’s /metadata partition
instead of immediately moving mined packets to the InfiniStream Console
system or nGeniusONE Server, respectively.
Excluding the remote decode operations, files saved on this partition must be
managed manually. Users who anticipate heavy use of any of the above
features should increase the default to a greater percentage of the total
storage. Note that if you choose to increase the size of an existing /metadata
partition, all stored metadata will be lost.
/asi This partition is dedicated to storing Adaptive Service Intelligence (ASI) Default = 50 GB
metadata. Range = 25 GB to 10% of
In releases prior to v5.4.1, ASI metadata was written to the /metadata partition. For available storage.
improved performance and to avoid contention for space in the /metadata partition
from saved trace and decode files, this new /asi partition can be created. Whether or
not this partition is created depends upon your choices when upgrading to v6.x:
• If you choose to retain your partitions during the upgrade, this partition is
not created and ASI data continues to be written to the /metadata
partition as it has in previous releases (refer to recommendations for the
/metadata partition below).
• If you choose to modify your partitions, the /asi partition is automatically
created and linked to the /metadata partition. All ASI metadata is written
to this partition instead of /metadata and this partition cannot be
eliminated.
/flow Required for use with the InfiniStream Console only. Default = 0 GB
InfiniStream Console users MUST allocate a /flow partition for the storage of RMON Range = 1-35% of
data, 15-second flow records, and aggregated 5-minute statistics. All other users can available storage.
enter 0 to eliminate this partition use the default value of 0 GB. Enter 0 to eliminate.
/data (XFS) or This partition is used for packet storage and is not configurable. Total remaining storage
/raw On XFS-formatted appliances, collected packets are stored in a /data partition. On space after space is
(NETSCOUT File NETSCOUT File System-formatted appliances, collected packets are stored in a /raw allocated to the other
System) partition. partitions. Not
configurable and cannot
be eliminated.
File Summary
Mixed Traffic Filter Files Filter files for mixed traffic monitoring are stored in /opt/NetScout/rtm/config. If you open the files,
they consist of separate lines of VLAN IDs or subnet addresses (for example, 192.168.1.0/24). Refer to
"Directing Log Messages to an External Server" on page 4-17 for details on these files.
Back up these filters to a safe location:
When upgrading remotely using nGeniusON3 or manually using an application (.bin file) update, copy
them either to /root or off the system entirely.
When upgrading by reimaging the InfiniStreamNG appliance, copy the files off the system to keep them
safe.
After the upgrade, copy the saved filters back to the same directory.
afmon.properties The afmon.properties file is stored in /opt/NetScout/rtm/bin and may have been customized for data
aging defaults.
Assorted authentication If you edited files to configure SSH or Sniffer Analysis logins to authenticate using nGeniusONE, RADIUS,
files or TACACS, consider backing up those files before a reimage to preserve your settings.
.afm_mode These files are stored in /opt/NetScout/rtm/bin. Back them up and restore them after the upgrade.
.configfile
*.cfg Back up all *.cfg files in /opt/NetScout/rtm/pa. Restore them after the upgrade.
Important: You can only perform remote upgrades from nGeniusONE on Dell R430, Dell R730xd,
Dell R830, HP DL360 Gen9, HP DL380 Gen9, or HP DL560 Gen9 servers. These servers use the
is-6xx0-xxx-eth.bin installation file. You cannot remotely upgrade Dell R740xd, Dell R940, HP DL380
Gen10 or DL560 Gen10 serves which use the is-6xx0-xxx-eth-j.bin installer file.
Dell PowerEdge R430, R730xd or R830 Disc labeled: For "G" and "H" Platforms
HP DL360 Gen9, DL380 Gen9 or DL560 Gen9 (or with no platform indication)
File: is-6xx0-xxx-eth.bin
Dell PowerEdge R740xd, R940 or R940xd Disc labeled: For "J" Platforms
HP DL380 Gen10 or DL560 Gen10 File: is-6xx0-xxx-eth-j.bin
3 Use the following steps to perform the upgrade. In a distributed server environment, you
can perform the upgrade from the Global Manager or from the Local Server that owns the
appliance.
a Launch Device Configuration.
b Click the Upgrade tab.
c Click the InfiniStreams tab. Installed InfiniStream appliances are listed with their
current status, name, IP address, model number, version number, and description
including the firmware release and build numbers.
d Select one or more appliances to upgrade.
– A red icon in the Status column indicates the existence of an upgrade file with
a higher version than the appliance is currently running.
– A green icon indicates that the appliance is already upgraded to the latest file
version in the nGeniusONE server upgrade file repository.
e Click Select file to upgrade.
Preserve all existing partitions and data (Default) Preserves existing partition sizes.
Modify one or more partitions and Select to modify a partition size or eliminate a partition entirely. When
rewrite the partition table you select this option the partition options become configurable, but
data is lost. See "Partitions and Data Preservation" on page 5-3 for more
information.
• Size — Select (enable) the partition checkbox and enter a value
that falls within the displayed range. Deselecting (disabling) a
checkbox eliminates that partition.
The Packet storage option reflects the values you enter for the remaining
partitions.
• File System (Packet storage partition) — From the drop-down
menu, select NetScout or XFS.
Preserve the existing partitions on all (Default) When selected preserves current partition sizes for all selected
selected systems appliances.
Create factory default partitions on all When selected uses the default partition size for all selected appliances.
selected systems
Note: You can also install GeoProbe software on the NETSCOUT Qualified InfiniStreamNG Software (COTS)
Appliance to provide data to IrisView servers; refer to the InfiniStreamNG (Geo Mode) Deployment Guide for
instructions for installing GeoProbe software.
e Use either WinSCP (Windows machines) or SCP (Linux machines) to copy the
installation file to the /opt directory on the appliance.
Note: InfiniStreamNG Qualified COTS appliances can also run GeoProbe software and provide data to
IrisView servers; refer to InfiniStreamNG (Geo Mode) Deployment Guide for a list of supported models and
instructions for installing GeoProbe software.
Table 5-8 Restore ISO File for Specific Qualified COTS Servers
For this Qualified COTS server... Use this Restore/Operating System & Drivers DVD disk/file
Dell PowerEdge R430, R730xd or R830 Disc labeled: For "G" and "H" Platforms
HP ProLiant DL360 Gen9, DL380 Gen9, or (or with no platform indication)
DL560 Gen9 File on disc: ngenius-datasource-6xx0G-restore-64bit.iso
Before attempting to restore the appliance, record the following system information:
IP address:
Netmask:
Default Gateway:
Hostname:
Domain name:
Name Server(s):
Time Zone:
Important:
•Remote reimages are performed either over the web-based iLO/iDRAC interface. Remote
reimages using Telnet are not supported.
•Local reimages are performed by attaching a keyboard and monitor. Local reimages using a
terminal (such as HyperTerminal) attached to COM1 is not supported.
Note: The packet store partition does not appear if you use NETSCOUT File System. Use the parted -s /dev/sdb
print command instead of df -h o view the /raw packet store partition.
From the operating system command line, enter the following command:
ls -al /opt/NetScout/rtm/pa/
Verify /data is linked correctly. If your InfiniStreamNG appliance is configured with the default
NetScout File System (raw format), the output includes a line similar to the following:
lrwxrwxrwx 1 ngenius ngenius 9 2018-01-11 12:37 data -> /metadata
If your InfiniStreamNG appliance is configured as XFS, the output includes a line similar to the
following:
lrwxrwxrwx 1 ngenius ngenius 9 2018-01-11 12:37 data -> /data
Note: This step is only required if you plan to use the InfiniStream Console. Support for the
nGeniusONE is enabled by default.
1 Log into the appliance as the root user, and change directories as follows:
cd /opt/NetScout/rtm/bin/
2 Start the Agent Configuration utility with the following command:
./localconsole
3 Select the [9] Agent Options entry.
4 When the InfiniStreamNG appliance is first installed, it is configured for use with
nGeniusONE only (nGeniusONE Managed enabled). You can use the [9] Agent Options
menu to change which consoles are supported. Toggle flow collection for the [11]
InfiniStream Console Support and/or the [14] nGeniusONE Managed by entering the
corresponding option numbers. The appliance must have a /flow partition to be used with
the InfiniStream Console.
Important: The decision you make here directly affects performance. Simultaneous InfiniStream
Console and nGeniusONE/Performance Manager flow recording is supported. However, performance is
optimized when only one or the other is enabled.
Note: InfiniStream Console logins are not authenticated locally on the InfiniStreamNG appliance if the
appliance has both the InfiniStream Console and Performance Manager Console (nGeniusONE)
options enabled. If both consoles are enabled, the appliance automatically redirects InfiniStream
Console login attempts to the nGeniusONE server for authentication. If you have both consoles
enabled and want to use your existing InfiniStream Console user accounts, you must add these
accounts to the nGeniusONE user database.
This chapter describes how to perform basic maintenance and troubleshooting tasks on a
InfiniStreamNG Qualified COTS appliance and contains the sections listed in Table 6-1.
Important: Do not apply any firmware, operating system patches, kernel upgrades, security patches, or
service packs to your InfiniStream appliance unless obtained directly from NetScout Systems.
Section Description
"Restarting the InfiniStreamNG Describes how to stop and then restart the InfiniStream software.
Application" on page 6-2
"Safely Powering Down the Describes how to properly power down the InfiniStreamNG appliance if you
System" on page 6-3 ever need to move the system or perform hardware maintenance on the
chassis.
"Managing Store and Trace Files Describes various strategies for monitoring and archiving the console store
on the InfiniStreamNG Appliance" and session trace files to avoid losing data stored on the InfiniStreamNG
on page 6-5 appliance.
"Removing an ASI Accelerator NIC" Describes how to remove the ASI NIC from your InfiniStreamNG appliance.
on page 6-4
6-1
Restarting the InfiniStreamNG Application
Some maintenance procedures require that you stop and then restart the InfiniStream appliance
(requires the root password).
1 Connect to the appliance as described in "Accessing the Appliance" on page 3-3.
2 Log in as root user to the operating system. The default login information is as follows:
Username: root
Password: netscout
3 Navigate to the /opt/NetScout/rtm/bin directory and enter the command:
./stopall
4 Wait until all processes stop before proceeding. The InfiniStream processes include the
following:
• procmana(ger)
• tfaengin(e)
• nsprobe
• paservic(e)
Depending on activity during runtime, the following additional processes can run:
5 Use the ./PS command to verify that all processes have stopped. Manually kill any
remaining processes, if required. (The Xvfb process can continue to run.) For example:
pkill nsprobe
pkill cleanupe
6 When you are ready to restart the appliance, enter the command:
./start
7 Verify that all processes are running by entering ./PS at the command-line before
proceeding with any other actions related to InfiniStream software.
Important: Powering down the system by simply pressing the power button on the front of the appliance
can compromise data integrity.
1 Verify that none of the disks displays a fast blinking red Disk Activity/Fault LED indicating
that the disk is being rebuilt in the RAID array. If the disk is rebuilding, wait for it to complete
before powering down the system.
2 When rebuilding is complete, verify that RAID array status is Normal.
3 After you determine that the RAID array is Normal, access the system using either a local
keyboard/monitor or using a physical terminal connection from a Windows client to COM1.
4 Log in to the appliance and enter the following command:
shutdown -h 0
The console displays:
The system is going down for system halt off NOW!
5 Power down your InfiniStream appliance. You can power cycle the appliance either locally
or remotely as described in "Connecting to the Appliance Remotely" on page 3-3. To power
down the appliance locally, do one of the following:
For a HP ProLiant server, perform the following steps:
a Press the Power On/Standby switch to Standby. This places the server in standby
mode, disabling the power supply output and providing auxiliary power to the
server. Standby does not completely disable or remove power from the system.
b Verify that the system LED indicator on the front panel, near the Power On/Standby
switch, is amber and that the fan noise has stopped.
c Disconnect the power cord(s) from the source, then from the server power supplies.
d (Optional) Disconnect any external peripheral devices from the server, including
external DVD drives.
For a Dell PowerEdge server, perform the following steps:
a Press the Power On Indicator/Button on the front panel of the sever.
b Verify that the system LED indicator on the front panel, near the Power On/Standby
switch, is amber and that the fan noise has stopped.
c Disconnect the power cord(s) from the source, then from the server power supplies.
Important: Electrostatic discharge can damage electronic components. Be sure you are properly grounded
before touching any components in your server. A ground strap is provided in InfiniStreamNG 5000 Software
Appliance kits.
Important: If you allocated the default/minimum /metadata partition size of 25 GB, it is strongly
recommended that you do not save remote trace files on the InfiniStreamNG appliance. These trace files
consume space on the partition and reduce the space available for the ASI metadata required for
nGeniusONE monitors and enablers.
The files are managed from within the InfiniStream Console or the Performance Manager Packet
Analysis interface, not from the operating system. For more details working with and managing these
trace files, refer to the InfiniStream Console User Guide or nGeniusONE’s online help topics on Packet
Analysis.
This appendix describes the network listener ports you will need to open in your firewall to support
communication between the InfiniStreamNG appliance and assorted applications, and to support use
of remote management tools. It also describes how to change the listener port used for nGeniusONE
server and InfiniStreamNG appliance communication and file transfers. This appendix contains the
following sections:
• "Communication Listener Ports Used with InfiniStreamNG Appliances" on page A-1
• "Remote Management Listener Ports" on page A-3
• "Assigning an Alternate Communication Listener Port" on page A-4
Table A-1 Communication Ports Used Between InfiniStreamNG Appliances and Other Devices
TCP/22 SSH Client InfiniStreamNG Appliance Remote access clients using Secure Shell (SSH) (for
UDP/22 example, PuTTY and WinSCP) typically use Port 22
UDP/69 nGeniusONE Server InfiniStreamNG Appliance TFTP port for InfiniStreamNG software and decode
pack upgrades
TCP/80 nGeniusONE Server InfiniStreamNG Appliance • nGeniusONE server and InfiniStreamNG appliance
• HTTP Tunneling (if used)
UDP/161 nGeniusONE Server InfiniStreamNG Appliance SNMP between nGeniusONE server and
InfiniStreamNG appliance - often replaced by HTTPS
(port 8443) for more secured communication
UDP/162 nGeniusONE Server InfiniStreamNG Appliance SNMP Traps between nGeniusONE server and
InfiniStreamNG appliance
UDP/395 nGeniusONE Server InfiniStreamNG Appliance NETSCOUT Trap (NETCP) between nGeniusONE server
and InfiniStreamNG appliances
TCP/443 nGeniusONE Server InfiniStreamNG Appliance Secure datamining and data export between
nGeniusONE server and InfiniStreamNG appliances
TCP/1099 nGeniusONE Server InfiniStreamNG Appliance Default RMI ports used by nGenius Performance
Manager
A-1
Table A-1 Communication Ports Used Between InfiniStreamNG Appliances and Other Devices (Continued)
TCP/3306 nGenius Voice | Video InfiniStreamNG Appliance Database port used for nGenius Voice | Video Manager
UDP/3306 Manager
TCP/8080 InfiniStreamNG Appliance nGeniusONE Server When the InfiniStreamNG appliance is configured to
use nGeniusONE authentication, this port is used to
transmit the username and password, and to retrieve
slice size and the user role.
TCP/8080 nGeniusONE Server InfiniStreamNG Appliance HTTP between nGeniusONE server and InfiniStreamNG
appliance
TCP/8443 nGeniusONE Server InfiniStreamNG Appliance HTTPS between nGeniusONE server and
InfiniStreamNG appliance
Note: Refer to the nGeniusONE Server Administrator Guide for detailed information on network
requirements for communication between nGeniusONE clients and nGeniusONE servers. “Accessing the
nGeniusONE Server From Outside a Firewall” in the nGeniusONE online help for details on configuring
HTTP tunneling when deploying the nGeniusONE server behind a firewall. HTTP tunneling greatly reduces
the number of ports required to be opened between the nGeniusONE client and nGeniusONE server.
Destination
Source Destination Listener Port Description
UDP/161 SNMP
TCP/161
UDP/161 SNMP
TCP/161
UDP/623 RMCP/RMCP+
TCP/5901 VNC
Note: Use a higher-numbered listener port that is not already in use by a standard, well-known
application. Also ensure the new listener port is open in your firewall.
Important: All InfiniStreamNG appliances connected to this nGeniusONE server will communicate via the
new listener port. You must reconfigure each InfiniStreamNG appliance that is managed by the nGeniusONE
server for successful communications using the new listener port.
In this step you will edit the serverprivate.properties file on the nGeniusONE server.
1 Log in to the nGeniusONE server as root.
2 Navigate to /opt/NetScout/rtm/bin.
3 Open the serverprivate.properties file in a text editor (for example, the vi text editor).
4 Add the following property to the serverprivate.properties file, where the <portnum> is the
number of the new listener port:
engineprocmanager.connect.portnum=<portnum>
5 Save and exit the serverprivate.properties file.
6 Navigate to /opt/NetScout/rtm/html.
7 Add the following property to the client.properties file, where the <portnum> is the number
of the new listener port:
engineprocmanager.connect.portnum=<portnum>
8 Save and exit the client.properties file.
9 Return to the /opt/NetScout/rtm/bin directory. Stop processes using the following
command:
./stop
10 Run the ./PS command to list any running processes and manually kill any that remain. For
example:
pkill nsprobe
11 Run the following command to flush the IP tables and recognize the new listener port:
/sbin/iptables -I INPUT -p tcp --dport <portnum> -m state --state NEW,ESTABLISHED
-j <ACCEPT/REJECT>
12 Restart processes using the following command:
./start
You are now ready to reconfigure the InfiniStreamNG appliance.
Note: This procedure only modifies the port used for communication between InfiniStreamNG
appliances and the nGeniusONE server. Changing the properties file values does not modify the IP
listener used for HTTP communication between console clients and the nGeniusONE server. To
modify the port used for client-to-nGeniusONE server communication, access the Server
Configuration utility in nGeniusONE and change the Web port number for this nGeniusONE server.
Refer to the nGeniusONE online Help for details.