Sie sind auf Seite 1von 32

Cascade Profiler Virtual Edition Software Installation Guide

Version 10 December 2012

2012 Riverbed Technology. All rights reserved. Accelerate, AirPcap, BlockStream, Cascade, Cloud Steelhead, Granite, Interceptor, RiOS, Riverbed, Shark, SkipWare, Steelhead, TrafficScript, TurboCap, Virtual Steelhead, Whitewater, WinPcap, Wireshark, and Stingray are trademarks or registered trademarks of Riverbed Technology, Inc. in the United States and other countries. Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed Technology or their respective owners. F5, the F5 logo, iControl, iRules and BIG-IP are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware, ESX, ESXi are trademarks or registered trademarks of VMware, Incorporated in the United States and in other countries. Portions of Cascade products contain copyrighted information of third parties. Title thereto is retained, and all rights therein are reserved, by the respective copyright owner. PostgreSQL is (1) Copyright 1996-2009 The PostgreSQL Development Group, and (2) Copyright 19941996 the Regents of the University of California; PHP is Copyright 1999-2009 The PHP Group; gnuplot is Copyright 1986-1993, 1998, 2004 Thomas Williams, Colin Kelley; ChartDirector is Copyright 2007 Advanced Software Engineering; Net-SNMP is (1) Copyright 1989, 1991, 1992 Carnegie Mellon University, Derivative Work 1996, 1998-2000 Copyright 1996, 1998-2000 The Regents of The University of California, (2) Copyright 2001-2003 Network Associates Technology, Inc., (3) Copyright 2001-2003 Cambridge Broadband Ltd., (4) Copyright 2003 Sun Microsystems, Inc., (5) Copyright 2003-2008 Sparta, Inc. and (6) Copyright 2004 Cisco, Inc. and Information Network Center of Beijing University of Posts and Telecommunications, (7) Copyright Fabasoft R&D Software; Apache is Copyright 1999-2005 by The Apache Software Foundation; Tom Sawyer Layout is Copyright 1992 - 2007 Tom Sawyer Software; Click is (1) Copyright 1999-2007 Massachusetts Institute of Technology, (2) Copyright 2000-2007 Riverbed Technology, Inc., (3) Copyright 2001-2007 International Computer Science Institute, and (4) Copyright 2004-2007 Regents of the University of California; OpenSSL is (1) Copyright 1998-2005 The OpenSSL Project and (2) Copyright 1995-1998 Eric Young (eay@cryptsoft.com); Netdisco is (1) Copyright 2003, 2004 Max Baker and (2) Copyright 2002, 2003 The Regents of The University of California; SNMP::Info is (1) Copyright 20032008 Max Baker and (2) Copyright 2002, 2003 The Regents of The University of California; mm is (1) Copyright 1999-2006 Ralf S. Engelschall and (2) Copyright 1999-2006 The OSSP Project; ares is Copyright 1998 Massachusetts Institute of Technology; libpq++ is (1) Copyright 1996-2004 The PostgreSQL Global Development Group, and (2) Copyright 1994 the Regents of the University of California; Yahoo is Copyright 2006 Yahoo! Inc.; pd4ml is Copyright 2004-2008 zefer.org; Rapid7 is Copyright 2001-2008 Rapid7 LLC; CmdTool2 is Copyright 2008 Intel Corporation; QLogic is Copyright 2003-2006 QLogic Corporation; Tarari is Copyright 2008 LSI Corporation; Crypt_CHAP is Copyright 2002-2003, Michael Bretterklieber; Auth_SASL is Copyright 2002-2003 Richard Heyes; Net_SMTP is Copyright 1997-2003 The PHP Group; XML_RPC is (1) Copyright 1999-2001 Edd Dumbill, (2) Copyright 2001-2006 The PHP Group; Crypt_HMAC is Copyright 1997-2005 The PHP Group; Net_Socket is Copyright 1997-2003 The PHP Group; PEAR::Mail is Copyright 1997-2003 The PHP Group; libradius is Copyright 1998 Juniper Networks. This software is based in part on the work of the Independent JPEG Group the work of the FreeType team. This documentation is furnished "AS IS" and is subject to change without notice and should not be construed as a commitment by Riverbed Technology. This documentation may not be copied, modified or distributed without the express authorization of Riverbed Technology and may be used only in connection with Riverbed products and services. Use, duplication, reproduction, release, modification, disclosure or transfer of this documentation is restricted in accordance with the Federal Acquisition Regulations as applied to civilian agencies and the Defense Federal Acquisition Regulation Supplement as applied to military agencies. This documentation qualifies as "commercial computer software documentation" and any use by the government shall be governed solely by these terms. All other use is prohibited. Riverbed Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation. Individual license agreements can be viewed at the following location: https://<appliance_name>/license.php This manual is for informational purposes only. Addresses shown in screen captures were generated by simulation software and are for illustrative purposes only. They are not intended to represent any real traffic or any registered IP or MAC addresses.

Riverbed Technology
199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Web: http://www.riverbed.com

Part Number 712-00132-01

Contents

Chapter 1 - Introduction.............................................................................................................................1 Additional Resources....................................................................................................................................... 1 Contacting Riverbed ........................................................................................................................................ 2 Chapter 2 - Preparing for installation .......................................................................................................3 Required software and hardware ..................................................................................................................... 3 Network access ................................................................................................................................................ 4 Configuration information ............................................................................................................................... 4 Chapter 3 - Deploying the Profiler-VE ......................................................................................................7 Uploading the Profiler-VE OVA package to the ESXi host ............................................................................ 7 Adding a disk................................................................................................................................................. 13 Chapter 4 - Configuring the Profiler-VE .................................................................................................17 Accessing the Profiler-VE ............................................................................................................................. 17 Initial setup .................................................................................................................................................... 19 Chapter 5 - Activating the licenses .........................................................................................................21 Obtaining license keys from the licensing portal .......................................................................................... 21 Entering license keys in the Profiler-VE ....................................................................................................... 23 Chapter 6 - Verifying the Installation ......................................................................................................25

Cascade Profiler Virtual Edition Software Installation Guide

iii

Contents

iv

Cascade Profiler Virtual Edition Software Installation Guide

CHAPTER 1

Introduction

The Riverbed Cascade Profiler Virtual Edition (Profiler-VE) is a virtualized implementation of the Riverbed Cascade Profiler appliance. This document describes how to install the Profiler-VE on a VMware ESXi host. The installation process includes:

Chapter 2, Preparing for installation Chapter 3, Deploying the Profiler-VE Chapter 4, Configuring the Profiler-VE Chapter 5, Activating the licenses Chapter 6, Verifying the Installation

When the installation tasks are completed, the Profiler-VE is ready to configure operationally. Operational configuration is described in the on line help system.

Additional Resources
The primary source of product information is the on line help system. Additional information is available from the Riverbed Support site at https://support.riverbed.com. This includes:

Release Notes - posted on the Software page for your product. Choose your product from the Software menu. Users Guides - posted on the Documentation page for your product. Choose your product from the Documentation menu. Tech Notes - linked to from the Documentation page for your product. Choose your product from the Documentation menu. Knowledge Base - a database of known issues and how-to documents. You can browse titles or search for key words and strings. Choose Search the Knowledge Base from the Knowledge Base menu.

Cascade Profiler Virtual Edition Software Installation Guide

Introduction

Contacting Riverbed

Contacting Riverbed
Options for contacting Riverbed include:

Internet - Find out about Riverbed products at http://www.riverbed.com. Support - If you have problems installing, using, or replacing Riverbed products, contact Riverbed Technical Support or your channel partner who provides support. To contact Riverbed Technical Support, please open a trouble ticket at https://support.riverbed.com or call 1-888-RVBD-TAC (1-888-782-3822) in the United States and Canada or +1 415 247 7381 outside the United States. Professional Services - Riverbed has a staff of engineers who can help you with installation, provisioning, network redesign, project management, custom designs, consolidation project design, and custom-coded solutions. To contact Riverbed Professional Services, go to http://www.riverbed.com or email proserve@riverbed.com. Documentation - Riverbed continually strives to improve the quality and usability of its documentation. We appreciate any suggestions you may have about our on line documentation or printed materials. Send documentation comments to techpubs@riverbed.com.

Cascade Profiler Virtual Edition Software Installation Guide

CHAPTER 2

Preparing for installation

When you purchase the Profiler-VE, you receive a license activation token in email. Ensure that you have this token. Also ensure that:

The required hardware and software is available. Ports are open to allow the Profiler-VE to receive information from other Cascade appliances and to access required network services.

Required software and hardware


VMware ESXi 4.1 or 5.0 Cascade Profiler Virtual Edition OVA package VMware vSphere Client ESXi server hardware with at least: Four Virtual CPUs 8 GB of RAM 250 GB of storage space for system disk Two NICs

Note that a second disk must be added for traffic flow data storage. This disk can be between 250 GB and 2 TB. It is recommended that the primary virtual disk be thick provisioned to ensure the disk space will be available to the virtual machine. However, primary virtual disk can be thin provisioned if there is enough free space on the datastore to support the size of the disk when it becomes full. If the datastore runs out of disk space when using thin provisioned virtual disks, the virtual machine may become unstable and require re-installation. The secondary virtual disk can be thick provisioned or thin provisioned.

Cascade Profiler Virtual Edition Software Installation Guide

Preparing for installation

Network access

Network access
The Profiler-VE must access other Cascade products and also network services.

Communication between Cascade appliances


If you lock down your network on a port-by-port basis, ensure that the following ports are open between Cascade appliances:

TCP/22 (ssh) This is needed for the Profiler-VE to transfer upgrade packages to other Cascade devices that are connected to it. TCP/8443 Exchange of encryption certificates between Cascade appliances. TCP/41017 Encrypted communication between Profiler-VE and Sensors, Sharks or Gateways. UDP/123 (ntp) Synchronization of time between a Sensor or Gateway and the Profiler-VE.

Access to and from network access services

TCP/22 (ssh) This is needed for secure shell access to Cascade software components and for the appliance to obtain information from servers via scripts. UDP/161 (snmp) The Profiler uses SNMP to obtain interface information from switches. Also, management systems use this port to read the Cascade appliance MIB. TCP/443 (https) Secure web-based management interfaces. TCP/5432 (odbc) If you will be allowing other applications to access the Profiler-VE internal database via ODBC, then you must allow traffic on this port. 42999 If you will be using the Profiler-VE user identification feature with a Microsoft Active Directory domain controller, then you must allow traffic on port 42999. Vulnerability scanner ports If you will be using the Profiler-VE vulnerability scan feature, then you must allow traffic on the port that the Cascade appliance is to use for accessing the vulnerability scanner server. Obtain vulnerability scanner server addresses and port numbers from the administrator of those systems. The default ports are as follows:

Nessus: 1241 nCircle: 443 Rapid7: 3780 Qualys: Requires external https access to qualysapi.qualys.com (Note: This is separate from qualysguard.qualys.com.) Foundstone: 3800

Configuration information
When you configure the Profiler-VE, you will be asked to provide configuration information. Information that is required to complete the installation is listed in the table that follows with an asterisk (*). Items not marked with an asterisk are optional during installation and can be specified afterwards on the Profiler-VE Configuration > General Settings page if necessary.

Cascade Profiler Virtual Edition Software Installation Guide

Configuration information

Preparing for installation

It may be useful to write the configuration values in the blank column of the checklist below so that you can refer to them during the configuration step or afterward.

Profiler-VE host name:* Profiler-VE IP address:* Netmask:* Default gateway:* DNS name resolution for hosts (enable or disable): Primary DNS server IP address: Secondary DNS server IP address: DNS search domain: NTP server IP addresses:* Applies only if Profiler-VE is being synchronized to an external NTP server. Time Zone: SNMP information: Profiler is set by default to use SNMP Version 1 and to allow MIB browsing. If you are configuring SNMP at this time, obtain the necessary V1 or V3 information. Outgoing mail server name, port number, and From address. Applies only if you will be specifying a server that Profiler is to use for sending reports or alert notifications. Inside addresses: IP addresses or address ranges of hosts that the Profiler is to track individually. The default values are 10/8,172.16/ 12,192.168/16 Security Profile settings:* You can use either three traffic collection profiles (weekdays, weeknights, and weekends) or four (weekdays, weeknights, Saturdays, and Sundays). After installation, you can define others. You can also specify the times when weekdays begin and end (default times are 9:00 am to 5:00 pm). Password to use for your initial Profiler-VE login:* The default password admin. New password to enter when prompted to change the initial Profiler-VE password:* Applies only to systems not previously configured. Service Management Leave this set to ByLocation unless you are required to choose another group type for service locations.

Cascade Profiler Virtual Edition Software Installation Guide

Preparing for installation

Configuration information

Cascade Profiler Virtual Edition Software Installation Guide

CHAPTER 3

Deploying the Profiler-VE

Deploying the Profiler-VE on an ESXi host involves:


Uploading the Profiler-VE archive (OVA) package to the ESXi host. Adding a virtual disk for flow data storage.

Uploading the Profiler-VE OVA package to the ESXi host


Open the VMware vSphere client to get an access to your existing ESXi host. The vSphere client can be downloaded by pointing your web browser to the IP Address of your ESXi host. For example https://10.32.146.21. Install the Profiler-VE software on the ESXi host as follows: 1. Using the VMware vSphere client, log in to the ESXi host.

2. In the navigation tree, select the ESXi host on which to deploy the Profiler-VE.

Cascade Profiler Virtual Edition Software Installation Guide

Deploying the Profiler-VE

Uploading the Profiler-VE OVA package to the ESXi host

3. Choose Deploy OVF Template from the File menu (File > Deploy OVF Template).

This opens the Deploy OVF Template window. 4. On the Source page, browse to the location of the Cascade Profiler-VE OVA file. Alternatively, enter the full path to the file. Click Next to open the OVF Template Details section.

Cascade Profiler Virtual Edition Software Installation Guide

Uploading the Profiler-VE OVA package to the ESXi host

Deploying the Profiler-VE

5. On the OVF Template Details page, confirm that the correct file is selected and click Next.

6. On the Name and Location page, enter a name for the Profiler-VE and click Next.

Cascade Profiler Virtual Edition Software Installation Guide

Deploying the Profiler-VE

Uploading the Profiler-VE OVA package to the ESXi host

7. On the Datastore page, select the server drive where you will store the Profiler-VE files and click Next. (The Datasatore screen is displayed only if you have external storage, such as NAS.).

8. On the Disk Format page, select the disk provisioning format and then click Next. The Disk Format page for ESXi 4.1 has two format options.

10

Cascade Profiler Virtual Edition Software Installation Guide

Uploading the Profiler-VE OVA package to the ESXi host

Deploying the Profiler-VE

The Disk Format page for ESXi 5.0 has three format options.

It is recommended that virtual disks are thick provisioned to ensure the disk space will be available to the virtual machine. However, virtual disks may be thin provisioned as long as there is enough free space on the Datastore to support the size of the disk when it becomes full. If the datastore runs out of disk space when using thin provisioned virtual disks, the virtual machine may become unstable and require reinstallation. If the Lazy zero and Eager zero options are available, select Lazy zero. Do not use Eager zero.

Cascade Profiler Virtual Edition Software Installation Guide

11

Deploying the Profiler-VE

Uploading the Profiler-VE OVA package to the ESXi host

9. On the Network Mapping page, map the source networks (ports) of the Profiler-VE to destination networks (port groups) on the server and click Next.

10. On the Ready to Complete summary page, click Finish to start the deployment. When the deployment has completed, you can see the resulting network structure on the Configuration page Networking section. In the example configuration shown below, the Profiler-VE has been added to the server as Cascade Profiler Virtual Edition. The Network 1 port is mapped to the Management Network port group and the Network 2 port is mapped to the VM network.

12

Cascade Profiler Virtual Edition Software Installation Guide

Adding a disk

Deploying the Profiler-VE

Adding a disk
Profiler-VE software is preconfigured to use the operating system disk. You must configure a second disk for storing traffic data. The Profiler-VE virtual machine should be shut down before you add the second disk. Add the second disk as follows. 1. In the vSphere client, select the Profiler-VE. 2. In the Basic Tasks section of the Getting Started tab for the Profiler-VE, ensure that the Profiler-VE is powered off and click Edit virtual machine settings.

Cascade Profiler Virtual Edition Software Installation Guide

13

Deploying the Profiler-VE

Adding a disk

3. On the Hardware tab of the Virtual Machine Properties page, click Add.

4. On the Device Type page, select Hard Disk and click Next.

14

Cascade Profiler Virtual Edition Software Installation Guide

Adding a disk

Deploying the Profiler-VE

5. On the Select a Disk page, select Create a new virtual disk.

6. On the Create a Disk page, enter a size for the flow data storage disk. You can choose to store the disk with the virtual machine, or you can choose a different datastore.

This example specifies only 250 GB of disk space for flow data storage and chooses to store the flow data with the virtual machine. If you specify a large amount of flow data storage, such as 1 TB or 2 TB, you might want to locate it on a separate datastore that might be faster or have more storage available.

Cascade Profiler Virtual Edition Software Installation Guide

15

Deploying the Profiler-VE

Adding a disk

7. On the Advanced Options page, use the default setting for the Virtual Device Node. Also, make sure that the Mode settings are the same as for the OS disk. By default, the OS disk is not set to Independent mode.

8. On the Ready to Complete page, click Finish to create the hard disk. 9. The Virtual Machine Properties page shows the new hard disk that is ready to be added. Click OK to add it.

16

Cascade Profiler Virtual Edition Software Installation Guide

CHAPTER 4

Configuring the Profiler-VE

Configuring the Profiler-VE includes:

Using the vSphere client to access the Profiler-VE console port to set up the Profiler-VE to be accessible over the network. Using the Profiler-VE web user interface to complete further configuration tasks if necessary before activating the licenses.

Accessing the Profiler-VE


The first step in configuring the Profiler-VE is to set up its IP address, subnet mask, and default gateway so that you can access the web user interface. You perform this configuration using the Profiler-VE console port, as follows. 1. On the vSphere clients list of virtual machines, select the icon for the Profiler-VE.

2. On the Getting Started tab, click Power on the virtual machine.

Cascade Profiler Virtual Edition Software Installation Guide

17

Configuring the Profiler-VE

Accessing the Profiler-VE

3. On the tool bar of the vSphere client, click the console launch button to open a console session on the Profiler-VE.

4. Log in to the Profiler-VE console using the default user name and password: Login: admin Password: admin

5. Follow the prompts to enter the IP address, subnet mask and default gateway for the Profiler-VE.

18

Cascade Profiler Virtual Edition Software Installation Guide

Initial setup

Configuring the Profiler-VE

6. Check to ensure that the settings have been entered correctly and then enter yes to reboot the Profiler-VE. The console login session is terminated when the Profiler-VE reboots. If the secondary disk is correctly configured, then a cascade-profiler-VE login: prompt will be displayed after the reboot completes.

Initial setup
The first time you log in to the Profiler-VE web user interface, the software displays a setup page. Parts of this page are prepopulated with the IP address, subnet mask, and default gateway that you specified using the console port in the previous step. This may be all you need to complete the installation. However, you can specify the rest of the initial configuration information at this time. 1. On the management network, point your web browser to the IP address you specified in the configuration wizard using the console port. https://<Profiler-VE_IP_address> 2. Log in to the Profiler-VE web user interface. The default credentials are:

User name: admin Password: admin

The first time you log in to the Profiler user interface, it displays the Setup page. 3. On the Setup page, ensure that all the required fields (marked with an asterisk) are filled in.

4. Fill in the additional information, as necessary:

Name Resolution - whether to use DNS resolution for hosts reported by the Profiler-VE and, if so, the addresses and search domains for the DNS servers.

Cascade Profiler Virtual Edition Software Installation Guide

19

Configuring the Profiler-VE

Initial setup

Time Configuration - Time zone and NTP server IP addresses:* Applies only if Profiler is being synchronized to an external NTP server.

SNMP MIB Configuration - Profiler is set by default to use SNMP Version 1 and to allow MIB browsing. If you are configuring SNMP at this time, obtain the necessary V1 or V3 information.

Inside Address Configuration - IP addresses or address ranges of hosts that the Profiler-VE is to track individually. The default values are 10/8,172.16/12,192.168/16.

Service Management - Leave this set to ByLocation unless you are required to choose another group type for service locations.

5. After you have filled in all necessary fields, click Configure Now at the bottom of the page to apply your changes.

Your browser session will be closed while the configuration changes are made. You can then log back in to activate your licenses.

20

Cascade Profiler Virtual Edition Software Installation Guide

CHAPTER 5

Activating the licenses

When you purchase a Profiler-VE, your purchase confirmation email includes a license request token. The Profiler-VE uses this token to generate a license activation code, which you use to obtain license keys from the Riverbed licensing portal. When you enter the license activation code on the Riverbed licensing portal, the portal generates a license key for each license you have purchased. You copy these keys and enter them on the Profiler-VE licensing page to activate the licenses features.

Obtaining license keys from the licensing portal


To get the license keys for the features you have purchased, 1. Log in to the Profiler-VE web user interface. 2. Navigate to the Configuration > Licenses page.

Cascade Profiler Virtual Edition Software Installation Guide

21

Activating the licenses

Obtaining license keys from the licensing portal

3. Paste or enter your license activation token in the License Request section and click Request key. The Profiler-VE generates a license activation code and displays it in a popup window.

4. Copy the activation code. 5. Go to the Riverbed licensing portal at https://licensing.riverbed.com.

22

Cascade Profiler Virtual Edition Software Installation Guide

Entering license keys in the Profiler-VE

Activating the licenses

6. Paste or enter your activation code and click Submit. The licensing portal will activate all the licenses that you purchased on the order for which you received the token.

7. Copy the license keys from the list. These must be entered in the Profiler-VE.

Entering license keys in the Profiler-VE


Enter your license keys in the Profiler-VE to activate the licenses you have purchased. 1. Log in to the Profiler-VE web user interface.

Cascade Profiler Virtual Edition Software Installation Guide

23

Activating the licenses

Entering license keys in the Profiler-VE

2. Navigate to the Configuration > Licenses page and click Add license(s) in the Licenses section. This opens a popup window for entering the license keys.

3. Enter the license keys as a comma-separated list and click OK. The Profiler-VE activates the licenses and displays them in a list. Your web user interface session may be terminated when the new licenses are activated. If it is, log back in and navigate to the Configuration > Licenses page.

4. Review the list of licenses if necessary.

After the licenses have been installed, you can verify the installation by checking to see if the Profiler-VE is monitoring traffic.

24

Cascade Profiler Virtual Edition Software Installation Guide

CHAPTER 6

Verifying the Installation

Installation verification requires the Profiler-VE to be receiving traffic data from at least one source. To determine if the Profiler-VE is receiving data, log in to the web user interface and navigate to the System > Devices/Interfaces page. Check the status of the Sensors, Gateways, Sharks or other data source devices on the Devices tab. When a data source comes on line, the Profiler-VE begins collecting data.

If no data sources are listed on the System > Devices/Interfaces page Devices tab, then Profiler installation and configuration cannot be verified. Set up at least one data source device (preferably all data source devices) and then perform the installation verification as follows. 1. Go to the Dashboard page and verify that the graphs display data.

Cascade Profiler Virtual Edition Software Installation Guide

25

Verifying the Installation

2. Go to the System > Information page and ensure that the


Profiler-VE Status indications is displaying OK. Profiler Flow Capacity Licensed Limit matches the license that was purchased. Storage Status indications is displaying OK.

3. Go to the System > Devices/Interfaces page and assure that each data source that is expected to be available is listed and that no status indicators are red. 4. Go to the Reports > Traffic page. Near the bottom of the Report Criteria section, click Run now. Verify that a traffic report is displayed. (It will take a short time for the report to display.) This completes the installation process. The Profiler-VE can now be turned over to those who are responsible for setting up user accounts and operational parameters. Refer to the on line help system for further configuration procedures.

26

Cascade Profiler Virtual Edition Software Installation Guide

Cascade Profiler Virtual Edition Software Installation Guide

27

Riverbed Technology
199 Fremont Street San Francisco, CA 94105 Phone: 415.247.8800 Fax: 415.247.8801 Web: http://www.riverbed.com

Part Number 712-00132-01