03 Introducing NetXplorer and Data Collector

Module 3: Introducing NetXplorer and Data Collector
In this module, we introduce the NetXplorer. By the end of the

module, you will know how to install the NetXplorer server on both
Windows and Linux platforms, how to install and get started with the
GUI and how to perform the initial configuration. We finish with
some examples of a typical NetXplorer workflow. We begin by
asking what is NetXplorer?
ACTE Training 3-2

NetXplorer is a scalable central management umbrella for Allot in-

line platforms and services.
Using the NetXplorer, you can configure Allot’s NE, SG, SMP and
ClearSee products, and build traffic policies for the in-line platforms
to enforce. You can perform real time monitoring of your network for
troubleshooting and problem analysis, and long-term reporting to
help with capacity planning and understanding longer term usage
trends. NetXplorer enables you to define and manage traffic and
system alerts to assure a proactive approach to network
management. You can also use it to collect accounting information
which can then be exported for billing purposes. Finally, with
NetXplorer you can view analytics of mobile internet session. Note
that the NetXplorer’s accounting interface and mobile analytics are
not within the scope of this course.
ACTE Training 3-3

NetXplorer can be used in 4 different ways.

When purchased as a software only license (for Windows or
Linux), the customer provides his own hardware according to Allot
recommended specifications or can install a virtualized template.
The software license can be purchased to enable the NetXplorer to
manage up to 3 NE/SGs, up to 15 NE/SGs or an unlimited amount.
Alternatively, NetXplorer can be purchased as a standalone server
package (SNX-SRV), consisting of the NetXplorer software
preinstalled on an IBM server.
The forth option (SNX-SRV-HAP) is the NetXplorer high
availability package, which consists of the NetXplorer software
installed on 2 separate IBM servers, both of which are connected to
a RAID storage device. High Availability is ensured by the Linux
“pacemaker” process.
ACTE Training 3-4

What is the External Data Collector? The External Data Collector is one of
several different data collectors that can exist in the Allot system. To
understand the role of the data collector lets first have a look at the data
resolution possibilities available when defining a report on the NetXplorer
GUI. Real time Monitoring can be displayed at a resolution of 30 seconds,
5 minutes or 1 hour. The designated database collating the information
used for real time monitoring is called Short Term Collector (STC). This
database is located by default on the NetXplorer server. Alternatively, you
may need to add an external Data Collector, STC-NX-GENX (see next
slide for when to use).
Long term monitoring can be displayed at a resolution of 1 hour, 1 day or
1 month. All long term data is stored in a database called LTC (Long Term
Collector). The LTC is located on the NetXplorer server.
We will now describe the Allot External Data Collector.
ACTE Training 3-5

The data collectors gather short term network usage statistics from the in-line
platform. Why might you need to deploy an external data collector? The
clearest reason is to increase the scalability of your deployment. Each collector
can support several NetEnforcers. By deploying data collectors you can
increase the total number of NetEnforcers supported by a single NetXplorer
server. This is possible because the NetXplorer can split the storage of the real-
time monitoring data between several short term databases. For information
concerning the number Allot In-line Platform models that an external data
collector can support, consult the Release Notes for your version of NetXplorer.
When installing one or more Service Gateways in the network, a data collector
appliance is required for each SG. The amount of short term statistics gathered
for each service gateway is very large and can affect the overall performance of
the NetXplorer server if not used together with a separate collector.
Another reason for using external data collectors is to overcome connectivity
issues in distributed networks. This can happen for example when the network
is spread out over remote geographical locations. In such cases, the use of
data collectors is necessary. Keep in mind that in order to support data
collection, the line speed between the in-line platform and the data collector
must be at least 10Mbps.
The final reason for deploying data collectors is redundancy. If a data collector
is unavailable, data from the in-line platform can automatically be collected by a
defined backup data collector.
ACTE Training 3-6

Before looking at the installation process, we will review the software

requirements, as well as installation guidelines of NetXplorer.
Note: For hardware requirements of the Software Only NetXplorer option,
see the relevant NMS Software Release Notes.
ACTE Training 3-7

For each NetXplorer type you should follow different installation steps. Full and
details procedures can be found in the Allot NetXplorer Installation and Admin
guide, published for every major software version.
For virtual server for your NetXplorer, install Vmware ESXi (V5.5 and above)
and then download the relevant NetXplorer OVA template from Allot FTP site.
The template holds the operating system together with the NetXplorer software
on it.
When purchased software only (SNX-LIN/SNX-WIN) you should first make
sure you choose suitable hardware as per your needs. Then install the chosen
operating system. For linux make sure to include all relevant packages. For
Windows install Java JDK. Then you can move on to install the NetXplorer
software.
In case you use Allot appliance SNX-SRV, the operating system and
NetXplorer software will be pre-installed. All is left for you is to configure the IP
of the server, and point the NetXplorer server to this IP. With SNX-SRV-HAP
you also have the operating system and NetXplorer software will be pre-
installed. You should connect the HAP cluster and configure the high availability
parameters so all components will be lines up.
ACTE Training 3-8

Now lets examine the process for connecting NetXplorer standalone

server package – the SNX-SRV and NetXplorer High-Availability package
– the SNX-SRV-HAP.
ACTE Training 3-9

SNX-SRV is shipped to the customer as an Allot Appliance consisting of

the hardware with server software pre-installed on a CentOS 6.6
operating system.
After unpacking the hardware, the installation consists of 6 steps:
1. Connect a keyboard and monitor to the front panel of the NX-SRV.
2. Connect management and IMM links to the rear panel of the NX-SRV.
Connect the management link to eth2. You may connect an additional
management link via eth3. Connect IMM port as well.
3. Change IP (CentOs): From Allot Disk-On Key copy the script
netwconf.sh to the root directory of the server, and run it using the
command /root/netwconf.sh. Configure network parameters when
prompted to. Reboot the server.
4. Change IP (NetXplorer): Run the set_nx_ip4ui.sh script to configure
the new IP address in the NetXplorer application server.
5. Configure the IMM Settings.
6. Verify you have latest Protocol Pack.
The full procedure can be found in Allot NetXplorer Installation &
Administration Guide.
ACTE Training 3-10

SNX-SRV-HAP comes pre-installed with CentOS operating system and the

NetXplorer software, but the 3 units need to be correctly connected together. For
M4 servers, the connections are as follows:
1. Two crossed copper cables in eth2 and eth3 are used to connect the two NX
Servers to provide pacemaker connectivity. (illustrated in green above)
2. Two Serial SCSI (SAS) cables connect between the first controller on the
RAID storage device and the SAS HBA connection in the first PCIe low profile
slot of each NX server (illustrated in orange above). These cables connect to
the NX Server via an SAS connector and to the RAID server via a Micro-SAS
connector.
3. Two further Serial SCSI (SAS) cables connect between the second controller
on the RAID storage device and the SAS HBA connection in the second PCIe
low profile slot of each NX.
4. Each NX server is connected to the management network by crossed cables
via eth0 (illustrated in blue above) with an additional link via eth1, as required.
These provide pacemaker connectivity.
5. Each controller on the storage device is connected to the management
network by a copper Ethernet link for storage management and traps.
6. Each NetXplorer server can be directly managed from the IMM port by
connecting this port to an external switch with an additional ethernet
management cable (illustrated in blue above).
For a full explanation on how to configure the initial IP settings of the NX-HAP see
the NetXplorer Installation and Administration Guide.
ACTE Training 3-11

NX-HAP comes pre-installed with CentOS operating system and the NetXplorer
software, but the 3 units need to be correctly connected together. For M3
servers, the connections are as follows:
1. A crossed copper cable is used to connect between Port 3 on one NX
server and Port 3 on the second NX server. (illustrated in green above)
2. A null modem serial cable (RS 232) is used to connect between the Serial
COM port on one NX server and the Serial COM port on the second NX
server. (illustrated in red above)
3. Two Serial SCSI (SAS) cables connect between the first controller on the
RAID storage device and the SAS HBA connection in the first PCIe low
profile slot of each NX server (illustrated in orange above)
4. Two further Serial SCSI (SAS) cables connect between the second
controller on the RAID storage device and the SAS HBA connection in the
second PCIe low profile slot of each NX server.
5. Each NX server is connected to the management network via Port 1
(illustrated in blue above) with an additional link via Port 2, as required.
6. Each controller on the storage device is connected to the management
network by a copper Ethernet link for storage management and traps
7. The IMM interface on each NetXplorer server is connected to an external
switch by an additional ethernet management cable.
For a full explanation on how to configure the initial IP settings of the NX-HAP
see the NetXplorer Installation and Administration Guide.
ACTE Training 3-12

The Integrated Management Module (IMM) is provided with every IBM

server that is shipped from Allot.
The module enables an administrator to connect remotely to the server as
if connecting locally via a console connection.
Once Configured, IMM functions are divided into three groups; Monitor,
Tasks and IMM Control. These groups can be accessed from the
Navigation Pane on the left-hand side of the IMM Interface.
ACTE Training 3-13

Now that the NetXplorer server has been successfully installed and
connected, lets see how to install the NetXplorer Client.
ACTE Training 3-14

It is recommended that the NetXplorer Client be installed on a machine

with the following minimum specifications: 1G RAM, Windows 7 operating
system and a Microsoft Internet Explorer web browser. Note that in
addition, history logs will be kept on the NetXplorer client and can
consume up to 150MB of space.
The NetXplorer GUI works with a technology known as WebStart from
Sun Microsystems. WebStart enables you to access the NetXplorer User
Interface software by simply double-clicking an icon on your computer’s
desktop.
ACTE Training 3-15

NetXplorer Client installation comprises of two steps:

1. Installing the Java 8.0 runtime environment
2. Installing the NetXplorer applet
The installation starts at the NetXplorer home page. From your browser,
access http://<your_NetXplorer_address>.
The NetXplorer Control panel is displayed.
Click the “Install Java JRE first” link, to start the first step of installation.
ACTE Training 3-16

Click the appropriate link and follow the installation wizard instructions to
install JRE 8.0 on your computer. You can either run the installation files
or download them and then run the installation locally.
ACTE Training 3-17

With JRE 8.0 installed, access http://<your_NX_address> once again.

Now choose to Launch NetXplorer. The Java Web Start window is
displayed. When the loading process is complete, a Security Warning may
be displayed. Click Start to continue.
A shortcut icon of the NetXplorer server will be placed on your desktop for
convenient launching of the NetXplorer User Interface.
When the installation is complete, an icon that launches the NetXplorer
user interface appears on your desktop.
You will be prompted to log into the NetXplorer user interface.
The default username is “admin”; The default password is “allot”
ACTE Training 3-18

In the event that the NetXplorer GUI fails to load, consider the following
actions:
1. Disable pop-up blocking for NetXplorer.
2. For Internet Explorer users, disable 'Empty Temporary Internet Files
folder when browser closed'
a) From the Tools menu, select Internet Options.
b) Select the Advanced Tab and Scroll down to Security
c) Clear the Empty Temporary Internet Files folder when browser
closed checkbox.
d) Click OK, and attempt to access the NX through the browser.
3. Make sure the browser cache file is not saturated:
a) From the Internet Explorer tools menu, select Internet Options.
b) On the General tab, click Delete Files.
c) Select the Delete all offline content checkbox and click OK.
4. If there is a firewall between the GUI Client and the NetXplorer Server,
check that all required ports are opened. A detailed list is available in
the Allot NetXplorer Installation & Admin Guide.
5. If the problem persists, try to access the NetXplorer via the Java Web
Start Application Manager. Note that a full treatment of how to
troubleshoot problems loading the NX GUI is included in the ACPP
Advanced Course Module on Troubleshooting the NX.
ACTE Training 3-19

Now that we have successfully installed and connected all of the

component parts, lets see how to get started with the NetXplorer GUI.
ACTE Training 3-20

The NetXplorer user interface is comprised of the following sections:

The Menu bar. This provides access to the key functionality of the
NetXplorer applications.
The Toolbar. This offers shortcut buttons which provide easy access to
key NetXplorer functionality. The available shortcuts on the right side of
the window depend on the selected entity in the details area.
The Navigation pane. This is divided into two sections. The lower portion
of the Navigation pane enables you to select and open various NetXplorer
applications. The upper portion of the pane displays a tree-like list of
subcomponents or entries according to the application selected.
The Application Details pane. This displays data regarding the currently
active applications and operations.
Finally, the Alarms log displays a list of the alarms triggered by the alarm
definitions. The Alarms log is automatically refreshed every 30 seconds.
ACTE Training 3-21

When performing any task in the NetXplorer, you will normally work in the
following order of steps:
1. From the lower part of the navigation pane, select the area of the
product you wish to work with – e.g: Network, Catalogs,
Events/Alarms etc. The upper part of the navigation pane will change
accordingly.
2. Click the entity you wish to work with from the upper part of the
navigation pane. You can now select an action to perform on the
selected entity.
3. The details area changes to reflect the selected entity and the action
performed on it.
A tab is displayed at the bottom of the pane for each open application.
You can easily navigate between the open applications by clicking the
tabs.
ACTE Training 3-22

There are several ways to perform an action on an entity:

Later we will learn the meaning of creating a new service catalog entry.
But for now, lets see how this same action can be performed in 3
different ways:
1. By right clicking on the “services” entity in the navigation pane, and
selecting “new service”.
2. By using the “add catalog” shortcut on the toolbar, and choosing “new
service” (note that the icons, which are displayed on the right, change
according to the selected entity in the navigation pane or details area)
3. By choosing “new service” from the actions menu. Again, the available
options in the actions menu, depend on the selected entity in the
navigation pane or details area.
ACTE Training 3-23

Let’s look at an example of how we can use the NetXplorer user

interface to monitor network traffic.
1. From the Navigation pane select the Network tab. The network tree is
displayed on the top section of the navigation pane.
2. Select the Network entity that you wish to monitor – in this case an AC-
500 and choose real time monitoring.
3. Choose an object for monitoring – in this case we choose protocols.
4. The Real Time Monitoring - Protocols dialog opens. Here you can
define the required graph settings
5. View the defined graph
6. You can now perform actions on the entities in the details area. For
example, you can drill down into one of the protocols illustrated in the
graph or change the display options of the whole graph.
Monitoring and Reporting is fully discussed in Module 4.
ACTE Training 3-24

Note that the appearance of tables in the NetXplorer can be modified.

This is particularly useful for the policy table (discussed fully in Module 7).
To resize a column’s width, click the right border of the column and drag.
To change which columns in the policy table are visible and which are
hidden, right-click the table header, and select Table Column
Configuration from the shortcut menu. The Policy Columns Visibility dialog
is displayed. Now select the columns that you want to display in the table
and click Save.
ACTE Training 3-25

The language of the NetXplorer GUI can be localized. Currently supported

languages are English, Korean and Chinese.
The language of the GUI can be changed by accessing “display language
configuration” from the tools menu.
For the changes to take effect you need to restart the NX client.
ACTE Training 3-26

Now we will review some initial configuration parameters.
ACTE Training 3-27

In order to use the NetXplorer you must enable the NetXplorer Server by
entering the appropriate key.
To enable the NetXplorer Server, select Tools > NetXplorer Application
Server Registration from the NetXplorer Menu bar. The NetXplorer
Application Server Registration dialog box appears. Enter the Server
Registration Key and Serial Number provided by Allot to enable the
NetXplorer Server functionality.
An Expiration Date will be generated automatically after clicking Save.
Note that an expiry date will appear even when you have purchased a
permanent key. This reflects the expiry of the service contract and is
relevant for the APU feature only, which will cease to work once the
service contract has expired.
Click Save to enter the key and close the dialog box.
ACTE Training 3-28

You will see that there are two root trees in the network pane – the
network tree and the servers tree. Under the network tree we add the
Service Gateway and/or NetEnforcers that are to be managed by the
NetXplorer. Under the Servers tree we can add Data Collectors, SMP,
Data Mediator, VideoClass Expansion Chassis and ClearSee servers. We
will see the Data Collector later in this module. All other servers are
covered in separate training courses.
To add a NetEnforcer or Service Gateway to the Network tree, we will first
of all need its IP address.
1. In the Navigation pane, right-click the Network in the Navigation tree
and select New NetEnforcer from the popup menu. The NetEnforcer
Properties dialog is displayed.
2. Enter a name for the in-line platform. This is the name that will appear
in the Network tree. Now enter the admin user password of the in-line
platform (The default password for the admin user is allot. It is possible
to change this default password using a script on the NE/SG) and the
IP address of the in-line platform in the designated fields and click OK.
The NE/SG is added to the Navigation tree. The New NetEnforcer
operation can take up to a couple of minutes to fully complete.
ACTE Training 3-29

Once you have added an in-line platform, you can view and modify its
configuration parameters remotely via the NX. To view configuration and
configure a NetEnforcer or Service Gateway:
1. In the Navigation pane, select and right-click the NetEnforcer in the
network tree and select Configuration from the popup menu. The
Configuration window for the selected entity is displayed.
2. After modifying configuration parameters, you must select Save in
order for the changes to take effect. The save process prompts a
reset of the device. Resetting is required to ensure that the saved
parameter values are committed and activated on the NE/SG.
3. When the NetEnforcer Configuration dialog is selected, Restart and
Shutdown buttons become active, on the top right of the screen. Use
these buttons to Restart or Shutdown the selected NE/SG.
The General tab includes parameters that provide system status
information. Status indicates whether or not the NE/SG is operating in
Active or in Bypass mode. Bypass Setting indicates whether the bypass is
set to standalone or active (where relevant), or if it is not connected at all.
Remote Bypass was relevant for a type of redundancy (parallel
redundancy) which is not longer supported on AOS platforms. Power
Supply indicates the status of the power supply on the in-line platform (OK,
Unknown or Problem). Finally, Fans shows the status of the fans on the in-
line platform (OK, Unknown, or Problem).
ACTE Training 3-30

The Identification & Key tab includes parameters that provide system
information and activate optional NE/SG modules. Scroll down here to
show all of the configured license fields. Note that there is no need to
reboot the NE/SG when you add a new key.
For some licensed attributes, you can see here the current used value
and the highest value during the last seven days.
ACTE Training 3-31

The Interface tab consists of two sub-tabs, NIC and Link Aggregation
Groups (for Service Gateway only).
The NIC sub-tab includes parameters that enable you to configure the
system interfaces to either automatically sense the direction and speed of
traffic, or use a predetermined duplex type and speed.
This sub-tab also allows you to decide what action to take immediately if
any of the NICs should fail, using “action on failure” setting. The default
action is “Fail Paired Port”. This ensures that traffic will not be blocked if a
single port goes down, and helps for a trouble-free installation.
Other option for action on failure are:
• “No Action” - If one port is down, nothing tells the network device that
the port is down on the NE/SG
• “Fail all ports” - If one port is down, all ports go down
• “Bypass device” – switch the system to bypass mode.
In “Usage” you can configure the type of traffic handled by the port. The
“Connected to LAG” field indicates if this interface is included in a Link
Aggregation Group. See next slides for more details.
If you are configuring a Service Gateway a representation of the currently
installed blades appears at the top of the sub-tab. Select a blade in the
image to see the NICs for that blade.
ACTE Training 3-32

NetXplorer allows a Link Aggregation (LAG) interface to be defined on Service

Gateways. The LAG will be used for steering traffic from the Service Gateway.
A LAG has two or more physical interfaces of the same speed. Traffic is
distributed over the LAG according to IP addresses or MAC addresses. The
advantages of using LAG are:
Physical port redundancy - If one of the physical interfaces in the LAG fails,
traffic is redistributed among the other active interfaces of the LAG
Steering bandwidth scale – one LAG of 2 ports will allow you to steer 20G to
the same service cluster.
The Link Aggregation Groups sub-tab includes the following parameters for
each group. To make changes to any of these parameters or to add ports to a
group, click the field or highlight the group row and click the Edit button:
Name - The name of the Interface.
State (active ports) - the current state of the group (Up or Down) and the
number of active ports in the group.
Minimum Active Ports - The minimum number of active ports that can be
included in the group for its state to be Up.
Distribution Function - Indicates if this LAG group is used for Internal IPs,
External IPs or both.
Usage - The type of steering handled by the group, either Indirect Redirect or
VDC Expansion (for steering to a VideoClass Expansion Chassis).
Note: the LAG must be statically configured on the switch connected to the
ports.
ACTE Training 3-33

The networking tab includes parameters that help you configure the
network topology.
When using AC-1400, AC-3000 or AC-6000 in active redundancy
configuration, you need to disable the Bypass unit. This tab is also the
place to set the redundancy mode in which you are working. These issues
were explained fully in Module 02 –Introducing In-Line Platforms.
The networking tab is also the place to enable “HTTP User Defined
Signatures” and “Tethering” condition catalogs which are covered in more
detail in Module 5.
ACTE Training 3-34

The IP Properties tab enables you to modify the IP and host name
configuration of your network interfaces, as well as the DNS and
connection control parameters.
ACTE Training 3-35

The Date/Time tab includes the date, time and NTP (Network Time
Protocol) server settings for the NetEnforcer or Service Gateway. When
adding a device the primary NTP is set as the NetXplorer Server IP. The
user may change the NTP server only using CLI commands on the
NE/SG.
ACTE Training 3-36

The slots and boards tab will only appear in the configuration of certain in-
line platforms (e.g: SG-Tera or SG-Sigma E). On these multi-blade
devices, you can choose a blade from the graphical representation on the
left side of the screen. Below the graphic you will see each sensor and its
current reading. On the right side of the screen are common chassis
sensors and telco alarms.
ACTE Training 3-37

In order to log in to the NetXplorer GUI, User name and password must
be authenticated. User accounts may be configured to be authenticated
either by the internal NetXplorer user database or by an external RADIUS
AAA system.
NetXplorer implements a role-based security model. The role defined for
each authorized user indicates the scope of operations that can be
performed by the user. Roles can only be defined by an administrator. The
administrator should access the Users Configuration Editor dialog from
the tools menu. There are three types of NetXplorer roles:
Monitor: A user assigned this role has read-only access. The Monitor
user can view monitoring reports, graphs and alarms. However, the
monitor cannot add, change or delete anything within the NetXplorer
application.
Regular: The Regular user has complete read and write privileges in the
NetXplorer application, except reading and writing User Configuration
definitions.
Administrator: Same as Regular user, except that an Administrator user
has reading and writing privileges for User Configuration. A user that has
been assigned the Administrator role can configure new users, edit user
details, or delete users. Note: there must be at least one Administrator
user in the system.
ACTE Training 3-38

By choosing “advanced” from the user configuration editor, you can

configure password stringency options, such as password strength and
how often a password must be changed.
ACTE Training 3-39

External Authentication enables authentication of all users logging into

NetXplorer by integration with an external RADIUS AAA Server.
Authentication verifies the existence of a user and validates their request.
A RADIUS Server being used for authentication must be configured to
enable the NetXplorer to forward authentication requests to it, and should
contain all required users in its database, along with their passwords and
roles. Multiple RADIUS servers may be used for authentication.
In case the external AAA Server rejects an authentication request for any
reason, the user will be authenticated using the NetXplorer Server Internal
database.
To configure external authentication select the Enable External
Authentication checkbox in the External Authentication area. Enter the
Client Identifier information as well as the Request Timeout (how long
before an unanswered request will time out) and the Request Retries
(how many times a request will be attempted). Click Add to add RADIUS
servers to the authentication lists. Enter the IP address, port, Encryption
key and Confirm key for the RADIUS Server you wish to use for
authentication and click Save
All authentication attempts are written to the ExtAuth.log on the
NetXplorer server.
ACTE Training 3-40

We will now review the data collector and its configuration.
ACTE Training 3-41

Installing a Distributed Monitoring Collector requires the following steps:

First, set the collector’s network settings, and connect it to the network.
Once the collector is on the network, you can add it to the NetXplorer
using the NetXplorer GUI. If you wish to work in a 1:1 redundancy
configuration, you may then choose to create collector groups. The last
step is to associate a collector to the NetEnforcer, so that the collector will
collect monitoring data from it. Once this has been done, you can
configure the collector’s remaining parameters and change its existing
configuration via the NX GUI.
Lets first look at the initial configuration and connection.
ACTE Training 3-42

Allot Data Collector is shipped to the customer as an Allot Appliance

consisting of the hardware with server software pre-installed on a CentOS
operating system.
After unpacking the hardware, the installation consists of these steps:
1. Connect a keyboard and monitor to the front panel of the data
collector.
2. Connect the management and IMM links to the rear panel of the data
collector. Connect the management link to port 1. You may connect an
additional management link via port 2.
3. Change IP (CentOs): From Allot Disk-On Key copy the script
netwconf.sh to the root directory of the server, and run it using the
command /root/netwconf.sh. Configure network parameters when
prompted to. Reboot the server.
4. Configure the IMM Settings
5. Verify the appliance is set to STC (short term collector) mode. This can
be checked by running the dev_setup.sh –v command. If the device
mode is not set to “STC” use the following command to set it as an
STC appliance: dev_setup.sh –m stc
The full procedure can be found in Allot NetXplorer Installation &
Administration Guide.
ACTE Training 3-43

In the network tree we can see the list of NE or SG devices that are managed
by the NetXplorer. Below the list of NE/SGs we see the list of collectors
managed by the NX.
By default the NetXplorer GUI will display only the Internal Short-Term and the
Long-Term collectors. Additional (Short Term) Data Collectors are added
directly above the internal short-term collector.
To add an additional Data Collector to the list, right-click “Servers“ and choose
“New Collector“.
The Collector Properties dialog appears. Here we can give the collector a
unique name, and we enter its IP address. We can define a backup collector. If
the new collector you have defined is unavailable, the monitoring data from the
NetEnforcer or Service Gateway will be collected by the backup collector. The
Collector Type should also be chosen. It can either be Regular or Extended (for
advanced monitoring features).
Select a collector from the list of collectors that are managed by this
NetXplorer. In this case, we have not yet defined other collectors, so the only
option here is to transfer to the internal short term collector on failure.
Notice that there are no NEs or SGs associated with this collector yet. this is
why the "Associated NetEnforcers" tab is greyed out. In general, the
"Associated NetEnforcers" tab is for display only, and you cannot associate
NetEnforcers using this dialog. To associate a NetEnforcer or Service Gateway
to a collector you must use the NetEnforcer properties dialog.
Finally, we click "Save" to add the collector.
ACTE Training 3-44

Collector group is used for 1:1 redundancy. When using it both collectors
are always collecting the same data so that if one fails the other still
maintains the short term statistics. Note: This configuration should be
distinguished from 1+1 redundancy, where a single collector is assigned
to a selected NetEnforcer or Service Gateway and is configured with a
backup. In this case, only one collector will be active at any time.
Therefore when the active collector is down and the backup collector
takes over, you will lose the short term data.
To add a new collector group to the short term collector list, right-click
"Collectors“ and choose “New Collector Group“.
The “Collector Group Properties – New” dialog appears.
You will need to give the group a name (e.g. Collector-Group1), and
assign two Collectors to the group.
ACTE Training 3-45

Once a collector/group has been added to the NetXplorer, and it appears

on the Network, you can associate a NetEnforcer or Service Gateway to
it.
You can either associate an existing NE or SG, or you can perform the
association during the process of adding a new NE or SG.
To associate an existing NetEnforcer or Service Gateway to a collector,
first, we right-click the NE/SG. From the menu, we select "Properties“
The “NetEnforcer Properties” dialog appears.
Select “Collector” to associate a Collector to this device or “Collector
Group” to associate a Collector Group to this device.
After selecting the desired collector/group, we click on “Save” to save our
changes.
ACTE Training 3-46

To validate that the NetEnforcer or Service Gateway has been associated

with the collector, look at the collector's properties.
Right-click the collector and select “Properties…” from the menu.
In the “Collector Properties” dialog, look at the “Associated NetEnforcers”
tab. Here we see the NetEnforcers or Service Gateways that are currently
associated with this collector. Note that we cannot change the association
from this dialog, but only from the NetEnforcer properties dialog.
ACTE Training 3-47

Let’s review the data collector properties menu. This is where you can
configure the information the NetXplorer server needs to know about the
collector: how to find it, and which backup collector is associated to it.
To open the properties menu, select the collector's name in the network
tree and right-click. Choose the bottom option “properties”.
The “Collector Properties” dialog has 2 tabs – “General” and “Associated
NetEnforcers”. Under the “General” tab, you can set the name, IP and
backup settings of the collector.
Under the “Associated NetEnforcers“ tab, you can see the NetEnforcers
or Service Gateways that are currently associated with this collector.
The "collector role" column shows whether our selected collector is the
"configured" collector for the NE/SG or if it is the backup collector of the
NE/SG. The collector role will be listed as "backup" only if the configured
collector is unavailable and the backup collector is operating instead. In
this case, all of the NetEnforcers or Service Gateways are working with
their configured collector.
ACTE Training 3-48

Now let's look at the collector’s configuration dialog. This is where you
can configure various settings. To open the configuration menu, select the
collector's name in the network tree and right-click. Choose the option
“configuration”.
In the Identification tab we can view the collector's serial number,
software version and model type.
The SNMP (Simple Network Management Protocol) is a commonly used
network management protocol. As with the NE/SG, the collector has
support for SNMP that includes standard MIB II traps. Here, you can
configure a contact person, location and system name for SNMP
purposes.
In the Date / Time tab you can configure the time zone in which the
collector resides. In this dialog you can view the active NTP server as
well.
The IP properties tab allows you to view the network settings of the
collector.
ACTE Training 3-49

The NetXplorer comes with a built-in short term collector. Its default name
is “Short-Term Collector”, however you can change its name.
Let's have a look at the actions available for this collector.
When we right-click it we can see that the configuration option is disabled.
The internal short term collector inherits its configuration settings from the
NetXplorer server configuration. You can also see that this collector
cannot be deleted.
Let's look at its properties.
We see that the IP address is disabled. You can set a backup for the
internal collector, or use the internal collector itself as a backup to another
collector. And you can see the list of NetEnforcers or Service Gateways
currently associated with it.
ACTE Training 3-50

Now we will see a typical workflow.
ACTE Training 3-51

Here we see a flow chart which represents a full provisioning process

from start to finish. The first step is to analyze business objectives. Only
once we have established what our business goals are, can we actually
decide how to classify our network traffic and what traffic policy to build. In
a full provisioning methodology, the next step will be what we call “out of
the box monitoring”. The NetXplorer comes with a predefined default
traffic policy which does no shaping, but classifies traffic into virtual
channels according to well known groups of services. Once our NE or SG
is connected to the network, we can use this default policy to monitor
traffic patterns and this can help us to decide which policies are needed.
Monitoring will be discussed in full in module 4 of this course.
Once we know what policies we wish to define, we define our condition
catalogs (discussed in module 5) and our action catalogs (discussed in
modules 6 and 9). We then put these building blocks together to build our
traffic policies (module 7).
At this stage, many customers go back to monitoring. Monitoring tools can
be used here to analyze which traffic is and is not classified according in
the lines, pipes and VCs we have created. The traffic policy can then be
fine-tuned accordingly.
Finally, at this stage, we will typically also define alarms and events
(discussed fully in Module 8). We may also choose to define set reports
and even schedule them to run on a regular basis (Module 4).
ACTE Training 3-52

Examine the following requirements

• Pentium 4
• 512MB RAM
• Windows XP
• Microsoft Internet Explorer
Which of the 4 listed options do they represent?
ACTE Training 3-53

Which of the tasks listed on the right can be performed by which user
types?
ACTE Training 3-54

How can you open a new monitoring graph?
ACTE Training 3-55

ACTE Training 3-56

03 Introducing NetXplorer and Data Collector

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

03 Introducing NetXplorer and Data Collector

Hochgeladen von

Copyright:

Verfügbare Formate

Module 3: Introducing NetXplorer and Data Collector

In this module, we introduce the NetXplorer. By the end of the

ACTE Training 3-2

NetXplorer is a scalable central management umbrella for Allot in-

ACTE Training 3-3

NetXplorer can be used in 4 different ways.

ACTE Training 3-4

ACTE Training 3-5

ACTE Training 3-6

Before looking at the installation process, we will review the software

ACTE Training 3-7

ACTE Training 3-8

Now lets examine the process for connecting NetXplorer standalone

ACTE Training 3-9

SNX-SRV is shipped to the customer as an Allot Appliance consisting of

ACTE Training 3-10

SNX-SRV-HAP comes pre-installed with CentOS operating system and the

ACTE Training 3-11

ACTE Training 3-12

The Integrated Management Module (IMM) is provided with every IBM

ACTE Training 3-13

ACTE Training 3-14

It is recommended that the NetXplorer Client be installed on a machine

ACTE Training 3-15

NetXplorer Client installation comprises of two steps:

ACTE Training 3-16

ACTE Training 3-17

With JRE 8.0 installed, access http://<your_NX_address> once again.

ACTE Training 3-18

ACTE Training 3-19

Now that we have successfully installed and connected all of the

ACTE Training 3-20

The NetXplorer user interface is comprised of the following sections:

ACTE Training 3-21

ACTE Training 3-22

There are several ways to perform an action on an entity:

ACTE Training 3-23

Let’s look at an example of how we can use the NetXplorer user

ACTE Training 3-24

Note that the appearance of tables in the NetXplorer can be modified.

ACTE Training 3-25

The language of the NetXplorer GUI can be localized. Currently supported

ACTE Training 3-26

Now we will review some initial configuration parameters.

ACTE Training 3-27

ACTE Training 3-28

ACTE Training 3-29

ACTE Training 3-30

ACTE Training 3-31

ACTE Training 3-32

NetXplorer allows a Link Aggregation (LAG) interface to be defined on Service

ACTE Training 3-33

ACTE Training 3-34

ACTE Training 3-35

ACTE Training 3-36

ACTE Training 3-37

ACTE Training 3-38

By choosing “advanced” from the user configuration editor, you can

ACTE Training 3-39

External Authentication enables authentication of all users logging into

ACTE Training 3-40

We will now review the data collector and its configuration.

ACTE Training 3-41

Installing a Distributed Monitoring Collector requires the following steps: