user's guide - fujitsu · 2018. 11. 4. · google chrome(tm) chrome vmware vsphere(r) vmware...

J2UL-2332-02ENZ0(00)December 2018

FUJITSU SoftwareSmart Communication Optimizer V1.1.0

User's Guide

Preface

Purpose of This Document

This manual explains the overview of, and the methods for designing, installing, and operating FUJITSU Software Smart CommunicationOptimizer (hereafter "this product").

Intended Readers

This manual is for people considering using this product and people who will install and oversee operation of this product.

Knowledge regarding the following is necessary when reading this manual.

- Server virtualization software (VMware vSphere(R) or Red Hat(R) Enterprise Linux(R) Virtual Machine Function)

- Public clouds (Amazon Web Services, Microsoft Azure, or FUJITSU Cloud Service K5)

- Private clouds (OpenStack)

Structure of This Document

This manual is composed as follows:

Chapter 1 Overview of FUJITSU Software Smart Communication Optimizer

Explains the overview of this product.

Chapter 2 Design

Explains the design work necessary to install and set up this product.

Chapter 3 Installation and Setup

Explains the installation and setup of this product.

Chapter 4 Operation

Explains how to operate this product.

Appendix A Lists of Useful Design Information

Provides lists of information that is frequently referred to during design of this product.

Appendix B System Configuration Example of Coordination with the TCP Communication App

Shows a system configuration example for the TCP communication app that coordinates with TCP.

Appendix C Default Gateway Configuration Example of Coordination with the TCP Communication App

Shows a default gateway setting example for the TCP communication app that coordinates with TCP.

Appendix D Contents of Performance Information and Audit Log for Downloading

Explains the contents of the performance information and audit log to be downloaded.

Appendix E Compatibility Information

Explains incompatibility items and corrective actions for functions changed from the earlier version.

Document Conventions

In this manual, the following abbreviations and symbols are used in explanations.

Abbreviations

The following abbreviations are used in this manual.

Proper Name Abbreviation

FUJITSU Software Cloud Storage Gateway Cloud Storage Gateway or CSG

FUJITSU Cloud Service K5 K5

- i -

Proper Name Abbreviation

Internet Explorer(R) Internet Explorer

Microsoft(R) Edge Microsoft Edge

Microsoft Azure Azure

Google Chrome(TM) Chrome

VMware vSphere(R) VMware

Red Hat(R) Enterprise Linux(R) 7.x(for Intel64) RHEL7

Red Hat(R) Enterprise Linux(R) Virtual Machine Function KVM

Amazon Web Services AWS

Symbols

The following symbols are used for the purposes described below in this manual.

Symbols Description Example

" " Used to enclose the names of manuals, chapters, andsection titles.

Refer to "Operation" in the "User's Guide."

[ ] Used to enclose the names of screens, menus, tabs, andbuttons that compose the Web GUI.

[Create Initial User] screen, [Display] menu, [Dashboard]tab, [OK] button

[ ]-[ ] Used to show the order in which menus are to be selected. [Setting Category]-[License]

< > Used to enclose the names of keyboard keys. <Enter>

Other Notation

- Text to be entered by the user is indicated using bold text.

- Variables are indicated using italic text and underscores.

Documentation Road Map

Read the manuals for this product based on the following structure diagram and the table explaining their purposes.

Structure of the Manuals

How to Use the Manuals

Manual Name Description

Purpose

Concept

Assessment

POC/Installa

tion

Training

Tuning/

Migration

AsRequir

ed

User's Guide [Purpose of Use]

To understand the overview and the methods fordesign, installation, and operation of this product.

Yes Yes Yes Yes

- ii -

Manual Name Description

Purpose

Concept

Assessment

POC/Installa

tion

Training

Tuning/

Migration

AsRequir

ed

[Contained Content]

- Overview of the product and explanations offunctions

- System requirements

- Installation and setup procedures

- Methods of operation and maintenance

[Manuals to Read in Advance]

None

Reference Guide [Purpose of Use]

To refer to the provided commands.To refer to the provided REST API.To correspond to the output messages.To handle trouble.To understand important terms and product-specific terms.

[Contained Content]

- Explanations of commands

- Explanations of REST API

- Meanings and corrective actions for messages

- Methods for collecting troubleshooting data

- Terms and their explanations

[Manuals to Read in Advance]

None

Yes

Export Administration Regulation Declaration

Exportation/release of this document may require necessary procedures in accordance with the regulations of your resident country and/orUnited States export control laws.

Trademark Information

- Amazon Web Services, AWS, Amazon VPC, and Amazon S3 are trademarks of Amazon.com, Inc. or its subsidiaries in the UnitedStates and other countries.

- Google and Google Chrome are registered trademarks or trademarks of Google Inc.

- Intel is a trademark of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

- Linux is a registered trademark of Linus Torvalds in the United States and other countries.

- Microsoft, Windows, Azure, Active Directory, and Internet Explorer are either registered trademarks or trademarks of MicrosoftCorporation in the United States and other countries.

- The OpenStack Word Mark is a registered trademark / service mark or trademark / service mark of the OpenStack Foundation, in theUnited States and other countries and is used with the OpenStack Foundation's permission.

- Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries.

- iii -

- VMware is a trademark and registered trademark of VMware Inc. in the United States and other countries.

- All other company and product names in this manual are trademarks or registered trademarks of their respective owners.

Notices

- The contents of this manual shall not be reproduced without express written permission from FUJITSU LIMITED.

- The contents of this manual are subject to change without notice.

Revision History

Month/Year Issued, Edition Manual Code

June 2018, Edition 1 J2UL-2332-01ENZ0(00)

December 2018, Edition 2 J2UL-2332-02ENZ0(00)

Copyright Notice

Copyright 2018 FUJITSU LIMITED

- iv -

ContentsChapter 1 Overview of FUJITSU Software Smart Communication Optimizer..........................................................................1

1.1 What Is FUJITSU Software Smart Communication Optimizer?.........................................................................................................11.2 Product Configuration of FUJITSU Software Smart Communication Optimizer...............................................................................21.3 System Configuration of FUJITSU Software Smart Communication Optimizer............................................................................... 21.4 Explanations of Each Function............................................................................................................................................................ 3

1.4.1 Function List................................................................................................................................................................................. 31.4.2 Transparent Proxies...................................................................................................................................................................... 31.4.3 User Interface................................................................................................................................................................................4

1.4.3.1 Web GUI................................................................................................................................................................................41.4.3.2 Console Access...................................................................................................................................................................... 61.4.3.3 REST API.............................................................................................................................................................................. 61.4.3.4 SFTP Access.......................................................................................................................................................................... 6

1.4.4 User Management......................................................................................................................................................................... 71.4.5 Email Notification.........................................................................................................................................................................8

1.5 Licenses............................................................................................................................................................................................... 81.6 System Requirements.......................................................................................................................................................................... 9

1.6.1 Virtual Appliance Resource Requirements...................................................................................................................................91.6.2 Server Virtualization Software System Requirements............................................................................................................... 101.6.3 Admin PC System Requirements............................................................................................................................................... 101.6.4 Precautions when using this product.......................................................................................................................................... 11

Chapter 2 Design....................................................................................................................................................................122.1 Design Overview............................................................................................................................................................................... 122.2 Designing Server System Configurations..........................................................................................................................................122.3 Designing Server Virtualization Software.........................................................................................................................................122.4 Designing Clouds...............................................................................................................................................................................122.5 Designing Network Configuration.....................................................................................................................................................13

2.5.1 Single Virtual NIC Parallel Configuration................................................................................................................................. 152.5.2 Single Virtual NIC Parallel Configuration (via a Router).......................................................................................................... 162.5.3 2-Virtual NIC Parallel Configuration......................................................................................................................................... 162.5.4 2-Virtual NIC Parallel Configuration (via a Router).................................................................................................................. 172.5.5 2-Virtual NIC Pass Bridge Configuration.................................................................................................................................. 172.5.6 2-Virtual NIC Pass Bridge Configuration (via a Router)........................................................................................................... 182.5.7 3-Virtual NIC Pass Bridge Configuration.................................................................................................................................. 182.5.8 3-Virtual NIC Pass Bridge Configuration (via a Router)........................................................................................................... 19

2.6 Designing Network Environments.....................................................................................................................................................192.7 Designing a SSL Server CertificateSSL............................................................................................................................................ 212.8 Designing Virtual Network Environments (VMware Environments Only)......................................................................................222.9 Designing Function Environments.................................................................................................................................................... 22

2.9.1 Designing User Management Functions.....................................................................................................................................222.9.1.1 Designing Local Authentication.......................................................................................................................................... 222.9.1.2 Designing External Authentication......................................................................................................................................232.9.1.3 Designing the Console User................................................................................................................................................ 242.9.1.4 Designing the File Transfer User.........................................................................................................................................24

2.9.2 Designing the Email Notification Function................................................................................................................................ 252.9.3 Designing Transparent Proxy Management............................................................................................................................... 26

2.9.3.1 Designing the Traffic Control Upper Limit.........................................................................................................................29

Chapter 3 Installation and Setup............................................................................................................................................ 313.1 Overall Flow of Installation and Setup.............................................................................................................................................. 313.2 Installation (VMware Environments)................................................................................................................................................ 31

3.2.1 Creating Virtual Networks in VMware Environments............................................................................................................... 313.2.2 Deploying Virtual Appliances to VMware Environments......................................................................................................... 33

3.3 Installation (KVM Environments)..................................................................................................................................................... 333.3.1 Creating Virtual Networks in KVM Environments....................................................................................................................343.3.2 Deploying Virtual Appliances to KVM Environments.............................................................................................................. 34

- v -

3.4 Installation (AWS Environments)..................................................................................................................................................... 353.5 Installation (Azure Environments).....................................................................................................................................................373.6 Installation (K5 Environments)......................................................................................................................................................... 393.7 Installation (OpenStack Environments).............................................................................................................................................423.8 Setup.................................................................................................................................................................................................. 45

3.8.1 Flow of Setup..............................................................................................................................................................................453.8.2 Initialization................................................................................................................................................................................ 45

3.8.2.1 Executing the Initialization Wizard..................................................................................................................................... 453.8.2.2 Configuring the SSH Authentication Method..................................................................................................................... 493.8.2.3 Configuring Routing............................................................................................................................................................ 513.8.2.4 Setting the System Time...................................................................................................................................................... 513.8.2.5 Configuring HTTPS Communication..................................................................................................................................523.8.2.6 Changing the HTTPS Port Number..................................................................................................................................... 56

3.8.3 Configuring the Web Browser....................................................................................................................................................563.8.3.1 Enabling JavaScript............................................................................................................................................................. 563.8.3.2 Enabling Cookies.................................................................................................................................................................573.8.3.3 Configuring SSL/TLS..........................................................................................................................................................573.8.3.4 Disabling Internet Explorer Compatibility View.................................................................................................................58

3.8.4 Configuring the System.............................................................................................................................................................. 583.8.4.1 Creating the Initial User.......................................................................................................................................................583.8.4.2 Configuring Email Notification Destinations...................................................................................................................... 593.8.4.3 Configuring External Authentication Servers......................................................................................................................593.8.4.4 Adding Users....................................................................................................................................................................... 593.8.4.5 Setting the License...............................................................................................................................................................60

3.9 Preparing Operating Environments................................................................................................................................................... 613.9.1 Configuring IP Address Conversion for WAN Connection Routers..........................................................................................613.9.2 Adding Transparent Proxies....................................................................................................................................................... 61

3.10 Configuring the Default Gateway of the TCP Communication App...............................................................................................623.11 Uninstallation...................................................................................................................................................................................62

3.11.1 Uninstallation (VMware Environments).................................................................................................................................. 623.11.2 Uninstallation (KVM Environments)....................................................................................................................................... 623.11.3 Uninstallation (AWS, Azure, K5 and OpenStack Environments)............................................................................................62

Chapter 4 Operation...............................................................................................................................................................634.1 Login..................................................................................................................................................................................................63

4.1.1 Configuring the Web Browser....................................................................................................................................................634.1.2 Logging In...................................................................................................................................................................................63

4.2 Explanation of the Web GUI............................................................................................................................................................. 644.3 Configuring the Operation Environment........................................................................................................................................... 68

4.3.1 Explanation of the [Settings] Dialog.......................................................................................................................................... 684.3.2 License........................................................................................................................................................................................ 684.3.3 Login Sessions............................................................................................................................................................................ 68

4.3.3.1 List of Login Session Items................................................................................................................................................. 684.3.3.2 Displaying the List of Login Sessions................................................................................................................................. 694.3.3.3 Displaying the Details of Login Sessions............................................................................................................................ 694.3.3.4 Performing a Forced Logout................................................................................................................................................70

4.3.4 Local Authentication Users........................................................................................................................................................ 714.3.4.1 Displaying the List of Local Authentication Users............................................................................................................. 714.3.4.2 Displaying the Details of Local Authentication Users........................................................................................................ 724.3.4.3 Creating Local Authentication Users...................................................................................................................................724.3.4.4 Deleting Local Authentication Users...................................................................................................................................734.3.4.5 Modifying Local Authentication Users............................................................................................................................... 74

4.3.5 Authentication Servers................................................................................................................................................................754.3.5.1 Displaying the List of Authentication Servers.....................................................................................................................754.3.5.2 Displaying the Details of Authentication Servers................................................................................................................764.3.5.3 Registering Authentication Servers..................................................................................................................................... 774.3.5.4 Deleting Authentication Servers..........................................................................................................................................78

- vi -

4.3.5.5 Modifying Authentication Servers.......................................................................................................................................794.3.6 Mail Server and Email Notification Destinations.......................................................................................................................804.3.7 Troubleshooting Data................................................................................................................................................................. 83

4.4 Monitoring Using the Dashboard...................................................................................................................................................... 834.4.1 Monitoring WAN Throughput....................................................................................................................................................83

4.4.1.1 Downloading Performance Information of the Entire Transparent Proxy.......................................................................... 844.4.2 Monitoring Event Logs...............................................................................................................................................................854.4.3 Monitoring Audit Logs............................................................................................................................................................... 88

4.4.3.1 Downloading Audit Logs.....................................................................................................................................................914.5 Managing Transparent Proxies.......................................................................................................................................................... 92

4.5.1 Displaying the List of Transparent Proxies................................................................................................................................ 934.5.2 Transparent Proxy Statuses.........................................................................................................................................................944.5.3 Displaying the Details of Transparent Proxies........................................................................................................................... 94

4.5.3.1 Transparent Proxy Details-Basic Information..................................................................................................................... 944.5.3.2 Transparent Proxy Details-Details.......................................................................................................................................964.5.3.3 Transparent Proxy Details-Performance Information..........................................................................................................96

4.5.4 Adding Transparent Proxies..................................................................................................................................................... 1004.5.5 Deleting Transparent Proxies....................................................................................................................................................1014.5.6 Modifying Transparent Proxies................................................................................................................................................ 1014.5.7 Downloading Performance Information for Individual Transparent Proxy............................................................................. 1034.5.8 Changing the IP Addresses of the Interfaces Used by Transparent Proxies.............................................................................104

4.6 Performing Maintenance..................................................................................................................................................................1044.6.1 Overview of Maintenance.........................................................................................................................................................1044.6.2 Recovering Faulty Server Virtualization Software...................................................................................................................105

4.6.2.1 Recovery when Using High Availability Operation..........................................................................................................1054.6.2.2 Recovery when Not Using High Availability Operation...................................................................................................105

4.6.3 Performing Regular Maintenance of Server Virtualization Software...................................................................................... 1054.6.3.1 Regular Maintenance when Using High Availability Operation.......................................................................................1054.6.3.2 Regular Maintenance when Not Using High Availability Operation................................................................................106

4.6.4 Updating Software.................................................................................................................................................................... 1064.7 Stopping and Restarting the System and Services...........................................................................................................................107

Appendix A Lists of Useful Design Information.................................................................................................................... 109A.1 List of Output Log Files..................................................................................................................................................................109A.2 List of Used Port Numbers............................................................................................................................................................. 109

Appendix B System Configuration Example of Coordination with the TCP Communication App........................................ 111B.1 System Configuration when Coordinating with Cloud Storage Gateway...................................................................................... 111B.2 System Configuration when Coordinating with an FTP Server......................................................................................................112

Appendix C Default Gateway Configuration Example of Coordination with the TCP Communication App..........................114C.1 Default Gateway Configuration Example when Coordinating with Cloud Storage Gateway........................................................114C.2 Default Gateway Configuration Example when Coordinating with FTP....................................................................................... 114

Appendix D Contents of Performance Information and Audit Log for Downloading.............................................................115D.1 Contents of Performance Information for Downloading................................................................................................................ 115D.2 Contents of Audit Log to be Downloaded...................................................................................................................................... 116

Appendix E Compatibility Information...................................................................................................................................118

- vii -

Chapter 1 Overview of FUJITSU Software SmartCommunication Optimizer

This chapter explains the overview of this product.

1.1 What Is FUJITSU Software Smart Communication Optimizer?These days, enterprise WANs are facing the following challenges:

- Ongoing globalization means that more communication is taking place over long distances, such as between domestic and overseasbusiness networks. In such cases, obtaining large amounts of data from external sources is slower than when the sources are locatedshorter distances away.

- Increasing use of SaaS and cloud services means that more communication traffic is travelling to and from points outside businessnetworks. In addition, backing up and sharing larger files using these services takes a long time.

- More data is being backed up over WANs to data centers in remote locations. The delay involved in this method of backup mean thatdata replication is not an effective countermeasure against natural disasters.

This product realizes accelerated communication over WANs in order to solve these problems. It effectively utilizes the availablebandwidth between business networks, or between business networks and clouds, thereby increasing network throughput.

The features of this product are as follows:

- This product is provided as a virtual appliance (hereafter abbreviated as "SCO-VA") that can be flexibly applied to variousconfigurations found in business networks or on clouds. Two virtual appliances are installed on either side of a connection over a WAN,and operate as a pair.

- Transparent proxies use Fujitsu Laboratories' "Transport Acceleration Technology," thereby making it possible to increasecommunication speeds between SCO-VAs, reduce delays, and reduce the effects of packet loss.Transport Acceleration Technology converts TCP communication to UNAP (Universal Network Acceleration Protocol: a protocolbased on UDP, that has an original algorithm for resending data) in order to implement acceleration.

- The Web GUI can be used to visualize communication performance, enabling users to see the extent to which throughput has beenimproved. It can also be used to manage transparent proxies.

Figure 1.1 FUJITSU Software Smart Communication Optimizer

- 1 -

1.2 Product Configuration of FUJITSU Software SmartCommunication Optimizer

This product is composed of admin components and gateway components.

The admin components are as follows:

- Web service

Receives and responds to requests sent from the Web GUI of the admin PC.

- Admin engine

Requests the DB service and gateway component to execute processing.

- DB service

Accesses the admin DB.

The gateway components are as follows:

- Transparent Proxies

The transparent proxy on the TCP client side provides the function to receive data from the TCP client and transfer the data to the WANat high speeds.The transparent proxy on the TCP server side provides the function to receive data transferred at high speeds from the WAN and sendthe data to the TCP server.

Figure 1.2 Product Configuration

1.3 System Configuration of FUJITSU Software SmartCommunication Optimizer

This product is installed on both sides of a connection over a WAN.Since transparent proxies operate as a client-server pair, register them on both sides.This configuration accelerates business applications that use TCP communication between the client and server via a WAN.

- This product is compatible with the applications below.

- 2 -

- Applications where the sending port number is not dynamically updated

- FTP communication applications (Passive Mode only)

For details, refer to "Appendix B System Configuration Example of Coordination with the TCP Communication App" for a TCPcommunication app system configuration example that coordinates with TCP.

1.4 Explanations of Each FunctionThis section explains the functions provided with this product.

1.4.1 Function ListThe functions provided with this product are as follows:

- Transparent Proxies

- User Interface

- User Management

- Email Notification

1.4.2 Transparent ProxiesThe functions of transparent proxies are as follows:

- By converting TCP communication for specific ports (specified service ports for acceleration on transparent proxies) between TCPclients and TCP servers to UNAP communication between transparent proxies, available bandwidth is utilized and communication isaccelerated without the influence of WAN delays.

- WAN throughput for transparent proxies is automatically adjusted depending on the number of operating transparent proxies.

UNAP

UNAP is a unique protocol based on UDP.Client transparent proxy types operate as client types and server transparent proxy types operate as server types.Client types request a connection from server type ports that are on standby, and server types respond to the request to establish a connection.UNAP has the following advantages.

- Resend controlWhen packet loss has occurred in a UNAP connection, a transparent proxy resends the lost packet by UNAP.Therefore, lost packets on the WAN do not need to be resent via TCP from TCP clients or TCP servers to transparent proxies.

- Health Check functionIn UNAP, a health check is performed for the connection after a UNAP connection has been established.In a health check, UNAP packets from a pair that have not been delivered within a fixed time (connection monitoring interval) aredetected and the connection is handled as a disconnection.For connection monitoring intervals, refer to "2.9.3 Designing Transparent Proxy Management." UNAP sends a KeepAlive packet even when data is not being transferred and monitors the connection.When a UNAP disconnection has been detected, a client type reconnects to a server type.

WAN Throughput Upper Limit

The WAN throughput upper limit for the transparent proxy is the upper limit of throughput when data is transferred between pairedtransparent proxies.The license throughput upper limit is automatically adjusted to the smaller value of the license throughput upper limits for paired transparentproxies.When using the "Traffic Control Function," since a value smaller than the license throughput upper limit can be configured (the trafficcontrol upper limit), it is automatically adjusted to the smaller value of the traffic control upper limits (the license throughput upper limitwhen omitted) of the paired transparent proxies.When multiple transparent proxies are registered, all transparent proxies in operation (that are communicating), within their own WAN

- 3 -

throughput upper limit, are automatically adjusted so that the total amount of communication does not exceed the license throughput upperlimit.

Traffic Control Function

The Traffic Control function is a function that can adjust the amount of data transfer within a fixed time for transparent proxies.When you use this function, you can restrict the upper limit of WAN throughput and allocate network bandwidth for other communications.

Figure 1.3 Traffic Control function

1.4.3 User InterfaceThis product provides the following for the user interface.

- Web GUI

- Console Access

- REST API

- SFTP Access

1.4.3.1 Web GUIThis product provides a Web GUI that operates via a Web browser.The Web GUI can be used to operate the dashboard and manage transparent proxies.

Dashboard

The dashboard can be used to monitor WAN throughput, event logs, and audit logs.You can also perform the following from each panel.

- [WAN Throughput] panelYou can download performance information for WAN throughput.

- [Event Log] panelYou can display an [Event Log List] and [Event Log Details].

- [Audit Log] panelYou can display an [Audit Log List] and [Audit Log Details] and you can also download audit logs from an [Audit Log List].

- 4 -

Figure 1.4 Dashboard

Transparent Proxy Management

It is possible to add, delete, update, and view transparent proxies using the [Transparent Proxy] tab.You can also download performance information for each transparent proxy.

Figure 1.5 Transparent Proxy Management

- 5 -

1.4.3.2 Console AccessYou can access the SCO-VA console using server virtualization software or SSH client.You can perform setup and commands on the console.For information on commands, refer to "Commands" in the "Reference Guide."

1.4.3.3 REST APIThis product provides a REST API.For information on the REST API, refer to "REST API" in the "Reference Guide."The Web GUI and REST API support the following.

Table 1.1 Web GUI and REST API Support (User's Guide)

Web GUI operations in the User's Guide Rest API in the corresponding Reference Guide

3.8.4.1 Creating the Initial User Initial User Creation

3.8.4.5 Setting the License License

4.3.3 Login Sessions Login Session

4.3.4 Local Authentication Users Local Authentication User

4.3.6 Mail Server and Email Notification Destinations Mail Server, Mail Notification

4.4.2 Monitoring Event Logs Event Log

4.4.3 Monitoring Audit Logs Audit Log

4.5 Managing Transparent Proxies Transparent Proxy

4.4.1 Monitoring WAN Throughput Performance

4.5.3.3 Transparent Proxy Details-Performance Information

Table 1.2 Web GUI and REST API Support (Reference Guide)

Web GUI operations in the Reference Guide Rest API in the corresponding Reference Guide

Collecting Troubleshooting Data Troubleshooting Data Download

1.4.3.4 SFTP AccessYou can access the file transfer area in the SCO-VA using SFTP client.The file transfer area is the directory where files are stored temporarily in the following cases:

- Configuring the SSH authentication methodFor details, refer to "3.8.2.2 Configuring the SSH Authentication Method."

- Registering the SSL server certificateFor details, refer to "Registering the SSL Server Certificate" in "3.8.2.5 Configuring HTTPS Communication."

- Updating softwareFor details, refer to "4.6.4 Updating Software."

- Collecting troubleshooting dataFor details, refer to "Collecting Troubleshooting Data" in the "Reference Guide."

The size and directory name of the file transfer area are shown below.

Size Directory Name

2GB /sftp

To store or retrieve files in the file transfer area, use SFTP with the account of the file transfer user.For information about the file transfer user, refer to "2.9.1.4 Designing the File Transfer User."

- 6 -

Example

When transferring the public key file (id_rsa.pub) to the file transfer area when the SCO-VA IP address is 192.0.2.10

# sftp [email protected] <Enter>

[email protected]'s password: password <Enter>

Connected to 192.0.2.10.

sftp> put id_rsa.pub <Enter>

Uploading id_rsa.pub to /sftp/id_rsa.pub

id_rsa.pub

sftp> bye <Enter>

By using the wacadm dir command, it is possible to display information about files or delete unnecessary files in the file transfer area.For details, refer to "wacadm dir Command" in the "Reference Guide."

1.4.4 User ManagementUsers of this product are categorized as shown below.

Category Description Authentication Method Role

GUI user User for using the Web GUI provided in thisproduct

There are the following three authenticationmethods:

- Local authentication

- External authentication (LDAP)

- External authentication (Active Directory:AD)

There are thefollowing two roles:

- Administrator

- Monitor

API user User for using the REST API provided inthis product

Local authentication

Console user User for using the console to set up orperform maintenance of this product

The following two authentication methods areavailable.

- Public key authentication

- Password authentication

The default values are as follows.

- For VMware, KVM, AWS, and Azure:password authentication

- For K5 and OpenStack:public key authentication

None

File transferuser

User that transfers files via SFTP to the filetransfer area.

The following two authentication methods areavailable.

- Public key authentication

- Password authentication

The default setting is password authentication.

Using this product, it is possible to create, delete, and modify users that use local authentication methods (local authentication usermanagement), as well as manage users that use the external authentication methods LDAP and AD (external authentication servermanagement).It is also possible to manage the list of login sessions (login session management), and to perform forced logouts.

- 7 -

Figure 1.6 User Management

1.4.5 Email NotificationThe email notification function can be used to send notifications to specified recipients whenever a WARNING- or ERROR-level eventoccurs.

Figure 1.7 Email Notification

1.5 LicensesThis product has the following types of licenses.

- 8 -

Type Description

Official licenses Licenses that are throughput performance-rated. There are multiple types of licenses, which vary dependingon the limits they place on throughput performance for data transfer over a WAN.

Trial licenses Licenses provided before the purchase this product, for the purpose of trials.Trial licenses have expiration dates.

1.6 System Requirements

1.6.1 Virtual Appliance Resource RequirementsThe resource requirements for virtual appliances are as follows.

Resource Requirements

Physical CPU Intel Xeon (For VMware or KVM)

Virtual CPUs Requirements vary depending on the limit placed on throughput performance by the license.

- When throughput is limited to 3 Gbps or less: 2 or more

- When throughput is limited to 10 Gbps or less: 4 or more (Overcommit is not supported)

Memory Memory is calculated by license throughput upper limit, traffic control upper limit, and the number oftransparent proxies.It is determined by the following formula. Memory size is the result of a calculation that has been roundedup in 1 GB increments. Make values larger than 1 GB.

- When not using the Traffic Control function

Memory size (GB) = 4(GB) + License throughput upper limit(Gbps) * 0.25 *

Number of transparent proxies

Reference: When the license throughput upper limit is in Mbps increments, use the value divided by1000.

- When using the Traffic Control function

Memory size (GB) = 4(GB) + Total of the memory size for each transparent

proxy [*1]

*1: Memory size (GB) for each transparent proxy = WAN throughput upper

limit (Gbps) [*2] x 0.25

*2: The WAN throughput upper limit (Gbps) is the smaller value of the

license throughput upper limit (Gbps) and the traffic control upper limit

(Gbps).

Reference: When the license throughput upper limit and traffic control upper limit are in Mbpsincrements, use the value divided by 1000.

For approximate memory sizes, refer to the following reference information below.

Network adapter For VMware

VMXNET3

For KVM

Virtio

Virtual disk space Virtual disk space required for the system of this product: 60 GB

Number of virtual NICs 3 or less (however, only one in the cloud)

- 9 -

Information

Memory Size

The following shows the memory size for when the Traffic Control function is not used and the number of transparent proxies for eachlicense throughput upper limit is 1 and 20.

License Throughput

Upper LimitNumber of

TransparentProxies

Memory Size(GB)

200 Mbps or less 1 5 or more

20 5 or more

500 Mbps or less 1 5 or more

20 7 or more

1 Gbps or less 1 5 or more

20 9 or more

3 Gbps 1 5 or more

20 19 or more

10 Gbps or less 1 7 or more

20 54 or more

Note

- If the specifications of the operating environment differ from the above requirements, this product is not guaranteed to operate properly.This product does not perform any checks as to whether the operating environment meets its requirements.

- If the maximum throughput of the hardware is less than the throughput limit configured for the virtual appliance, then throughput willbe restricted to that provided by the hardware.

1.6.2 Server Virtualization Software System RequirementsThe system requirements for server virtualization software are as follows.

Resource Requirements

Server virtualization software For VMware

VMware vSphere 6

For KVM

RHEL7

Public clouds AWSAzureK5

Private clouds OpenStack

1.6.3 Admin PC System RequirementsThe system requirements for the admin PC on which the Web GUI operates are as follows.

- 10 -

Item Requirements

Web browser Internet Explorer 11

Microsoft Edge 38 or later

Chrome 58 or later

- To transfer files between the admin PC and the file transfer area, SFTP client software is required.Install it if necessary.

- To use the REST API, REST client software is required.Install it if necessary.

1.6.4 Precautions when using this productThe precautions when using this product are shown below.

- IPv6 is not supported.

- 11 -

Chapter 2 DesignThis chapter explains the design work necessary to install and set up this product.

2.1 Design OverviewThe following tasks must be performed when designing this product:

- Designing Server System Configurations

- Designing Server Virtualization Software

- Designing Clouds

- Designing Network Configuration

- Designing Network Environments

- Designing a SSL Server Certificate

- Designing Virtual Network Environments (VMware Environments Only)

- Designing Function Environments

- Designing User Management Functions

- Designing the Email Notification Function

- Designing Transparent Proxy Management

2.2 Designing Server System ConfigurationsThis product uses the following functions to support cluster configurations.

Installation Environment Function

VMware environments vSphere HA function

2.3 Designing Server Virtualization SoftwareChoose either of the following server virtualization software for use with this product:

- VMware

- KVM

Regardless of which software you choose, the functionality of this product will be the same.

2.4 Designing CloudsChoose from among the following clouds to use with this product.

- Public clouds

- AWS

- Azure

- K5

- Private clouds

- OpenStack

Regardless of which cloud you choose, the functionality of this product will be the same.

- 12 -

Note

When using AWS:

Only the EC2-VPC environment is supported, the EC2-Classic environment is not supported.

When using Azure:

When using Azure, you cannot use a function that relies on Azure agent for Azure virtual machines.Do not perform operations that use the following functions.

- VM expansion functions

- Backups for virtual machines when they are running (when the virtual machine is stopped, backup is possible)

- Execution of commands in VMs

- Password reset

- Management of inventory/tracking changes/updates

- Azure site recovery

- DNS forward/reverse lookups (when the host name is local host) using SCO-VA host name/private IP

If any of the above operations are performed the operation will result in an error or there will be no response. In this case, cancel theoperation.In addition, it may take a while for notifications to be made after SCO-VA startup is complete.

2.5 Designing Network ConfigurationThe network configurations of this product are largely classified into the following two categories.

- Parallel Configuration

A configuration in which SCO-VAs are attached to the communication paths between a TCP client and a WAN router and between aTCP server and a WAN router.

- Pass Bridge Configuration

A configuration in which SCO-VAs are inserted in the communication paths between a TCP client and a WAN router and between aTCP server and a WAN router.

Category Advantages Disadvantages

Parallel Configuration It can be deployed in the existing environmentwithout changing the network configuration.

- The TCP clients whose communication is to beaccelerated must be configured to change the defaultgateway to SCO-VA.

- There may be performance bottlenecks for high-speedcommunication such as 10 Gbps.

Pass BridgeConfiguration

- It is not necessary to change the defaultgateway of the TCP clients whosecommunication is to be accelerated.

- There are no performance bottlenecks forhigh-speed communication such as 10 Gbps.

The existing environment must be changed to configureSCO-VA for pass bridge configuration.

- 13 -

Figure 2.1 Parallel Configuration

Figure 2.2 Pass Bridge Configuration

With the combination of the preceding two network configurations and the number of virtual NICs, this product supports the following eightnetwork configurations.

No. Category Model Name Description

1 ParallelConfiguration

Single Virtual NIC ParallelConfiguration

The configuration for a multi-purpose business, WAN, and management network.

2 Single Virtual NIC ParallelConfiguration (via aRouter)

The configuration for a multi-purpose business, WAN, and management network.In addition to the above, the management network will make access via a router.

3 2-Virtual NIC ParallelConfiguration

The configuration for a multi-purpose business and WAN network with an isolatedmanagement network.

4 2-Vrtual NIC ParallelConfiguration (via aRouter)

The configuration for a multi-purpose business and WAN network with an isolatedmanagement network.In addition to the above, the management network will make access via a router.

5 Pass BridgeConfiguration

2-Virtual NIC Pass BridgeConfiguration

The configuration for a multi-purpose business and management network with anisolated WAN network.

6 2-Virtual NIC Pass BridgeConfiguration (via aRouter)

The configuration for a multi-purpose business and management network with anisolated WAN network.In addition to the above, the business and management network will make access viaa router.

7 3-Virtual NIC Pass BridgeConfiguration

The configuration for an isolated business, WAN, and management network.

- 14 -

No. Category Model Name Description

8 3-Virtual NIC Pass BridgeConfiguration (via aRouter)

The configuration for an isolated business, WAN, and management network.In addition to the above, the management network will make access via router.

Note

Transparent bridge configuration

When pass bridge configuration is selected in the network configuration, note that the connection configuration must be designed to avoidloop configuration in the same network as described below:

- Connect multiple SCO-VAs to the business network and the WAN network for a pass bridge.

- Connect a virtual machine other than SCO-VA to the business network and the WAN network for a pass bridge, and forward the twonetworks.

2.5.1 Single Virtual NIC Parallel ConfigurationThis is the configuration for a multi-purpose business, WAN, and management network when using a single virtual NIC.The LAN-side, WAN-side, and Admin interfaces are allocated to a single virtual NIC (For example: br-eth0).The red arrows represent the default gateways.

For Cloud Storage Gateway or Azure, it is as follows.

- 15 -

2.5.2 Single Virtual NIC Parallel Configuration (via a Router)This is the configuration for a multi-purpose business, WAN, and management network when using a single virtual NIC.In addition to the above, the management network will make access via a router.The LAN-side, WAN-side, and Admin interfaces are allocated to a single virtual NIC (For example: br-eth0).The red arrows represent the default gateways and the blue arrow represents a static route.

2.5.3 2-Virtual NIC Parallel ConfigurationThis is the configuration for a multi-purpose business and WAN network with an isolated management network when using two virtualNICs. The LAN and WAN-side interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth0) and the Admin Interface

- 16 -

is allocated to the other virtual NIC (For example: br-eth1).The red arrows represent the default gateways.

2.5.4 2-Virtual NIC Parallel Configuration (via a Router)This is the configuration for a multi-purpose business and WAN network with an isolated management network.In addition to the above, the management network will make access via a router.The LAN and WAN-side interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth0) and the Admin Interfaceis allocated to the other virtual NIC (For example: br-eth1).The red arrows represent the default gateways and the blue arrow represents a static route.

2.5.5 2-Virtual NIC Pass Bridge ConfigurationThis is the configuration for a multi-purpose business and management network with an isolated WAN network when using two virtualNICs.The LAN and Admin-side interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth1) and the WAN-sideinterface is allocated to the other virtual NIC (For example: br-eth0).The red arrows represent the default gateways.

- 17 -

2.5.6 2-Virtual NIC Pass Bridge Configuration (via a Router)This is the configuration for a multi-purpose business and management network with an isolated WAN network when using two virtualNICs. In this configuration, the business and management network will make access via a router.The LAN-side and Admin interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth1) and the WAN-sideinterface is allocated to the other NIC (For example br-eth0).The red arrows represent the default gateways and the blue arrow represents a static route.

2.5.7 3-Virtual NIC Pass Bridge ConfigurationThis is the configuration for a network with isolated business, WAN, and management networks when using three virtual NICs.A virtual NIC is allocated to the LAN, WAN, and Admin-side interfaces.The red arrows represent the default gateways.

- 18 -

2.5.8 3-Virtual NIC Pass Bridge Configuration (via a Router)This is the configuration for a network with isolated business, WAN, and management networks when using three virtual NICs.The management network will make access via a router.A virtual NIC is allocated to the LAN, WAN, and Admin-side interfaces.The red arrows represent the default gateways and the blue arrow represents a static route.

2.6 Designing Network EnvironmentsIt is necessary to configure the following design items during configuration of a network environment.

Item Description

Number of Virtual NICs The number of virtual NICs to use.Up to three virtual NICs can be used (however, only one in the cloud).Determine the number of virtual NICs to use based on the desired virtual network configuration.

Virtual NIC Uses Select from among the following uses for each virtual NIC.

- Admin Interface(The network interface used for communication between the Admin PC and this product)

- 19 -

Item Description

- LAN-side Interface(The network interface used by transparent proxies for TCP communication with clients orservers)

- WAN-side Interface(The network interface used by transparent proxies for communication through a WAN)

Configure the following items for each virtual NIC:

- DHCP Server

- Network Address

- Gateway Address

DHCP Server Select whether to use a DHCP server.

- Disable: A DHCP server will not be used

- Enable: A DHCP server will be used

The default value is "Enable."A DHCP server is required for a network that will use DHCP.When configuring a pass bridge, a DHCP server cannot be used for the WAN-side interface.

Network Address The IP address and the subnet mask of the virtual NIC.If a DHCP server is used, these values will be assigned automatically.

Gateway Address The IP address of a router that is connected to a WAN. This router is configured as the defaultgateway for data transmission.This must be specified when the virtual NIC will be used as a WAN-side interface.

DNS Server The IP addresses of the primary and secondary DNS servers.If a DHCP server is used, these values will be assigned automatically.

Domain Name The domain name.The maximum length of the domain name is 254 characters, minus the length of the host name.For example, if the host name is "host1," which has a length of five characters, the maximumspecifiable length of the domain name will be 254 - 5 = 249 characters.The following characters can be used:

- Alphanumeric characters (This value is not case sensitive)

- Hyphens ("-") and periods (".") (Hyphens and periods cannot be used for the first or lastcharacters)

When not using a DHCP server, the default value is "localdomain."When using a DHCP server, the default value is as follows.

- When the domain name can be obtained from the DHCP server: the obtained domain name

- When the domain name cannot be obtained from the DHCP server: "localdomain"

Host Name The host name.Specify a character string 1 - 63 characters in length.The following characters can be used:

- Alphanumeric characters (This value is not case sensitive)

- Hyphens ("-") (Hyphens cannot be used for the first or last characters)

Depending on the installation environment, the default value is as follows.

- For VMware, KVM, or AWS:Regardless of whether a DHCP server is used, the host name is "wacva."It is replaced with the host name specified in the Initialization Wizard or the host namespecified by DHCP when the Initialization Wizard is executed.

- 20 -

Item Description

- For Azure:Regardless of whether a DHCP server is used, the host name is "localhost."

- For OpenStack or K5:Regardless of whether a DHCP server is used, the virtual server name becomes the host name.Specify the virtual server name using the characters that can be used for the host name.

Keymap The keyboard layout.Select from a list of candidates.The default value is "us" (US keyboard).Specify the type of keyboard layout that will be used. For example, "jp106" (Japanese 106keyboard), "jp-OADG109A" (Japanese 109 keyboard), etc.

NTP Servers Choose whether to enable NTP servers.

- Disable: Disable NTP servers

- Enable: Enable NTP servers

When enabling NTP servers, the FQDNs or IP addresses of the NTP servers are required.A maximum of two NTP servers can be registered.The default value is "Disable."

Note

- When registering two NTP servers, their upper NTP server must be the same.

- When enabling the NTP servers, set the configuration so that the host OS also uses the sameNTP server for time synchronization.

Time Zone The time zone.Select from a list of candidates.The default value is "UTC."

HTTPS port number The HTTPS port number.Specify a port number from 1024 to 65535.If omitted, 9856 is used.

2.7 Designing a SSL Server CertificateSSLThis product performs HTTPS communication with Web browsers (Admin PC), and uses SSL server certificates for encryption ofcommunication data and mutual authentication.

It is necessary to configure the following design items when creating an SSL server certificate.

Item Description

Expiration Date The number of days until the SSL server certificate expires, counted from the date on which it wascreated.The longest specifiable period is from the date of creation to January 19, 2038. Be sure to specifya number of days that is longer than the anticipated period of use of this product.

Country Name A two-character country code (ISO-3166).

State or Province Name The name of the state or province in which this product will be used.

Locality Name The name of the locality in which this product will be used.

Organization Name The name of the organization or company.

Organizational Unit Name The name of the applying organizational unit.

Common Name The IP address or host name (FQDN) that would be entered in a Web browser.

- 21 -

Item Description

For example:

- When specifying an IP address: 192.0.2.10

- When specifying a host name: myhost.example.com

Email Address The contact email address.

2.8 Designing Virtual Network Environments (VMwareEnvironments Only)

It is necessary to configure the following design items when configuring a virtual network environment.

Item Description

Network label A name for identifying the port groups of virtual switches.The network label is used when connecting SCO-VA to virtual switches.Specify any desired name.

VLAN ID Identifies the VLAN to be used by the network traffic of the port groups.

2.9 Designing Function EnvironmentsThis section explains how to design the environment for each function.

2.9.1 Designing User Management Functions

2.9.1.1 Designing Local AuthenticationUp to 100 users can be created for local authentication.It is necessary to configure the following design items when using local authentication.

Item Description

Name (User name) The user name.Specify a character string 1 - 64 characters in length.The following characters can be used:

- Alphanumeric characters

- Symbols (!-_.)

Password The password.Specify a character string 8 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

At least three of the following four types of characters must be specified: upper case alphabetical characters,lower case alphabetical characters, numbers, and symbols.

Role (User role) The role can be either of the following:

- Administrator: The system administrator. Can use all functions

- Monitor: Can only use reference functions

The default user role is "Administrator."

- 22 -

Item Description

Mail address The email address of the user.Specify a character string 6 - 63 characters in length.The format is email address format (it must contain an at sign "@"), and the following characters can be used:


- Symbols (._%+-@)

This value can be omitted.

Description The description of the user.Specify a character string 1 - 256 characters in length.There are no restrictions on the characters that can be used.This value can be omitted.

2.9.1.2 Designing External AuthenticationLDAP and Active Directory (AD) are supported for external authentication servers, and up to eight servers can be registered in total.It is necessary to configure the following design items when using external authentication servers.

Item Description

Type The type of the authentication server. Specify either of the following:

- LDAP: LDAP authentication server

- AD: Active Directory (AD) authentication server

The default value is "LDAP."

IP address The IP address of the authentication server.

Port The port number of the authentication server.The default value is 389.

Domain The domain of the authentication server.

User search base The user search base of the authentication server. This is used as the primary identifier when performing usersearches with the domain name omitted.If "Type" is "AD," the default value is "cn=users."

Group search base The group search base of the authentication server. This is used as the primary identifier when performing groupsearches with the domain name omitted.If "Type" is "AD," the default value is "cn=users."

Administrator user The user name of the administrator of the authentication server.

Administrator password The password of the administrator of the authentication server.

SSL One of the following encryption methods is used:

- None

- SSL/TLS

- STARTTLS

The default value is "None."

Priority The priority of the authentication server.A smaller value means higher priority.This value can be omitted. If omitted, the lowest priority (the largest value) is used.If the specified value is already registered, the priority of that server and subsequent servers are lowered by one(values are incremented).

Description The description of the authentication server.Specify a character string containing up to 256 characters.

- 23 -

Item Description

There are no restrictions on the characters that can be used.This value can be omitted.

External Authentication Server-side Design

- When using LDAP authentication, ensure that all user names are 512 or fewer characters in length.

- Create the following groups for user roles on each external authentication server, and register each user that will be authenticatedexternally in the corresponding user role group.

Role User Role Group Name

Administrator WacAdmin

Monitor WacMon

2.9.1.3 Designing the Console UserThere is only one console user, with the name "administrator."Configure the following design item for the console user.

Item Description

Password The password of the console user.The default value is "Admin123#."The password can be changed via the Initialization Wizard.Specify a character string 8 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

- Use at least three of the following types of characters:

- A-Z

- a-z

- 0-9

- Symbols

2.9.1.4 Designing the File Transfer UserThere is only one file transfer user with the name "secftpuser." Configure the following design items for the file transfer user.

Item Description

Password The password of the file transfer user.The default value is "Secftp123#."The password can be changed via the Initialization Wizard. Specify a character string that is 8 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

- Use at least three of the following types of characters:

- A-Z

- a-z

- 24 -

Item Description

- 0-9

- Symbols

2.9.2 Designing the Email Notification FunctionUp to three recipients can be specified for email notification.It is necessary to configure the following design items when using email notification.

Item Description

SMTP server The address of the SMTP server.Specify a character string 1 - 64 characters in length.The format is IP address format or FQDN format.For FQDN, the following characters can be used.


- Symbols (-.)

Sender mail address The content of the "From" field of the emails to be sent.Specify a character string 3 - 63 characters in length.The format is email address format (it must contain an at sign "@"), and the following characters can be used:


- Symbols (!#$%&'*+/=?^_`{|}~-.@)

SMTP port The port number of the SMTP server.Specify a value from 1 to 65535.If omitted, the port number of the SMTP server is 25.

Authentication method The authentication method for connecting to the SMTP server. Configure one of the following:

- none: Devices will connect to the SMTP server without using authentication

The following values use the AUTH SMTP authentication to connect to the SMTP server. For theauthentication method, select one according to the security policy of the SMTP server to be used.

- cram-md5: "CRAM-MD5" is used as the authentication method

- plain: "plain" is used as the authentication method

- login: "login" is used as the authentication method

User name The name of the user account for connecting to the SMTP server.It is required when the authentication method is not "none."Specify a character string 1 - 255 characters in length.The following characters can be used:


- White space

- Symbols (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)

Password The password of the user account for connecting to the SMTP server.It is required when the authentication method is not "none."Specify a character string 1 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

- 25 -

Item Description

Subject (Fixed) The fixed character string to be inserted as the prefix for the "Subject" line.Specify a character string 1 - 30 characters in length.The following characters can be used:


- White space

- Symbols (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)

If omitted, the "Subject" line will be "Smart Communication Optimizer Event Mail."If specified, "Smart Communication Optimizer Event Mail" will be added to the end of the specified characterstring.

Number of Retries The maximum number of attempts to resend when sending of an email fails.Specify a value from 0 to 5.If omitted, the number of retries is zero (no retries).

Retry Interval(in seconds)

The interval between attempts to resend.Specify a value from 1 to 300 seconds.If omitted, the retry interval is one (a retry for a one second interval).

SMTP over SSL Determines whether to use SMTP over SSL. Specify either of the following:

- disable: SMTP over SSL will not be used

- ssl-tls: SMTP over SSL/TLS will be used

Confirm that the mail server you are using is compatible with SSL/TLS when selecting "ssl-tls." The default value is "disable."

Mail notification The mail address of the notification destination.Specify a character string 3 - 63 characters in length.The format is email address format (it must contain an at sign "@"), and the following characters can be used:


- Symbols (!#$%&'*+/=?^_`{|}~-.@)

2.9.3 Designing Transparent Proxy ManagementFor how to place transparent proxies, refer to "1.3 System Configuration of FUJITSU Software Smart Communication Optimizer." Amaximum of 20 transparent proxies can be registered in SCO-VA.It is necessary to configure the following design items when creating transparent proxies.

Item Description

Transparent Proxy Name The name of the transparent proxy.Specify a character string 1 - 63 characters in length.The following characters can be used:


- Hyphens ("-") (Hyphens cannot be used for the first or last characters)

Transparent proxy names must be unique within SCO-VA.

Type The type of the transparent proxy. Specify either of the following:

- Client:A transparent proxy of the client type.A transparent proxy of the client type establishes a UNAP connection to a transparent proxyof the server type.

- Server:A transparent proxy of the server type.A transparent proxy of the server type waits for a transparent proxy of the client type toestablish a UNAP connection.

- 26 -

Item Description

A transparent proxy registered with the SCO-VA on the TCP client side may be a server type. Atransparent proxy registered with the SCO-VA at the TCP server side may be a client type.

Pair IP Address The IP address of the WAN-side interface of the transparent proxy to pair with.When the IP address translation has been configured, specify a reachable IP address if necessary.Furthermore, when using multiple transparent proxies in the same SCO-VA, the pair IP addressand port number combination must not be overlapping among any of the client types.

Port Number The port number used by UNAP to enable high-speed data transfer over a WAN.Specify a value from 20500 to 20650.For the client type, it is the server-side port number.When using several server types in SCO-VA, the number of ports must not be overlapped amongall server types.The specified port number must match that of the paired transparent proxy. If the port numbers donot match, then establishment of the UNAP connection will fail.

LAN-side Interface The name of the network interface used by the transparent proxy for TCP communication withclient or server applications.Virtual NIC which virtual NIC use is set to "LAN-side Interface" in the Initialization Wizard.The virtual NIC will be one of the following.

- br-eth0

- br-eth1

- br-eth2

WAN-side Interface The name of the network interface used by the transparent proxy for WAN-side communication.Virtual NIC which virtual NIC use is set to "WAN-side Interface" in the Initialization Wizard.The virtual NIC will be one of the following.

- br-eth0

- br-eth1

- br-eth2

Operation Mode The operation mode of the transparent proxy. Select either of the following:

- Transparent: Transparently relays TCP connections.

- Terminate: Terminates TCP connections.

For client type, "Transparent" is fixed.For server type, make selections similar to the following.

- When registering the transparent proxy in AWS, Azure, K5 or OpenStack: "Terminate"

- For VMware or KVM, it is different depending on the network configuration.

- For parallel configuration: "Terminate"

- For pass bridge configuration: "Transparent"

- For network configuration, refer to "2.5 Designing Network Configuration."

Target Service Port Numbers The list of port numbers of services that are the targets of data transfer performed by thetransparent proxy.Specify a value from 1 to 65535.Up to 100 port numbers can be specified.To specify multiple port numbers, use a range or a list.Indicate a range using a hyphen.When specifying a range using the format "x-y," x must be less than or equal to y.(For example, "80-83" and "80-80" are valid ranges, but "80-79" is not)Use commas to separate values in a list.(For example, "80,81")

- 27 -

Item Description

When registering multiple transparent proxies with an SCO-VA, the target service port numbersmust not be overlapping among the transparent proxies.Specify the target service port numbers only for transparent proxies on the TCP client side. It isnot necessary to specify for transparent proxies on the TCP server side.

Maximum Number of TCPConnections

The maximum number of TCP connections that can be established.Specify a value from 1 to 10000.The default value is 10000.If the number of connections on either the server type or client type transparent proxy exceeds thevalue specified here, any further connections attempted from the TCP client will be denied.Normally, it is not necessary to configure this item. Use it to restrict the number of connectionsthat can be attempted by the TCP client.

Number of Connection Re-establishment Attempts

The number of reconnection attempts to make when establishing a UNAP connection.Once the specified number of attempts is reached, an event log indicating that UNAP connectionhas failed is output.Specify a value from 0 to 255.The default value is 5.When "0" is specified, an event log will be output as soon as the first attempt to establish aconnection fails.Specify only for client types.

Connection Re-establishment AttemptInterval

The interval (in seconds) between reconnection attempts when establishing a UNAP connection.Specify a value from 1 to 300.The default value is 10.When Round-Trip Time is less than 1 second, it is not necessary to change the initial setting value. When Round-Trip Time exceeds 1 second, configure the value to Round-Trip Time(seconds) *10. (Ex: When the Round-Trip Time is 2 seconds, specify 20.)Specify only for client types.

Connection Monitoring Interval The connection monitoring interval (in seconds) for a UNAP connection.Specify a value from 1 to 300.The default value is 75.When Round-Trip Time is less than 1.5 seconds, it is not necessary to change the initial settingvalue.When Round-Trip Time exceeds 1.5 seconds, configure the value to Round-Trip Time(seconds)* 50. (Ex: When the Round-Trip Time is 2 seconds, specify 100.)Specify only for client types.For server type, it will be automatically adjusted to the same value as the client type.

MTU Size The MTU size of UNAP.Specify the maximum specifiable MTU size for the network that data transfer will be performedover.For maximum MTU size, confirm the WAN router settings.Specify a value from 400 to 9000.The default value is 1500.Specify only for client types.For server type, it will be automatically adjusted to the same value as the client type.

Traffic Control Upper Limit Choose whether to use the Traffic Control function.

- Disable: Do not use the Traffic Control function

- Enable: Use the Traffic Control function

The default value is "Disable."When using the Traffic Control function, you can specify the data throughput upper limit thattransparent proxies send via UNAP in Mbps or Gbps.You can specify a value from 100Mbps to the license throughput upper limit.For details, refer to "2.9.3.1 Designing the Traffic Control Upper Limit."

- 28 -

2.9.3.1 Designing the Traffic Control Upper LimitThe WAN throughput upper limit when not using the Traffic Control function, is the smaller value of the license throughput upper limitsfor paired transparent proxies.When the WAN throughput upper limit and the network bandwidth of the physical line are the same, network bandwidth cannot be allocatedto other communications.Therefore, by using the Traffic Control function and restricting the WAN throughput upper limit, network bandwidth can be allocated toother communications.The following shows examples of when the Traffic Control function is not used and when it is used.

Figure 2.3 When there is one transparent proxy and the Traffic Control function is not used

Figure 2.4 When there are multiple transparent proxies and the Traffic Control function is not used

- 29 -

Figure 2.5 When there is one transparent proxy and the Traffic Control function is used

Figure 2.6 When there are multiple transparent proxies and the Traffic Control function is used

Note

When multiple transparent proxies are communicating at the same time, set the total of the traffic control upper limit less than the licensethroughput upper limit.

- 30 -

Chapter 3 Installation and SetupThis chapter explains the installation and setup of this product.

3.1 Overall Flow of Installation and SetupThe system configuration of this product can be either of the following combinations.

Environment A Environment B

On-premises On-premises

On-premises Cloud

Reference: For the purposes of this explanation of the flow of installation and setup, one part of this combination is referred to asenvironment A and the other, environment B.

There are the following types of on-premises environments and cloud environments.

- On-premises

- VMware environments

- KVM environments

- Cloud

- AWS environments

- Azure environments

- K5 environments

- OpenStack environments

The flow of installation and setup of this product is as follows:

1. Installation of this product on environment A

2. Setup of this product on environment A

3. Installation of this product on environment B

4. Setup of this product on environment B

5. Preparation of the operating environment

6. Configuring the Default Gateway of the TCP Communication App

For details on installation, refer to "3.2 Installation (VMware Environments)," "3.3 Installation (KVM Environments)," "3.4 Installation(AWS Environments)," "3.5 Installation (Azure Environments)," "3.6 Installation (K5 Environments)," or "3.7 Installation (OpenStackEnvironments)," depending on the environment in which you are installing.

3.2 Installation (VMware Environments)This section explains installation in VMware environments. The following example uses vSphere 6.0.

The flow of installation in VMware environments is as follows:

1. Creation of the virtual network

2. Deployment of the virtual appliance

3.2.1 Creating Virtual Networks in VMware EnvironmentsThis section explains the procedure for creating the virtual network (port group) for virtual appliances to connect to.

- 31 -

Preparations

Confirm that the following have already been created:

- The virtual switch (vSwitch) on which the network of this product will be placed

Configure the ports of the virtual switch as follows.

- MTU: 9000

- Connections to external networks (uplinks)

When using any of the following, connect the device to the virtual switch in advance.

- A DHCP server

- NTP servers

- External authentication servers

- A firewallWhen configuring a firewall, refer to "A.2 List of Used Port Numbers," and approve use of the listed port numbers.

Procedure

1. Log in to vSphere Web Client.

2. In the [Navigator] pane, select the [Hosts and Clusters] tab, and then select the host on which the network of this product will beplaced.

3. Select [Actions]-[Add Networking] to start the [Add Network] wizard.

4. Follow the instructions in the [Add Network] wizard to configure the network.

Step Task Details Description

1 Select connection type Select [Virtual Machine Port Group for a Standard Switch].

2 Select target device Select [Select an existing standard switch].Click the [Browse] button, and then select the virtual switch to use to create the networkof this product.

3 Connection settings Specify the network label and the VLAN ID.For the content to specify, refer to "2.8 Designing Virtual Network Environments(VMware Environments Only)."

4 Ready to complete Confirm the selected content and, if there are no problems, click the [Finish] button toclose the wizard.

5. When configuring a pass bridge, configure the security settings of port groups.

The targets for security configuration are port groups which the network adapters allocated as the SCO-VA LAN-side interface andWAN-side interface connect to.The settings to configure are as follows:

- Promiscuous Mode: Accept

- Forged Transmits: Accept

Note

Port groups in which the security settings have been configured must not be associated with the network adapters attached to VMsother than the SCO-VAs.

6.

- 32 -

3.2.2 Deploying Virtual Appliances to VMware EnvironmentsThis section explains the procedure for deploying virtual appliances to VMware environments.

Procedure

1. Set the DVD of this product in a computer that is logged in to vCenter.

2. Log in to vSphere Web Client.

3. In the [Navigator] pane, select the [VMs and Templates] tab, and then select vCenter Server.

4. Select [Action]-[Deploy OVF Template] to launch the [Deploy OVF Template] wizard.

5. Follow the instructions in the [Deploy OVF Template] wizard to configure the template.

Step Task Details Description

1 Select source Select [Local file].Click the [Browse] button, and then specify the OVF template file (.ovf) on the DVD of thisproduct.

2 Review details Check the details of the specified OVF template.

3 Select name and folder Specify a name for the template.For the deployment destination, select a "datacenter" or a "folder."

4 Select a resource Select where to run the deployed OVF template.

5 Select storage Select the datastore in which to store the files for the deployed template.Select the following:

- Select virtual disk format: "Thick Provision Lazy Zeroed"

- VM Storage Policy: Datastore Default

6 Setup networks Select the network created in "3.2.1 Creating Virtual Networks in VMware Environments."

7 Ready to complete Confirm the selected content and, if there are no problems, click the [Finish] button to close thewizard.

6. Wait for deployment of this product to complete. The deployment progress can be confirmed using the progress bar displayed in[Recent Tasks].

7. Change the number of CPUs and the memory size of the virtual machine of this product based on the requirements described in "1.6.1Virtual Appliance Resource Requirements."

8. When performing a 1 or 2 virtual NIC configuration, delete network adapters that will not be used in [Edit settings].

Note

Adding and Deleting Network Adapters

It is not possible to delete or add network adapters after executing the initialization wizard and configuring the initial settings.If executing deletion or addition, execute deployment again.For the initialization wizard, refer to "3.8.2.1 Executing the Initialization Wizard."

Point

Use the same procedure as above when deploying this product in VMware vSphere High Availability (vSphere HA) environments.

3.3 Installation (KVM Environments)This section explains installation in KVM environments.

- 33 -

The flow of installation in KVM environments is as follows:

1. Creation of the virtual network

2. Deployment of the virtual appliance

3.3.1 Creating Virtual Networks in KVM EnvironmentsPrepare the virtual network for virtual appliances to connect to.

Confirm the following:

- The virtual network (virtual bridge) that will connect virtual appliances has been created

- The virtual bridge is connected to a physical NIC

When using any of the following, connect the device to the virtual bridge in advance.

- A DHCP server

- NTP servers


- A firewallWhen configuring a firewall, refer to "A.2 List of Used Port Numbers," and approve use of the listed port numbers.

3.3.2 Deploying Virtual Appliances to KVM EnvironmentsThis section explains the procedure for deploying virtual appliances to KVM environments.

Procedure

1. Copy the tar.gz file on the DVD of this product to the desired folder on the KVM host, and unpack the copied tar.gz file.

Example

# tar xzvf SCO_v110_kvm.tar.gz <Enter>

SCO_v110_kvm/

SCO_v110_kvm/SCO_v110_kvm.qcow2

SCO_v110_kvm/SCO_v110_kvm.xml

2. Copy the files of the unpacked directory to their respective designated destinations.

Example

# cp SCO_v110_kvm.qcow2 /var/lib/libvirt/images <Enter>

# cp SCO_v110_kvm.xml /etc/libvirt/qemu <Enter>

3. Specify the xml file to register the VA image of this product.

Example

# virsh define /etc/libvirt/qemu/SCO_v110_kvm.xml <Enter>

4. Click [Virtual Machine Manager] menu on the desktop screen to open the [Virtual Machine Manager] screen.

5. On the [Virtual Machine Manager] screen, select the VA image of this product, and then click the [Open] button.

6. On the [Virtual Machine] screen, select [View]-[Details] from the menu.

- 34 -

7. When performing a 1 or 2 virtual NIC configuration, delete network adapters that will not be used on the [Virtual Machine Details]screen.

8. On the [Virtual Machine Details] screen, select [NIC]. Then, select the virtual network or host device that this product will connectto, and click the [Apply] button.

9. Change the number of CPUs and the memory size of the virtual machine of this product based on the requirements described in "1.6.1Virtual Appliance Resource Requirements."

Note

Adding and Deleting Network Adapters

It is not possible to delete or add network adapters after executing the initialization wizard and configuring the initial settings.If executing deletion or addition, execute deployment again.For the initialization wizard, refer to "3.8.2.1 Executing the Initialization Wizard."

Note

When deploying multiple virtual appliances

When deploying multiple virtual appliances, note the following to perform the procedure above.

- In step 2, copy it as a different name so that previously copied files will not be overwritten.

Example

# cp SCO_v110_kvm.qcow2 /var/lib/libvirt/images/SCO_v110_kvm_2.qcow2 <Enter>

# cp SCO_v110_kvm.xml /etc/libvirt/qemu/SCO_v110_kvm_2.xml <Enter>

- Change the value of the name tag and the source tag in the disk tag of the xml file with a different name to which the file was copiedin the step 2 as shown below.

Example

<domain type='kvm'>

<name>SCO_v110_kvm_2</name>

...

<devices>

<disk ...>

<source file='/var/lib/libvirt/images/SCO_v110_kvm_2.qcow2'/>

...

- In step 3, specify the xml file with a different name to which the file has been copied.

Example

# virsh define /etc/libvirt/qemu/SCO_v110_kvm_2.xml <Enter>

3.4 Installation (AWS Environments)This section explains the procedure for installation in an AWS environment.

- 35 -

Preparations

Confirm that the following has already been performed.

- An Amazon S3(Simple Storage Service) bucket has been created so that the image of this product can be stored

- An AWS account has been created so that the above bucket can be accessed

- The VPC that this product will connect to has been created

Procedure

1. Set the DVD of this product in an Admin PC that can connect to AWS.

2. Using AWS CLI, upload the virtual appliance image of this product to Amazon S3.

Example

aws s3 cp /tmp/SCO_v110_aws-disk1.vmdk s3://wacva <Enter>

The parameters are as follows.

Parameter Description

First parameter The name of the image file to be uploaded.In the above example, "cp" is specified.

Second parameter The name of the bucket of the upload destination.In the above example, "/tmp/SCO_v110_aws-disk1.vmdk s3://wacva" is specified.

3. Use AWS CLI and import the virtual appliance image to create an AMI(Amazon Machine Image) for this product.

Example

aws ec2 import-image --disk-containers file://containers.json <Enter>

The options and parameters are as follows.

Option name Description

--disk-containers The file with the defined parameters to be imported.In the above example, "file://containers.json" is specified.For details, refer to the AWS document.

Example

Definition file example

[

{

"Description": "SCO",

"Format": "VMDK",

"UserBucket": {

"S3Bucket": "wacva",

"S3Key": "SCO_v110_aws-disk1.vmdk"

}

}

]

4. Create an instance of this product from the AMI that was created in Step 3.

- 36 -

5. In the following procedure, configure an Elastic IP.

a. In a Web browser, log in to an AWS Management Console.

b. Select [VPC] and the [VPC Management Console] screen is displayed.

c. On the pane of the left side of the [VPC Management Console] screen, select [Elastic IP] and on the right side of the [ElasticIP] screen, click the [Allocate new address] button.

d. Clicking the [Allocate] button on the [Allocate new address] screen automatically allocates the IP and it is added to the tableon the [Elastic IP] screen.

6. In the following procedure, address the Elastic IP to the instance of this product.

a. On the pane of the left side of the [VPC Management Console] screen, select [Elastic IP], and from the table on the right sideof the [Elastic IP] screen, select the Elastic IP that was created in Step 5.

b. On the [Elastic IP] screen, select [Actions]-[Associate address] and the [Associate address] is displayed.

c. Specify the following on the [Associate address] screen and click the [Associate] button.

- Resource type (Specify "Instance")

- Instance (Specify the instance of this product)

- Private IP (Select the IP address that you want to associate)

7. Start the instance of this product.

3.5 Installation (Azure Environments)This section explains the procedure for installation in an Azure environment.

Preparations

Confirm that the following has already been performed.

- A virtual appliance image of this product has been stored and the required resource groups, storage accounts, and storage containers forcreating resources for virtual machines have been created

- The virtual networks, subnets, and public IPs that this product will connect to have been created

- On an Admin PC that can connect to Azure, the image to be uploaded from the DVD of this product has been unpacked

When using any of the following, connect the device to the network in advance.

- A DHCP server

- NTP servers


- A firewallWhen configuring a firewall, refer to the "A.2 List of Used Port Numbers," and approve the use of the listed port numbers.

Procedure

1. From the Azure portal screen, select [Storage accounts]-<Storage account name to be used>-[Blobs]-<Container name to be used>to display the [Container] screen, then click the [Upload] button. Next, specify the image file to be uploaded for this product and clickthe [Upload] button.

2. Click the [cloud-shell] button on the Azure portal screen to display the [cloud-shell] screen(bash).

3. Using the az disk create command, create a management disk from the custom disk that was uploaded.

- 37 -

Example

az disk create --resource-group rscgrp_msdn_westus2 --sku Standard_LRS --location westus2 --name

sco_mng_disk --source https://strgmsdn.blob.core.windows.net/scomsdncontainer/

SCO_v110_azure.vhd <Enter>



--resource-group The name of the resource group.In the above example, "rscgrp_msdn_westus2" is specified.

--sku The type of management disk.In the above example, "Standard_LRS" is specified.

--location The name of the region.In the above example, "westus2" is specified.

--name The name of the management disk.In the above example, "sco_mng_disk" is specified.

--source The URL of the custom disk that has been uploaded.In the above example, the following is specified."https://strgmsdn.blob.core.windows.net/scomsdncontainer/SCO_v110_azure.vhd"

4. Using the az vm create command, create a virtual machine for this product which will use the management disk.

Example

az vm create --resource-group rscgrp_msdn_westus2 --location westus2 --name scovm --os-type

linux --size Standard_D2_v3 --public-ip-address-allocation static --public-ip-address static-

public --subnet sco-subnet --vnet-name sco-vnet --attach-os-disk sco_mng_disk <Enter>




--location The name of the region.In the above example, "westus2" is specified.

--name The name of the virtual machine.In the above example, "scovm" is specified.

--os-type The OS type of the virtual machine.Specify "linux."

--size The size of the virtual machine.In the above example, "Standard_D2_v3" is specified.

--public-ip-address-allocation Whether the public IP is released when the virtual machine has been stopped.Specify "static."

--public-ip-address The name of the public IP.In the above example, "static-public" is specified.

--subnet The name of the subnet.In the above example, "sco-subnet" is specified.

--vnet-name The name of the virtual network.In the above example, "sco-vnet" is specified.

- 38 -


--attach-os-disk The name of the management disk.Specify the name of the management disk that was created in Step 3.In the above example, "sco_mng_disk" is specified.

5. Using the az vm boot-diagnostics command, enable the virtual machine Boot Health Check function so that the serial console can beused.

Example

az vm boot-diagnostics enable --name scovm --resource-group rscgrp_msdn_westus2 --storage

https://strgmsdn.blob.core.windows.net/ <Enter>



--name The name of the virtual machine.Specify the name of the virtual machine that was created in Step 4.In the above example, "scovm" is specified.


--storage The BLOB SERVICE endpoint for the storage account.In the above example, "https://strgmsdn.blob.core.windows.net/" is specified.

6. Refer to "A.2 List of Used Port Numbers" for networks in which virtual machines have been created and configure network securitygroups.

3.6 Installation (K5 Environments)This section explains the procedure for installation in a K5 environment.

Preparation

Confirm that the following has already been created:

- A network to which this product will be connected

- A network for using a Floating IP (if an external connection is necessary)



- A DHCP server

- NTP servers



Procedure

1. Log in to the K5 IaaS Service Portal.

2. Using the [API Execution] screen, create an Object Storage container.

a. Configure the following:

- HTTP Method: Select "PUT"

- 39 -

- Endpoints: Select "objectstorage"

- Add "/container_name" to the end of the path displayed for the URI.

b. Click the [Execute API] button.

c. Confirm the execution results in the response field.

3. Configure the API execution environment.For details, refer to the "FUJITSU Cloud Service K5 API User Guide."

4. Set the DVD of this product in the API execution environment.You can also transfer the vmdk file included on the DVD of this product to the API execution environment.

5. Create the shell for registering the image of this product in the created Object Storage container.

Refer to the following when creating the shell.

#!/bin/bash

. ./get_token.sh

CONTAINER=<container_name>

OBJECT=<image_file_of_this_product (for example: "SCO_v110_k5-disk1.vmdk")>

UPLOAD_FILE=<name_of_the_image_file_of_this_product (for example: "./SCO_v110_k5-disk1.vmdk")>

# Upload object

echo "*** CURL"

echo 'curl -Ss -T '$UPLOAD_FILE' '$OBJECTSTORAGE'/v1/AUTH_'$TENANT_ID'/'$CONTAINER'/'$OBJECT' -X

PUT -H "Transfer-Encoding: chunked" -H "X-Detect-Content-Type: true" -H "Accept:application/

json" -H "X-Auth-Token: '$OS_AUTH_TOKEN'"'

resp=`curl -Ss -T $UPLOAD_FILE $OBJECTSTORAGE/v1/AUTH_$TENANT_ID/$CONTAINER/$OBJECT -X PUT -H

"Transfer-Encoding: chunked" -H "X-Detect-Content-Type: true" -H "Accept:application/json" -H "X-

Auth-Token: $OS_AUTH_TOKEN"`

echo $resp | jq .

6. Use the shell to register the image of this product in the Object Storage container.The image file of this product that you registered using the shell is placed in the corresponding folder.

7. Log in to the K5 IaaS Service Portal.

8. Using the [API Execution] screen, confirm the objects registered in the Object Storage container.


- HTTP Method: Select "GET"

- Endpoints: Select "objectstorage"

- Add "/container_name" to the end of the path displayed for the URI.


c. Confirm in the response field that the object has been registered.

9. Using the [API Execution] screen, register the image of the object that was registered in the Object Storage container.


- HTTP Method: Select "POST"

- Endpoints: Select "vmimport"

- For the URI, input the following path of the API for image registration./v1/imageimport

- Configure the following request parameters in the request body.

- 40 -

Request Parameter Value

name Image name

location Object name in the container ("/v1/AUTH_tenant_ID/container_name/object_name")

min_ram Memory capacity (MB)

min_disk Disk capacity (GB)

os_type centos

activate true


c. Confirm in the response field that execution of the API was accepted.

10. From the [Execute API] screen, confirm image registration status.

a. On the [Execute API] screen, configure the following.

- HTTP Method: Select "GET"

- Endpoints: Select "vmimport"

- For the URI, input the following path of the API for image registration./v1/imageimport/{import_id}/statusThe import process ID that the request API returns in Step 9 is import_id.


c. Confirm whether image registration has been completed based on the response.

11. When processing completes, the image will be registered on the [Image List] screen, with the image name specified during imageregistration.

12. On the [Image List] screen, select the registered image and click the [Action] button. From the displayed pull-down menu, select"Create Storage."

13. On the [Create Storage] screen, create the storage in which the image of this product will be stored.


- Specify the storage name

- Select the type

- Specify the disk size

- Select the AZ

14. Using the [Key Pair List] screen, create the key pair to be used by this product.

15. Using the [Virtual Network List] screen, create the local network for this product.Create a subnet as well.

16. On the [Virtual router list] screen, select the created virtual router and click the [Action] button. From the displayed pull-down menu,select "Gateway settings."

a. On the [Gateway settings] screen, configure the following.

- Select the external virtual network

17. On the [Virtual Router List] screen, select the created virtual router, and add an interface to it.

a. On the [Add interface] screen, configure the following:

- For the subnet, select the subnet of the local network that was created in advance

- For the IP address, select the IP address of the gateway of the selected subnet

- 41 -

18. From the [Virtual Server List] screen, create the virtual server on which this product will operate.Configure the following:

- Select the AZ

- Specify the virtual server name

- Select the virtual server type

- Select the boot source (storage) for the virtual server

- Select the device name

- Select the virtual network to connect to

- Select the key pair

- Select the security group (security groups must be created in advance)

- It is not necessary to specify a provisioning script

19. On the [Virtual Server List] screen, confirm that the status of the created virtual server becomes "ACTIVE."

20. If an external connection is necessary for the virtual server of this product, use the [Global IP List] screen to allocate a global IP tothe virtual server.

3.7 Installation (OpenStack Environments)This section explains the procedure for installation in an OpenStack environment.

Preparations

Confirm that the following has already been created.

- A network to which this product will be connected

- A network for using a Floating IP (if an external connection is necessary)



- A DHCP server

- NTP servers



Procedure

1. Set the DVD of this product in an Admin PC that can connect to the host OS of OpenStack.

2. Log in to the host OS of OpenStack, and then create the directory for storage of the virtual appliance image of this product.

3. Upload the virtual appliance image of this product that was set in the step 1 to the directory created in the step 2.

4. Use the "openstack image create" command targeting the above directory to register the virtual appliance image of this product.

Example

# openstack image create --disk-format qcow2 --container-format bare --file /root/shizai/

SCO_v110_openstack.qcow2 sco-image <Enter>


- 42 -


--disk-format The disk format of the virtual appliance image.Specify "qcow2."

--container-format The container format of the virtual appliance image.Specify "bare."

--file The name of the image file to be registered.Specify the directory name created in step 2 and the file name uploaded in step 3.In the preceding example, "/root/shizai/SCO_v110_openstack.qcow2" is specified.

Parameter The name of the virtual appliance image to be created.In the preceding example, "sco-image" is specified.

5. Use the "openstack flavor create" command to register a flavor with the flavor information of this product.

Example

# openstack flavor create --id auto --ram 4096 --disk 60 --vcpus 2 sco-flavor <Enter>



--id The ID of the flavor.If "auto" is specified, a UUID will be generated automatically.

--ram The memory size (MB).Specify a value by referring to "1.6.1 Virtual Appliance Resource Requirements."

--disk The disk size (GB).Specify a value no less than 60.

--vcpus The number of the virtual CPUs.Specify a value by referring to "1.6.1 Virtual Appliance Resource Requirements."

Parameter The name of the flavor to be created.In the preceding example, "sco-flavor" is specified.

6. Generate a key pair using the ssh-keygen command or another method, and then use the "openstack keypair create" command toregister that key pair.

Example

# openstack keypair create --public-key /root/.ssh/id_rsa.pub sco-keypair <Enter>



--public-key The file path of the public key.In the preceding example, "/root/.ssh/id_rsa.pub" is specified.

Parameter The name of the key to be created.In the preceding example, "sco-keypair" is specified.

7. Use the "openstack volume create" command to create a new volume.

- 43 -

Example

# openstack volume create --size 60 --image sco-image sco-volume <Enter>



--size The size of the volume (GB).Specify a value no less than 60.

--image The name of the virtual appliance image to be used.Specify the virtual appliance image name that has been specified for the "openstack image create"command in step 4.In the preceding example, "sco-image" is specified.

Parameter The name of the volume to be created.In the preceding example, "sco-volume" is specified.

8. Use the "openstack server create" command to create and start a new virtual server.

Example

# openstack server create --volume sco-volume --flavor sco-flavor --key-name sco-keypair --nic

net-id=4f6df1ac-5b97-4f97-ac75-a19ae8f385ba sco-server <Enter>



--volume The name of the volume to be used when starting.Specify the volume name that has been specified for the "openstack volume create" command in step 7.In the preceding example, "sco-volume" is specified.

--flavor The name of the flavor to be used for the virtual server.Specify the flavor name that has been specified for the "openstack flavor create" command in step 5.In the preceding example, "sco-flavor" is specified.

--key-name The name of the key to be used for the virtual server.Specify the name of the key that has been designated for the "openstack keypair create" command in step 6.In the preceding example, "sco-keypair" is specified.

--nic net-id= The ID of the NIC to be used for the virtual server.Specify the ID of the network created for this product. (*1)In the preceding example, "4f6df1ac-5b97-4f97-ac75-a19ae8f385ba" is specified.

Parameter The name of the virtual server to be created.In the preceding example, "sco-server" is specified.

*1: To confirm the ID of the NIC to specify for --nic net-id, use the following procedure.

# openstack network list <Enter>

9. If an external connection is necessary for the virtual server of this product, use the "openstack floating ip create" command to allocatea floating IP to the virtual server.

Example

# openstack floating ip create --port a35b77a4-3f5a-460c-92ac-92316cde07a0 sco-network <Enter>

- 44 -



--port The port (name or ID) to be associated with the floating IP.Specify a port that has an IP address allocated for the virtual server that has been created using the"openstack server create" command in step 8. (*2)In the preceding example, "a35b77a4-3f5a-460c-92ac-92316cde07a0" is specified.

Parameter The network (name or ID) from which a floating IP will be allocated.In the preceding example, "sco-network" is specified.

*2: To confirm the port identifier to specify for --port, use the following procedure.

Example

# openstack port list --server sco-server <Enter>



--server The name of the virtual server.Specify the name of the virtual server created using the "openstack server create" command in step 8.In the preceding example, "sco-server" is specified.

3.8 SetupThis section explains setup.

3.8.1 Flow of SetupThe flow of setup is as follows:

1. Initialization

2. Configuration of the Web browser

3. Configuration of the System

3.8.2 InitializationThis section explains initialization.

The flow of initialization is as follows:

1. Execution of the initialization wizard

2. Configuring the SSH Authentication Method

3. Configuration of routing

4. Setting the system clock

5. Configuration of HTTPS communication

6. Changing of the HTTPS port number

3.8.2.1 Executing the Initialization WizardThis section explains the procedure for initialization using the initialization wizard.

You can omit executing the initialization wizard in the following cases:

- 45 -

- For on-premises (VMware, KVM)

When there is one virtual NIC being used and when a DHCP server can be used.

- For the cloud (AWS, Azure, K5, OpenStack)

When a DHCP server can be used.

Preparations

- If you did not start the virtual machine during installation, use the functions of the server virtualization software on the installationdestination to start the virtual appliance.

- Refer to "2.9.1.3 Designing the Console User" for the account of the console user, and note down the information.

- Refer to "2.9.1.4 Designing the File Transfer User" for file transfer users and note down the information.

- Refer to "2.6 Designing Network Environments" for the items to configure in the initialization wizard, and decide them in advance.

- To change the items specified in the Initialization Wizard, start the Initialization Wizard again. In addition, to make a restoration to thestate just after the installation, save a snapshot just after the installation, and use the snapshot to restore to that state.

Procedure

1. Log in to the console using the console user account.

2. Execute the following command in the current directory to launch the initialization wizard.(After typing "init," pressing the <Tab> key can supplement entry of the initial_setup command)

# initial_setup <Enter>

3. Follow the instructions in the initialization wizard to configure the initial settings.

Note

- The default keymap is "us". Please be careful while entering information (e.g. changing password) before setting the keymap.

- If the <ESC> key or <Alt> + <any another key> is pressed while the initialization wizard is running, the wizard may be aborted.When aborted, press the <Ctrl>+<c> key to terminate the initialization wizard, and then execute the wizard again to redo theconfiguration from the beginning.

Step Screen Title Task Details Check Command (*1)

1 menu Select whether to start the initialization wizard.

- Setup: Start the initialization wizard

- Exit: Close the initialization wizard

None

2 Change Password Changes the password of console users and file transfer users. To change users, select from the following.

- administrator: console user

- secftpuser: file transfer user

For details, refer to "2.9.1.3 Designing the Console User"or"2.9.1.4 Designing the File Transfer User."If you change the password, you will be prompted to re-enterthe new password for the purpose of confirmation.If you do not change the password, select the [<Next>] button.From a security standpoint, it is recommended that youchange the password.

None

3 Configure NetworkUses

Determine the purpose of the virtual NIC. In the sequence of Admin interface, WAN-side interface, and

None

- 46 -


LAN-side interface, select the virtual NIC to be used from thefollowing.

- br-eth0

- br-eth1

- br-eth2

Virtual NICs that will be used may be overlapped.When not making any changes, select the [<Next>] button.If the purpose of a virtual NIC has not been determined, the[<Next>] button is not displayed.

4 Network UsesConfirmation

Check the content of the settings for the purpose of virtualNICs.If there are no problems with the content, click the [<OK>]button.

None

5 Configure Network Select a virtual NIC to configure the network from the list, andthen perform the following steps.

- DHCP configuration (Step 7)

- Network address configuration (Step8)

- DNS configuration (Step 9)

- Domain configuration (Step 10)

- Gateway configuration (Step 11)

Virtual NICs that have already been configured are indicatedwith "[Set]."Once you have finished the settings, select the [<Next>]button and proceed to Step 13.

None

6 Configure Network When configuring the network, select the [<Edit>] button, andwhen executing reset, select the [<Reset>] button.If reset is executed, the value reverts to the value when theInitialization wizard started.

None

7 Configure DHCP Configure whether to use a DHCP server.When not making any changes, skip this step.

Note

When configuring a pass bridge, it is not possible to select"Enable" (A DHCP server will be used) for the WAN-sideInterface.

wacadm network show

8 Configure Network Configure the network address (IP address and subnet mask).When not making any changes, skip this step.When using a DHCP server, this step is skippedautomatically.

wacadm network device

9 Configure DNS Configure the DNS server (the primary and secondary).When not making any changes, skip this step.When using a DHCP server, this step is skippedautomatically.

wacadm network show

- 47 -


Note

When using multiple virtual NICs, configure as followsaccording to DHCP server usage.

- When using a DHCP server

Specify the DNS server in the DHCP server settings sothat it will be configured automatically by the DHCPserver.

- When not using a DHCP server

Specify only for virtual NICs that can make access to thenetwork connected to the DNS server.

10 Configure Domain Configure the domain name.When not making any changes, skip this step.

Note

When using multiple virtual NICs, configure as followsaccording to DHCP server usage.

- When using a DHCP server

Specify a domain name in the DHCP server settings sothat it will be configured automatically by the DHCPserver.

- When not using a DHCP server

Specify only for virtual NICs that can make access to thenetwork connected to the DNS server.

wacadm network show

11 Configure Network Configure the gateway address.When not making any changes, skip this step.When not connecting to a WAN, or when using a DHCPserver, this step is skipped automatically.

wacadm route show

12 NetworkConfirmation

Confirm the configured content.If there are no problems, click the [<OK>] button, and proceedto network selection (Step 5).

None

13 Remaining Setting Confirm whether or not to execute the following settings.

- Host name settings (Step 14)

- Keymap settings (Step 15)

- NTP server settings (Step 16)

- Time zone settings (Step 17)

When not making any changes, skip this step.

None

14 Setting Hostname Set the host name.When not making any changes, skip this step.Skip this step when using OpenStack or K5, since the hostname is configured automatically.When using a DHCP server, this step is skippedautomatically.

wacadm system show

- 48 -


15 Configure Keymap Configure the keymap.When not making any changes, skip this step.

wacadm locale show

16 Configure NTP Configure whether to enable NTP servers.When not making any changes, skip this step.

Note

When enabling the NTP servers, set the configuration so thatthe host OS also uses the same NTP server for timesynchronization.

wacadm time show

17 Configure time zone Configure the time zone.When not making any changes, skip this step.

wacadm time show

18 Confirmation Check the content of the settings.If there are no problems with the content, click the [<OK>]button.

None

19 Result The results of the setting content are displayed.If there are no problems with the content, a success messagewill be displayedIf there are any problems with the content, an error messagewill be displayed. Make the necessary corrections.

None

20 Reboot During reflection of the content of the settings, a messageprompting reboot of the system is displayed.Clicking the [<OK>] button reboots the system.

Note

The system is required to be restarted to activate the settingcontent. If the Initialization Wizard terminates withoutrestarting the system, restart the system by executing thefollowing command.

# wacadm power restart <Enter>

For details, refer to "wacadm power Command" in the"Reference Guide."

None

*1: The check command column contains the commands for checking the content set in the initialization wizard.When the initialization wizard is started, previously set content is displayed as the initial value so you can check the settings youhave made. To check only part of the set content, execute the commands described in the check command column.For details on the corresponding commands, refer to "Commands" in the "Reference Guide."

3.8.2.2 Configuring the SSH Authentication MethodThis section explains the procedure for configuring the SSH Authentication Method (password authentication or public key authentication)when performing an SSH connection to SCO-VA.Users targeted for these settings are console users and file transfer users.For details on console users, refer to "2.9.1.3 Designing the Console User."For details on file transfer users, refer to "2.9.1.4 Designing the File Transfer User."If it is not necessary to change the default settings, it is not necessary to perform this operation. However, from a security standpoint, it isrecommended that you configure public key authentication when using the cloud (AWS, Azure, K5, or OpenStack).Passwords to be used in password authentication are the current passwords of console users or file transfer users.

- 49 -

Procedure (For configuring public key authentication)

1. Transfer the public key file to the file transfer area.Transfers are performed on an Admin PC and use SFTP (use a file transfer user account).For details on file transfer areas, refer to "1.4.3.4 SFTP Access."

Example

When the SCO-VA IP address is 192.0.2.10 and the public key file is id_rsa.pub




sftp> put id_rsa.pub <Enter>

Uploading id_rsa.pub to /sftp/id_rsa.pub

id_rsa.pub

sftp> bye <Enter>


3. Perform the following command to configure the SSH authentication method of the user to public key authentication. Specify thepublic key file that was transferred in Step 1.

Example

When modifying console users

# wacadm user modify -auth-type public-key -file id_rsa.pub administrator <Enter>

For details, refer to "wacadm user Command" in the "Reference Guide."

Note

Since it is necessary to change authentication back to password authentication when configuration for public key authentication fails,do not log out of the SSH connection until configuration for public key authentication is complete.

4. Using public key authentication, confirm that an SSH connection can be made to SCO-VA with the user that was modified in Step3.

a. If you have modified a console user, log in with a different SSH connection from the connection you used in Step 3. If you havemodified a file transfer user, log in with a SFTP connection.

b. If you cannot log in, perform the following steps.

1. Using the SSH connection from Step 3, change the authentication back to password authentication.For the procedure to change the authentication back to password authentication, refer to "Procedure (For configuringpassword authentication)."

2. Confirm whether the public key file and secret key used in the SSH connection in Step 4 are correct.

3. Change to public key authentication again.

c. If you were able to log in, log out of the SSH connection you performed in Step 3 and Step 4.

Procedure (For configuring password authentication)


2. Perform the following command to configure the SSH authentication method of the user to password authentication.

- 50 -

Example

When modifying console users

# wacadm user modify -auth-type password administrator <Enter>

For details, refer to "wacadm user Command" in the "Reference Guide."

Note

Do not log out of the SSH connection until configuration for password authentication is complete.

3. Using password authentication, confirm that an SSH connection can be made to SCO-VA with the user that was modified in Step 3.

a. If you have modified a console user, log in with a different SSH connection from the connection you used in Step 2. If you havemodified a file transfer user, log in with a SFTP connection.

b. If you cannot log in, confirm whether the password you entered is correct.

c. If you were able to log in, log out of the SSH connection you performed in Step 2 and Step 3.

3.8.2.3 Configuring RoutingThis section explains the procedure for configuring routing.Perform this procedure if a router exists between the admin PC or the TCP communication app and SCO-VA.

Procedure

Execute the following command to configure routing to access the TCP communication app or the admin PC from SCO-VA.

Example

When the network address of the Admin PC is 192.0.2.0/24, the router of the network that SCO-VA connects to is 198.51.100.1, and theadmin interface is br-eth0:

# wacadm route add -net 192.0.2.0 gw 198.51.100.1 netmask 255.255.255.0 br-eth0 <Enter>

For details, refer to "wacadm route Command" in the "Reference Guide."

Results Confirmation

Execute the following command and confirm the results.

# wacadm route show <Enter>

Destination Gateway Genmask Flags Metric Ref Use Iface

0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 br-eth0

192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-eth0

For details, refer to "wacadm route Command" in the "Reference Guide."

3.8.2.4 Setting the System TimeThis section explains the procedure for setting the system time.

If no changes are necessary, or if NTP servers are enabled, then it is not necessary to perform this operation.

Point

How to confirm whether an NTP server is enabled

- 51 -

Perform the following command and if "NTP synchronized: yes" is displayed, the NTP server is enabled.

# wacadm time show <Enter>

Local time: Fri 2018-06-01 05:18:29 UTC

Universal time: Fri 2018-06-01 05:18:29 UTC

Time zone: Etc/UTC (UTC, +0000)

NTP enabled: yes

NTP synchronized: yes

RTC in local TZ: no

DST active: n/a

NTP Servers:

210 Number of sources = 1

MS Name/IP address Stratum Poll Reach LastRx Last sample

===============================================================================

^* 192.168.10.142 1 6 17 3 +586us[+3925us] +/- 10.2s

For details, refer to "wacadm time Command" in the "Reference Guide."

Procedure

Execute the following command to configure the date/time.

Example

To configure the date and time to June 1st, 2018/11:26:00:

# wacadm time set-time 2018-06-01 11:26:00 <Enter>



Execute the following command and confirm the results.

# wacadm time show <Enter>

Local time: Fri 2018-06-01 11:26:00 UTC

Universal time: Fri 2018-06-01 11:26:00 UTC

Time zone: Etc/UTC (UTC, +0000)

NTP enabled: no

NTP synchronized: no

RTC in local TZ: no

DST active: n/a

NTP Servers:

506 Cannot talk to daemon


3.8.2.5 Configuring HTTPS CommunicationThis product performs HTTPS communication with Web browsers (Admin PC), and uses SSL server certificates for encryption ofcommunication data and mutual authentication.

During installation, self-signed certificates are used. There are no problems with using self-signed certificates in an intranet that is protectedby a firewall, or another type of network in which all communication partners are trustworthy and there is no risk of certificates beingspoofed. However, when using a Web browser, the following warnings are displayed regarding use of this product over the Internet:

- When starting a Web browser and first connecting to this product, a warning regarding security certificates is displayed.

- 52 -

- When using Internet Explorer to connect to this product, the background of the address bar turns red, and "Certificate error" is displayedon the right side of the address bar. In addition, a warning icon from the phishing risk detection function is displayed in the status bar.

To stop the display of these warnings when specifying the URL of this product, it is necessary to create an SSL certificate correspondingto the IP address or host name of this product, and import that certificate into your Web browser.

The detailed procedure, from creating the SSL server certificate to importing it, is shown below.

Creating the SSL Server Certificate

Using a user PC (Windows or Linux), execute the openssl command to create an SSL server certificate.Be sure to create a server certificate without a pass phrase.

Example

When specifying "192.0.2.10" as the IP address of this product and an SSL server certificate validity period of 20 years (-days 7300)

>openssl.exe req -sha256 -new -x509 -nodes -newkey rsa:2048 -out example.crt -keyout example.key -

days 7300 -config openssl.cnf <Enter>

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

................................................................................

..................................+++

..................+++

writing new private key to 'example.key'

-----

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) []:<Enter>

State or Province Name (full name) []:<Enter>

Locality Name (eg, city) []:<Enter>

Organization Name (eg, company) []:<Enter>

Organizational Unit Name (eg, section) []:<Enter>

Common Name (eg, YOUR name) []:192.0.2.10<Enter>

Email Address []:<Enter>

The option and input items for the openssl command are described below.For details on each item, refer to "2.6 Designing Network Environments."

- Option

Option Description

-out Specify the name of the crt file to generate.

-keyout Specify the name of the key file to generate.

-days The validity period of the SSL server certificate.

-config Specify openssl.cnf, in which the default operations of the openssl command are described.Prepare openssl.cnf in advance.

- Input Items

Input Item Description

Country Name Specify a two-character country code (ISO-3166).

State or Province Name Specify the state or province name.

- 53 -

Input Item Description

Locality Name Specify the locality name.

Organization Name Specify the organization name.

Organizational Unit Name Specify the organization unit name.

Common Name Specify the IP address or the host name (FQDN) of the virtual machine on which this productoperates.This item is mandatory.

Email Address Specify the email address.

Registering the SSL Server Certificate

Register the SSL server certificate using the following procedure:

1. Log in to the console using the console user account.For information about the console user, refer to "2.9.1.3 Designing the Console User."

2. If necessary, back up the existing SSL server certificate.The procedure is as follows:

a. Execute the following command to export the SSL server certificate to the file transfer area.

# wacadm sslcert export <Enter>

For details on this command, refer to "wacadm sslcert Command" in the "Reference Guide." For file transfer area, refer to "1.4.3.4 SFTP Access."

b. Forward the SSL server certificate that was exported to the file transfer area to the admin PC.To forward the certificate, use SFTP (using the file transfer user account) on the admin PC.For file transfer users, refer to "2.9.1.4 Designing the File Transfer User."

Example

When the SCO-VA IP address is 192.0.2.10 and the SSL server certificate is server.crt and server.key




sftp> ls <Enter>

server.crt

server.key

sftp> get server.crt <Enter>

Fetching /sftp/server.crt server.crt

server.crt

sftp> get server.key <Enter>

Fetching /sftp/server.key server.key

server.key

sftp> bye <Enter>

3. Forward the created SSL server certificate to the file transfer area.To forward the certificate, use SFTP (using the file transfer user account) on the admin PC.

Example

When the SCO-VA IP address is 192.0.2.10 and the SSL server certificate is example.crt and example.key




- 54 -

sftp> put example.crt <Enter>

Uploading example.crt to /sftp/example.crt

example.crt

sftp> put example.key <Enter>

Uploading example.key to /sftp/example.key

example.key

sftp> bye <Enter>

4. Register the SSL server certificate that was forwarded in Step 3 via the following command.

Example

When the SSL server certificate is example.crt and example.key

# wacadm sslcert set -key example.key -crt example.crt <Enter>

For details, refer to "wacadm sslcert Command" in the "Reference Guide."If a pass phrase is requested when registering the SSL server certificate, abort the registration, delete the pass phrase, and then redofrom step 2.

Example

Procedure to delete the pass phrase

>ren example.key example-pass.key <Enter>

>openssl.exe rsa -in example-pass.key -out example.key <Enter>

Enter pass phrase for example-pass.key: password <Enter>

The options for openssl.exe are as follows.


-in Specify a key file with a pass phrase.In the preceding example, "example-pass.key" is specified.

-out Specify a key file name to create without a pass phrase.In the preceding example, "example.key" is specified.

5. Execute the following command to reflect the SSL server certificate in the HTTP service of this product.

# wacadm service restart fjsvwaccp-webserver.service <Enter>

For details, refer to "wacadm service Command" in the "Reference Guide."

Confirming Registration of the SSL Certificate

Confirm that the SSL server certificate has been registered using the following procedure:


2. Execute the following command to see the SSL server certificate.

# wacadm sslcert show <Enter>

For details, refer to "wacadm sslcert Command" in the "Reference Guide."

Importing the SSL Server Certificate

Import the SSL server certificate to your Web browser.The procedure for importing varies depending on the Web browser being used.

- 55 -

3.8.2.6 Changing the HTTPS Port NumberIf it is necessary to change the HTTPS port number, perform the following procedure.

If no change is necessary, it is not necessary to perform this operation.

Procedure


2. Change the HTTPS port number by the following command.

Example

When changing the port number to 1024

# wacadm service modify -port 1024 <Enter>

You need to reboot the system to enable the new settings.

Immediately reboots the system. [y/n]: y <Enter>

For details, refer to "wacadm service Command" in the "Reference Guide."

3.8.3 Configuring the Web BrowserThis section explains the Web browser configuration that is necessary for performing system configuration.

The flow of Web browser configuration is as follows:

1. Enabling JavaScript

2. Enabling Cookies

3. Configuring SSL/TLS

4. Disabling Internet Explorer Compatibility View

3.8.3.1 Enabling JavaScriptEnable JavaScript in your Web browser.The procedure for enabling JavaScript is as follows:

For Internet Explorer

1. Select [Tools]-[Internet options] to display the [Internet Options] window.

2. Open the [Security] tab and select [Trusted sites]. Then, click the [Sites] button to display the [Trusted sites] window.

3. Input the URL of this product in [Add this website to the zone], and then click the [Add] button. The input URL is added to the[Websites] list.

4. Click the [Close] button to return to the [Internet Options] window.

5. Select [Trusted sites], and then click the [Custom level] button to display the [Security Settings] window.

6. On the [Security Settings] window, in [Scripting] find [Active scripting] and select [Enable].

For Microsoft Edge

No configuration is necessary.

For Chrome

1. Click the [...] (Google Chrome settings) menu button on the top right of the browser screen. Click [Settings] on the displayed menuto display the [Settings] tab.

- 56 -

2. On the [Settings] tab, select [Advanced]-[Privacy and security], and then click [Content settings] to display the [Content settings]screen.

3. Click [JavaScript] to display the [JavaScript] settings screen.

4. Turn on [Allowed (recommended)].If there are some sites for which you wish to disable JavaScript from functioning, turn off [Allowed (recommended)], and add theURL of this product to the list of allowed sites.

3.8.3.2 Enabling CookiesEnable cookies in your Web browser.

The procedure for enabling cookies is as follows:



2. Open the [Privacy] tab, and click the [Advanced] button. The [Advanced Privacy Settings] window is displayed.

3. Check the [Override automatic cookie handling] checkbox, and select [Accept] under [First-party Cookies].

For Microsoft Edge

1. Click the [...] (Settings and more) menu button on the top right of the browser screen. Click [Settings] on the displayed menu to displaythe [Settings] menu.

2. Click the [View advanced settings] button under the [Advanced settings] category to display the [Advanced settings] menu.

3. Find [Cookies] under the [Privacy and services] category, and select [Don't block cookies].

For Chrome


2. On the [Settings] tab, select [Advanced]-[Privacy and security], and then click [Content settings] to display the [Content settings]screen.

3. Click [Cookies] to display the [Cookies] settings screen.

4. On the [Cookies] settings screen, turn on [Allow sites to save and read cookie data (recommended)].

3.8.3.3 Configuring SSL/TLSIf TLS1.1 is not necessary, enable TLS1.2 only for the Web browser security settings.The procedure for configuration is as follows.



2. Open the [Advanced] tab on the [Internet Options] screen and under [Security] in [Settings], check the [Use TLS 1.2] checkbox andclear the following checkboxes.

- [Use SSL 2.0]

- [Use SSL 3.0]

- [Use TLS 1.0]

- [Use TLS 1.1]

For Microsoft Edge

1. Click [Internet Options] in the Control Panel to display the [Internet Properties] screen.

- 57 -

2. Open the [Advanced] tab on the [Internet Properties] screen and under [Security] in [Settings], check the [Use TLS 1.2] checkboxand clear the following checkboxes.

- [Use SSL 2.0]

- [Use SSL 3.0]

- [Use TLS 1.0]

- [Use TLS 1.1]

For Chrome


2. On the [Settings] tab, select [Advanced], and then click [System]-[Open proxy settings] to display the [Internet Properties] screen.

3. Open the [Advanced] tab on the [Internet Properties] screen and under [Security] in [Settings], check the [Use TLS 1.2] checkboxand clear the following checkboxes.

- [Use SSL 2.0]

- [Use SSL 3.0]

- [Use TLS 1.0]

- [Use TLS 1.1]

3.8.3.4 Disabling Internet Explorer Compatibility ViewWhen using Internet Explorer, disable Compatibility View.The procedure for disabling is as follows:

1. Select [Tools]-[Compatibility View settings] to display the [Compatibility View Settings] window.

2. On the [Compatibility View Settings] window, if the URL of this product is displayed under [Websites you've added to CompatibilityView:], select the URL, and click the [Remove] button.

3. Clear the [Display intranet sites in Compatibility View] checkbox.

Note that performing this step may disable Compatibility View for some sites for which it was enabled. As a result, the appearanceof these sites may change. If this change in appearance interferes with your ability to operate any of these sites, input the URLs ofthe relevant sites from the [Compatibility View Settings] window to enable Compatibility View for the relevant sites.

3.8.4 Configuring the SystemThis section explains system configuration.

The flow of system configuration is as follows:

1. Creation of the initial user

2. Configuration of email notification destinations

3. Configuration of external authentication servers

4. Addition of users

5. Setting of the license

3.8.4.1 Creating the Initial UserThis section explains the procedure for creating the initial user used to log in to the Web GUI.

- 58 -

See

It is possible to create initial users on the REST API. For details, refer to "Initial User Creation" in the "Reference Guide."

Procedure

1. Open a Web browser window on the admin PC.

2. Specify the following URL to connect to the Web console. The [Create initial user account] screen is displayed.

https://IP_address_or_host_name_(FQDN)_of_this_product:9856/

Figure 3.1 [Create initial user account] Screen

3. Configure the necessary items and then click the [Done] button. The Web GUI is displayed.

For details on the necessary items, refer to "2.9.1.1 Designing Local Authentication." Items marked with "*" on the screen aremandatory.

3.8.4.2 Configuring Email Notification DestinationsFor the procedure for configuring email notification destinations, refer to "4.3.6 Mail Server and Email Notification Destinations."

If email notification is not necessary, then it is not necessary to perform this operation. These settings can also be configured duringoperation if necessary.

3.8.4.3 Configuring External Authentication ServersFor the procedure for configuring external authentication servers, refer to "4.3.5.3 Registering Authentication Servers."

When not using external authentication, it is not necessary to perform this operation. These settings can also be configured during operationif necessary.

3.8.4.4 Adding UsersFor the procedure for adding users, refer to "4.3.4.3 Creating Local Authentication Users."

If it is not necessary to add users, then it is not necessary to perform this operation. Users can also be added during operation if necessary.

- 59 -

3.8.4.5 Setting the LicenseThis section explains the procedure for configuring a license for use of this product.

See

It is possible to configure licenses on the REST API. For details, refer to "Licenses" in the "Reference Guide."

Preparations

Confirm that a license has been obtained in advance.For details on licenses, refer to "1.5 Licenses."

Procedure

1. Clicking the [Settings] icon on the global pane of the Web GUI displays the [Settings] dialog.

2. In the [Settings] dialog, select [Setting category]-[License] to display the [License] screen.

3. On the [License] screen, select [Action]-[Add] to display the [Register license] screen.

4. For [License], input the license key, and then click the [Done] button.


Registration of the license is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the following are displayed in the [License]screen.

Item Name Description

Registration date Displays the date the license was registered.

License name Displays the name of the registered license.

Throughput upper limit Displays the throughput upper limit of the license that was registered.

Expiration date For official licenses, "Unlimited" is displayed.For a trial license, the expiration date of the license is displayed.

- 60 -


In addition, when using a trial license, the number of days remaining until the license expires is displayedin the Global Pane of the Web GUI.

Point

Changing Licenses

- Changing from a trial license to an official license

When a trial license has expired, the corresponding message is output to the event log, and the service ports for all transparent proxiesare disabled.In order to resolve this, it is necessary to change from the expired trial license to an official license.To change the license, open the [Register license] screen and overwrite the key input for [License] with the key of an official license,and then click the [Done] button.

- Changing official licenses

When an official license has been registered, it is no longer possible to execute [Action]-[Add].

Note

Precautions for when a license has been changed

When all of the following conditions have been met there are cases where the traffic control upper limit may become lower than before thelicense was changed.

- When you are using the Traffic Control function.

- When you have made the license throughput upper limit smaller than it was previously.

3.9 Preparing Operating EnvironmentsThis section explains preparation of operating environments.

3.9.1 Configuring IP Address Conversion for WAN Connection RoutersWhen using global IP addresses to communicate over a WAN, it is necessary to configure IP address conversion on the WAN connectionrouter.

This section explains the procedure for configuring IP address conversion.

For detailed instructions, refer to the manual of the router being used.

Procedure

1. Log in to the WAN connection router.

2. Configure IP address conversion between private and global IP addresses.If a server other than the one for this product will also perform WAN communication using the same global IP address, performconfiguration so that SNAPT is used.If this is not the case, perform configuration so that 1:1 NAT is used.

3. Log out of the WAN connection router.

3.9.2 Adding Transparent ProxiesAdd transparent proxies to the installations of SCO-VA deployed at both ends of the connection over the WAN.It is recommended that you register the order of transparent proxies from the server type.For the procedure, refer to "4.5.4 Adding Transparent Proxies" in "Chapter 4 Operation."

- 61 -

3.10 Configuring the Default Gateway of the TCP CommunicationApp

If the LAN-side interface and the WAN-side interface are shared and the TCP communication app and SCO-VA are in the same network,configure the IP address of the LAN-side interface of SCO-VA to the default gateway of the TCP communication app.

For a configuration example of the TCP communication app that coordinates with TCP, refer to the "Appendix C Default GatewayConfiguration Example of Coordination with the TCP Communication App."

3.11 UninstallationThis section explains uninstallation of this product.

3.11.1 Uninstallation (VMware Environments)This section explains the procedure for uninstallation in VMware environments.

Procedure

1. Stop the system.

For details, refer to "4.7 Stopping and Restarting the System and Services."

2. Start vSphere Web Client.

3. Right-click the installed virtual machine of this product, and select [Delete from Disk].

4. When keeping the TCP communication app and uninstalling SCO-VA only and when the default gateway of the TCP communicationapp is set to SCO-VA, change the default gateway of the TCP communication app to the WAN connection router.

3.11.2 Uninstallation (KVM Environments)This section explains the procedure for uninstallation in KVM environments.

Procedure

1. Stop the system.


2. Start Virtual Machine Manager.

3. Right-click the installed virtual machine of this product, and select [Delete].

4. When keeping the TCP communication app and uninstalling SCO-VA only and when the default gateway of the TCP communicationapp is set to SCO-VA, change the default gateway of the TCP communication app to the WAN connection router.

3.11.3 Uninstallation (AWS, Azure, K5 and OpenStack Environments)This section explains the procedure for uninstallation in AWS, Azure, K5 and OpenStack environments.

Procedure

1. Stop the system.


2. Delete all resources that were created during installation.

- 62 -

Chapter 4 OperationThis chapter explains how to operate this product.

4.1 LoginThis section explains the procedure for logging in to the Web GUI from the admin PC.

4.1.1 Configuring the Web BrowserBefore logging into the Web GUI, configure the Web browser.The procedure for configuration is as follows:

- Enabling JavaScript

- Enabling Cookies

- Disabling Internet Explorer Compatibility View

For details, refer to "3.8.3 Configuring the Web Browser."

4.1.2 Logging InThis section explains the procedure for logging in to the Web GUI.

Procedure

1. Open a Web browser window on the admin PC.

2. Input the URL of this product.

URL: https://host_name.domain_name[:port_number]/

3. The login screen is displayed. Input a user name and password, and click the [Login] button.

Item Necessity Description

User name Mandatory Specify a user name.Specify a character string containing up to 512 characters.

- 63 -

Item Necessity Description

When using external authentication (using LDAP or Active Directory), specify the user name usingthe format "user_name@domain_name."

Password Mandatory Specify the password.Specify a character string containing up to 64 characters.

Note

If the message "This user is already logged in on the same terminal." is output and you cannot log in, close all web browsers and then tryto log in again.

4.2 Explanation of the Web GUIThis section explains the Web GUI displayed after logging in.If the Web GUI is open for 60 minutes without any operation being performed, the login session is canceled, and the [Force logout] screenis displayed.

The following is an explanation of the Global Pane displayed at the top of the Web GUI.

Figure 4.1 Global Pane

Overall Status ( )

The overall status shows the statuses of transparent proxies.For details on transparent proxy statuses, refer to "4.5.2 Transparent Proxy Statuses."The overall status is one of the following three statuses.

Status Description

Normal status.

Warning status.There is one or more transparent proxy with warning status.

Error status.There is one or more transparent proxy with error status.

Clicking the overall status takes you to the [Dashboard] tab.

Number of Active Processes ( )

The number of active processes is displayed.When the number of active processes exceeds 50, "+49" is displayed.When the pull down menu is clicked, a list of the active processes and processes completed within the last 24 hours is displayed. Up to 50items can be displayed.

The value for the number of active processes is the number of processes active and does not include the number of processes completed inthe last 24 hours.

- 64 -

Due to this, even when the number of active processes is 0, the process list may still display a list of processes.When the number of active processes is anything other than 0, display the list of active processes and confirm whether or not the processyou are attempting to execute is already running. If the same process is running, execute the process after the already running process hascompleted.

The content of the items shown in the list of processes are as seen below.

Item Description

Date The date that process information is updated.The format is YYYY/MM/DD hh:mm:ss.

State/Result When there are active processes, either of the following will be displayed.

- : Submit (Awaiting execution)

- : Start (Being executed)

If the process is complete, either of the following will be shown.

- : Success (Completed successfully)

- : Warning (Warning)

- : Failed (Failed)

Action A character string representing the processing content.Example: "Create transparent proxy," "Create User," "Login," "Enable license," etc.

User name The name of the user who performed the operation.

When [Date] in the list of processes is clicked, the [Details] screen of processes will be shown.

The content of the items shown on the [Details] screen are as seen below.

Item Description

Update date The date that the latest process is updated.The format is YYYY/MM/DD hh:mm:ss.

Action A character string representing the processing content.Example: "Create transparent proxy," "Create User," "Login," "Enable license," etc.

- 65 -

Item Description

User name The name of the user who performed the operation.

Target The name of the target of operation. One of the following:

- transparent_proxy_name: An operation targeting the transparent proxy

- -: A logout operation

- System: An operation other than those above

State The execution status is processing.One of the following is displayed:

- Submit: Awaiting execution

- Start: Being executed

- Complete: Execution complete

Result The execution results are processing.One of the following is displayed:

- Success: Completed successfully

- Warning: Warning

- Failed: Failed

Detail The process parameters. These will be output in the following format: *key1=value, key2=value.

Message Detailed messages of operations.

Number of Unconfirmed Event Logs ( )

The number of unconfirmed event logs is displayed.When the number of unconfirmed event logs is clicked, the [Event Log List] screen will be displayed.

Furthermore, it is possible to open a separate window by right clicking.On the [Event Log List] screen, event logs in which the status is unconfirmed (confirmation status is unconfirmed) are displayed.For details, refer to "4.4.2 Monitoring Event Logs."

Number of Unconfirmed Audit Logs( )

The number of unconfirmed audit logs is displayed.When the number of unconfirmed audit logs is clicked, the [Audit Log List] screen will be displayed.

- 66 -

Furthermore, it is possible to open a separate window by right clicking.On the [Audit Log List] screen, logs in which the status is unconfirmed (confirmation status is unconfirmed) are displayed.For details, refer to "4.4.3 Monitoring Audit Logs."

License Status ( )

The license status is displayed.The license statuses and displayed messages are shown below.

License Status Displayed Message

No license is registered No license is applied

A trial license is registered Trial period expires in {remaining_number_of_days} days

The period of a trial license has expired Trial period expired

An official license is registered No message is displayed

For license settings, refer to "3.8.4.5 Setting the License."

Refresh ( )

Refreshes the displayed screen.The screen is automatically refreshed every 30 seconds only on the global pane.

Settings ( )

Displays the [Settings] dialog.For details, refer to "4.3.1 Explanation of the [Settings] Dialog."

User Menu ( )

Displays the logged in user.The pull down menus of the user menu are described below.

Menu Description

Language Used to change the display language of the Web GUI.In the [Language setting] dialog, select either of the following for [Language]:

- Japanese

- English

During the initial login, if the language setting for the Web browser is configured to Japanese, "Japanese" will beconfigured automatically, while "English" will be configured in the case of any other language setting. If the displaylanguage is changed using the [Language setting] dialog, the selected language will be used from the second and laterlogins.

Version The version information is displayed.This information can also be displayed by the following command.

- 67 -

Menu Description

# wacadm system show <Enter>

For details, refer to "wacadm system Command" in the "Reference Guide."

License agreement Displays the license agreement.

Logout Logs you out of the system and takes you to the login screen.

[Dashboard] Tab

Displays WAN throughput, event logs, and audit logs.For details, refer to "4.4 Monitoring Using the Dashboard."

[Transparent Proxy] Tab

Can be used to manage transparent proxies.For details, refer to "4.5 Managing Transparent Proxies."

4.3 Configuring the Operation EnvironmentThe operation environment can be configured using the [Settings] dialog.

4.3.1 Explanation of the [Settings] DialogClick the [Settings] icon on the Global Pane of the Web GUI to display the [Settings] dialog.

The following sections describe each item in the left pane of the [Settings] dialog.

4.3.2 LicenseFor the procedure to configure a license to use this product, refer to "3.8.4.5 Setting the License."

4.3.3 Login SessionsIt is possible to check which users are currently logged in.

See

Login Session management is also possible with REST API. For details, see "Login Session" in the "Reference Guide."

4.3.3.1 List of Login Session ItemsThis section explains the items displayed in the list view and the detailed view of login sessions.

How to Read the Table

- List: "Yes" or "No" indicates whether the item is displayed when viewing the list of login sessions

- Detail: "Yes" or "No" indicates whether the item is displayed when viewing the details of login sessions

Item List Details Description

ID Yes Yes The session ID.An automatically generated serial number.Clicking the ID displays the [Login session details] screen.For details, refer to "4.3.3.3 Displaying the Details of Login Sessions."

User name Yes Yes The name of the logged in user.

- 68 -

Item List Details Description

User role Yes(*1)

Yes The role of the logged in user. It can be either of the following:

- Administrator: The system administrator. Can use all functions

- Monitor: Can only use reference functions

Authentication server Yes(*1)

Yes The IP address of the authentication server that authenticated the user.

Client IP address Yes(*1)

Yes The IP address of the client.

Last login time Yes(*1)

Yes The date and time of the most recent login.The format "YYYY/MM/DD hh:mm:ss" is used.

Last operation time Yes(*1)

Yes The date and time of the most recent operation.The format "YYYY/MM/DD hh:mm:ss" is used.

*1: This item can be set to be displayed or hidden using the [Display settings] dialog. For details, refer to "4.3.3.2 Displaying the List ofLogin Sessions"

4.3.3.2 Displaying the List of Login SessionsThis section explains the procedure for displaying the list of login sessions.

Procedure

1. Click the [Settings] icon in the global pane of the Web GUI to display the [Settings] dialog.

2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Login session] to display the [Login session list] screen.

For an explanation of the items displayed on the [Login session list] screen, refer to "4.3.3.1 List of Login Session Items."

3. By clicking the [Display settings] button on the [Login session list] screen, it is possible to change the displayed items.

4.3.3.3 Displaying the Details of Login SessionsThis section explains the procedure for displaying the details of login sessions.

Procedure



- 69 -

3. Click the [ID] of the target session to display the [Login session details] screen.

For an explanation of the displayed items, refer to "4.3.3.1 List of Login Session Items."

4.3.3.4 Performing a Forced LogoutThis section explains the procedure for forcibly logging out another user.

Procedure



3. Select one or multiple users to forcibly log out, and then click the [Force logout] button. This displays the [Force logout] screen.

- 70 -

4. Click the [Done] button.


Confirm that the forcibly logged out user has been removed from the [Login session list] screen.

4.3.4 Local Authentication UsersThis section explains how to manage (display in a list, create, delete, and modify) local authentication users.

See

Local Authentication User management is also possible with REST API. For details, see "Local Authentication User" in the "ReferenceGuide."

4.3.4.1 Displaying the List of Local Authentication UsersThis section explains the procedure for displaying the list of local authentication users.

Procedure


2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Local authentication user] to display the [Local authenticationuser list] screen.

The following items are displayed:

- ID

- 71 -

- User name

3. By clicking the [Display settings] button on the [Local authentication user list] screen, it is possible to change the displayed items,and enable whether each of the following items are displayed:

- User role

- Mail address

- Description

"ID" is an automatically assigned user ID. Clicking it displays the [Local authentication user list] screen.For details, refer to "4.3.4.2 Displaying the Details of Local Authentication Users."For information on the other items, refer to "2.9.1.1 Designing Local Authentication."

4.3.4.2 Displaying the Details of Local Authentication UsersThis section explains the procedure for displaying the details of local authentication users.

Procedure



3. Click the [ID] of the target user to display the [Local authentication user details] screen.


- ID

- User name

- User role

- Mail address

- Description

"ID" is an automatically assigned user ID.For information on the other items, refer to "2.9.1.1 Designing Local Authentication."

4.3.4.3 Creating Local Authentication UsersThis section explains the procedure for creating local authentication users.

- 72 -

Procedure



3. Select [Action]-[Create] to display the [Create local authentication user] screen.

Configure the following items. Items marked with "*" on the screen are mandatory.

- Name

- Password (Confirm password)

- Role

- Mail address

- Description

For information on each item, refer to "2.9.1.1 Designing Local Authentication."

4. Input the necessary items, and then click the [Done] button.


Confirm that the created user is displayed on the [Local authentication user list] screen.

4.3.4.4 Deleting Local Authentication UsersThis section explains the procedure for deleting local authentication users.

Procedure


2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Local authentication user] to display the [Local authenticationuser] screen.

- 73 -

3. Select one or multiple users to delete, and then select [Action]-[Delete] to display the [Delete user] screen.



Confirm that the deleted users have been removed from the [Local authentication user list] screen.

Note

- Logged in users cannot be deleted.

- There must be at least one internal authentication user with "Administrator" role, which means the last internal authentication user with"Administrator" role cannot be deleted.

4.3.4.5 Modifying Local Authentication UsersThis section explains the procedure for modifying local authentication users.

Procedure



- 74 -

3. Select the user to modify, and then select [Action]-[Modify] to display the [Modify local authentication users] screen.

The following items can be modified:

- Password

- Role

- Mail address

- Description

For information on each item, refer to "2.9.1.1 Designing Local Authentication."

Note that it is not possible to modify the role of a logged in user.

4. On the [Modify local authentication users] screen, modify the user information as desired, and then click the [Done] button.


Confirm that the changes made to the user are reflected on the [Local authentication user details] screen.For details, refer to "4.3.4.2 Displaying the Details of Local Authentication Users."

4.3.5 Authentication ServersThis section explains how to manage (display in a list, create, delete, and modify) the servers necessary for external authentication.

4.3.5.1 Displaying the List of Authentication ServersThis section explains the procedure for displaying the list of authentication servers.

Procedure


- 75 -

2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Authentication server] to display the [Authentication server list]screen.


- ID

- IP address

- Priority

3. By clicking the [Display settings] button on the [Authentication server list] screen, it is possible to change the displayed items, andenable whether each of the following items are displayed:

- Type

- Port

- Domain

- User search base

- Group search base

- Administrator user

- SSL

- Description

"ID" is an automatically assigned authentication server ID. Clicking it displays the [Authentication server details] screen.For details, refer to "4.3.5.2 Displaying the Details of Authentication Servers."For information on the other items, refer to "2.9.1.2 Designing External Authentication."

4.3.5.2 Displaying the Details of Authentication ServersThis section explains the procedure for displaying the details of authentication servers.

Procedure



- 76 -

3. Click the [ID] of the target server. If the server type is "LDAP," the [Authentication server(LDAP)] screen is displayed. If the servertype is "AD," the [Authentication server(AD)] screen is displayed.


- ID

- IP address

- Priority level

- Port

- Domain

- User search base

- Group search base


- SSL

- Description

"ID" is an automatically assigned authentication server ID.For information on the other items, refer to "2.9.1.2 Designing External Authentication."

4.3.5.3 Registering Authentication ServersThis section explains the procedure for registering authentication servers.

Procedure



- 77 -

3. Select [Action]-[Add] to display the [Register authentication server] screen.

Configure the following items. Items marked with "*" on the screen are mandatory.

- Type

- IP address

- Port

- Domain

- User search base

- Group search base


- Administrator password

- SSL

- Priority

- Description

For information on each item, refer to "2.9.1.2 Designing External Authentication."

4. On the [Register authentication server] screen, input the necessary items, and then click [Done].


Confirm that the registered authentication server is displayed on the [Authentication server list] screen.

4.3.5.4 Deleting Authentication ServersThis section explains the procedure for deleting authentication servers.

Procedure


- 78 -


3. Select one or multiple authentication servers to delete, and then select [Action]-[Delete] to display the [Delete authentication server]screen.



Confirm that the deleted authentication servers have been removed from the [Authentication server list] screen.

Note

Even if an authentication server is deleted, the sessions of users who logged in using that server are not deleted. These users can continueusing the Web GUI until they log off.

4.3.5.5 Modifying Authentication ServersThis section explains the procedure for modifying authentication servers.

Procedure



- 79 -

3. Select the authentication server to modify, and then select [Action]-[Modify] to display the [Modify authentication server] screen.

The following items can be modified:

- IP address

- Port

- Domain

- User search base

- Group search base


- Administrator password

- SSL

- Priority

- Description

For information on each item, refer to "2.9.1.2 Designing External Authentication."

4. Modify the server information as desired, and then click the [Done] button.


Confirm that the changes made to the authentication server are reflected on the [Authentication server (LDAP)] or [Authentication server(AD)] screen.For details, refer to "4.3.5.2 Displaying the Details of Authentication Servers."

4.3.6 Mail Server and Email Notification DestinationsThis section explains the procedure for configuring the mail server and email notification destinations.

See

Mail server and email notification destinations set up is also possible with REST API. For details, see "Mail Server" and "Email NotificationDestinations" in the "Reference Guide."

Procedure


- 80 -

2. In the [Settings] dialog, select [Setting category]-[Monitoring]-[Mail server] to display the [Mail server] screen.

The following items are displayed: Items marked with "*" on the screen are mandatory.

- SMTP server

- Sender mail address

- SMTP port

- Authentication method

- User name

- Password

- Subject (Fixed)

- Number of Retries

- Retry Interval (in seconds)

- SMTP over SSL

For information on each item, refer to "2.9.2 Designing the Email Notification Function."

3. On the [Mail server] screen, input the necessary items, and then click [Apply].

- 81 -

4. In the [Settings] dialog, select [Setting category]-[Monitoring]-[Mail notification] to display the [Mail notification] screen.

5. On the [Mail notification] screen, input the email notification destinations, and then click [Apply]. Up to three notificationdestinations can be specified.

Information

To delete the configuration of the mail server and email notification destinations, perform the following operations.

- Mail server: Delete [SMTP server] and [Sender mail address], and click [Apply].

- Email notification destination: Delete [Mail address], and click [Apply].


1. On the [Mail notification] screen, click the [Send test mail] button.

2. "The test mail will be sent to the specified mail addresses. Is it OK?" is displayed. Click the [Yes] button.

3. Confirm that the specified email notification destination addresses receive the test email.

Mail Content

The content of the sent emails is as follows.

Item Content Description

Subject [Subject_(Fixed)] Smart Communication OptimizerEvent Mail

The value specified for [Subject (Fixed)] on the [Mail server] screen,with the following character string added to the end.

Smart Communication Optimizer Event Mail

If nothing has been specified for [Subject (Fixed)], the subject is onlythe above string.

From sender_mail_address The email address specified for [Sender mail address] on the [Mailserver] screen.

To notification_destination_email_address One of the email addresses specified for [Mail address 1], [Mailaddress 2], or [Mail address 3] on the [Mail notification] screen.

Body Severity: "Warning" or "Error"Date: date_and_time_of_event

Host Name: host_name

Target Name: transparent_proxy_name or "System"

- Severity: The event level ("Warning" or "Error").

- Date: The date and time on which the event occurred.The ISO 8601 format "YYYY-MM-DDTHH:mm:ssZ" is used.

- Host Name: The SCO-VA host name.

- 82 -

Item Content Description

Message ID: message_ID

Message: message

- Target Name: The name of the target event.

- Message ID: The message ID of the event log.

- Message: The message body of the event log.

The subject and body of the test email are as follows.

Item Content

Subject [Subject_(Fixed)] Smart Communication OptimizerTest Mail

Body Severity: InformationDate: date_and_time_of_event

Host Name: host_name

Target Name: -

Message ID: -

Message: TEST MAIL

4.3.7 Troubleshooting DataCollect troubleshooting data when trouble occurs during use of this product.

For how to collect troubleshooting data, refer to "Collecting Troubleshooting Data" in the "Reference Guide."

4.4 Monitoring Using the DashboardThis section explains how to monitor using the Dashboard.

The Dashboard can be displayed by selecting the [Dashboard] tab of the Web GUI. The following information is displayed:

- WAN throughput

- Event logs

- Audit logs

4.4.1 Monitoring WAN ThroughputUsing the [WAN Throughput] panel of the Dashboard, it is possible to confirm the throughput from all transparent proxies to the WAN(outgoing throughput, "OUT") and the throughput from the WAN to all transparent proxies (incoming throughput, "IN").The WAN throughput to and from an individual transparent proxy can be confirmed using the [Details] screen for that transparent proxy.For details, refer to "4.5.3 Displaying the Details of Transparent Proxies."

- 83 -

Figure 4.2 [WAN Throughput] Panel

The [WAN Throughput] panel displays the following information.

Name Description

Latest and MaximumThroughput

Latest and maximum values of the throughput are displayed separately for OUT and IN directions.The latest values are the largest values within the last 5 minutes.Maximum value is the highest value in the last two days.

Throughput Transition The progress of throughput for the past 2 days is displayed in 5 minute intervals.The following four types of throughputs are displayed:

- OUT (Max)

- IN (Max)

- Out (Avg)

- IN (Avg)

By clicking on the legend, it is possible to toggle whether specific items are displayed or hidden in the linegraph.

Moving the cursor over a point on a line in the graph displays the date, time, and throughput for that point asa tooltip.

4.4.1.1 Downloading Performance Information of the Entire Transparent ProxyOn the [WAN Throughput] panel, it is possible to download the performance information for WAN throughput of the entire transparentproxy.The download period is specified by the start date and the end date.For the contents output to the CSV file, refer to "D.1 Contents of Performance Information for Downloading."The downloaded file is compressed to ZIP format.

See

Downloading performance information is also possible with REST API. For details, see "Performance Information" in the "ReferenceGuide."

- 84 -

Procedure

1. On the [WAN Throughput] panel, select [Action]-[Download Performance Information] to display the [Download PerformanceInformation] dialog.

2. In the [Download Performance Information] dialog, specify the target download period.Since the performance information is stored for 31 days, specify it within that period.


Start date Start date of the target download period.Specify a date earlier than end date.If omitted, it will be 31 days before the date of downloading.

End date End date of the target download period.Specify a date later than start date. If omitted, it will be the date of downloading.

Information

About the start time and end time of the target download period

The target download period is specified in the [Download Performance Information] dialog. The start time and end time are asfollows.

- Start time: 00:00:00 of the start date.

- End time: 23:59:59 of the end date. However, if the end date is the date when the download is executed, it will be the time ofdownloading.

3. In the [Download Performance Information] dialog, click [Download] to download the performance information.If the download destination is not set in the Web browser in advance, specify it in the dialog for specifying the download destination.The default filename for performance information is "wacperf_start date_end date.zip."

Note

To download performance information, the capacity required for management PC is maximum 3.1MB.

4.4.2 Monitoring Event LogsEvent logs record the following types of messages, and can be used to trace the causes of trouble.

- Notification messages from transparent proxies

- Messages regarding the expiration of trial licenses

- 85 -

- Service monitoring massages

Event logs are stored for 31 days.

See

Event logs monitoring is also possible with REST API. For details, see "Event Logs" in the "Reference Guide."

On the [Event Log] panel of the dashboard, the event logs of the 50 most recent, unconfirmed, Warning or Error levels will be displayed.

Figure 4.3 [Event Log] Panel

Clicking on a date in the [Date] column of the [Event Log] panel displays the [Event Log Details] screen for confirming the details of thatevent.Events logs that have been confirmed are removed from the [Event Log] panel.

Figure 4.4 [Event Log Details] Screen

Alternatively, click [Display All Logs] on the [Event Log] panel to display the [Event Log List] screen.The [Event Log List] screen displays all event logs, regardless of whether they have been confirmed.Clicking on a date in the [Date] column will also display the [Event Log Details] screen.

Figure 4.5 [Event Log List] Screen

The operations for the table section of the [Event Log List] screen are shown below.

- 86 -

Item Description

Displays the [Filter Event Log List] dialog.It is possible to filter the content displayed on the [Event Log List] screen by specifying some or all of "Confirmation,""Date," "Level," "Target Event," and "Message" as filter conditions and then clicking the [Filter] button.

Items xx/yy The number of logs after filtering/the total number of logs.

Switches to the first page.

Switches to the previous page.

x/y The current page number/the total number of pages.

Switches to the next page.

Switches to the last page.

Figure 4.6 [Filter Event Log List] Dialog

The event log content displayed in each screen is described below.

Item

Event Log

Event Log List

Event Log D

etails

Description

Confirmation No

Yes

No

Whether the details of the event log have been confirmed using the [Event Log Details] screen.When the status has not been confirmed (unconfirmed), will be displayed. When the status has been confirmed (confirmed), nothing will be displayed.

Date Yes

Yes

Yes

The date and time on which the event occurred.The format "YYYY/MM/DD hh:mm:ss" is used.Clicking a date on the [Event Log] panel or the [Event Log List] screen displays the [Event LogDetails] screen.

Level Yes

Yes

Yes

The level of the event log.One of the following is displayed:

- Error: Error level

- Warning: Warning level

- Information: Information level

- 87 -

Item

Event Log

Event Log List

Event Log D

etails

Description

Note that only the icon for the event level is displayed on the [Event Log] panel and the [Event LogList] screen.

Target Event No

Yes

Yes

The name of the target event. It will be either of the following:

- transparent_proxy_name: An event log output by that transparent proxy

- System: An event log output by a source other than a transparent proxy

Message ID Yes

No

Yes

The message ID of the event log.

Message No

Yes

Yes

The message body of the event log.

Yes: Displayed, No: Not displayed

4.4.3 Monitoring Audit LogsAudit logs record login histories and operation histories, and can be used in the same way as event logs to trace the causes of trouble.Audit logs are stored for 31 days.

See

Audit logs monitoring is also possible with REST API. For details, see "Audit Logs" in the "Reference Guide."

On the [Audit Log] panel of the dashboard, the audit logs of the 50 most recent, unconfirmed, Warning or Failed levels will be displayed.

Figure 4.7 [Audit Log] Panel

Clicking on a date in the [Date] column of the [Audit Log] panel displays the [Audit Log Details] screen for confirming the details of thatoperation.Audit logs that have been confirmed are removed from the [Event Log] panel.

- 88 -

Figure 4.8 [Audit Log Details] Screen

Alternatively, click [Display All Logs] on the [Audit Log] panel to display the [Audit Log List] screen.The [Audit Log List] screen displays all audit logs, regardless of whether they have been confirmed.Clicking on a date in the [Date] column will also display the [Audit Log Details] screen.

Figure 4.9 [Audit Log List] Screen

The operations for the table section of the [Audit Log List] screen are shown below.

Item Description

Displays the [Filter Audit Log List] dialog.It is possible to filter the content displayed on the [Audit Log List] screen by specifying some or all of "Confirmation,""Date," "Status," "Result," "User name," "Target of Operation," "Action," and "Message" as filter conditions and thenclicking the [Filter] button.

Items xx/yy The number of logs after filtering/the total number of logs.






- 89 -

Figure 4.10 [Filter Audit Log List] Dialog

The audit log content displayed in each screen is described below.

Item

Audit Log

Audit Log List

Audit LogD

etails

Description

Confirmation No

Yes

No

Whether the content of the audit log has been confirmed using the [Audit Log Details] screen.When the status has not been confirmed (unconfirmed), will be displayed.When the status has been confirmed (confirmed), nothing will be displayed.Furthermore, the status becomes unconfirmed when a process completes and when it results in anerror (the result is Warning or Failed).

Date Yes

Yes

Yes

The date on which the audit log was last updated.The format "YYYY/MM/DD hh:mm:ss" is used.Clicking a date on the [Audit Log] panel or the [Audit Log List] screen displays the [Audit LogDetails] screen.

Status No

Yes

Yes

The execution status of processing.One of the following is displayed:

- Submit: Awaiting execution

- Start: Being executed

- Complete: Execution complete

Note that only the icon for the status is displayed in the [Audit Log] panel and the [Audit Log List]screen.

Result Yes

Yes

Yes

The execution results of processing.One of the following is displayed:

- Success: Completed successfully

- Warning: Warning

- Failed: Failed

Note that only the icon for the status is displayed in the [Audit Log] panel and the [Audit Log List]screen.

- 90 -

Item

Audit Log

Audit Log List

Audit LogD

etails

Description

User name No

No

Yes

The name of the user who performed the operation.

Target ofOperation

No

Yes

Yes

The name of the target of operation. One of the following:

- transparent_proxy_name: An operation targeting that transparent proxy

- -: A logout operation

- System: An operation other than those above

Action No

Yes

Yes

A character string representing the processing content.Example: "Create transparent proxy," "Create User," "Login," "Enable license," etc.

Detail No

No

Yes

The parameters for processing.* Parameters are output in the format "key1=value, key2=value."

Operation Source No

No

Yes

Displays the operation source. Fixed as "GUI" (an operation performed using the Web GUI).

Message ID Yes

No

Yes

The message ID of the audit log.

Message No

Yes

Yes

The message body of the audit log.

4.4.3.1 Downloading Audit LogsOn the [Audit Log List] screen, it is possible to download audit log.Audit logs for downloading include the following two types.

Type Description

Web GUI/REST APIaudit log

Audit log requested by the Web GUI or the REST API. Audit log is displayed on the dashboard.The download period is specified by the start date and the end date.

Console audit log Audit (Initialization Wizard and command) log requested by the console. Audit log is not displayed on thedashboard.

For the contents output to the CSV file, refer to "D.2 Contents of Audit Log to be Downloaded."The downloaded files for each audit log are compressed to ZIP format.

- 91 -

Procedure

1. On the [Audit Log List] screen, select [Action]-[Download] to display the [Download Audit Log] dialog.

2. In the [Download Audit Log] dialog, specify the target download period.Since the audit log is stored for 31 days, specify it within that period.However, even if the target download period is specified for the audit log, all audit logs are downloaded.




Information


The target download period is specified in the [Download Audit Log] dialog. The start time and end time are as follows.



3. In the [Download Audit Log] dialog, click [Download] to download the performance information.If the download destination is not set in the Web browser in advance, specify it in the dialog for specifying the download destination.The default filename for performance information is "wacaudit_start date_end date.zip."

Note

- To download audit log, the capacity required for management PC is maximum 52.4MB.

- Cannot download while filtering the audit log. Remove the filter then download.

4.5 Managing Transparent ProxiesThis section explains how to manage (display in a list, display details of, add, delete, modify, and modify the IP addresses of) transparentproxies.

- 92 -

See

Transparent proxy management is also possible with REST API. For details, see "Transparent Proxies" in the "Reference Guide."

4.5.1 Displaying the List of Transparent ProxiesThis section explains the procedure for displaying the list of transparent proxies.

Procedure

1. Select the [Transparent Proxy] tab of the Web GUI to display the [Transparent Proxy List] screen.

The operations for the table section of the [Transparent Proxy List] screen are shown below.

Item Description







Item Description

Transparent Proxy Name The name of the transparent proxy.

Status The status of transparent proxies.


- Client: A transparent proxy of the client type.A transparent proxy of the client type establishes a UNAP connection to a transparent proxyof the server type.

- Server: A transparent proxy of the server type.A transparent proxy of the server type waits for a transparent proxy of the client type toestablish a UNAP connection.

Pair IP Address The IP address of the WAN-side interface of the transparent proxy to pair with.

Port Number The port number used by UNAP to enable high-speed data transfer over a WAN.

For details on statuses, refer to "4.5.2 Transparent Proxy Statuses."For details on other items, refer to "2.9.3 Designing Transparent Proxy Management."Clicking on the name of a transparent proxy displays the [Details] screen.For details, refer to "4.5.3 Displaying the Details of Transparent Proxies."

- 93 -

4.5.2 Transparent Proxy StatusesThe statuses of transparent proxies are as follows.

Status Icon Detailed Status Description

Normal Stopped The initial state of a transparent proxy.

Starting The state of starting a transparent proxy.

Waiting for Connection A transparent proxy has completed startup for a client type.A server type is waiting for a UNAP connection to be established from a client type.

Connecting A UNAP connection is being established from a client type to a server type (for clienttypes only).

Connected A UNAP connection has been established from a client type to a server type.

Restarting A transparent proxy is being restarted due to a transparent proxy change.

Finished The transparent proxy has been deleted

Warning Reconnecting A UNAP disconnection has been detected and the client type is re-establishing aconnection (for client types only).

Waiting for Reconnection A UNAP disconnection has been detected and it is waiting for a UNAP connection tobe re-established from the client type (for server types only).

Disconnecting (Active) A UNAP connection is being disconnected by the local transparent proxy.

Disconnecting (Passive) A UNAP connection is being disconnected by the paired transparent proxy.

Unavailable The trial license has expired

Error Waiting for Deletion A transparent proxy is waiting for deletion.As any transparent proxy that is in this state must be deleted, the transparent proxy willonly accept delete operations.

Disconnected A UNAP connection has been disconnected.

Failure The transparent proxy has failed and has stopped operating.

4.5.3 Displaying the Details of Transparent ProxiesThis section explains the procedure for displaying the details of transparent proxies.

Procedure


2. Click the target [Transparent Proxy Name] to display the [Transparent Proxy Details] screen.

3. The [Transparent Proxy Details] screen is composed of the following three panels. Clicking the [Performance Information] buttonon the top of the screen closes all panels other than the [Performance Information] panel.

- [Basic Information] panel

- [Details] panel

- [Performance Information] panel

4.5.3.1 Transparent Proxy Details-Basic InformationThis panel displays the basic information of an individual transparent proxy.

- 94 -

Figure 4.11 [Transparent Proxy Details] Screen [Basic Information] Panel


Item Description

Transparent Proxy Name The name of the transparent proxy.

Status The status of transparent proxies.


- Client: A transparent proxy of the client type.A transparent proxy of the client type establishes a UNAP connection to a transparent proxy of theserver type.

- Server: A transparent proxy of the server type.A transparent proxy of the server type waits for a transparent proxy of the client type to establisha UNAP connection.

Pair IP Address The IP address of the WAN-side interface of the transparent proxy to pair with.

Port Number The port number used by UNAP to enable high-speed data transfer over a WAN.

LAN-side Interface The name of the network interface used by the transparent proxy for TCP communication with clientor server applications.

WAN-side Interface The name of the network interface used by the transparent proxy for WAN-side communication.

Operation Mode The operation mode of the transparent proxy. Select either of the following:

- Transparent: Transparently relays TCP connections.

- Terminate: Terminates TCP connections.

Target Service Port Numbers The list of port numbers of the services that are targets of data transfer performed by the transparentproxy.

WAN throughput upper limit WAN throughput upper limit (Mbps or Gbps) determined with the paired transparent proxy.This item is displayed when the status of transparent proxy pair is as follows.

- Connected

- Reconnecting

- Waiting for reconnection

- 95 -

For details of the statuses, refer to "4.5.2 Transparent Proxy Statuses."For details of other items, refer to "2.9.3 Designing Transparent Proxy Management."

4.5.3.2 Transparent Proxy Details-DetailsThis panel displays the details of an individual transparent proxy.

Figure 4.12 [Transparent Proxy Details] Screen [Details] Panel


Item Description

Maximum Number of TCPConnections

The maximum number of TCP connections that can be established.

Number of Connection Re-establishment Attempts (*1)

The number of reconnection attempts to make when establishing a UNAP connection.

Connection Re-establishment AttemptInterval (*1)

The interval (in seconds) between reconnection attempts when establishing a UNAP connection.

Connection Monitoring Interval The connection monitoring interval (in seconds) for a UNAP connection.

MTU Size The MTU size of UNAP.

Traffic control upper limit Whether or not to use the traffic control function.The throughput upper limit value (Mbps or Gbps) for the data, which the transparent proxytransmits with UNAP when using the traffic control function.

*1: Not displayed for a server type transparent proxy.

For details on each item, refer to "2.9.3 Designing Transparent Proxy Management."

4.5.3.3 Transparent Proxy Details-Performance InformationThis panel displays the performance information of an individual transparent proxy.Select the performance information to display from the [Item] pull-down menu.

- WAN Throughput

- LAN Throughput

- Round-Trip Time

- 96 -

- Packet Loss Rate

Figure 4.13 [Transparent Proxy Details]-[Performance Information]-[WAN Throughput]

Figure 4.14 [Transparent Proxy Details]-[Performance Information]-[LAN Throughput]

- 97 -

Figure 4.15 [Transparent Proxy Details]-[Performance Information]-[Round-Trip Time]

Figure 4.16 [Transparent Proxy Details]-[Performance Information]-[Packet Loss Rate]

The graph shows progress of the past 2 days displayed in 5 minute intervals.By clicking on the legend, it is possible to toggle whether specific items are displayed or hidden in the line graph.Moving the cursor over a point on a line in the graph displays the date, time, and throughput for that point as a tooltip.The figure below the graph shows the targets for which performance information is displayed.The parts other than the targets are displayed in gray.

The displayed items are explained below.

Displayed Item Description

WAN Throughput(MB/sec)

OUT [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*1) from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*2) from the WAN to the transparent proxies.

- 98 -

Displayed Item Description

When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

OUT [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*1) from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*2) from the WAN to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

LAN Throughput(MB/sec)

OUT [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*3) from the transparent proxies to the application.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*4) from the application to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

OUT [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*3) from the transparent proxies to the application.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*4) from the application to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

Round-Trip Time(msec)

Latency [Avg] Displays the average value every 5 minutes for the time from sending data to receivingacknowledgement (ACK) between transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

Latency [Min] Displays the smallest value every 5 minutes for the time from sending data to receivingacknowledgement (ACK) between transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

Packet Loss Rate(%)

OUT [Max] Displays the largest value every 5 minutes for the ratio of lost data per second (*5)from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Max] Displays the largest value every 5 minutes for the ratio of lost data per second (*6)from the WAN to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

OUT [Avg] Displays the average value every 5 minutes for the ratio of lost data per second (*5)from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Avg] Displays the average value every 5 minutes for the ratio of lost data per second (*6)from the WAN to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

- 99 -

*1: Transmission rate = The total size (in MB) of UNAP packets received in 1 second by the paired transparent proxy / 1 (sec)*2: Reception rate = The total size (in MB) of UNAP packets received in 1 second by the transparent proxy / 1 (sec)*3: Transmission rate = The total size (in MB) of TCP packets transmitted in 1 second by the transparent proxy / 1 (sec)*4: Reception rate = The total size (in MB) of TCP packets received in 1 second by the transparent proxy / 1 (sec)*5: Loss rate = (the number of lost UNAP packets detected in 1 second by the paired transparent proxy / (the number of UNAP packets received in 1 second by the paired transparent proxy + the number of lost UNAP packets detected in 1 second by the paired transparent proxy)) * 100*6: Loss rate = (the number of lost UNAP packets detected in 1 second / (the number of UNAP packets received in 1 second + the number of lost UNAP packets detected in 1 second)) * 100

4.5.4 Adding Transparent ProxiesThis section explains the procedure for adding transparent proxies.If no license is registered or if the trial license has expired, it is not possible to add transparent proxies ([Action] is not displayed).

Procedure


2. On the [Transparent Proxy List] screen, select [Action]-[Register] to display the [Register Transparent Proxy] wizard.

3. Follow the instructions of the [Register Transparent Proxy] wizard.

For an explanation of the items to input in the [Register Transparent Proxy] wizard, refer to "2.9.3 Designing Transparent ProxyManagement."

Step Input Item

BasicInformation

Transparent Proxy Name

Type

Pair IP Address

Port Number

Operation Mode (*1)

Target Service Port

Details Maximum Number of TCP Connections


Connection Re-establishment Attempt Interval (*2)

Connection Monitoring Interval (*2)

MTU Size (*2)

Traffic control upper limit

Confirm Confirm the input information. If there are no problems, click the [Add] button.

Complete Click the [Done] button to return to the [Transparent Proxy List] screen.

*1: Required for a server type transparent proxy.

*2: Required for a client type transparent proxy.

- 100 -


1. Addition of the transparent proxy is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the added transparent proxy is displayedon the [Transparent Proxy List] screen.

2. Confirm that when only one of the transparent proxies has been registered, the status of the transparent proxy is "Waiting forConnection" and when a pair of transparent proxies have been registered, the status of the transparent proxy is "Connected." In the event that the status is not as it is written above, refer to "Unable to connect to the transparent proxies to pair with" in the "Errorsduring Connection" section of the "Reference Guide."

4.5.5 Deleting Transparent ProxiesThis section explains the procedure for deleting transparent proxies.

Procedure


2. On the [Transparent Proxy List] screen, click the target [Transparent Proxy Name] to display the [Transparent Proxy Details] screen,then select [Action]-[Delete].

3. In the [Delete Transparent Proxy] dialog, click the [Yes] button to delete the transparent proxy. A notification is displayed indicatingthat the processing has been received.

4. Click the [Close] button to return to the [Transparent Proxy List] screen.


Deletion of the transparent proxy is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the deleted transparent proxy is not displayedon the [Transparent Proxy List] screen.

4.5.6 Modifying Transparent ProxiesThis section explains the procedure for modifying transparent proxies.If no license is registered or if the trial license has expired, it is not possible to modify transparent proxies.

Procedure


- 101 -

2. Click the target [Transparent Proxy Name] to display the [Transparent Proxy Details] screen.

3. On the [Transparent Proxy Details] screen, select [Action]-[Modify] to display the [Modify Transparent Proxy] wizard.

4. Follow the instructions of the [Modify Transparent Proxy] wizard.

For an explanation of the items which can be modified using the [Modify Transparent Proxy] wizard, refer to "2.9.3 DesigningTransparent Proxy Management."

Step Input Item

BasicInformation

Pair IP Address (*1)

Port Number (*1)

Operation Mode (*1) (*2)

Target Service Port

Details Maximum Number of TCP Connections


Connection Re-establishment Attempt Interval (*3)

Connection Monitoring Interval (*3)

MTU Size (*1) (*3)

Traffic control upper limit(*1)

Confirm Confirm the input information. If there are no problems, click the [Modify] button.

Complete Click the [Done] button to return to the [Transparent Proxy Details] screen.

*1: When modifications have been made, communication will temporarily not be able to place until the transparent proxy will hasbeen restarted and reconnection has been made.

*2: Required for a server type transparent proxy.

*3: Required for a client type transparent proxy.

Note

If you cannot modify an item you would like to modify using the [Modify Transparent Proxy] Wizard, after deleting the transparent proxy,try to re-register it again.

- 102 -


1. Modification of the transparent proxy is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the changes made to the transparent proxyhave been reflected from the [Details] screen.

2. Confirm that when only one of the transparent proxies has been registered, that the status of the transparent proxy is "Waiting forConnection." When a pair of transparent proxies has been registered, confirm that the status of the transparent proxies are"Connected."In the event that the status is not as it is written above, refer to "Unable to connect to the transparent proxies to pair with" in the "Errorsduring Connection" section of the "Reference Guide."

4.5.7 Downloading Performance Information for Individual TransparentProxy

On the [Transparent Proxy Details] screen, it is possible to download performance information for individual transparent proxies.The download period is specified by the start date and the end date.For the contents output to the CSV file, refer to "D.1 Contents of Performance Information for Downloading."The downloaded file is compressed to ZIP format.

Procedure

1. On the [Transparent Proxy Details] screen, select [Action]-[Download Performance Information] to display the [DownloadPerformance Information] dialog.

2. In the [Download Performance Information] dialog, specify the target download period.Since the performance information is stored for 31 days, specify it within that period.




Information


The target download period is specified in the [Download Performance Information] dialog. The start time and end time are asfollows.

- 103 -



3. In the [Download Performance Information] dialog, click [Download] to download the performance information.If the download destination is not set in the Web browser in advance, specify it in the dialog for specifying the download destination.The default filename for performance information is "wacperf_transparent proxy ID_transparent proxy name_start date_enddate.zip."The transparent proxy ID is a unique ID assigned to the transparent proxy.

Note

To download performance information, the capacity required for management PC is maximum 11.4MB.

4.5.8 Changing the IP Addresses of the Interfaces Used by TransparentProxies

Users of this product may wish to configure one set of IP addresses for the interfaces used by transparent proxies for use during the testingperiod before production, and after testing is complete, switch to another set of IP addresses for actual use in production.This section explains the procedure for changing the IP addresses of the interfaces used by transparent proxies.

Procedure

1. Execute the initialization wizard to change the IP address of the transparent proxy.For details, refer to "3.8.2.1 Executing the Initialization Wizard."

2. If the IP address of the WAN-side interface (including cases of combined use) has been changed, configure the [Pair IP Address] ofthe paired transparent proxy to the new IP address.For details, refer to "4.5.6 Modifying Transparent Proxies."

3. If the IP address of the LAN-side interface (including cases of combined use) has been changed, and if the default gateway of the TCPcommunication app is set to SCO-VA, the IP address that was changed will be set to the default gateway of the TCP communicationapp.


On the [Transparent Proxy List] screen or on the [Details] screen of the [Transparent Proxy] panel, confirm that the status of the transparentproxy is "Connected."For details on the [Transparent Proxy List] screen, refer to "4.5.1 Displaying the List of Transparent Proxies." For details on the [TransparentProxy] panel of the [Details] screen, refer to "4.5.3.1 Transparent Proxy Details-Basic Information."

4.6 Performing MaintenanceThis section explains maintenance.

4.6.1 Overview of MaintenanceThere are the following maintenance tasks:

- Recovering faulty server virtualization software

- Performing regular maintenance of server virtualization software

- Updating software

- 104 -

4.6.2 Recovering Faulty Server Virtualization SoftwareThis section explains the procedure for recovering faulty server virtualization software.The recovery procedure varies depending on whether the system uses high availability operation.

4.6.2.1 Recovery when Using High Availability OperationThis section explains the recovery procedure when using high availability operation.

Procedure

1. Repair or replace the faulty server.

2. Install and then start the server virtualization software.

3. If the information of a previous deployment of this product has been lost due to disk failure, reinstall this product.For details, refer to "Chapter 3 Installation and Setup."

4.6.2.2 Recovery when Not Using High Availability OperationThis section explains the recovery procedure when not using high availability operation.

Procedure

Information

If recovery can be performed in a short enough period of time such that there is no anticipated effect on operation, then it is not necessaryto perform steps 1 and 5 below.

1. If the TCP communication app is not influenced by a server virtual software failure, and if the default gateway of the TCPcommunication app is configured to SCO-VA, temporarily change the default gateway of the TCP communication app to the WANconnection router.

2. Repair or replace the faulty server.

3. Install and then start the server virtualization software.

4. If the information of a previous deployment of this product has been lost due to disk failure, reinstall this product.For details, refer to "Chapter 3 Installation and Setup."

5. Revert the settings modified in step 1 to their original state.

4.6.3 Performing Regular Maintenance of Server Virtualization SoftwareThis section explains the procedure for performing regular maintenance of server virtualization software.The regular maintenance procedure varies depending on whether the system uses high availability operation.

4.6.3.1 Regular Maintenance when Using High Availability OperationThis section explains the regular maintenance procedure when using high availability operation.

Procedure

1. Remove a single instance of server virtualization software on which this product is not operating (an inactive server) from the cluster.

2. Perform maintenance of the server instance that was removed from the cluster in step 1.

3. Once maintenance is complete, return the server instance to the cluster.If there are more than three server instances in the cluster, perform steps 1 through 3 again for each instance of server virtualizationsoftware on which this product is not operating.

4. Migrate this product from the instance of server virtualization software on which it is currently operating to another instance of servervirtualization software.

- 105 -

5. Remove the instance of server virtualization software on which this product was previously operated from the cluster.

6. Perform maintenance of the server instance that was removed from the cluster in step 5.

7. Once maintenance is complete, return the server instance to the cluster.

4.6.3.2 Regular Maintenance when Not Using High Availability OperationThis section explains the regular maintenance procedure when not using high availability operation.

Procedure

Note

If you are unable to prepare a different instance of server virtualization software, use the same procedure for maintenance as in "4.6.2.2Recovery when Not Using High Availability Operation."

1. Migrate this product to a different instance of server virtualization software.

2. Perform maintenance of the server.

3. Once maintenance is complete, return this product to the instance of server virtualization software you migrated it from.

4.6.4 Updating SoftwareThis section explains the procedure for updating software.

Preparations

Confirm that you have obtained the patch file.

Procedure

1. If the default gateway of the TCP communication app is configured to SCO-VA, temporarily change the default gateway of the TCPcommunication app to the WAN connection router.

2. Transfer the obtained patch file to the file transfer area.To transfer the file, use SFTP (using the file transfer user account) on the admin PC.For file transfer users, refer to "2.9.1.4 Designing the File Transfer User." For file transfer area, refer to "1.4.3.4 SFTP Access."

Example

When the SCO-VA IP address is 192.0.2.10 and the obtained patch file is WAC110_S20181203-01.tar.gz



Connected to 192.0.2.10

sftp> put WAC110_S20181203-01.tar.gz <Enter>

Uploading WAC110_S20181203-01.tar.gz to /sftp/WAC110_S20181203-01.tar.gz

WAC110_S20181203-01.tar.gz

sftp> bye <Enter>


4. Execute the following command to display system information to confirm whether the patch file can be applied.

# wacadm system show <Enter>

- 106 -

For details on the command, refer to "wacadm system Command" in the "Reference Guide."To determine whether it is possible to apply the patch, refer to the document attached to the obtained patch file.

5. Execute the following command to stop the service.

# wacadm service stop fjsvwaccp-database.service <Enter>

# wacadm service stop fjsvwaccp-system.service <Enter>

# wacadm service stop fjsvwaccp-webserver.service <Enter>

# wacadm service stop fjsvwacdp-tproxy-management.service <Enter>

For details, refer to the "wacadm service Command" in the "Reference Guide."

6. Using the patch file that was transferred in Step 2, update the software via the following command.

Example

When the obtained patch file is WAC110_S20181203-01.tar.gz

# wacadm system patch-add -file WAC110_S20181203-01.tar.gz <Enter>

For details, refer to "wacadm system Command" in the "Reference Guide."Use the "wacadm dir delete" command to delete the patch file after applying.

Example

When WAC110_S20181203-01.tar.gz is no longer needed

# wacadm dir show <Enter>

WAC110_S20181203-01.tar.gz

------------------------

Size Used Avail Use%

2.0G 413M 1.6G 20%

# wacadm dir delete WAC110_S20181203-01.tar.gz <Enter>

rm: remove regular file 'WAC110_S20181203-01.tar.gz'? yes <Enter>

For details, refer to "wacadm dir Command" in the "Reference Guide."

7. Execute the following command to restart the system.

# wacadm power restart <Enter>

For details, refer to the "wacadm power Command" in the "Reference Guide."

8. Revert the settings modified in step 1 to their original state.

4.7 Stopping and Restarting the System and ServicesThis section explains the procedure for stopping and restarting the system and services.

Procedure

1. Confirm that there are no active processes by viewing the "Number of active processes" on the Global Pane and the [Audit Log List]screen of the Dashboard.

2. On the Global Pane, select [User Menu]-[Logout] to log out.


- 107 -

4. Execute the corresponding commands for the desired operations.For details of the commands, refer to "wacadm power Command" or "wacadm service Command" in the "Reference Guide."

Corresponding Command

When stopping the system # wacadm power stop <Enter>

When restarting the system # wacadm power restart <Enter>

When stopping services Execute the following when applicable to stop services.

# wacadm service stop fjsvwaccp-database.service <Enter>

# wacadm service stop fjsvwaccp-system.service <Enter>

# wacadm service stop fjsvwaccp-webserver.service <Enter>

# wacadm service stop fjsvwacdp-tproxy-management.service <Enter>

When restarting services Execute the following when applicable to restart services.

# wacadm service restart fjsvwaccp-database.service <Enter>

# wacadm service restart fjsvwaccp-system.service <Enter>

# wacadm service restart fjsvwaccp-webserver.service <Enter>

# wacadm service restart fjsvwacdp-tproxy-management.service

<Enter>

If staring up after stopping the service, execute the following.

# wacadm service start fjsvwaccp-database.service <Enter>

# wacadm service start fjsvwaccp-system.service <Enter>

# wacadm service start fjsvwaccp-webserver.service <Enter>

# wacadm service start fjsvwacdp-tproxy-management.service <Enter>

- 108 -

Appendix A Lists of Useful Design InformationThis appendix provides lists of information that is frequently referred to during design of this product.

A.1 List of Output Log FilesThe log files output by this product are shown below.

Table A.1 List of Output Log Files

Log Name Use and Content Reference Method Rotation

Event logs Record the notification messages fromthe transparent proxy, trial licenseexpiry notification messages, andservice monitoring messages.

See Web GUI and REST API.For details on Web GUI, see "4.4.2 Monitoring EventLogs."For details on REST API, see "Event Log" in "ReferenceGuide."

Logs are stored for31 days.

Audit logs Record history of the operationsrequested by Web GUI or REST API.

See Web GUI and REST API, and download the log.For details on Web GUI and downloading, see "4.4.3Monitoring Audit Logs."For details on REST API, see "Audit Logs" in "ReferenceGuide."

Audit logs forconsole

Records history of the operationsrequested by console (InitializationWizard and commands)

See REST API and download the log.For details on REST API, see "Audit Logs" in "ReferenceGuide."For details on downloading, see "4.4.3 Monitoring AuditLogs."

Retains up to 5generations.

A.2 List of Used Port NumbersThe port numbers used by this product are listed below.

Table A.2 List of Used Port Numbers

Communication Source Communication Destination

UseServer

PortNumber

ServerPort

NumberUpdate

Admin PC Variablevalue

This product 22 Notpossible

SSH, SFTP

9856 Possible HTTPS

TCP client (*1) Possible Port of the target service for data transfer using UNAP

This product TCP server (*1) Possible Port of the connecting target service using TCP whenthe operation mode of a transparent proxy is"Terminate."

Mail server 25 Possible SMTP

DHCP server 67, 68 Notpossible

DHCP

DNS server 53 Notpossible

DNS

NTP Servers 123 Notpossible

NTP

LDAP or ADserver

389 Possible LDAP / Active Directory

- 109 -

Communication Source Communication Destination

UseServer

PortNumber

ServerPort

NumberUpdate

Metadata server 80 Notpossible

For the communication of Cloud-init, which is used inclouds (OpenStack or K5)

Paired installationsof this product

(*2) Possible UNAP

*1: The port number specified for the target service during transparent proxy registration.

*2: The port number specified for UNAP communication during transparent proxy registration.

- 110 -

Appendix B System Configuration Example ofCoordination with the TCP CommunicationApp

This section shows a system configuration example for the TCP communication app that coordinates with TCP.

B.1 System Configuration when Coordinating with Cloud StorageGateway

Configuration when Transferring Data from a Single Cloud Storage Gateway to a Single Cloud ObjectStorage

Install SCO-VA and register a single transparent proxy on both the client and server sides.

Configuration when Transferring Data from Multiple Cloud Storage Gateway to a Single Cloud ObjectStorage

- When there are multiple client networks

On the client side, register a single transparent proxy in each SCO-VA. On the server side, register multiple transparent proxies in asingle SCO-VA.

- 111 -

- When there is a single client network

Install SCO-VA and register a single transparent proxy on both the client and server sides.

Configuration when Transferring Data from Multiple Cloud Storage Gateway to Multiple Clouds' (AWS, K5and OpenStack) Object Storage

On the client side, register a single transparent proxy in each SCO-VA. On the server side, register a single transparent proxy in each SCO-VA.

B.2 System Configuration when Coordinating with an FTP Server

Configuration when Transferring Data from an FTP Client to an FTP Server

When coordinating with an FTP server, configure FTP to use Passive Mode, and install SCO-VA and register a single transparent proxyon both the client and server sides.

Configure the target service port numbers of the transparent proxy located on the FTP client side to contain the following "a." and "b."

a. The range of the port numbers used for FTP data transfer

b. The port number used for the FTP control connection when the operation mode of the transparent proxy located on the FTP serverside is "Terminate."

- 112 -

- 113 -

Appendix C Default Gateway Configuration Example ofCoordination with the TCP CommunicationApp

This section shows a default gateway setting example for the TCP communication app that coordinates with TCP.

C.1 Default Gateway Configuration Example when Coordinatingwith Cloud Storage Gateway

This section explains the procedures for configuring the default gateway when coordinating with Cloud Storage Gateway.

When adding this product to an environment where Cloud Storage Gateway is already installed

Procedures

1. Change the gateway of Cloud Storage Gateway from the WAN connection router to the SCO-VA LAN-side interface IP address.To make changes, configure the network settings of Cloud Storage Gateway.For details, refer to the Cloud Storage Gateway "User's Guide."

When installing this product and Cloud Storage Gateway at the same time

Procedures

1. Install Cloud Storage Gateway as it is written in the manual and set the SCO-VA LAN-side interface IP address to the gateway ofCloud Storage Gateway. To set the gateway, configure the network settings of Cloud Storage Gateway.For details, refer to the Cloud Storage Gateway "User's Guide."

C.2 Default Gateway Configuration Example when Coordinatingwith FTP

This section explains the procedures for configuring the default gateway when coordinating with FTP.

Procedures

1. Configure the SCO-VA LAN-side interface IP address to the gateway of the OS where the FTP server and the FTP client are running.

- 114 -

Appendix D Contents of Performance Information andAudit Log for Downloading

This section explains the contents of the performance information and audit log to be downloaded.

D.1 Contents of Performance Information for DownloadingFile format of the performance information to be downloaded is in CSV format with the headers (outputs the headers for the items in thefirst line, and data in the second and subsequent lines).Below are the file names:

- When downloading the performance information of the entire transparent proxy: "wacperf_start date_end date.csv"

- When downloading the performance information of each transparent proxy unit: "wacperf_transparent proxy ID_transparent proxyname_start date_end date.csv"

The following table lists the contents of the files.For items to be displayed in Web GUI, see "4.5.3.3 Transparent Proxy Details-Performance Information."

Item Names Contents Output Unit(*1) Notes

Unit Entire

transparent_proxy_id Transparent proxy ID Y Not displayed in WebGUI.

transparent_proxy_name Transparent proxy name Y

collected_at Performance information collection time Y Y Not displayed in WebGUI.

lan_out_avg LANThroughput

OUT [Avg] Y

lan_out_avg_unit Unit of OUT [Avg] (MB/sec) Y

lan_in_avg IN [Avg] Y

lan_in_avg_unit Unit of IN [Avg] (MB/sec) Y

lan_out_max OUT [Max] Y

lan_out_max_unit Unit of OUT[Max] (MB/sec) Y

lan_in_max IN [Max] Y

lan_in_max_unit Unit of IN [Max] (MB/sec) Y

wan_out_avg WANThroughput

OUT [Avg] Y Y

wan_out_avg_unit Unit of OUT[Avg] (MB/sec) Y Y

wan_in_avg IN [Avg] Y Y

wan_in_avg_unit Unit of IN [Avg] (MB/sec) Y Y

wan_out_max OUT [Max] Y Y

wan_out_max_unit Unit of OUT[Max] (MB/sec) Y Y

wan_in_max IN [Max] Y Y

wan_in_max_unit Unit of IN [Max] (MB/sec) Y Y

latency_avg Round-TripTime

Latency [Avg] Y

latency_avg_unit Unit of Latency [Avg] (msec) Y

latency_min Latency [Min] Y

latency_min_unit Unit of Latency [Min] (msec) Y

- 115 -

Item Names Contents Output Unit(*1) Notes

Unit Entire

loss_out_avg Packet LossRate

OUT [Avg] Y

loss_out_avg_unit Unit of OUT[Avg] (%) Y

loss_in_avg IN [Avg] Y

loss_in_avg_unit Unit of IN [Avg] (%) Y

loss_out_max OUT [Max] Y

loss_out_max_unit Unit of OUT[Max] (%) Y

loss_in_max IN [Max] Y

loss_in_max_unit Unit of IN [Max] (%) Y

*1: "Y" in the "Unit" column of the "Output Unit" indicates the data can be collected for each transparent proxy unit, and "Y" in the "Entire"column of the "Output Unit" indicates the data can be collected for the entire transparent proxy.

D.2 Contents of Audit Log to be DownloadedFile format of the audit log to be downloaded is a CSV format with the headers (outputs the headers for the items in the first line, and datain the second and subsequent lines.)Below are the file names:

- When downloading Web GUI or REST API audit log: "wacaudit_start date_end date.csv"

- When downloading the console audit log: "wacaudit_command name_csv" and "wacaudit_command name.csv.{1|2|3|4}."When downloaded, the console audit log is divided into files of 5 MB units.The latest audit log is wacaudit_command name.csv, and the oldest audit log is wacaudit_command name.csv.4.The command name is "wacadm" for the wacadm command and "initial_setup" for the Initialization Wizard.

The following table lists the contents of the files.For items to be displayed in Web GUI, see "4.4.3 Monitoring Audit Logs."

Item Names Contents Notes

id Audit log ID Not displayed in Web GUI.

request_id Request ID Not displayed in Web GUI.

last_updated_at Last update time (YYYY-MM-DD hh:mm:ss) Date for Web GUI.

submitted_at Operation submit time (YYYY-MM-DD hh:mm:ss) Not displayed in Web GUI.

started_at Processing start time (YYYY-MM-DD hh:mm:ss) Not displayed in Web GUI.

completed_at Processing completion time (YYYY-MM-DDhh:mm:ss)

Not displayed in Web GUI.

target_name Target operations

action Processing name

action_parameter Processing parameter

user_name User name

user_role User role Not displayed in Web GUI.

connection_source_ip_address Connection source IP address Not displayed in Web GUI.

call_from Caller

phase Processing progress

action_result Processing result

- 116 -

Item Names Contents Notes

message_id Message ID

message Message

confirmation Read/Unread

- true : Read

- false : Unread

Note) The output is empty if there is no applicable item.

- 117 -

Appendix E Compatibility InformationThere is no incompatibility.

- 118 -

user's guide - fujitsu · 2018. 11. 4. · google chrome(tm) chrome vmware vsphere(r) vmware...

Documents