user's guide - fujitsu · 2018. 4. 26. · google chrome(tm) chrome vmware vsphere(r) vmware -...

J2UL-2332-01ENZ0(00)June 2018

FUJITSU SoftwareSmart Communication Optimizer V1.0.0

User's Guide

Preface

Purpose of This Document

This manual explains the overview of, and the methods for designing, installing, and operating FUJITSU Software Smart CommunicationOptimizer (hereafter "this product").

Intended Readers

This manual is for people considering using this product and people who will install and oversee operation of this product.

Knowledge regarding the following is necessary when reading this manual.

- Server virtualization software (VMware or KVM)

- Public clouds (K5)

- Private clouds (OpenStack)

Structure of This Document

This manual is composed as follows:

Chapter 1 Overview of FUJITSU Software Smart Communication Optimizer

Explains the overview of this product.

Chapter 2 Design

Explains the design work necessary to install and set up this product.

Chapter 3 Installation and Setup

Explains the installation and setup of this product.

Chapter 4 Operation

Explains the method of operating this product.

Appendix A Lists of Useful Design Information

Provides lists of information that is frequently referred to during design of this product.

Appendix B System Configuration Example of Coordination with the TCP Communication App

Shows a system configuration example of coordination with the TCP communication app.

Appendix C Default Gateway Configuration Example of Coordination with the TCP Communication App

Shows a gateway setting example of coordination with the TCP communication app.

Document Conventions

In this manual, the following abbreviations and symbols are used in explanations.

Abbreviations

The following abbreviations are used in this manual.

Proper Name Abbreviation

FUJITSU Software Cloud Storage Gateway Cloud Storage Gateway or CSG

FUJITSU Cloud Service K5 K5

Internet Explorer(R) Internet Explorer

Microsoft(R) Edge Microsoft Edge

Google Chrome(TM) Chrome

VMware vSphere(R) VMware

- i -

Proper Name Abbreviation

Red Hat(R) Enterprise Linux(R) Virtual Machine Function KVM

Symbols

The following symbols are used for the purposes described below in this manual.

Symbols Description Example

" " Used to enclose the names of manuals, chapters, andsection titles.

Refer to "Operation" in the "User's Guide."

[ ] Used to enclose the names of screens, menus, tabs, andbuttons that compose the Web GUI.

[Create Initial User] screen, [Display] menu, [Dashboard]tab, [OK] button

[ ]-[ ] Used to show the order in which menus are to be selected. [Setting Category]-[License]

< > Used to enclose the names of keyboard keys. <Enter>

Other Notation

- Text to be entered by the user is indicated using bold text.

- Variables are indicated using italic text and underscores.

Documentation Road Map

Read the manuals for this product based on the following structure diagram and the table explaining their purposes.

Structure of the Manuals

How to Use the Manuals

Manual Name Description

Purpose

Concept

Assessment

POC/Installa

tion

Training

Tuning/

Migration

AsRequir

ed

User's Guide [Purpose of Use]

To understand the overview and the methods fordesign, installation, and operation of this product.

[Contained Content]

- Overview of the product and explanations offunctions

- System requirements

- Installation and setup procedures

- Methods of operation and maintenance

[Manuals to Read in Advance]

None

Yes Yes Yes Yes

- ii -

Manual Name Description

Purpose

Concept

Assessment

POC/Installa

tion

Training

Tuning/

Migration

AsRequir

ed

Reference Guide [Purpose of Use]

To refer to the provided commands.To respond to output messages.To handle trouble.To understand important terms and product-specific terms.

[Contained Content]

- Explanations of commands

- Meanings and corrective actions for messages

- Methods for collecting troubleshooting data

- Terms and their explanations

[Manuals to Read in Advance]

None

Yes

Export Administration Regulation Declaration

Exportation/release of this document may require necessary procedures in accordance with the regulations of your resident country and/orUnited States export control laws.

Trademark Information

- Google and Google Chrome are registered trademarks or trademarks of Google Inc.

- Intel is a trademark of Intel Corporation or its subsidiaries in the U.S. and/or other countries.

- Linux is a registered trademark of Linus Torvalds in the United States and other countries.

- Microsoft, Windows, Active Directory, and Internet Explorer are either registered trademarks or trademarks of Microsoft Corporationin the United States and other countries.

- The OpenStack Word Mark is a registered trademark / service mark or trademark / service mark of the OpenStack Foundation, in theUnited States and other countries and is used with the OpenStack Foundation's permission.

- Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries.

- VMware is a trademark and registered trademark of VMware Inc. in the United States and other countries.

- All other company and product names in this manual are trademarks or registered trademarks of their respective owners.

Notices

- The contents of this manual shall not be reproduced without express written permission from FUJITSU LIMITED.

- The contents of this manual are subject to change without notice.

Revision History

Month/Year Issued, Edition Manual Code

June 2018, Edition 1 J2UL-2332-01ENZ0(00)

- iii -

Copyright Notice

Copyright 2018 FUJITSU LIMITED

- iv -

ContentsChapter 1 Overview of FUJITSU Software Smart Communication Optimizer..........................................................................1

1.1 What Is FUJITSU Software Smart Communication Optimizer?.........................................................................................................11.2 Product Configuration of FUJITSU Software Smart Communication Optimizer...............................................................................21.3 System Configuration of FUJITSU Software Smart Communication Optimizer............................................................................... 21.4 Explanations of Each Function............................................................................................................................................................ 3

1.4.1 Function List................................................................................................................................................................................. 31.4.2 Transparent Proxies...................................................................................................................................................................... 31.4.3 User Interface................................................................................................................................................................................3

1.4.3.1 Dashboard.............................................................................................................................................................................. 31.4.3.2 Transparent Proxy Management............................................................................................................................................4

1.4.4 User Management......................................................................................................................................................................... 51.4.5 Email Notification.........................................................................................................................................................................5

1.5 Licenses............................................................................................................................................................................................... 61.6 System Requirements.......................................................................................................................................................................... 6

1.6.1 Virtual Appliance Resource Requirements...................................................................................................................................61.6.2 Server Virtualization Software System Requirements................................................................................................................. 81.6.3 Admin PC System Requirements................................................................................................................................................. 81.6.4 File Transfer Area.........................................................................................................................................................................81.6.5 Precautions when using this product............................................................................................................................................ 8

Chapter 2 Design......................................................................................................................................................................92.1 Design Overview................................................................................................................................................................................. 92.2 Designing Server System Configurations............................................................................................................................................92.3 Designing Server Virtualization Software...........................................................................................................................................92.4 Designing Clouds.................................................................................................................................................................................92.5 Designing Network Configuration.......................................................................................................................................................9

2.5.1 Single Virtual NIC Parallel Configuration................................................................................................................................. 112.5.2 Single Virtual NIC Parallel Configuration (via a Router).......................................................................................................... 122.5.3 2-Virtual NIC Parallel Configuration......................................................................................................................................... 122.5.4 2-Virtual NIC Parallel Configuration (via a Router).................................................................................................................. 132.5.5 2-Virtual NIC Pass Bridge Configuration.................................................................................................................................. 132.5.6 2-Virtual NIC Pass Bridge Configuration (via a Router)........................................................................................................... 142.5.7 3-Virtual NIC Pass Bridge Configuration.................................................................................................................................. 142.5.8 3-Virtual NIC Pass Bridge Configuration (via a Router)........................................................................................................... 15

2.6 Designing Network Environments.....................................................................................................................................................152.7 Designing Virtual Network Environments (VMware Environments Only)......................................................................................182.8 Designing Function Environments.................................................................................................................................................... 18

2.8.1 Designing User Management Functions.....................................................................................................................................182.8.1.1 Designing Local Authentication.......................................................................................................................................... 182.8.1.2 Designing External Authentication......................................................................................................................................192.8.1.3 Designing the Console User................................................................................................................................................ 202.8.1.4 Designing the File Transfer User.........................................................................................................................................20

2.8.2 Designing the Email Notification Function................................................................................................................................ 202.8.3 Designing Transparent Proxy Management............................................................................................................................... 22

Chapter 3 Installation and Setup............................................................................................................................................ 263.1 Overall Flow of Installation and Setup.............................................................................................................................................. 263.2 Installation (VMware Environments)................................................................................................................................................ 26

3.2.1 Creating Virtual Networks in VMware Environments............................................................................................................... 263.2.2 Deploying Virtual Appliances to VMware Environments......................................................................................................... 27

3.3 Installation (KVM Environments)..................................................................................................................................................... 283.3.1 Creating Virtual Networks in KVM Environments....................................................................................................................293.3.2 Deploying Virtual Appliances to KVM Environments.............................................................................................................. 29

3.4 Installation (K5 Environments)......................................................................................................................................................... 303.5 Installation (OpenStack Environments).............................................................................................................................................333.6 Setup.................................................................................................................................................................................................. 36

- v -

3.6.1 Flow of Setup..............................................................................................................................................................................363.6.2 Initialization................................................................................................................................................................................ 36

3.6.2.1 Executing the Initialization Wizard..................................................................................................................................... 373.6.2.2 Configuring Routing............................................................................................................................................................ 403.6.2.3 Setting the System Time...................................................................................................................................................... 413.6.2.4 Configuring HTTPS Communication..................................................................................................................................413.6.2.5 Changing the HTTPS Port Number..................................................................................................................................... 44

3.6.3 Configuring the Web Browser....................................................................................................................................................453.6.3.1 Enabling JavaScript............................................................................................................................................................. 453.6.3.2 Enabling Cookies.................................................................................................................................................................463.6.3.3 Disabling Internet Explorer Compatibility View.................................................................................................................46

3.6.4 Configuring the System.............................................................................................................................................................. 463.6.4.1 Creating the Initial User.......................................................................................................................................................473.6.4.2 Configuring Email Notification Destinations...................................................................................................................... 473.6.4.3 Configuring External Authentication Servers......................................................................................................................473.6.4.4 Adding Users....................................................................................................................................................................... 473.6.4.5 Setting the License...............................................................................................................................................................48

3.7 Preparing Operating Environments................................................................................................................................................... 493.7.1 Configuring IP Address Conversion for WAN Connection Routers..........................................................................................493.7.2 Adding Transparent Proxies....................................................................................................................................................... 49

3.8 Configuring the Default Gateway of the TCP Communication App.................................................................................................493.9 Uninstallation.....................................................................................................................................................................................49

3.9.1 Uninstallation (VMware Environments).................................................................................................................................... 493.9.2 Uninstallation (KVM Environments)......................................................................................................................................... 503.9.3 Uninstallation (K5 and OpenStack Environments).................................................................................................................... 50

Chapter 4 Operation...............................................................................................................................................................514.1 Login..................................................................................................................................................................................................51

4.1.1 Configuring the Web Browser....................................................................................................................................................514.1.2 Logging In...................................................................................................................................................................................51

4.2 Explanation of the Web GUI............................................................................................................................................................. 524.3 Configuring the Operation Environment........................................................................................................................................... 56

4.3.1 Explanation of the [Settings] Dialog.......................................................................................................................................... 564.3.2 License........................................................................................................................................................................................ 564.3.3 Login Sessions............................................................................................................................................................................ 56

4.3.3.1 List of Login Session Items................................................................................................................................................. 564.3.3.2 Displaying the List of Login Sessions................................................................................................................................. 574.3.3.3 Displaying the Details of Login Sessions............................................................................................................................ 574.3.3.4 Performing a Forced Logout................................................................................................................................................58

4.3.4 Local Authentication Users........................................................................................................................................................ 594.3.4.1 Displaying the List of Local Authentication Users............................................................................................................. 594.3.4.2 Displaying the Details of Local Authentication Users........................................................................................................ 604.3.4.3 Creating Local Authentication Users...................................................................................................................................604.3.4.4 Deleting Local Authentication Users...................................................................................................................................614.3.4.5 Modifying Local Authentication Users............................................................................................................................... 62

4.3.5 Authentication Servers................................................................................................................................................................634.3.5.1 Displaying the List of Authentication Servers.....................................................................................................................634.3.5.2 Displaying the Details of Authentication Servers................................................................................................................644.3.5.3 Registering Authentication Servers..................................................................................................................................... 654.3.5.4 Deleting Authentication Servers..........................................................................................................................................664.3.5.5 Modifying Authentication Servers.......................................................................................................................................67

4.3.6 Mail Server and Email Notification Destinations.......................................................................................................................684.3.7 Troubleshooting Data................................................................................................................................................................. 71

4.4 Monitoring Using the Dashboard...................................................................................................................................................... 714.4.1 Monitoring WAN Throughput....................................................................................................................................................714.4.2 Monitoring Event Logs...............................................................................................................................................................724.4.3 Monitoring Audit Logs............................................................................................................................................................... 75

- vi -

4.5 Managing Transparent Proxies.......................................................................................................................................................... 774.5.1 Displaying the List of Transparent Proxies................................................................................................................................ 774.5.2 Transparent Proxy Statuses.........................................................................................................................................................784.5.3 Displaying the Details of Transparent Proxies........................................................................................................................... 79

4.5.3.1 Transparent Proxy Details-Basic Information..................................................................................................................... 794.5.3.2 Transparent Proxy Details-Details.......................................................................................................................................804.5.3.3 Transparent Proxy Details-Performance Information..........................................................................................................81

4.5.4 Adding Transparent Proxies....................................................................................................................................................... 854.5.5 Deleting Transparent Proxies......................................................................................................................................................864.5.6 Modifying Transparent Proxies.................................................................................................................................................. 864.5.7 Changing the IP Addresses of the Interfaces Used by Transparent Proxies...............................................................................88

4.6 Performing Maintenance....................................................................................................................................................................884.6.1 Overview of Maintenance...........................................................................................................................................................884.6.2 Recovering Faulty Server Virtualization Software.....................................................................................................................88

4.6.2.1 Recovery when Using High Availability Operation............................................................................................................884.6.2.2 Recovery when Not Using High Availability Operation.....................................................................................................89

4.6.3 Performing Regular Maintenance of Server Virtualization Software........................................................................................ 894.6.3.1 Regular Maintenance when Using High Availability Operation.........................................................................................894.6.3.2 Regular Maintenance when Not Using High Availability Operation..................................................................................89

4.6.4 Updating Software...................................................................................................................................................................... 904.7 Stopping and Restarting the System and Services.............................................................................................................................91

Appendix A Lists of Useful Design Information...................................................................................................................... 93A.1 List of Output Log Files....................................................................................................................................................................93A.2 List of Used Port Numbers............................................................................................................................................................... 93

Appendix B System Configuration Example of Coordination with the TCP Communication App.......................................... 94B.1 System Configuration when Coordinating with Cloud Storage Gateway........................................................................................ 94B.2 System Configuration when Coordinating with an FTP Server........................................................................................................95

Appendix C Default Gateway Configuration Example of Coordination with the TCP Communication App............................97C.1 Default Gateway Configuration Example when Coordinating with Cloud Storage Gateway..........................................................97C.2 Default Gateway Configuration Example when Coordinating with FTP......................................................................................... 97

- vii -

Chapter 1 Overview of FUJITSU Software SmartCommunication Optimizer

This chapter explains the overview of this product.

1.1 What Is FUJITSU Software Smart Communication Optimizer?These days, enterprise WANs are facing the following challenges:

- Ongoing globalization means that more communication is taking place over long distances, such as between domestic and overseasbusiness networks. In such cases, obtaining large amounts of data from external sources is slower than when the sources are locatedshorter distances away.

- Increasing use of SaaS and cloud services means that more communication traffic is travelling to and from points outside businessnetworks. In addition, backing up and sharing larger files using these services takes a long time.

- More data is being backed up over WANs to data centers in remote locations. The delay involved in this method of backup mean thatdata replication is not an effective countermeasure against natural disasters.

This product realizes accelerated communication over WANs in order to solve these problems. It effectively utilizes the availablebandwidth between business networks, or between business networks and clouds, thereby increasing network throughput.

The features of this product are as follows:

- This product is provided as a virtual appliance (hereafter abbreviated as "SCO-VA") that can be flexibly applied to variousconfigurations found in business networks or on clouds. Two virtual appliances are installed on either side of a connection over a WAN,and operate as a pair.

- Transparent proxies use Fujitsu Laboratories' "Transport Acceleration Technology," thereby making it possible to increasecommunication speeds between SCO-VAs, reduce delays, and reduce the effects of packet loss.Transport Acceleration Technology converts TCP communication to UNAP (Universal Network Acceleration Protocol: a protocolbased on UDP, that has an original algorithm for resending data) in order to implement acceleration.

- The Web GUI can be used to visualize communication performance, enabling users to see the extent to which throughput has beenimproved. It can also be used to manage transparent proxies.

Figure 1.1 FUJITSU Software Smart Communication Optimizer

- 1 -

1.2 Product Configuration of FUJITSU Software SmartCommunication Optimizer

This product is composed of admin components and gateway components.

The admin components are as follows:

- Web service

Receives and responds to requests sent from the Web GUI of the admin PC.

- Admin engine

Requests the DB service and gateway component to execute processing.

- DB service

Accesses the admin DB.

The gateway components are as follows:

- Transparent Proxies

The transparent proxy on the TCP client side provides the function to receive data from the TCP client and transfer the data to the WANat high speeds.The transparent proxy on the TCP server side provides the function to receive data transferred at high speeds from the WAN and sendthe data to the TCP server.

Figure 1.2 Product Configuration

1.3 System Configuration of FUJITSU Software SmartCommunication Optimizer

This product is installed on both sides of a connection over a WAN.Since transparent proxies operate as a client-server pair, register them on both sides.This configuration accelerates business applications that use TCP communication between the client and server via a WAN.

- This product is compatible with the applications below.

- 2 -

- Applications where the sending port number is not dynamically updated

- FTP communication applications (Passive Mode only)

For details, refer to "Appendix B System Configuration Example of Coordination with the TCP Communication App" for a TCPcommunication app system configuration example that coordinates with TCP.

1.4 Explanations of Each FunctionThis section explains the functions provided with this product.

1.4.1 Function ListThe functions provided with this product are as follows:

- Transparent Proxies

- User Interface

- Dashboard

- Transparent Proxy Management

- User Management

- Email Notification

1.4.2 Transparent ProxiesThe functions of transparent proxies are as follows:

- Transparent proxies convert TCP communication between TCP clients and TCP servers into UNAP communication betweentransparent proxies. This conversion enables effective use of available bandwidth while minimizing delay time which typically affectsWAN communication.

- Transparent proxies determine the optimal rate for data transmission by periodically monitoring the available bandwidth.

- UNAP communication between transparent proxies establishes a connection to communicate.

- If a delay or the re-sending of communication data occurs, re-send via TCP is prevented by UNAP.

1.4.3 User InterfaceThe user interface of this product is provided as a Web GUI.The Web GUI can be used to operate the dashboard and manage transparent proxies.

1.4.3.1 DashboardThe dashboard can be used to monitor WAN throughput, event logs, and audit logs.

In addition, [Event Log List] and [Event Log Details] can be viewed from the [Event Log] panel, and [Audit Log List] and [Audit LogDetails] can be viewed from the [Audit Log] panel.

- 3 -

Figure 1.3 Dashboard

1.4.3.2 Transparent Proxy ManagementIt is possible to add, delete, update, and view transparent proxies using the [Transparent Proxy] tab.

Figure 1.4 Transparent Proxy Management

- 4 -

1.4.4 User ManagementUsers of this product are categorized as shown below.

Category Description Authentication Method Role

GUI users Users for the Web GUI provided with thisproduct

There are the following three authenticationmethods:

- Local authentication

- External authentication (LDAP)

- External authentication (Active Directory:AD)

There are thefollowing two roles:

- Administrator

- Monitor

Console user User for using the console to set up orperform maintenance of this product

Authenticated using the Linux OS userauthentication mechanism

None

File transferuser

User that transfers files via SFTP to the filetransfer area.

Using this product, it is possible to create, delete, and modify users that use local authentication methods (local authentication usermanagement), as well as manage users that use the external authentication methods LDAP and AD (external authentication servermanagement).It is also possible to manage the list of login sessions (login session management), and to perform forced logouts.

Figure 1.5 User Management

1.4.5 Email NotificationThe email notification function can be used to send notifications to specified recipients whenever a WARNING- or ERROR-level eventoccurs.

- 5 -

Figure 1.6 Email Notification

1.5 LicensesThis product has the following types of licenses.

Type Description

Official licenses Licenses that are throughput performance-rated. There are multiple types of licenses, which vary dependingon the limits they place on throughput performance for data transfer over a WAN.

Trial licenses Licenses provided before the purchase this product, for the purpose of trials.Trial licenses have expiration dates.

1.6 System Requirements

1.6.1 Virtual Appliance Resource RequirementsThe resource requirements for virtual appliances are as follows.

Resource Requirements

Physical CPU Intel Xeon (For VMware or KVM)

Virtual CPUs Requirements vary depending on the limit placed on throughput performance by the license.

- When throughput is limited to 3 Gbps or less: 2 or more

- When throughput is limited to 10 Gbps or less: 4 or more (Overcommit is not supported)

For a trial license, allocate resources based on the throughput limit of the official license you intend toregister later.

Memory Memory is calculated by the throughput upper limit of the license and the number of transparent proxies.It is determined by the following formula. Memory size is the result of a calculation that has been roundedup in 1 GB increments. Make values larger than 1 GB.

- When the upper limit of license throughput is in Gbps

- 6 -


Memory Size (GB) = 4 (GB) + Throughput upper limit of license (Gbps) x 0.25

x

Number of transparent proxies

- When the upper limit of license throughput is in Mbps

Memory Size (GB) = 4 (GB) + Throughput upper limit of license (Gbps) / 1000

x 0.25 x

Number of transparent proxies

For a trial license, allocate resources based on the throughput limit of the official license you intend toregister later.For approximate memory sizes, refer to the following reference information below.

Network adapter For VMware

VMXNET3

For KVM

Virtio

Virtual disk space Virtual disk space required for the system of this product: 60 GB

Number of virtual NICs 3 or less

Information

Memory Size

The following shows the memory size for the license throughput upper limits when the number of transparent proxies is 1 and 20.

License Throughput

Upper LimitNumber of

TransparentProxies

Memory Size(GB)

200 Mbps or less 1 5 or more

20 5 or more

500 Mbps or less 1 5 or more

20 7 or more

1 Gbps or less 1 5 or more

20 9 or more

3 Gbps 1 5 or more

20 19 or more

10 Gbps or less 1 7 or more

20 54 or more

Note

- If the specifications of the operating environment differ from the above requirements, this product is not guaranteed to operate properly.This product does not perform any checks as to whether the operating environment meets its requirements.

- If the maximum throughput of the hardware is less than the throughput limit configured for the virtual appliance, then throughput willbe restricted to that provided by the hardware.

- 7 -

1.6.2 Server Virtualization Software System RequirementsThe system requirements for server virtualization software are as follows.


Server virtualization software For VMware

VMware vSphere 6

For KVM

RHEL7

Public clouds K5

Private clouds OpenStack

1.6.3 Admin PC System RequirementsThe system requirements for the admin PC on which the Web GUI operates are as follows.

Item Requirements

Web browser Internet Explorer 11

Microsoft Edge 38 or later

Chrome 58 or later

To transfer files between the admin PC and the file transfer area, SFTP client software is required.Install it if necessary.

1.6.4 File Transfer AreaThe file transfer area is the directory where files are stored temporarily in the following cases:

- Registering the SSL server certificateFor details, refer to "Registering the SSL Server Certificate" in "3.6.2.4 Configuring HTTPS Communication."

- Updating softwareFor details, refer to "4.6.4 Updating Software."

- Collecting troubleshooting dataFor details, refer to "Collecting Troubleshooting Data" in the "Reference Guide."

The size and directory name of the file transfer area are shown below.

Size Directory Name

2GB /sftp

To store or retrieve files in the file transfer area, use SFTP with the account of the file transfer user.For information about the file transfer user, refer to "2.8.1.4 Designing the File Transfer User."

By using the wacadm dir command, it is possible to display information about files or delete unnecessary files in the file transfer area.For details, refer to "wacadm dir Command" in the "Reference Guide."

1.6.5 Precautions when using this productThe precautions when using this product are shown below.

- IPv6 is not supported.

- 8 -

Chapter 2 DesignThis chapter explains the design work necessary for installation and setup of this product.

2.1 Design OverviewThe following tasks must be performed when designing this product:

- Design of the server system configuration

- Design of the server virtualization software

- Cloud design

- 2.5 Designing Network Configuration

- Network environment design

- Design of function environments

- Design of user management functions

- Design of the email notification function

- Design of transparent proxy management

2.2 Designing Server System ConfigurationsThis product uses the following functions to support cluster configurations.

Installation Environment Function

VMware environments vSphere HA function

2.3 Designing Server Virtualization SoftwareChoose either of the following server virtualization software for use with this product:

- VMware

- KVM

Regardless of which software you choose, the functionality of this product will be the same.

2.4 Designing CloudsChoose from among the following clouds to use with this product.

- Public clouds

- K5

- Private clouds

- OpenStack

Regardless of which cloud you choose, the functionality of this product will be the same.

2.5 Designing Network ConfigurationThe network configurations of this product are largely classified into the following two categories.

- 9 -

- Parallel Configuration

A configuration in which SCO-VAs are attached to the communication paths between a TCP client and a WAN router and between aTCP server and a WAN router.

- Pass Bridge Configuration

A configuration in which SCO-VAs are inserted in the communication paths between a TCP client and a WAN router and between aTCP server and a WAN router.

Category Advantages Disadvantages

Parallel Configuration It can be deployed in the existing environmentwithout changing the network configuration.

- The TCP clients whose communication is to beaccelerated must be configured to change the defaultgateway to SCO-VA.

- There may be performance bottlenecks for high-speedcommunication such as 10 Gbps.

Pass BridgeConfiguration

- It is not necessary to change the defaultgateway of the TCP clients whosecommunication is to be accelerated.

- There are no performance bottlenecks forhigh-speed communication such as 10 Gbps.

The existing environment must be changed to configureSCO-VA for pass bridge configuration.

Figure 2.1 Parallel Configuration

Figure 2.2 Pass Bridge Configuration

With the combination of the preceding two network configurations and the number of virtual NICs, this product supports the following eightnetwork configurations.

- 10 -

No. Category Model Name Description

1 ParallelConfiguration

Single Virtual NIC ParallelConfiguration

The configuration for a multi-purpose business, WAN, and management network.

2 Single Virtual NIC ParallelConfiguration (via aRouter)

The configuration for a multi-purpose business, WAN, and management network.In addition to the above, the management network will make access via a router.

3 2-Virtual NIC ParallelConfiguration

The configuration for a multi-purpose business and WAN network with an isolatedmanagement network.

4 2-Vrtual NIC ParallelConfiguration (via aRouter)

The configuration for a multi-purpose business and WAN network with an isolatedmanagement network.In addition to the above, the management network will make access via a router.

5 Pass BridgeConfiguration

2-Virtual NIC Pass BridgeConfiguration

The configuration for a multi-purpose business and management network with anisolated WAN network.

6 2-Virtual NIC Pass BridgeConfiguration (via aRouter)

The configuration for a multi-purpose business and management network with anisolated WAN network.In addition to the above, the business and management network will make access viaa router.

7 3-Virtual NIC Pass BridgeConfiguration

The configuration for an isolated business, WAN, and management network.

8 3-Virtual NIC Pass BridgeConfiguration (via aRouter)

The configuration for an isolated business, WAN, and management network.In addition to the above, the management network will make access via router.

Note

Transparent bridge configuration

When pass bridge configuration is selected in the network configuration, note that the connection configuration must be designed to avoidloop configuration in the same network as described below:

- Connect multiple SCO-VAs to the business network and the WAN network for a pass bridge.

- Connect a virtual machine other than SCO-VA to the business network and the WAN network for a pass bridge, and forward the twonetworks.

2.5.1 Single Virtual NIC Parallel ConfigurationThis is the configuration for a multi-purpose business, WAN, and management network when using a single virtual NIC.The LAN-side, WAN-side, and Admin interfaces are allocated to a single virtual NIC (For example: br-eth0).The red arrows represent the default gateways.

- 11 -

The Cloud Storage Gateway will be as follows.

2.5.2 Single Virtual NIC Parallel Configuration (via a Router)This is the configuration for a multi-purpose business, WAN, and management network when using a single virtual NIC.In addition to the above, the management network will make access via a router.The LAN-side, WAN-side, and Admin interfaces are allocated to a single virtual NIC (For example: br-eth0).The red arrows represent the default gateways and the blue arrow represents a static route.

2.5.3 2-Virtual NIC Parallel ConfigurationThis is the configuration for a multi-purpose business and WAN network with an isolated management network when using two virtualNICs.

- 12 -

The LAN and WAN-side interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth0) and the Admin Interfaceis allocated to the other virtual NIC (For example: br-eth1).The red arrows represent the default gateways.

2.5.4 2-Virtual NIC Parallel Configuration (via a Router)This is the configuration for a multi-purpose business and WAN network with an isolated management network.In addition to the above, the management network will make access via a router.The LAN and WAN-side interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth0) and the Admin Interfaceis allocated to the other virtual NIC (For example: br-eth1).The red arrows represent the default gateways and the blue arrow represents a static route.

2.5.5 2-Virtual NIC Pass Bridge ConfigurationThis is the configuration for a multi-purpose business and management network with an isolated WAN network when using two virtualNICs.The LAN and Admin-side interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth1) and the WAN-sideinterface is allocated to the other virtual NIC (For example: br-eth0).The red arrows represent the default gateways.

- 13 -

2.5.6 2-Virtual NIC Pass Bridge Configuration (via a Router)This is the configuration for a multi-purpose business and management network with an isolated WAN network when using two virtualNICs. In this configuration, the business and management network will make access via a router.The LAN-side and Admin interfaces are multi-purpose and are allocated to one virtual NIC (For example: br-eth1) and the WAN-sideinterface is allocated to the other NIC (For example br-eth0).The red arrows represent the default gateways and the blue arrow represents a static route.

2.5.7 3-Virtual NIC Pass Bridge ConfigurationThis is the configuration for a network with isolated business, WAN, and management networks when using three virtual NICs.A virtual NIC is allocated to the LAN, WAN, and Admin-side interfaces.The red arrows represent the default gateways.

- 14 -

2.5.8 3-Virtual NIC Pass Bridge Configuration (via a Router)This is the configuration for a network with isolated business, WAN, and management networks when using three virtual NICs.The management network will make access via a router.A virtual NIC is allocated to the LAN, WAN, and Admin-side interfaces.The red arrows represent the default gateways and the blue arrow represents a static route.

2.6 Designing Network EnvironmentsIt is necessary to configure the following design items during configuration of a network environment.

Item Description

Number of Virtual NICs The number of virtual NICs to use.A maximum of three virtual NICs can be used.Determine the number of virtual NICs to use based on the desired virtual network configuration.

Virtual NIC Uses Select from among the following uses for each virtual NIC.

- Admin Interface(The network interface used for communication between the Admin PC and this product)

- 15 -

Item Description

- LAN-side Interface(The network interface used by transparent proxies for TCP communication with clients orservers)

- WAN-side Interface(The network interface used by transparent proxies for communication through a WAN)

Configure the following items for each virtual NIC:

- DHCP Server

- Network Address

- Gateway Address

DHCP Server Select whether to use a DHCP server.

- Disable: A DHCP server will not be used

- Enable: A DHCP server will be used

Depending on the installation environment, the default values are as follows.

- For VMware and KVM: "Disable"

- For K5 and OpenStack: "Enable"

A DHCP server is required for a network that will use DHCP.When configuring a pass bridge, a DHCP server cannot be used for the WAN-side interface.

Network Address The IP address and the subnet mask of the virtual NIC.If a DHCP server is used, these values will be assigned automatically.

Gateway Address The IP address of a router that is connected to a WAN. This router is configured as the defaultgateway for data transmission.This must be specified when the virtual NIC will be used as a WAN-side interface.

DNS Server The IP addresses of the primary and secondary DNS servers.If a DHCP server is used, these values will be assigned automatically.

Domain Name The domain name.The maximum length of the domain name is 254 characters, minus the length of the host name.For example, if the host name is "host1," which has a length of five characters, the maximumspecifiable length of the domain name will be 254 - 5 = 249 characters.The following characters can be used:

- Alphanumeric characters (This value is not case sensitive)

- Hyphens ("-") and periods (".") (Hyphens and periods cannot be used for the first or lastcharacters)

When not using a DHCP server, the default value is "localdomain."When using a DHCP server, the default value is as follows.

- When the domain name can be obtained from the DHCP server: the obtained domain name

- When the domain name cannot be obtained from the DHCP server: "localdomain"

Host Name The host name.Specify a character string 1 - 63 characters in length.The following characters can be used:

- Alphanumeric characters (This value is not case sensitive)

- Hyphens ("-") (Hyphens cannot be used for the first or last characters)

Depending on the installation environment, the default value is as follows.

- 16 -

Item Description

- For VMware and or KVM:When not using a DHCP server, it is "wacva.".When using a DHCP server, it is the obtained host name.

- For OpenStack or K5:Regardless of whether a DHCP server is used, the virtual server name becomes the host name.Specify the virtual server name using the characters that can be used for the host name.

Keymap The keyboard layout.Select from a list of candidates.The default value is "us" (US keyboard).Specify the type of keyboard layout that will be used. For example, "jp106" (Japanese 106keyboard), "jp-OADG109A" (Japanese 109 keyboard), etc.

NTP Servers Choose whether to enable NTP servers.

- Disable: Disable NTP servers

- Enable: Enable NTP servers

When enabling NTP servers, the FQDNs or IP addresses of the NTP servers are required.A maximum of two NTP servers can be registered.The default value is "Disable."

Note

When registering two NTP servers, their upper NTP server must be the same.

Time Zone The time zone.Select from a list of candidates.The default value is "UTC."

SSL Server Certificate

Expiration Date The number of days until the SSL server certificate expires, counted from the date on which it wascreated.The longest specifiable period is from the date of creation to January 19, 2038. Be sure to specifya number of days that is longer than the anticipated period of use of this product.

Country Name A two-character country code (ISO-3166).

State or Province Name The name of the state or province in which this product will be used.

Locality Name The name of the locality in which this product will be used.

Organization Name The name of the organization or company.

Organizational Unit Name The name of the applying organizational unit.

Common Name The IP address or host name (FQDN) that would be entered in a Web browser.

For example:

- When specifying an IP address: 192.0.2.10

- When specifying a host name: myhost.company.com

Email Address The contact email address.

HTTPS port number The HTTPS port number.Specify a port number from 1024 to 65535.If omitted, 9856 is used.

- 17 -

2.7 Designing Virtual Network Environments (VMwareEnvironments Only)

It is necessary to configure the following design items when configuring a virtual network environment.

Item Description

Network label A name for identifying the port groups of virtual switches.The network label is used when connecting SCO-VA to virtual switches.Specify any desired name.

VLAN ID Identifies the VLAN to be used by the network traffic of the port groups.

2.8 Designing Function EnvironmentsThis section explains how to design the environment for each function.

2.8.1 Designing User Management Functions

2.8.1.1 Designing Local AuthenticationUp to 100 users can be created for local authentication.It is necessary to configure the following design items when using local authentication.

Item Description

Name (User name) The user name.Specify a character string 1 - 64 characters in length.The following characters can be used:

- Alphanumeric characters

- Symbols (!-_.)

Password The password.Specify a character string 8 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

At least three of the following four types of characters must be specified: upper case alphabetical characters,lower case alphabetical characters, numbers, and symbols.

Role (User role) The role can be either of the following:

- Administrator: The system administrator. Can use all functions

- Monitor: Can only use reference functions

The default user role is "Administrator."

Mail address The email address of the user.Specify a character string 6 - 63 characters in length.The format is email address format (it must contain an at sign "@"), and the following characters can be used:


- Symbols (._%+-@)

This value can be omitted.

Description The description of the user.Specify a character string containing up to 256 characters.

- 18 -

Item Description

There are no restrictions on the characters that can be used.This value can be omitted.

2.8.1.2 Designing External AuthenticationLDAP and Active Directory (AD) are supported for external authentication servers, and up to eight servers can be registered in total.It is necessary to configure the following design items when using external authentication servers.

Item Description

Type The type of the authentication server. Specify either of the following:

- LDAP: LDAP authentication server

- AD: Active Directory (AD) authentication server

The default value is "LDAP."

IP address The IP address of the authentication server.

Port The port number of the authentication server.The default value is 389.

Domain The domain of the authentication server.

User search base The user search base of the authentication server. This is used as the primary identifier when performing usersearches with the domain name omitted.If "Type" is "AD," the default value is "cn=users."

Group search base The group search base of the authentication server. This is used as the primary identifier when performing groupsearches with the domain name omitted.If "Type" is "AD," the default value is "cn=users."

Administrator user The user name of the administrator of the authentication server.

Administrator password The password of the administrator of the authentication server.

SSL One of the following encryption methods is used:

- None

- SSL/TLS

- STARTTLS

The default value is "None."

Priority The priority of the authentication server.A smaller value means higher priority.This value can be omitted. If omitted, the lowest priority (the largest value) is used.If the specified value is already registered, the priority of that server and subsequent servers are lowered by one(values are incremented).

Description The description of the authentication server.Specify a character string containing up to 256 characters.There are no restrictions on the characters that can be used.This value can be omitted.

External Authentication Server-side Design

- When using LDAP authentication, ensure that all user names are 512 or fewer characters in length.

- Create the following groups for user roles on each external authentication server, and register each user that will be authenticatedexternally in the corresponding user role group.

- 19 -

Role User Role Group Name

Administrator WacAdmin

Monitor WacMon

2.8.1.3 Designing the Console UserThere is only one console user, with the name "administrator."Configure the following design item for the console user.

Item Description

Password The password of the console user.The default value is "Admin123#."The password can be changed via the Initialization Wizard.Specify a character string 8 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

- Use at least three of the following types of characters:

- A-Z

- a-z

- 0-9

- Symbols

2.8.1.4 Designing the File Transfer UserThere is only one file transfer user with the name "secftpuser." Configure the following design items for the file transfer user.

Item Description

Password The password of the file transfer user.The default value is "Secftp123#."The password can be changed via the Initialization Wizard. Specify a character string that is 8 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

- Use at least three of the following types of characters:

- A-Z

- a-z

- 0-9

- Symbols

2.8.2 Designing the Email Notification FunctionUp to three recipients can be specified for email notification.It is necessary to configure the following design items when using email notification.

- 20 -

Item Description

SMTP server The address of the SMTP server.Specify an IP address or an FQDN containing up to 64 characters.

Sender Mail Address The content of the "From" field of the emails to be sent.Specify a character string 3 - 63 characters in length.The format is email address format (it must contain an at sign "@"), and the following characters can be used:


- Symbols (!#$%&'*+/=?^_`{|}~-.@)

SMTP port The port number of the SMTP server.Specify a value from 1 to 65535.The default value is 25.If omitted, the default value is used.

Authentication Method The authentication method for connecting to the SMTP server. Configure one of the following:

- none: Devices will connect to the SMTP server without using authentication

The following values use the AUTH SMTP authentication to connect to the SMTP server. For theauthentication method, select one according to the security policy of the SMTP server to be used.

- cram-md5: "CRAM-MD5" is used as the authentication method

- plain: "plain" is used as the authentication method

- login: "login" is used as the authentication method

User name The name of the user account for connecting to the SMTP server.Specify a character string 1 - 255 characters in length.The following characters can be used:


- White space

- Symbols (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)

Password The password of the user account for connecting to the SMTP server.Specify a character string 1 - 64 characters in length.The following characters can be used:


- Symbols (!"#$&'()*+,-./@[\]^_`{|}~:;<=>?)

Subject (Fixed) The fixed character string to be inserted as the prefix for the "Subject" line.Specify a character string containing up to 30 characters.The following characters can be used:


- White space

- Symbols (!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~)

If omitted, the "Subject" line will be "Smart Communication Optimizer Event Mail."If specified, "Smart Communication Optimizer Event Mail" will be added to the end of the specified characterstring.

Number of Retries The maximum number of attempts to resend when sending of an email fails.Specify a value from 0 to 5.The default value is 0 (will not be resent).

Retry Interval(in seconds)

The interval between attempts to resend.Specify a value from 1 to 300 seconds.The default value is 1 (resend every second).

- 21 -

Item Description

SMTP over SSL Determines whether to use SMTP over SSL. Specify either of the following:

- disable: SMTP over SSL will not be used

- ssl-tls: SMTP over SSL/TLS will be used

Confirm that the mail server you are using is compatible with SSL/TLS when selecting "ssl-tls." The default value is "disable."

Mail notification The mail address of the notification destination.Specify a character string 3 - 63 characters in length.The format is email address format (it must contain an at sign "@"), and the following characters can be used:


- Symbols (!#$%&'*+/=?^_`{|}~-.@)

2.8.3 Designing Transparent Proxy ManagementFor how to place transparent proxies, refer to "1.3 System Configuration of FUJITSU Software Smart Communication Optimizer." Amaximum of 20 transparent proxies can be registered in SCO-VA.It is necessary to configure the following design items when creating transparent proxies.

Item Description

Transparent Proxy Name The name of the transparent proxy.Specify a character string 1 - 63 characters in length.The following characters can be used:


- Hyphens ("-") (Hyphens cannot be used for the first or last characters)

Transparent proxy names must be unique within SCO-VA.

Type The type of the transparent proxy. Specify either of the following:

- Client:A transparent proxy of the client type.A transparent proxy of the client type establishes a UNAP connection to a transparent proxyof the server type.

- Server:A transparent proxy of the server type.A transparent proxy of the server type waits for a transparent proxy of the client type toestablish a UNAP connection.

A transparent proxy registered with the SCO-VA on the TCP client side may be a server type. Atransparent proxy registered with the SCO-VA at the TCP server side may be a client type.

Pair IP Address The IP address of the WAN-side interface of the transparent proxy to pair with.When the IP address translation has been configured, specify a reachable IP address if necessary.Furthermore, when using multiple transparent proxies in the same SCO-VA, the pair IP addressand port number combination must not be overlapping among any of the client types.

Port Number The port number used by UNAP to enable high-speed data transfer over a WAN.Specify a value from 20500 to 20650.For the client type, it is the server-side port number.When using several server types in SCO-VA, the number of ports must not be overlapped amongall server types.The specified port number must match that of the paired transparent proxy. If the port numbers donot match, then establishment of the UNAP connection will fail.

LAN-side Interface The name of the network interface used by the transparent proxy for TCP communication withclient or server applications.The virtual NIC and IP address that was set up in the Initialization Wizard will be configured.The virtual NIC will be one of the following.

- 22 -

Item Description

- br-eth0

- br-eth1

- br-eth2

WAN-side Interface The name of the network interface used by the transparent proxy for WAN-side communication.The virtual NIC and IP address that was set up in the Initialization Wizard will be configured.The virtual NIC will be one of the following.

- br-eth0

- br-eth1

- br-eth2

Operation Mode The operation mode of the transparent proxy. Select either of the following:

- Transparent: Transparently relays TCP connections.

- Terminate: Terminates TCP connections.

For client type, "Transparent" is fixed.For server type, make selections similar to the following.

- When registering the transparent proxy in K5 or OpenStack: "Terminate"

- For VMware or KVM, it is different depending on the network configuration.

- For parallel configuration: "Terminate"

- For pass bridge configuration: "Transparent"

- For network configuration, refer to "2.5 Designing Network Configuration."

Target Service Port Numbers The list of port numbers of services that are the targets of data transfer performed by thetransparent proxy.Specify a value from 1 to 65535.Up to 100 port numbers can be specified.To specify multiple port numbers, use a range or a list.Indicate a range using a hyphen.When specifying a range using the format "x-y," x must be less than or equal to y.(For example, "80-83" and "80-80" are valid ranges, but "80-79" is not)Use commas to separate values in a list.(For example, "80,81")When registering multiple transparent proxies with an SCO-VA, the target service port numbersmust not be overlapping among the transparent proxies.Specify the target service port numbers only for transparent proxies on the TCP client side. It isnot necessary to specify for transparent proxies on the TCP server side.

Note

In the following network configurations where a single network is used as both the businessnetwork and management network, the service port numbers used by the admin PC cannot bespecified for this parameter.

- Single Virtual NIC Parallel Configuration

- Single Virtual NIC Parallel Configuration (via a Router)

- 2-Virtual NIC Pass Bridge Configuration

- 2-Virtual NIC Pass Bridge Configuration (via a Router)

For information about network configurations, refer to "2.5 Designing Network Configuration."

- 23 -

Item Description

For this reason, take corrective action in the following cases:

- If it overlaps with the HTTPS service port number used by the admin PC

Change the HTTPS service port number used by the admin PC, and specify the HTTPSservice port number used by the TCP server for this parameter.For information about changing the HTTPS service port number, refer to "3.6.2.5 Changingthe HTTPS Port Number."

- If it overlaps with a non-HTTPS service port number used by the admin PC

- If the service port number of the TCP server is changeable

Change the service port number of the TCP server so that it does not overlap with theservice port number used by the admin PC, and specify the service port number that waschanged for this parameter.

- If the service port number of the TCP server is unchangeable

Change the network configuration to one of the following, in which the business networkand the admin network are separate.

- 2-Virtual NIC Parallel Configuration

- 2-Virtual NIC Parallel Configuration (via a Router)

- 3-Virtual NIC Pass Bridge Configuration

- 3-Virtual NIC Pass Bridge Configuration (via a Router)

For the service port number that the Admin PC uses, refer to "A.2 List of Used Port Numbers."

Maximum Number of TCPConnections

The maximum number of TCP connections that can be established.Specify a value from 1 to 10000.The default value is 10000.If the number of connections on either the server type or client type transparent proxy exceeds thevalue specified here, any further connections attempted from the TCP client will be denied.Normally, it is not necessary to configure this item. Use it to restrict the number of connectionsthat can be attempted by the TCP client.

Number of Connection Re-establishment Attempts

The number of reconnection attempts to make when establishing a UNAP connection.Once the specified number of attempts is reached, an event log indicating that UNAP connectionhas failed is output.Specify a value from 0 to 255.The default value is 5.When "0" is specified, an event log will be output as soon as the first attempt to establish aconnection fails.Specify only for client types.

Connection Re-establishment AttemptInterval

The interval (in seconds) between reconnection attempts when establishing a UNAP connection.Specify a value from 1 to 300.The default value is 10.When RTT (Round-Trip Time) is less than 1 second, it is not necessary to change the initial settingvalue. When RTT exceeds 1 second, configure the value to RTT(seconds) * 10. (Ex: When the RTT is2 seconds, specify 20.)Specify only for client types.

Connection Monitoring Interval The connection monitoring interval (in seconds) for a UNAP connection.Specify a value from 1 to 300.The default value is 75.When RTT (Round-Trip Time) is less than 1.5 seconds, it is not necessary to change the initialsetting value.When RTT exceeds 1.5 seconds, configure the value to RTT(seconds) * 50. (Ex: When the RTT

- 24 -

Item Description

is 2 seconds, specify 100.)It is enabled only for client types.For server type, it will be automatically adjusted to the same value as the client type.

MTU Size The MTU size of UNAP.Specify the maximum specifiable MTU size for the network that data transfer will be performedover.For maximum MTU size, confirm the WAN router settings.Specify a value from 400 to 9000.The default value is 1500.It is enabled only for client types.For server type, it will be automatically adjusted to the same value as the client type.

- 25 -

Chapter 3 Installation and SetupThis chapter explains installation and setup of this product.

3.1 Overall Flow of Installation and SetupThe system configuration of this product can be either of the following combinations.

Environment A Environment B

On-premises On-premises

On-premises Cloud

Reference: For the purposes of this explanation of the flow of installation and setup, one part of this combination is referred to asenvironment A and the other, environment B.

There are the following types of on-premises environments and cloud environments.

- On-premises

- VMware environments

- KVM environments

- Cloud

- K5 environments

- OpenStack environments

The flow of installation and setup of this product is as follows:

1. Installation of this product on environment A

2. Setup of this product on environment A

3. Installation of this product on environment B

4. Setup of this product on environment B

5. Preparation of the operating environment

6. Configuring the Default Gateway of the TCP Communication App

For details on installation, refer to "3.2 Installation (VMware Environments)," "3.3 Installation (KVM Environments)," "3.4 Installation(K5 Environments)," or "3.5 Installation (OpenStack Environments)," depending on the environment in which you are installing.

3.2 Installation (VMware Environments)This section explains installation in VMware environments. The following example uses vSphere 6.0.

The flow of installation in VMware environments is as follows:

1. Creation of the virtual network

2. Deployment of the virtual appliance

3.2.1 Creating Virtual Networks in VMware EnvironmentsThis section explains the procedure for creating the virtual network (port group) for virtual appliances to connect to.

Preparations

Confirm that the following have already been created:

- 26 -

- The virtual switch (vSwitch) on which the network of this product will be placed

Configure the ports of the virtual switch as follows.

- MTU: 9000

- Connections to external networks (uplinks)

If necessary, also connect the following to the virtual switch:

- A DHCP server

- NTP servers

- External authentication servers

- A firewallWhen configuring a firewall, refer to "A.2 List of Used Port Numbers," and approve use of the listed port numbers.

Procedure

1. Log in to vSphere Web Client.

2. In the [Navigator] pane, select the [Hosts and Clusters] tab, and then select the host on which the network of this product will beplaced.

3. Select [Actions]-[Add Networking] to start the [Add Network] wizard.

4. Follow the instructions in the [Add Network] wizard to configure the network.

Step Task Details Description

1 Select connection type Select [Virtual Machine Port Group for a Standard Switch].

2 Select target device Select [Select an existing standard switch].Click the [Browse] button, and then select the virtual switch to use to create the networkof this product.

3 Connection settings Specify the network label and the VLAN ID.For the content to specify, refer to "2.7 Designing Virtual Network Environments(VMware Environments Only)."

4 Ready to complete Confirm the selected content and, if there are no problems, click the [Finish] button toclose the wizard.

5. When configuring a pass bridge, configure the security settings of port groups.

Targets for the security setting configuration are port groups for connecting network adapters allocated as the SCO-VA LAN-sideinterface or the SCO-VA WAN-side interface.The settings to configure are as follows:

- Promiscuous Mode: Accept

- Forged Transmits: Accept

Note

Port groups in which the security settings have been configured must not be associated with the network adapters attached to VMsother than the SCO-VAs.

6.

3.2.2 Deploying Virtual Appliances to VMware EnvironmentsThis section explains the procedure for deploying virtual appliances to VMware environments.

- 27 -

Procedure

1. Set the DVD of this product in a computer that is logged in to vCenter.

2. Log in to vSphere Web Client.

3. In the [Navigator] pane, select the [VMs and Templates] tab, and then select vCenter Server.

4. Select [Action]-[Deploy OVF Template] to launch the [Deploy OVF Template] wizard.

5. Follow the instructions in the [Deploy OVF Template] wizard to configure the template.

Step Task Details Description

1 Select source Select [Local file].Click the [Browse] button, and then specify the OVF template file (.ovf) on the DVD of thisproduct.

2 Review details Check the details of the specified OVF template.

3 Select name and folder Specify a name for the template.For the deployment destination, select a "datacenter" or a "folder."

4 Select a resource Select where to run the deployed OVF template.

5 Select storage Select the datastore in which to store the files for the deployed template.Select the following:

- Select virtual disk format: "Thick Provision Lazy Zeroed"

- VM Storage Policy: Datastore Default

6 Setup networks Select the network created in "3.2.1 Creating Virtual Networks in VMware Environments."

7 Ready to complete Confirm the selected content and, if there are no problems, click the [Finish] button to close thewizard.

6. Wait for deployment of this product to complete. The deployment progress can be confirmed using the progress bar displayed in[Recent Tasks].

7. Change the number of CPUs and the memory size of the virtual machine of this product based on the requirements described in "1.6.1Virtual Appliance Resource Requirements."

8. When performing a 1 or 2 virtual NIC configuration, delete network adapters that will not be used in [Edit settings].

Note

Adding and Deleting Network Adapters

It is not possible to delete or add network adapters after executing the initialization wizard and configuring the initial settings.If executing deletion or addition, execute deployment again.For the initialization wizard, refer to "3.6.2.1 Executing the Initialization Wizard."For deployment, refer to "3.2.2 Deploying Virtual Appliances to VMware Environments."

Point

Use the same procedure as above when deploying this product in VMware vSphere High Availability (vSphere HA) environments.

3.3 Installation (KVM Environments)This section explains installation in KVM environments.

The flow of installation in KVM environments is as follows:

1. Creation of the virtual network

- 28 -

2. Deployment of the virtual appliance

3.3.1 Creating Virtual Networks in KVM EnvironmentsPrepare the virtual network for virtual appliances to connect to.

Confirm the following:

- The virtual network (virtual bridge) that will connect virtual appliances has been created

- The virtual bridge is connected to a physical NIC

If necessary, also connect the following to the virtual bridge:

- A DHCP server

- NTP servers


- A firewallWhen configuring a firewall, refer to "A.2 List of Used Port Numbers," and approve use of the listed port numbers.

3.3.2 Deploying Virtual Appliances to KVM EnvironmentsThis section explains the procedure for deploying virtual appliances to KVM environments.

Procedure

1. Copy the tar.gz file on the DVD of this product to the desired folder on the KVM host, and unpack the copied tar.gz file.

Example

# tar xzvf SCO_v100_kvm.tar.gz <Enter>

SCO_v100_kvm/

SCO_v100_kvm/SCO_v100_kvm.qcow2

SCO_v100_kvm/SCO_v100_kvm.xml

2. Copy the files of the unpacked directory to their respective designated destinations.

Example

# cp SCO_v100_kvm.qcow2 /var/lib/libvirt/images <Enter>

# cp SCO_v100_kvm.xml /etc/libvirt/qemu <Enter>

3. Specify the xml file to register the VA image of this product.

Example

# virsh define /etc/libvirt/qemu/SCO_v100_kvm.xml <Enter>

4. Click [Virtual Machine Manager] menu on the desktop screen to open the [Virtual Machine Manager] screen.

5. On the [Virtual Machine Manager] screen, select the VA image of this product, and then click the [Open] button.

6. On the [Virtual Machine] screen, select [View]-[Details] from the menu.

7. When performing a 1 or 2 virtual NIC configuration, delete network adapters that will not be used on the [Virtual Machine Details]screen.

- 29 -

8. On the [Virtual Machine Details] screen, select [NIC]. Then, select the virtual network or host device that this product will connectto, and click the [Apply] button.

9. Change the number of CPUs and the memory size of the virtual machine of this product based on the requirements described in "1.6.1Virtual Appliance Resource Requirements."

Note

Adding and Deleting Network Adapters

It is not possible to delete or add network adapters after executing the initialization wizard and configuring the initial settings.If executing deletion or addition, execute deployment again.For the initialization wizard, refer to "3.6.2.1 Executing the Initialization Wizard."For deployment, refer to "3.3.2 Deploying Virtual Appliances to KVM Environments."

Note

When deploying multiple virtual appliances

When deploying multiple virtual appliances, note the following to perform the procedure above.

- In step 2, copy it as a different name so that previously copied files will not be overwritten.

Example

# cp SCO_v100_kvm.qcow2 /var/lib/libvirt/images/SCO_v100_kvm_2.qcow2 <Enter>

# cp SCO_v100_kvm.xml /etc/libvirt/qemu/SCO_v100_kvm_2.xml <Enter>

- Change the value of the name tag and the source tag in the disk tag of the xml file with a different name to which the file was copiedin the step 2 as shown below.

Example

<domain type='kvm'>

<name>SCO_v100_kvm_2</name>

...

<devices>

<disk ...>

<source file='/var/lib/libvirt/images/SCO_v100_kvm_2.qcow2'/>

...

- In step 3, specify the xml file with a different name to which the file has been copied.

Example

# virsh define /etc/libvirt/qemu/SCO_v100_kvm_2.xml <Enter>

3.4 Installation (K5 Environments)This section explains the procedure for installation in a K5 environment. The following is an example when using one virtual NIC.

Preparation

Confirm that the following has already been created:

- 30 -

- A network to which this product will be connected

- A network for using a Floating IP (if an external connection is necessary)


If necessary, also connect the following to the network:

- A DHCP server

- NTP servers


- A firewallWhen configuring a firewall, refer to the "A.2 List of Used Port Numbers," and approve the use of the listed port numbers.

Procedure

1. Log in to the K5 IaaS Service Portal.

2. Using the [API Execution] screen, create an Object Storage container.

a. Configure the following:

- HTTP Method: Select "PUT"

- Endpoints: Select "objectstorage"

- Add "/container_name" to the end of the path displayed for the URI.

b. Click the [Execute API] button.

c. Confirm the execution results in the response field.

3. Configure the API execution environment.For details, refer to the "FUJITSU Cloud Service K5 API User Guide."

4. Create the shell for registering the image of this product in the created Object Storage container.

Refer to the following when creating the shell.

#!/bin/bash

. ./get_token.sh

CONTAINER=<container_name>

OBJECT=<image_file_of_this_product (for example: "SCO_v100_k5-disk1.vmdk")>

UPLOAD_FILE=<name_of_the_image_file_of_this_product (for example: "./SCO_v100_k5-disk1.vmdk")>

# Upload object

echo "*** CURL"

echo 'curl -Ss -T '$UPLOAD_FILE' '$OBJECTSTORAGE'/v1/AUTH_'$TENANT_ID'/'$CONTAINER'/'$OBJECT' -X

PUT -H "Transfer-Encoding: chunked" -H "X-Detect-Content-Type: true" -H "Accept:application/

json" -H "X-Auth-Token: '$OS_AUTH_TOKEN'"'

resp=`curl -Ss -T $UPLOAD_FILE $OBJECTSTORAGE/v1/AUTH_$TENANT_ID/$CONTAINER/$OBJECT -X PUT -H

"Transfer-Encoding: chunked" -H "X-Detect-Content-Type: true" -H "Accept:application/json" -H "X-

Auth-Token: $OS_AUTH_TOKEN"`

echo $resp | jq .

5. Use the shell to register the image of this product in the Object Storage container.The image file of this product that you registered using the shell is placed in the corresponding folder.

6. Log in to the K5 IaaS Service Portal.

7. Using the [API Execution] screen, confirm the objects registered in the Object Storage container.


- HTTP Method: Select "GET"

- 31 -

- Endpoints: Select "objectstorage"

- Add "/container_name" to the end of the path displayed for the URI.


c. Confirm in the response field that the object has been registered.

8. Using the [API Execution] screen, register the image of the object that was registered in the Object Storage container.


- HTTP Method: Select "POST"

- Endpoints: Select "vmimport"

- For the URI, input the following path of the API for image registration./v1/imageimport

- Configure the following request parameters in the request body.

Request Parameter Value

name Image name

location Object name in the container ("/v1/AUTH_tenant_ID/container_name/object_name")

min_ram Memory capacity (MB)

min_disk Disk capacity (GB)

os_type centos

activate true


c. Confirm in the response field that execution of the API was accepted.

9. Using the [VM Import List] screen, confirm the registration status of the image.

10. When processing completes, the image will be registered on the [Image List] screen, with the image name specified during imageregistration.

11. On the [Image List] screen, select the registered image and click the [Action] button. From the displayed pull-down menu, select"Create Storage."

12. On the [Create Storage] screen, create the storage in which the image of this product will be stored.


- Specify the storage name

- Select the type

- Specify the disk size

- Select the AZ

13. Using the [Key Pair List] screen, create the key pair to be used by this product.

14. Using the [Virtual Network List] screen, create the local network for this product.Create a subnet as well.

15. On the [Virtual router list] screen, select the created virtual router and click the [Action] button. From the displayed pull-down menu,select "Gateway settings."

a. On the [Gateway settings] screen, configure the following.

- Select the external virtual network

- 32 -

16. On the [Virtual Router List] screen, select the created virtual router, and add an interface to it.

a. On the [Add interface] screen, configure the following:

- For the subnet, select the subnet of the local network that was created in advance

- For the IP address, select the IP address of the gateway of the selected subnet

17. From the [Virtual Server List] screen, create the virtual server on which this product will operate.Configure the following:

- Select the AZ

- Specify the virtual server name

- Select the virtual server type

- Select the boot source (storage) for the virtual server

- Select the device name

- Select the virtual network to connect to

- Select the key pair

- Select the security group (security groups must be created in advance)

- It is not necessary to specify a provisioning script

18. On the [Virtual Server List] screen, confirm that the status of the created virtual server becomes "ACTIVE."

19. If an external connection is necessary for the virtual server of this product, use the [Global IP List] screen to allocate a global IP tothe virtual server.

3.5 Installation (OpenStack Environments)This section explains the procedure for installation in an OpenStack environment. The following is an example when using one virtual NIC.

Preparations

Confirm that the following has already been created.

- A network to which this product will be connected

- A network for using a Floating IP (if an external connection is necessary)


If necessary, also connect the following to the network:

- A DHCP server

- NTP servers


- A firewallWhen configuring a firewall, refer to the "A.2 List of Used Port Numbers," and approve the use of the listed port numbers.

Procedure

1. Set the DVD of this product in an Admin PC that can connect to the host OS of OpenStack.

2. Log in to the host OS of OpenStack, and then create the directory for storage of the virtual appliance image of this product.

3. Upload the virtual appliance image of this product that was set in the step 1 to the directory created in the step 2.

4. Use the "openstack image create" command targeting the above directory to register the virtual appliance image of this product.

- 33 -

Example

# openstack image create --disk-format qcow2 --container-format bare --file /root/shizai/

SCO_v100_openstack.qcow2 sco-image <Enter>

The options and parameters are as follows.

Option name Description

--disk-format The disk format of the virtual appliance image.Specify "qcow2."

--container-format The container format of the virtual appliance image.Specify "bare."

--file The name of the image file to be registered.Specify the directory name created in step 2 and the file name uploaded in step 3.In the preceding example, "/root/shizai/SCO_v100_openstack.qcow2" is specified.

Parameter The name of the virtual appliance image to be created.In the preceding example, "sco-image" is specified.

5. Use the "openstack flavor create" command to register a flavor with the flavor information of this product.

Example

# openstack flavor create --id auto --ram 4096 --disk 60 --vcpus 2 sco-flavor <Enter>



--id The ID of the flavor.If "auto" is specified, a UUID will be generated automatically.

--ram The memory size (MB).Specify a value by referring to "1.6.1 Virtual Appliance Resource Requirements."

--disk The disk size (GB).Specify a value no less than 60.

--vcpus The number of the virtual CPUs.Specify a value by referring to "1.6.1 Virtual Appliance Resource Requirements."

Parameter The name of the flavor to be created.In the preceding example, "sco-flavor" is specified.

6. Generate a key pair using the ssh-keygen command or another method, and then use the "openstack keypair create" command toregister that key pair.

Example

# openstack keypair create --public-key /root/.ssh/id_rsa.pub sco-keypair <Enter>



--public-key The file path of the public key.In the preceding example, "/root/.ssh/id_rsa.pub" is specified.

- 34 -


Parameter The name of the key to be created.In the preceding example, "sco-keypair" is specified.

7. Use the "openstack volume create" command to create a new volume.

Example

# openstack volume create --size 60 --image sco-image sco-volume <Enter>



--size The size of the volume (GB).Specify a value no less than 60.

--image The name of the virtual appliance image to be used.Specify the virtual appliance image name that has been specified for the "openstack image create"command in step 4.In the preceding example, "sco-image" is specified.

Parameter The name of the volume to be created.In the preceding example, "sco-volume" is specified.

8. Use the "openstack server create" command to create and start a new virtual server.

Example

# openstack server create --volume sco-volume --flavor sco-flavor --key-name sco-keypair --nic

net-id=4f6df1ac-5b97-4f97-ac75-a19ae8f385ba sco-server <Enter>



--volume The name of the volume to be used when starting.Specify the volume name that has been specified for the "openstack volume create" command in step 7.In the preceding example, "sco-volume" is specified.

--flavor The name of the flavor to be used for the virtual server.Specify the flavor name that has been specified for the "openstack flavor create" command in step 5.In the preceding example, "sco-flavor" is specified.

--key-name The name of the key to be used for the virtual server.Specify the name of the key that has been designated for the "openstack keypair create" command in step 6.In the preceding example, "sco-keypair" is specified.

--nic net-id= The ID of the NIC to be used for the virtual server.Specify the ID of the network created for this product. (*1)In the preceding example, "4f6df1ac-5b97-4f97-ac75-a19ae8f385ba" is specified.

Parameter The name of the virtual server to be created.In the preceding example, "sco-server" is specified.

*1: To confirm the ID of the NIC to specify for --nic net-id, use the following procedure.

# openstack network list <Enter>

- 35 -

9. If an external connection is necessary for the virtual server of this product, use the "openstack floating ip create" command to allocatea floating IP to the virtual server.

Example

# openstack floating ip create --port a35b77a4-3f5a-460c-92ac-92316cde07a0 sco-network <Enter>



--port The port (name or ID) to be associated with the floating IP.Specify a port that has an IP address allocated for the virtual server that has been created using the"openstack server create" command in step 8. (*2)In the preceding example, "a35b77a4-3f5a-460c-92ac-92316cde07a0" is specified.

Parameter The network (name or ID) from which a floating IP will be allocated.In the preceding example, "sco-network" is specified.

*2: To confirm the port identifier to specify for --port, use the following procedure.

Example

# openstack port list --server sco-server <Enter>



--server The name of the virtual server.Specify the name of the virtual server created using the "openstack server create" command in step 8.In the preceding example, "sco-server" is specified.

3.6 SetupThis section explains setup.

3.6.1 Flow of SetupThe flow of setup is as follows:

1. Initialization

2. Configuration of the Web browser

3. Configuration of the System

3.6.2 InitializationThis section explains initialization.

The flow of initialization is as follows:

1. Execution of the initialization wizard

2. Configuration of routing

3. Setting the system clock

4. Configuration of HTTPS communication

- 36 -

5. Changing of the HTTPS port number

3.6.2.1 Executing the Initialization WizardThis section explains the procedure for initialization using the initialization wizard.

Preparations

- If you did not start the virtual machine during installation, use the functions of the server virtualization software on the installationdestination to start the virtual appliance.

- Refer to "2.8.1.3 Designing the Console User" for the account of the console user, and note down the information.

- Refer to "2.8.1.4 Designing the File Transfer User" for file transfer users and note down the information.

- Refer to "2.6 Designing Network Environments" for the items to configure in the initialization wizard, and decide them in advance.

- The items that have been configured in the initialization wizard can be changed by executing the wizard again or using thecorresponding commands. In addition, to make a restoration to the state just after the installation, save a snapshot just after theinstallation, and use the snapshot to restore to that state.

Procedure

1. Log in to the console using the console user account.

2. Execute the following command in the current directory to launch the initialization wizard.(After typing "init," pressing the <Tab> key can supplement entry of the initial_setup command)

# initial_setup <Enter>

3. Follow the instructions in the initialization wizard to configure the initial settings.

Note

If the <ESC> key or <Alt> + <any another key> is pressed while the initialization wizard is running, the wizard may be aborted. Whenaborted, press the <Ctrl>+<c> key to terminate the initialization wizard, and then execute the wizard again to redo the configurationfrom the beginning.

Step Screen Title Task Details Check Command (*1)

1 menu Select whether to start the initialization wizard.

- Setup: Start the initialization wizard

- Exit: Close the initialization wizard

None

2 Change Password Changes the password of console users and file transfer users. To change users, select from the following.

- administrator: console user

- secftpuser: file transfer user

For details, refer to "2.8.1.3 Designing the Console User"or"2.8.1.4 Designing the File Transfer User."If you change the password, you will be prompted to re-enterthe new password for the purpose of confirmation.If you do not change the password, select the [<Next>] button.

None

3 Configure NetworkUses

Determine the purpose of the virtual NIC. In the sequence of Admin interface, WAN-side interface, andLAN-side interface, select the virtual NIC to be used from thefollowing.

- br-eth0

None

- 37 -


- br-eth1

- br-eth2

Virtual NICs that will be used may be overlapped.When not making any changes, select the [<Next>] button.If the purpose of a virtual NIC has not been determined, the[<Next>] button is not displayed.

4 Network UsesConfirmation

Check the content of the settings for the purpose of virtualNICs.If there are no problems with the content, click the [<OK>]button.

None

5 Configure Network Select a virtual NIC to configure the network from the list, andthen perform the following steps.

- DHCP configuration (Step 7)

- Network address configuration (Step8)

- DNS configuration (Step 9)

- Domain configuration (Step 10)

- Gateway configuration (Step 11)

Virtual NICs that have already been configured are indicatedwith "[Set]."Once you have finished the settings, select the [<Next>]button and proceed to Step 13.

None

6 Configure Network When configuring the network, select the [<Edit>] button, andwhen executing reset, select the [<Reset>] button.If reset is executed, the value reverts to the value when theInitialization wizard started.

None

7 Configure DHCP Configure whether to use a DHCP server.When not making any changes, skip this step.

Note

When configuring a pass bridge, it is not possible to select"Enable" (A DHCP server will be used) for the WAN-sideInterface.

wacadm network show

8 Configure Network Configure the network address (IP address and subnet mask).When not making any changes, skip this step.When using a DHCP server, this step is skippedautomatically.

wacadm network device

9 Configure DNS Configure the DNS server (the primary and secondary).When not making any changes, skip this step.When using a DHCP server, this step is skippedautomatically.

Note

When using multiple virtual NICs, configure as followsaccording to DHCP server usage.

wacadm network show

- 38 -


- When using a DHCP server

Specify the DNS server in the DHCP server settings sothat it will be configured automatically by the DHCPserver.

- When not using a DHCP server

Specify only for virtual NICs that can make access to thenetwork connected to the DNS server.

10 Configure Domain Configure the domain name.When not making any changes, skip this step.

Note

When using multiple virtual NICs, configure as followsaccording to DHCP server usage.

- When using a DHCP server

Specify a domain name in the DHCP server settings sothat it will be configured automatically by the DHCPserver.

- When not using a DHCP server

Specify only for virtual NICs that can make access to thenetwork connected to the DNS server.

wacadm network show

11 Configure Network Configure the gateway address.When not making any changes, skip this step.When not connecting to a WAN, or when using a DHCPserver, this step is skipped automatically.

wacadm route show

12 NetworkConfirmation

Confirm the configured content.If there are no problems, click the [<OK>] button, and proceedto network selection (Step 5).

None

13 Remaining Setting Confirm whether or not to execute the following settings.

- Host name settings (Step 14)

- Keymap settings (Step 15)

- NTP server settings (Step 16)

- Time zone settings (Step 17)

When not making any changes, skip this step.

None

14 Setting Hostname Set the host name.When not making any changes, skip this step.Skip this step when using OpenStack or K5, since the hostname is configured automatically.When using a DHCP server, this step is skippedautomatically.

wacadm system show

15 Configure Keymap Configure the keymap.When not making any changes, skip this step.

wacadm locale show

16 Configure NTP Configure whether to enable NTP servers.When not making any changes, skip this step.

wacadm time show

- 39 -


17 Configure time zone Configure the time zone.When not making any changes, skip this step.

wacadm time show

18 Confirmation Check the content of the settings.If there are no problems with the content, click the [<OK>]button.

None

19 Result The results of the setting content are displayed.If there are no problems with the content, a success messagewill be displayedIf there are any problems with the content, an error messagewill be displayed. Make the necessary corrections.

None

20 Reboot During reflection of the content of the settings, a messageprompting reboot of the system is displayed.Clicking the [<OK>] button reboots the system.

Note

The system is required to be restarted to activate the settingcontent. If the Initialization Wizard terminates withoutrestarting the system, restart the system by executing thefollowing command.

# wacadm power restart <Enter>

For details, refer to "wacadm power Command" in the"Reference Guide."

None

*1: The check command column contains the commands for checking the content set in the initialization wizard.When the initialization wizard is started, previously set content is displayed as the initial value so you can check the settings youhave made. To check only part of the set content, execute the commands described in the check command column.For details on the corresponding commands, refer to "Commands" in the "Reference Guide."

3.6.2.2 Configuring RoutingThis section explains the procedure for configuring routing.Perform this procedure if a router exists between the admin PC or the TCP communication app and SCO-VA.

Procedure

Execute the following command to configure routing to access the TCP communication app or the admin PC from SCO-VA.

Example

When the network address of the Admin PC is 192.0.2.0/24, the router of the network that SCO-VA connects to is 198.51.100.1, and theadmin interface is br-eth0:

# wacadm route add -net 192.0.2.0 gw 198.51.100.1 netmask 255.255.255.0 br-eth0 <Enter>

For details, refer to "wacadm route Command" in the "Reference Guide."

Results Confirmation

Execute the following command and confirm the results.

# wacadm route show <Enter>

Destination Gateway Genmask Flags Metric Ref Use Iface

- 40 -

0.0.0.0 192.0.2.1 0.0.0.0 UG 0 0 0 br-eth0

192.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-eth0

For details, refer to "wacadm route Command" in the "Reference Guide."

3.6.2.3 Setting the System TimeThis section explains the procedure for setting the system time.

If no changes are necessary, or if NTP servers are enabled, then it is not necessary to perform this operation.

Procedure

Execute the following command to configure the date/time.

Example

To configure the date and time to June 1st, 2018/11:26:00:

# wacadm time set-time 2018-06-01 11:26:00 <Enter>

For details, refer to "wacadm time Command" in the "Reference Guide."


Execute the following command and confirm the results.

# wacadm time show <Enter>

Local time: Wed 2018-04-04 05:18:29 UTC

Universal time: Wed 2018-04-04 05:18:29 UTC

Time zone: Etc/UTC (UTC, +0000)

NTP enabled: yes

NTP synchronized: yes

RTC in local TZ: no

DST active: n/a

NTP Servers:

210 Number of sources = 1

MS Name/IP address Stratum Poll Reach LastRx Last sample

===============================================================================

^* 192.168.10.142 1 6 17 3 +586us[+3925us] +/- 10.2s

For details, refer to "wacadm time Command" in the "Reference Guide."

3.6.2.4 Configuring HTTPS CommunicationThis product performs HTTPS communication with Web browsers (Admin PC), and uses SSL server certificates for encryption ofcommunication data and mutual authentication.

During installation, self-signed certificates are used. There are no problems with using self-signed certificates in an intranet that is protectedby a firewall, or another type of network in which all communication partners are trustworthy and there is no risk of certificates beingspoofed. However, when using a Web browser, the following warnings are displayed regarding use of this product over the Internet:

- When starting a Web browser and first connecting to this product, a warning regarding security certificates is displayed.

- When using Internet Explorer to connect to this product, the background of the address bar turns red, and "Certificate error" is displayedon the right side of the address bar. In addition, a warning icon from the phishing risk detection function is displayed in the status bar.

To stop the display of these warnings when specifying the URL of this product, it is necessary to create an SSL certificate correspondingto the IP address or host name of this product, and import that certificate into your Web browser.

The detailed procedure, from creating the SSL server certificate to importing it, is shown below.

- 41 -

Creating the SSL Server Certificate

Using a user PC (Windows or Linux), execute the openssl command to create an SSL server certificate.Be sure to create a server certificate without a pass phrase.

Example

When specifying "192.0.2.10" as the IP address of this product and an SSL server certificate validity period of 20 years (-days 7300)

>openssl.exe req -sha256 -new -x509 -nodes -newkey rsa:2048 -out example.crt -keyout example.key -

days 7300 -config openssl.cnf <Enter>

Loading 'screen' into random state - done

Generating a 2048 bit RSA private key

................................................................................

..................................+++

..................+++

writing new private key to 'example.key'

-----

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) []:<Enter>

State or Province Name (full name) []:<Enter>

Locality Name (eg, city) []:<Enter>

Organization Name (eg, company) []:<Enter>

Organizational Unit Name (eg, section) []:<Enter>

Common Name (eg, YOUR name) []:192.0.2.10<Enter>

Email Address []:<Enter>

The option and input items for the openssl command are described below.For details on each item, refer to "2.6 Designing Network Environments."

- Option

Option Description

-out Specify the name of the crt file to generate.

-keyout Specify the name of the key file to generate.

-days The validity period of the SSL server certificate.

-config Specify openssl.cnf, in which the default operations of the openssl command are described.Prepare openssl.cnf in advance.

- Input Items

Input Item Description

Country Name Specify a two-character country code (ISO-3166).

State or Province Name Specify the state or province name.

Locality Name Specify the locality name.

Organization Name Specify the organization name.

Organizational Unit Name Specify the organization unit name.

Common Name Specify the IP address or the host name (FQDN) of the virtual machine on which this productoperates.This item is mandatory.

- 42 -

Input Item Description

Email Address Specify the email address.

Registering the SSL Server Certificate

Register the SSL server certificate using the following procedure:

1. Log in to the console using the console user account.For information about the console user, refer to "2.8.1.3 Designing the Console User."

2. If necessary, back up the existing SSL server certificate.The procedure is as follows:

a. Execute the following command to export the SSL server certificate to the file transfer area.

# wacadm sslcert export <Enter>

For details on this command, refer to "wacadm sslcert Command" in the "Reference Guide." For file transfer area, refer to "1.6.4 File Transfer Area."

b. Forward the SSL server certificate that was exported to the file transfer area to the admin PC.To forward the certificate, use SFTP (using the file transfer user account) on the admin PC.For file transfer users, refer to "2.8.1.4 Designing the File Transfer User."

Example

When the SCO-VA IP address is 192.0.2.10 and the SSL server certificate is server.crt and server.key

# sftp [email protected] <Enter>

[email protected]'s password: password <Enter>

Connected to 192.0.2.10.

sftp> ls <Enter>

server.crt

server.key

sftp> get server.crt <Enter>

Fetching /sftp/server.crt server.crt

server.crt

sftp> get server.key <Enter>

Fetching /sftp/server.key server.key

server.key

sftp> bye <Enter>

3. Forward the created SSL server certificate to the file transfer area.To forward the certificate, use SFTP (using the file transfer user account) on the admin PC.

Example

When the SCO-VA IP address is 192.0.2.10 and the SSL server certificate is example.crt and example.key



Connected to 192.0.2.10.

sftp> put example.crt <Enter>

Uploading example.crt to /sftp/example.crt

example.crt

sftp> put example.key <Enter>

Uploading example.key to /sftp/example.key

example.key

sftp> bye <Enter>

- 43 -

4. Register the SSL server certificate that was forwarded in Step 3 via the following command.

Example

When the SSL server certificate is example.crt and example.key

# wacadm sslcert set -key example.key -crt example.crt <Enter>

For details, refer to "wacadm sslcert Command" in the "Reference Guide."If a pass phrase is requested when registering the SSL server certificate, abort the registration, delete the pass phrase, and then redofrom step 2.

Example

Procedure to delete the pass phrase

>ren example.key example-pass.key <Enter>

>openssl.exe rsa -in example-pass.key -out example.key <Enter>

Enter pass phrase for example-pass.key: password <Enter>

The options for openssl.exe are as follows.


-in Specify a key file with a pass phrase.In the preceding example, "example-pass.key" is specified.

-out Specify a key file name to create without a pass phrase.In the preceding example, "example.key" is specified.

5. Execute the following command to reflect the SSL server certificate in the HTTP service of this product.

# wacadm service restart fjsvwaccp-webserver.service <Enter>

For details, refer to "wacadm service Command" in the "Reference Guide."

Confirming Registration of the SSL Certificate

Confirm that the SSL server certificate has been registered using the following procedure:


2. Execute the following command to see the SSL server certificate.

# wacadm sslcert show <Enter>

For details, refer to "wacadm sslcert Command" in the "Reference Guide."

Importing the SSL Server Certificate

Import the SSL server certificate to your Web browser.The procedure for importing varies depending on the Web browser being used.

3.6.2.5 Changing the HTTPS Port NumberIf it is necessary to change the HTTPS port number, perform the following procedure.

If no change is necessary, it is not necessary to perform this operation.

- 44 -

Procedure


2. Change the HTTPS port number by the following command.

Example

When changing the port number to 1024

# wacadm service modify -port 1024 <Enter>

You need to reboot the system to enable the new settings.

Immediately reboots the system. [y/n]: y <Enter>

For details, refer to "wacadm service Command" in the "Reference Guide."

3.6.3 Configuring the Web BrowserThis section explains the Web browser configuration that is necessary for performing system configuration.

The flow of Web browser configuration is as follows:

1. Enabling JavaScript

2. Enabling Cookies

3. Disabling Internet Explorer Compatibility View

3.6.3.1 Enabling JavaScriptEnable JavaScript in your Web browser.The procedure for enabling JavaScript is as follows:

For Internet Explorer

1. Select [Tools]-[Internet Options] to display the [Internet Options] window.

2. Open the [Security] tab and select [Trusted sites]. Then, click the [Sites] button to display the [Trusted sites] window.

3. Input the URL of this product in [Add this website to the zone], and then click the [Add] button. The input URL is added to the[Websites] list.

4. Click the [Close] button to return to the [Internet Options] window.

5. Select [Trusted sites], and then click the [Custom level] button to display the [Security Settings] window.

6. On the [Security Settings] window, in [Scripting] find [Active scripting] and select [Enable].

For Microsoft Edge

No configuration is necessary.

For Chrome

1. Click the [...] (Google Chrome settings) menu button on the top right of the browser screen. Click [Settings] on the displayed menuto display the [Settings] tab.

2. On the [Settings] tab, select [Advanced]-[Privacy and security], and then click [Content settings] to display the [Content settings]screen.

3. Click [JavaScript] to display the [JavaScript] settings screen.

4. Turn on [Allowed (recommended)].If there are some sites for which you wish to disable JavaScript from functioning, turn off [Allowed (recommended)], and add theURL of this product to the list of allowed sites.

- 45 -

3.6.3.2 Enabling CookiesEnable cookies in your Web browser.

The procedure for enabling cookies is as follows:

For Internet Explorer

1. Select [Tools]-[Internet Options] to display the [Internet Options] window.

2. Open the [Privacy] tab, and click the [Advanced] button. The [Advanced Privacy Settings] window is displayed.

3. Check the [Override automatic cookie handling] checkbox, and select [Accept] under [First-party Cookies].

For Microsoft Edge

1. Click the [...] (Settings and more) menu button on the top right of the browser screen. Click [Settings] on the displayed menu to displaythe [Settings] menu.

2. Click the [View advanced settings] button under the [Advanced settings] category to display the [Advanced settings] menu.

3. Find [Cookies] under the [Privacy and services] category, and select [Don't block cookies].

For Chrome

1. Click the [...] (Google Chrome settings) menu button on the top right of the browser screen. Click [Settings] on the displayed menuto display the [Settings] tab.

2. On the [Settings] tab, select [Advanced]-[Privacy and security], and then click [Content settings] to display the [Content settings]screen.

3. Click [Cookies] to display the [Cookies] settings screen.

4. On the [Cookies] settings screen, turn on [Allow sites to save and read cookie data (recommended)].

3.6.3.3 Disabling Internet Explorer Compatibility ViewWhen using Internet Explorer, disable Compatibility View.The procedure for disabling is as follows:

1. Select [Tools]-[Compatibility View settings] to display the [Compatibility View Settings] window.

2. On the [Compatibility View Settings] window, if the URL of this product is displayed under [Websites you've added to CompatibilityView:], select the URL, and click the [Remove] button.

3. Clear the [Display intranet sites in Compatibility View] checkbox.

Note that performing this step may disable Compatibility View for some sites for which it was enabled. As a result, the appearanceof these sites may change. If this change in appearance interferes with your ability to operate any of these sites, input the URLs ofthe relevant sites from the [Compatibility View Settings] window to enable Compatibility View for the relevant sites.

3.6.4 Configuring the SystemThis section explains system configuration.

The flow of system configuration is as follows:

1. Creation of the initial user

2. Configuration of email notification destinations

3. Configuration of external authentication servers

4. Addition of users

5. Setting of the license

- 46 -

3.6.4.1 Creating the Initial UserThis section explains the procedure for creating the initial user used to log in to the Web GUI.

Procedure

1. Open a Web browser window on the admin PC.

2. Specify the following URL to connect to the Web console. The [Create initial user account] screen is displayed.

https://IP_address_or_host_name_(FQDN)_of_this_product:9856/

Figure 3.1 [Create initial user account] Screen

3. Configure the necessary items and then click the [Done] button. The Web GUI is displayed.

For details on the necessary items, refer to "2.8.1.1 Designing Local Authentication". Items marked with "*" on the screen aremandatory.

3.6.4.2 Configuring Email Notification DestinationsFor the procedure for configuring email notification destinations, refer to "4.3.6 Mail Server and Email Notification Destinations."

If email notification is not necessary, then it is not necessary to perform this operation. These settings can also be configured duringoperation if necessary.

3.6.4.3 Configuring External Authentication ServersFor the procedure for configuring external authentication servers, refer to "4.3.5.3 Registering Authentication Servers."

When not using external authentication, it is not necessary to perform this operation. These settings can also be configured during operationif necessary.

3.6.4.4 Adding UsersFor the procedure for adding users, refer to "4.3.4.3 Creating Local Authentication Users."

If it is not necessary to add users, then it is not necessary to perform this operation. Users can also be added during operation if necessary.

- 47 -

3.6.4.5 Setting the LicenseThis section explains the procedure for configuring a license for use of this product.

Preparations

Confirm that a license has been obtained in advance.For details on licenses, refer to "1.5 Licenses."

Procedure

1. Clicking the [Settings] icon on the global pane of the Web GUI displays the [Settings] dialog.

2. In the [Settings] dialog, select [Setting category]-[License] to display the [License] screen.

3. On the [License] screen, select [Action]-[Add] to display the [Register license] screen.

4. For [License], input the license key, and then click the [Done] button.


Registration of the license is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the following are displayed in the [License]screen.

Item Name Description

Registration date Displays the date the license was registered.

License name Displays the name of the registered license.

Expiration date For official licenses, "Unlimited" is displayed.For trial licenses, the expiration date of the license is displayed.In addition, when using a trial license, the number of days remaining until the license expires is displayed in the GlobalPane of the Web GUI.

Point

Changing Licenses

- 48 -

- Changing from a trial license to an official license

When a trial license has expired, the corresponding message is output to the event log, and the service ports for all transparent proxiesare disabled.In order to resolve this, it is necessary to change from the expired trial license to an official license.To change the license, open the [Register license] screen and overwrite the key input for [License] with the key of an official license,and then click the [Done] button.

- Changing official licenses

When an official license has been registered, it is no longer possible to execute [Action]-[Add].

3.7 Preparing Operating EnvironmentsThis section explains preparation of operating environments.

3.7.1 Configuring IP Address Conversion for WAN Connection RoutersWhen using global IP addresses to communicate over a WAN, it is necessary to configure IP address conversion on the WAN connectionrouter.

This section explains the procedure for configuring IP address conversion.

For detailed instructions, refer to the manual of the router being used.

Procedure

1. Log in to the WAN connection router.

2. Configure IP address conversion between private and global IP addresses.If a server other than the one for this product will also perform WAN communication using the same global IP address, performconfiguration so that SNAPT is used.If this is not the case, perform configuration so that 1:1 NAT is used.

3. Log out of the WAN connection router.

3.7.2 Adding Transparent ProxiesAdd transparent proxies to the installations of SCO-VA deployed at both ends of the connection over the WAN.It is recommended that you register the order of transparent proxies from the server type.For the procedure, refer to "4.5.4 Adding Transparent Proxies" in "Chapter 4 Operation."

3.8 Configuring the Default Gateway of the TCP CommunicationApp

If the LAN-side interface and the WAN-side interface are shared and the TCP communication app and SCO-VA are in the same network,configure the IP address of the LAN-side interface of SCO-VA to the default gateway of the TCP communication app.

For a configuration example of the TCP communication app that coordinates with TCP, refer to the "Appendix C Default GatewayConfiguration Example of Coordination with the TCP Communication App

3.9 UninstallationThis section explains uninstallation of this product.

3.9.1 Uninstallation (VMware Environments)This section explains the procedure for uninstallation in VMware environments.

- 49 -

Procedure

1. Stop the system.

For details, refer to "4.7 Stopping and Restarting the System and Services."

2. Start vSphere Web Client.

3. Right-click the installed virtual machine of this product, and select [Delete from Disk].

4. When keeping the TCP communication app and uninstalling SCO-VA only and when the default gateway of the TCP communicationapp is set to SCO-VA, change the default gateway of the TCP communication app to the WAN connection router.

3.9.2 Uninstallation (KVM Environments)This section explains the procedure for uninstallation in KVM environments.

Procedure

1. Stop the system.


2. Start Virtual Machine Manager.

3. Right-click the installed virtual machine of this product, and select [Delete].

4. When keeping the TCP communication app and uninstalling SCO-VA only and when the default gateway of the TCP communicationapp is set to SCO-VA, change the default gateway of the TCP communication app to the WAN connection router.

3.9.3 Uninstallation (K5 and OpenStack Environments)This section explains the procedure for uninstallation in K5 and OpenStack environments.

Procedure

1. Stop the system.


2. Delete all resources that were created during installation.

- 50 -

Chapter 4 OperationThis chapter explains how to operate this product.

4.1 LoginThis section explains the procedure for logging in to the Web GUI from the admin PC.

4.1.1 Configuring the Web BrowserBefore logging into the Web GUI, configure the Web browser.The procedure for configuration is as follows:

- Enabling JavaScript

- Enabling Cookies

- Disabling Internet Explorer Compatibility View

For details, refer to "3.6.3 Configuring the Web Browser."

4.1.2 Logging InThis section explains the procedure for logging in to the Web GUI.

Procedure

1. Open a Web browser window on the admin PC.

2. Input the URL of this product.

URL: https://host_name.domain_name[:port_number]/

3. The login screen is displayed. Input a user name and password, and click the [Login] button.

Item Necessity Description

User name Mandatory Specify a user name.Specify a character string containing up to 512 characters.

- 51 -

Item Necessity Description

When using external authentication (using LDAP or Active Directory), specify the user name usingthe format "user_name@domain_name."

Password Mandatory Specify the password.Specify a character string containing up to 64 characters.

Note

If the message "This user is already logged in on the same terminal." is output and you cannot log in, close all web browsers and then tryto log in again.

4.2 Explanation of the Web GUIThis section explains the Web GUI displayed after logging in.If the Web GUI is open for 60 minutes without any operation being performed, the login session is canceled, and the [Force logout] screenis displayed.

The following is an explanation of the Global Pane displayed at the top of the Web GUI.

Figure 4.1 Global Pane

Overall Status ( )

The overall status shows the statuses of transparent proxies.For details on transparent proxy statuses, refer to "4.5.2 Transparent Proxy Statuses."The overall status is one of the following three statuses.

Status Description

Normal status.

Warning status.There is one or more transparent proxy with warning status.

Error status.There is one or more transparent proxy with error status.

Clicking the overall status takes you to the [Dashboard] tab.

Number of Active Processes ( )

The number of active processes is displayed.When the number of active processes exceeds 50, "+49" is displayed.When the pull down menu is clicked, a list of the active processes and processes completed within the last 24 hours is displayed. Up to 50items can be displayed.

The value for the number of active processes is the number of processes active and does not include the number of processes completed inthe last 24 hours.

- 52 -

Due to this, even when the number of active processes is 0, the process list may still display a list of processes.When the number of active processes is anything other than 0, display the list of active processes and confirm whether or not the processyou are attempting to execute is already running. If the same process is running, execute the process after the already running process hascompleted.

The content of the items shown in the list of processes are as seen below.

Item Description

Date The date that process information is updated.The format is YYYY/MM/DD hh:mm:ss.

State/Result When there are active processes, either of the following will be displayed.

- : Submit (Awaiting execution)

- : Start (Being executed)

If the process is complete, either of the following will be shown.

- : Success (Completed successfully)

- : Warning (Warning)

- : Failed (Failed)

Action A character string representing the processing content.Example: "Create transparent proxy," "Create User," "Login," "Enable license," etc.

User name The name of the user who performed the operation.

When [Date] in the list of processes is clicked, the [Details] screen of processes will be shown.

The content of the items shown on the [Details] screen are as seen below.

Item Description

Update date The date that the latest process is updated.The format is YYYY/MM/DD hh:mm:ss.

Action A character string representing the processing content.Example: "Create transparent proxy," "Create User," "Login," "Enable license," etc.

- 53 -

Item Description

User name The name of the user who performed the operation.

Target The name of the target of operation. One of the following:

- transparent_proxy_name: An operation targeting the transparent proxy

- -: A logout operation

- System: An operation other than those above

State The execution status is processing.One of the following is displayed:

- Submit: Awaiting execution

- Start: Being executed

- Complete: Execution complete

Result The execution results are processing.One of the following is displayed:

- Success: Completed successfully

- Warning: Warning

- Failed: Failed

Detail The process parameters. These will be output in the following format: *key1=value, key2=value.

Message Detailed messages of operations.

Number of Unconfirmed Event Logs ( )

The number of unconfirmed event logs is displayed.When the number of unconfirmed event logs is clicked, the [Event Log List] screen will be displayed.

Furthermore, it is possible to open a separate window by right clicking.On the [Event Log List] screen, event logs in which the status is unconfirmed (confirmation status is unconfirmed) are displayed.For details, refer to "4.4.2 Monitoring Event Logs."

Number of Unconfirmed Audit Logs( )

The number of unconfirmed operation logs is displayed.When the number of unconfirmed audit logs is clicked, the [Audit Log List] screen will be displayed.

- 54 -

Furthermore, it is possible to open a separate window by right clicking.On the [Audit Log List] screen, logs in which the status is unconfirmed (confirmation status is unconfirmed) are displayed.For details, refer to "4.4.3 Monitoring Audit Logs."

License Status ( )

The license status is displayed.The license statuses and displayed messages are shown below.

License Status Displayed Message

No license is registered No license is applied

A trial license is registered Trial period expires in {remaining_number_of_days} days

The period of a trial license has expired Trial period expired

An official license is registered No message is displayed

For license settings, refer to "3.6.4.5 Setting the License."

Refresh ( )

Refreshes the displayed screen.The screen is automatically refreshed every 30 seconds only on the global pane.

Settings ( )

Displays the [Settings] dialog.For details, refer to "4.3.1 Explanation of the [Settings] Dialog."

User Menu ( )

Displays the logged in user.The pull down menus of the user menu are described below.

Menu Description

Language Used to change the display language of the Web GUI.In the [Language setting] dialog, select either of the following for [Language]:

- Japanese

- English

During the initial login, if the language setting for the Web browser is configured to Japanese, "Japanese" will beconfigured automatically, while "English" will be configured in the case of any other language setting. If the displaylanguage is changed using the [Language setting] dialog, the selected language will be used from the second and laterlogins.

Version The version information is displayed.This information can also be displayed by the following command.

# wacadm system show <Enter>

- 55 -

Menu Description

For details, refer to "wacadm system Command" in the "Reference Guide."

License agreement Displays the license agreement.

Logout Logs you out of the system and takes you to the login screen.

[Dashboard] Tab

Displays WAN throughput, event logs, and audit logs.For details, refer to "4.4 Monitoring Using the Dashboard."

[Transparent Proxy] Tab

Can be used to manage transparent proxies.For details, refer to "4.5 Managing Transparent Proxies."

4.3 Configuring the Operation EnvironmentThe operation environment can be configured using the [Settings] dialog.

4.3.1 Explanation of the [Settings] DialogClick the [Settings] icon on the Global Pane of the Web GUI to display the [Settings] dialog.

The following sections describe each item in the left pane of the [Settings] dialog.

4.3.2 LicenseFor the procedure to configure a license to use this product, refer to "3.6.4.5 Setting the License."

4.3.3 Login SessionsIt is possible to check which users are currently logged in.

4.3.3.1 List of Login Session ItemsThis section explains the items displayed in the list view and the detailed view of login sessions.

How to Read the Table

- List: "Yes" or "No" indicates whether the item is displayed when viewing the list of login sessions

- Detail: "Yes" or "No" indicates whether the item is displayed when viewing the details of login sessions

Item List Details Description

ID Yes Yes The session ID.An automatically generated serial number.Clicking the ID displays the [Login session details] screen.For details, refer to "4.3.3.3 Displaying the Details of Login Sessions."

User name Yes Yes The name of the logged in user.

User role Yes(*1)

Yes The role of the logged in user. It can be either of the following:

- Administrator: The system administrator. Can use all functions

- Monitor: Can only use reference functions

Authentication server Yes(*1)

Yes The IP address of the authentication server that authenticated the user.

- 56 -

Item List Details Description

Client IP address Yes(*1)

Yes The IP address of the client.

Last login time Yes(*1)

Yes The date and time of the most recent login.The format "YYYY/MM/DD hh:mm:ss" is used.

Last operation time Yes(*1)

Yes The date and time of the most recent operation.The format "YYYY/MM/DD hh:mm:ss" is used.

*1: This item can be set to be displayed or hidden using the [Display settings] dialog. For details, refer to "4.3.3.2 Displaying the List ofLogin Sessions"

4.3.3.2 Displaying the List of Login SessionsThis section explains the procedure for displaying the list of login sessions.

Procedure

1. Click the [Settings] icon in the global pane of the Web GUI to display the [Settings] dialog.

2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Login session] to display the [Login session list] screen.

For an explanation of the items displayed on the [Login session list] screen, refer to "4.3.3.1 List of Login Session Items."

3. By clicking the [Display settings] button on the [Login session list] screen, it is possible to change the displayed items.

4.3.3.3 Displaying the Details of Login SessionsThis section explains the procedure for displaying the details of login sessions.

Procedure



- 57 -

3. Click the [ID] of the target session to display the [Login session details] screen.

For an explanation of the displayed items, refer to "4.3.3.1 List of Login Session Items."

4.3.3.4 Performing a Forced LogoutThis section explains the procedure for forcibly logging out another user.

Procedure



3. Select one or multiple users to forcibly log out, and then click the [Force logout] button. This displays the [Force logout] screen.

- 58 -

4. Click the [Done] button.


Confirm that the forcibly logged out user has been removed from the [Login session list] screen.

4.3.4 Local Authentication UsersThis section explains how to manage (display in a list, create, delete, and modify) local authentication users.

4.3.4.1 Displaying the List of Local Authentication UsersThis section explains the procedure for displaying the list of local authentication users.

Procedure


2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Local authentication user] to display the [Local authenticationuser list] screen.

The following items are displayed:

- ID

- User name

3. By clicking the [Display settings] button on the [Local authentication user list] screen, it is possible to change the displayed items,and enable whether each of the following items are displayed:

- User role

- 59 -

- Mail address

- Description

"ID" is an automatically assigned user ID. Clicking it displays the [Local authentication user list] screen.For details, refer to "4.3.4.2 Displaying the Details of Local Authentication Users."For information on the other items, refer to "2.8.1.1 Designing Local Authentication."

4.3.4.2 Displaying the Details of Local Authentication UsersThis section explains the procedure for displaying the details of local authentication users.

Procedure



3. Click the [ID] of the target user to display the [Local authentication user details] screen.


- ID

- User name

- User role

- Mail address

- Description

"ID" is an automatically assigned user ID.For information on the other items, refer to "2.8.1.1 Designing Local Authentication."

4.3.4.3 Creating Local Authentication UsersThis section explains the procedure for creating local authentication users.

Procedure



- 60 -

3. Select [Action]-[Create] to display the [Create local authentication user] screen.

Configure the following items. Items marked with "*" on the screen are mandatory.

- Name

- Password (Confirm password)

- Role

- Mail address

- Description

For information on each item, refer to "2.8.1.1 Designing Local Authentication."

4. Input the necessary items, and then click the [Done] button.


Confirm that the created user is displayed on the [Local authentication user list] screen.

4.3.4.4 Deleting Local Authentication UsersThis section explains the procedure for deleting local authentication users.

Procedure


2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Local authentication user] to display the [Local authenticationuser] screen.

- 61 -

3. Select one or multiple users to delete, and then select [Action]-[Delete] to display the [Delete user] screen.



Confirm that the deleted users have been removed from the [Local authentication user list] screen.

Note

- Logged in users cannot be deleted.

- At least one local authentication user with the role "Administrator" must exist in the system. For this reason, it is not possible to deletethe last remaining local authentication user with the "Administrator" role.

4.3.4.5 Modifying Local Authentication UsersThis section explains the procedure for modifying local authentication users.

Procedure



- 62 -

3. Select the user to modify, and then select [Action]-[Modify] to display the [Modify local authentication users] screen.

The following items can be modified:

- Password

- Role

- Mail address

- Description

For information on each item, refer to "2.8.1.1 Designing Local Authentication."

Note that it is not possible to modify the role of a logged in user.

4. On the [Modify local authentication users] screen, modify the user information as desired, and then click the [Complete] button.


Confirm that the changes made to the user are reflected on the [Local authentication user details] screen.For details, refer to "4.3.4.2 Displaying the Details of Local Authentication Users."

4.3.5 Authentication ServersThis section explains how to manage (display in a list, create, delete, and modify) the servers necessary for external authentication.

4.3.5.1 Displaying the List of Authentication ServersThis section explains the procedure for displaying the list of authentication servers.

Procedure


- 63 -

2. In the [Settings] dialog, select [Setting category]-[Authentication]-[Authentication server] to display the [Authentication server list]screen.


- ID

- IP address

- Priority

3. By clicking the [Display settings] button on the [Authentication server list] screen, it is possible to change the displayed items, andenable whether each of the following items are displayed:

- Type

- Port

- Domain

- User search base

- Group search base

- Administrator user

- SSL

- Description

"ID" is an automatically assigned authentication server ID. Clicking it displays the [Authentication server details] screen.For details, refer to "4.3.5.2 Displaying the Details of Authentication Servers."For information on the other items, refer to "2.8.1.2 Designing External Authentication."

4.3.5.2 Displaying the Details of Authentication ServersThis section explains the procedure for displaying the details of authentication servers.

Procedure



- 64 -

3. Click the [ID] of the target server. If the server type is "LDAP," the [Authentication server(LDAP)] screen is displayed. If the servertype is "AD," the [Authentication server(AD)] screen is displayed.


- ID

- IP address

- Priority level

- Port

- Domain

- User search base

- Group search base


- SSL

- Description

"ID" is an automatically assigned authentication server ID.For information on the other items, refer to "2.8.1.2 Designing External Authentication."

4.3.5.3 Registering Authentication ServersThis section explains the procedure for registering authentication servers.

Procedure



- 65 -

3. Select [Action]-[Add] to display the [Register authentication server] screen.

Configure the following items. Items marked with "*" on the screen are mandatory.

- Type

- IP address

- Port

- Domain

- User search base

- Group search base


- Administrator password

- SSL

- Priority

- Description

For information on each item, refer to "2.8.1.2 Designing External Authentication."

4. On the [Register authentication server] screen, input the necessary items, and then click [Done].


Confirm that the registered authentication server is displayed on the [Authentication server list] screen.

4.3.5.4 Deleting Authentication ServersThis section explains the procedure for deleting authentication servers.

Procedure


- 66 -


3. Select one or multiple authentication servers to delete, and then select [Action]-[Delete] to display the [Delete authentication server]screen.



Confirm that the deleted authentication servers have been removed from the [Authentication server list] screen.

Note

Even if an authentication server is deleted, the sessions of users who logged in using that server are not deleted. These users can continueusing the Web GUI until they log off.

4.3.5.5 Modifying Authentication ServersThis section explains the procedure for modifying authentication servers.

Procedure



- 67 -

3. Select the authentication server to modify, and then select [Action]-[Update] to display the [Modify authentication server] screen.

The following items can be modified:

- IP address

- Port

- Domain

- User search base

- Group search base


- Administrator password

- SSL

- Priority

- Description

For information on each item, refer to "2.8.1.2 Designing External Authentication."

4. Modify the server information as desired, and then click the [Complete] button.


Confirm that the changes made to the authentication server are reflected on the [Authentication server (LDAP)] or [Authentication server(AD)] screen.For details, refer to "4.3.5.2 Displaying the Details of Authentication Servers."

4.3.6 Mail Server and Email Notification DestinationsThis section explains the procedure for configuring the mail server and email notification destinations.

Procedure


- 68 -

2. In the [Settings] dialog, select [Setting category]-[Monitoring]-[Mail server] to display the [Mail server] screen.

The following items are displayed: Items marked with "*" on the screen are mandatory.

- SMTP server

- Sender mail address

- SMTP port

- Authentication method

- User name

- Password

- Subject (Fixed)

- Number of Retries

- Retry Interval (in seconds)

- SMTP over SSL

For information on each item, refer to "2.8.2 Designing the Email Notification Function."

3. On the [Mail server] screen, input the necessary items, and then click [Apply].

- 69 -

4. In the [Settings] dialog, select [Setting category]-[Monitoring]-[Mail notification] to display the [Mail notification] screen.

5. On the [Mail notification] screen, input the email notification destinations, and then click [Apply]. Up to three notificationdestinations can be specified.

Information

To delete the configuration of the mail server and email notification destinations, perform the following operations.

- Mail server: Delete [SMTP server] and [Sender mail address], and click [Apply].

- Email notification destination: Delete [Mail address], and click [Apply].


1. On the [Mail notification] screen, click the [Send test mail] button.

2. "The test mail will be sent to the specified mail addresses. Is it OK?" is displayed. Click the [Yes] button.

3. Confirm that the specified email notification destination addresses receive the test email.

Mail Content

The content of the sent emails is as follows.

Item Content Description

Subject [Subject_(Fixed)] Smart Communication OptimizerEvent Mail

The value specified for [Subject (Fixed)] on the [Mail server] screen,with the following character string added to the end.

Smart Communication Optimizer Event Mail

If nothing has been specified for [Subject (Fixed)], the subject is onlythe above string.

From sender_mail_address The email address specified for [Sender mail address] on the [Mailserver] screen.

To notification_destination_email_address One of the email addresses specified for [Mail address 1], [Mailaddress 2], or [Mail address 3] on the [Mail notification] screen.

Body Severity: "Warning" or "Error"Date: date_and_time_of_event

Host Name: host_name

Target Name: transparent_proxy_name or "System"

- Severity: The event level ("Warning" or "Error").

- Date: The date and time on which the event occurred.The ISO 8601 format "YYYY-MM-DDTHH:mm:ssZ" is used.

- Host Name: The SCO-VA host name.

- 70 -

Item Content Description

Message ID: message_ID

Message: message

- Target Name: The name of the target event.

- Message ID: The message ID of the event log.

- Message: The message body of the event log.

The subject and body of the test email are as follows.

Item Content

Subject [Subject_(Fixed)] Smart Communication OptimizerTest Mail

Body Severity: InformationDate: date_and_time_of_event

Host Name: host_name

Target Name: -

Message ID: -

Message: TEST MAIL

4.3.7 Troubleshooting DataCollect troubleshooting data when trouble occurs during use of this product.

For how to collect troubleshooting data, refer to "Collecting Troubleshooting Data" in the "Reference Guide."

4.4 Monitoring Using the DashboardThis section explains how to monitor using the Dashboard.

The Dashboard can be displayed by selecting the [Dashboard] tab of the Web GUI. The following information is displayed:

- WAN throughput

- Event logs

- Audit logs

4.4.1 Monitoring WAN ThroughputUsing the [WAN Throughput] panel of the Dashboard, it is possible to confirm the throughput from all transparent proxies to the WAN(outgoing throughput, "OUT") and the throughput from the WAN to all transparent proxies (incoming throughput, "IN").The WAN throughput to and from an individual transparent proxy can be confirmed using the [Details] screen for that transparent proxy.For details, refer to "4.5.3 Displaying the Details of Transparent Proxies."

- 71 -

Figure 4.2 [WAN Throughput] Panel

The [WAN Throughput] panel displays the following information.

Name Description

Latest and MaximumThroughput

Latest and maximum values of the throughput are displayed separately for OUT and IN directions.The latest values are the largest values within the last 5 minutes.Maximum value is the highest value in the last two days.

Throughput Transition The progress of throughput for the past 2 days is displayed in 5 minute intervals.The following four types of throughputs are displayed:

- OUT (Max)

- IN (Max)

- Out (Avg)

- IN (Avg)

By clicking on the legend, it is possible to toggle whether specific items are displayed or hidden in the linegraph.

Moving the cursor over a point on a line in the graph displays the date, time, and throughput for that point asa tooltip.

4.4.2 Monitoring Event LogsEvent logs record the following types of messages, and can be used to trace the causes of trouble.

- Notification messages from transparent proxies

- Messages regarding the expiration of trial licenses

- Process monitoring messages

Event logs are stored for 30 days.

On the [Event Log] panel of the dashboard, the event logs of the 50 most recent, unconfirmed, Warning or Error levels will be displayed.

- 72 -

Figure 4.3 [Event Log] Panel

Clicking on a date in the [Date] column of the [Event Log] panel displays the [Event Log Details] screen for confirming the details of thatevent.Events logs that have been confirmed are removed from the [Event Log] panel.

Figure 4.4 [Event Log Details] Screen

Alternatively, click [Display All Logs] on the [Event Log] panel to display the [Event Log List] screen.The [Event Log List] screen displays all event logs, regardless of whether they have been confirmed.Clicking on a date in the [Date] column will also display the [Event Log Details] screen.

Figure 4.5 [Event Log List] Screen

The operations for the table section of the [Event Log List] screen are shown below.

Item Description

Displays the [Filter Event Log List] dialog.It is possible to filter the content displayed on the [Event Log List] screen by specifying some or all of "Confirmation,""Date," "Level," "Target Event," and "Message" as filter conditions and then clicking the [Filter] button.

Items xx/yy The number of logs after filtering/the total number of logs.

Switches to the first page.

Switches to the previous page.

x/y The current page number/the total number of pages.

- 73 -

Item Description

Switches to the next page.

Switches to the last page.

Figure 4.6 [Filter Event Log List] Dialog

The event log content displayed in each screen is described below.

Item

Event Log

Event Log List

Event Log D

etails

Description

Confirmation No

Yes

No

Whether the details of the event log have been confirmed using the [Event Log Details] screen.When the status has not been confirmed (unconfirmed), will be displayed. When the status has been confirmed (confirmed), nothing will be displayed.

Date Yes

Yes

Yes

The date and time on which the event occurred.The format "YYYY/MM/DD hh:mm:ss" is used.Clicking a date on the [Event Log] panel or the [Event Log List] screen displays the [Event LogDetails] screen.

Level Yes

Yes

Yes

The level of the event log.One of the following is displayed:

- Error: Error level

- Warning: Warning level

- Information: Information level

Note that only the icon for the event level is displayed on the [Event Log] panel and the [Event LogList] screen.

Target Event No

Yes

Yes

The name of the target event. It will be either of the following:

- transparent_proxy_name: An event log output by that transparent proxy

- System: An event log output by a source other than a transparent proxy

Message ID Yes

No

Yes

The message ID of the event log.

Message No

Yes

Yes

The message body of the event log.

- 74 -

Yes: Displayed, No: Not displayed

4.4.3 Monitoring Audit LogsAudit logs record login histories and operation histories, and can be used in the same way as event logs to trace the causes of trouble.Audit logs are stored for 30 days.On the [Audit Log] panel of the dashboard, the operation logs of the 50 most recent, unconfirmed, Warning or Failed levels will bedisplayed.

Figure 4.7 [Audit Log] Panel

Clicking on a date in the [Date] column of the [Audit Log] panel displays the [Audit Log Details] screen for confirming the details of thatoperation.Audit logs that have been confirmed are removed from the [Event Log] panel.

Figure 4.8 [Audit Log Details] Screen

Alternatively, click [Display All Logs] on the [Audit Log] panel to display the [Audit Log List] screen.The [Audit Log List] screen displays all audit logs, regardless of whether they have been confirmed.Clicking on a date in the [Date] column will also display the [Audit Log Details] screen.

Figure 4.9 [Audit Log List] Screen

- 75 -

The operations for the table section of the [Audit Log List] screen are shown below.

Item Description

Displays the [Filter Audit Log List] dialog.It is possible to filter the content displayed on the [Audit Log List] screen by specifying some or all of "Confirmation,""Date," "Status," "Result," "User name," "Target of Operation," "Action," and "Message" as filter conditions and thenclicking the [Filter] button.

Items xx/yy The number of logs after filtering/the total number of logs.






Figure 4.10 [Filter Audit Log List] Dialog

The audit log content displayed in each screen is described below.

Item

Audit Log

Audit Log List

Audit LogD

etails

Description

Confirmation No

Yes

No

Whether the content of the audit log has been confirmed using the [Audit Log Details] screen.When the status has not been confirmed (unconfirmed), will be displayed.When the status has been confirmed (confirmed), nothing will be displayed.Furthermore, the status becomes unconfirmed when a process completes and when it results in anerror (the result is Warning or Failed).

Date Yes

Yes

Yes

The date on which the audit log was last updated.The format "YYYY/MM/DD hh:mm:ss" is used.Clicking a date on the [Audit Log] panel or the [Audit Log List] screen displays the [Audit LogDetails] screen.

Status No

Yes

Yes

The execution status of processing.One of the following is displayed:

- 76 -

Item

Audit Log

Audit Log List

Audit LogD

etails

Description

- Submit: Awaiting execution

- Start: Being executed

- Complete: Execution complete

Note that only the icon for the status is displayed in the [Audit Log] panel and the [Audit Log List]screen.

Result Yes

Yes

Yes

The execution results of processing.One of the following is displayed:

- Success: Completed successfully

- Warning: Warning

- Failed: Failed

Note that only the icon for the status is displayed in the [Audit Log] panel and the [Audit Log List]screen.

User name No

No

Yes

The name of the user who performed the operation.

Target ofOperation

No

Yes

Yes

The name of the target of operation. One of the following:

- transparent_proxy_name: An operation targeting that transparent proxy

- -: A logout operation

- System: An operation other than those above

Action No

Yes

Yes

A character string representing the processing content.Example: "Create transparent proxy," "Create User," "Login," "Enable license," etc.

Detail No

No

Yes

The parameters for processing.* Parameters are output in the format "key1=value, key2=value."

Operation Source No

No

Yes

Displays the operation source. Fixed as "GUI" (an operation performed using the Web GUI).

Message ID Yes

No

Yes

The message ID of the audit log.

Message No

Yes

Yes

The message body of the audit log.

4.5 Managing Transparent ProxiesThis section explains how to manage (display in a list, display details of, add, delete, modify, and modify the IP addresses of) transparentproxies.

4.5.1 Displaying the List of Transparent ProxiesThis section explains the procedure for displaying the list of transparent proxies.

- 77 -

Procedure

1. Select the [Transparent Proxy] tab of the Web GUI to display the [Transparent Proxy List] screen.

The operations for the table section of the [Transparent Proxy List] screen are shown below.

Item Description







Item Description

Transparent Proxy Name The name of the transparent proxy.

Status The status of transparent proxies.


- Client: A transparent proxy of the client type.A transparent proxy of the client type establishes a UNAP connection to a transparent proxyof the server type.

- Server: A transparent proxy of the server type.A transparent proxy of the server type waits for a transparent proxy of the client type toestablish a UNAP connection.

Pair IP Address The IP address of the WAN-side interface of the transparent proxy to pair with.

Port Number The port number used by UNAP to enable high-speed data transfer over a WAN.

For details on statuses, refer to "4.5.2 Transparent Proxy Statuses."For details on other items, refer to "2.8.3 Designing Transparent Proxy Management."Clicking on the name of a transparent proxy displays the [Details] screen.For details, refer to "4.5.3 Displaying the Details of Transparent Proxies."

4.5.2 Transparent Proxy StatusesThe statuses of transparent proxies are as follows.

Status Icon Detailed Status Description

Normal Stopped The initial state of a transparent proxy.

Starting The state of starting a transparent proxy.

- 78 -

Status Icon Detailed Status Description

Waiting for Connection A transparent proxy has completed startup for a client type.A server type is waiting for a UNAP connection to be established from a client type.

Connecting A UNAP connection is being established from a client type to a server type (for clienttypes only).

Connected A UNAP connection has been established from a client type to a server type.

Restarting A transparent proxy is being restarted due to a transparent proxy change.

Finished The transparent proxy has been deleted

Warning Reconnecting A UNAP disconnection has been detected and the client type is re-establishing aconnection (for client types only).

Waiting for Reconnection A UNAP disconnection has been detected and it is waiting for a UNAP connection tobe re-established from the client type (for server types only).

Disconnecting (Active) A UNAP connection is being disconnected by the local transparent proxy.

Disconnecting (Passive) A UNAP connection is being disconnected by the paired transparent proxy.

Unavailable The trial license has expired

Error Waiting for Deletion A transparent proxy is waiting for deletion.As any transparent proxy that is in this state must be deleted, the transparent proxy willonly accept delete operations.

Disconnected A UNAP connection has been disconnected.

Failure The transparent proxy has failed and has stopped operating.

4.5.3 Displaying the Details of Transparent ProxiesThis section explains the procedure for displaying the details of transparent proxies.

Procedure


2. Click the target [Transparent Proxy Name] to display the [Transparent Proxy Details] screen.

3. The [Transparent Proxy Details] screen is composed of the following three panels. Clicking the [Performance Information] buttonon the top of the screen closes all panels other than the [Performance Information] panel.

- [Basic Information] panel

- [Details] panel

- [Performance Information] panel

4.5.3.1 Transparent Proxy Details-Basic InformationThis panel displays the basic information of an individual transparent proxy.

- 79 -

Figure 4.11 [Transparent Proxy Details] Screen [Basic Information] Panel


Item Description

Transparent Proxy Name The name of the transparent proxy.

Status The status of transparent proxies.


- Client: A transparent proxy of the client type.A transparent proxy of the client type establishes a UNAP connection to a transparent proxy of theserver type.

- Server: A transparent proxy of the server type.A transparent proxy of the server type waits for a transparent proxy of the client type to establisha UNAP connection.

Pair IP Address The IP address of the WAN-side interface of the transparent proxy to pair with.

Port Number The port number used by UNAP to enable high-speed data transfer over a WAN.

LAN-side Interface The name of the network interface used by the transparent proxy for TCP communication with clientor server applications.

WAN-side Interface The name of the network interface used by the transparent proxy for WAN-side communication.

Operation Mode The operation mode of the transparent proxy. Select either of the following:

- Transparent: Transparently relays TCP connections.

- Terminate: Terminates TCP connections.

Target Service Port Numbers The list of port numbers of the services that are targets of data transfer performed by the transparentproxy.

For details of the statuses, refer to "4.5.2 Transparent Proxy Statuses."For details of other items, refer to "2.8.3 Designing Transparent Proxy Management."

4.5.3.2 Transparent Proxy Details-DetailsThis panel displays the details of an individual transparent proxy.

- 80 -

Figure 4.12 [Transparent Proxy Details] Screen [Details] Panel


Item Description

Maximum Number of TCPConnections

The maximum number of TCP connections that can be established.

Number of Connection Re-establishment Attempts (*1)

The number of reconnection attempts to make when establishing a UNAP connection.

Connection Re-establishment AttemptInterval (*1)

The interval (in seconds) between reconnection attempts when establishing a UNAP connection.

Connection Monitoring Interval The connection monitoring interval (in seconds) for a UNAP connection.

MTU Size The MTU size of UNAP.

*1: Not displayed for a server type transparent proxy.

For details on each item, refer to "2.8.3 Designing Transparent Proxy Management."

4.5.3.3 Transparent Proxy Details-Performance InformationThis panel displays the performance information of an individual transparent proxy.Select the performance information to display from the [Item] pull-down menu.

- WAN Throughput

- LAN Throughput

- Round-Trip Time

- 81 -

- Packet Loss Rate

Figure 4.13 [Transparent Proxy Details]-[Performance Information]-[WAN Throughput]

Figure 4.14 [Transparent Proxy Details]-[Performance Information]-[LAN Throughput]

- 82 -

Figure 4.15 [Transparent Proxy Details]-[Performance Information]-[Round-Trip Time]

Figure 4.16 [Transparent Proxy Details]-[Performance Information]-[Packet Loss Rate]

The graph shows progress of the past 2 days displayed in 5 minute intervals.By clicking on the legend, it is possible to toggle whether specific items are displayed or hidden in the line graph.Moving the cursor over a point on a line in the graph displays the date, time, and throughput for that point as a tooltip.The figure below the graph shows the targets for which performance information is displayed.The parts other than the targets are displayed in gray.

The displayed items are explained below.

Displayed Item Description

WAN Throughput(MB/sec)

OUT [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*1) from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*2) from the WAN to the transparent proxies.

- 83 -

Displayed Item Description

When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

OUT [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*1) from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*2) from the WAN to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

LAN Throughput(MB/sec)

OUT [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*3) from the transparent proxies to the application.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Max] Displays the maximum value every 5 minutes for the amount of communication persecond (*4) from the application to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

OUT [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*3) from the transparent proxies to the application.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Avg] Displays the average value every 5 minutes for the amount of communication persecond (*4) from the application to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

Round-Trip Time(msec)

Latency [Avg] Displays the average value every 5 minutes for the time from sending data to receivingacknowledgement (ACK) between transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

Latency [Min] Displays the smallest value every 5 minutes for the time from sending data to receivingacknowledgement (ACK) between transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

Packet Loss Rate(%)

OUT [Max] Displays the largest value every 5 minutes for the ratio of lost data per second (*5)from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Max] Displays the largest value every 5 minutes for the ratio of lost data per second (*6)from the WAN to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

OUT [Avg] Displays the average value every 5 minutes for the ratio of lost data per second (*5)from the transparent proxies to the WAN.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

IN [Avg] Displays the average value every 5 minutes for the ratio of lost data per second (*6)from the WAN to the transparent proxies.When a UNAP connection has not been established and when there is no TCPcommunication to be accelerated, the value becomes 0.

- 84 -

*1: Transmission rate = The total size (in MB) of UNAP packets received in 1 second by the paired transparent proxy / 1 (sec)*2: Reception rate = The total size (in MB) of UNAP packets received in 1 second by the transparent proxy / 1 (sec)*3: Transmission rate = The total size (in MB) of TCP packets transmitted in 1 second by the transparent proxy / 1 (sec)*4: Reception rate = The total size (in MB) of TCP packets received in 1 second by the transparent proxy / 1 (sec)*5: Loss rate = (the number of lost UNAP packets detected in 1 second by the paired transparent proxy / (the number of UNAP packets received in 1 second by the paired transparent proxy + the number of lost UNAP packets detected in 1 second by the paired transparent proxy)) * 100*6: Loss rate = (the number of lost UNAP packets detected in 1 second / (the number of UNAP packets received in 1 second + the number of lost UNAP packets detected in 1 second)) * 100

4.5.4 Adding Transparent ProxiesThis section explains the procedure for adding transparent proxies.If no license is registered or if the trial license has expired, it is not possible to add transparent proxies ([Action] is not displayed).

Procedure


2. On the [Transparent Proxy List] screen, select [Action]-[Register] to display the [Register Transparent Proxy] wizard.

3. Follow the instructions of the [Register Transparent Proxy] wizard.

For an explanation of the items to input in the [Register Transparent Proxy] wizard, refer to "2.8.3 Designing Transparent ProxyManagement."

Step Input Item

BasicInformation

Transparent Proxy Name

Type

Pair IP Address

Port Number

Operation Mode (*1)

Target Service Port

Details Maximum Number of TCP Connections


Connection Re-establishment Attempt Interval (*2)

Connection Monitoring Interval (*2)

MTU Size (*2)

Confirm Confirm the input information. If there are no problems, click the [Add] button.

Complete Click the [Complete] button to return to the [Transparent Proxy List] screen.

*1: Required for a server type transparent proxy.

*2: Required for a client type transparent proxy.

- 85 -


1. Addition of the transparent proxy is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the added transparent proxy is displayedon the [Transparent Proxy List] screen.

2. Confirm that when only one of the transparent proxies has been registered, the status of the transparent proxy is "Waiting forConnection" and when a pair of transparent proxies have been registered, the status of the transparent proxy is "Connected." In the event that the status is not as it is written above, refer to "Unable to connect to the transparent proxies to pair with" in the "Errorsduring Connection" section of the "Reference Guide."

4.5.5 Deleting Transparent ProxiesThis section explains the procedure for deleting transparent proxies.

Procedure


2. On the [Transparent Proxy List] screen, click the target [Transparent Proxy Name] to display the [Transparent Proxy Details] screen,then select [Action]-[Delete].

3. In the [Delete Transparent Proxy] dialog, click the [Yes] button to delete the transparent proxy. A notification is displayed indicatingthat the processing has been received.

4. Click the [Close] button to return to the [Transparent Proxy List] screen.


Deletion of the transparent proxy is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the deleted transparent proxy is not displayedon the [Transparent Proxy List] screen.

4.5.6 Modifying Transparent ProxiesThis section explains the procedure for modifying transparent proxies.If no license is registered or if the trial license has expired, it is not possible to modify transparent proxies.

Procedure


2. Click the target [Transparent Proxy Name] to display the [Transparent Proxy Details] screen.

- 86 -

3. On the [Transparent Proxy Details] screen, select [Action]-[Modify] to display the [Modify Transparent Proxy] wizard.

4. Follow the instructions of the [Modify Transparent Proxy] wizard.

For an explanation of the items which can be modified using the [Modify Transparent Proxy] wizard, refer to "2.8.3 DesigningTransparent Proxy Management."

Step Input Item

BasicInformation

Pair IP Address (*1)

Port Number (*1)

Operation Mode (*1) (*2)

Target Service Port

Details Maximum Number of TCP Connections


Connection Re-establishment Attempt Interval (*3)

Connection Monitoring Interval (*3)

MTU Size (*1) (*3)

Confirm Confirm the input information. If there are no problems, click the [Modify] button.

Complete Click the [Complete] button to return to the [Transparent Proxy Details] screen.

*1: When modifications have been made, communication will temporarily not be able to place until the transparent proxy will hasbeen restarted and reconnection has been made.

*2: Required for a server type transparent proxy.

*3: Required for a client type transparent proxy.

Note

If you cannot modify an item you would like to modify using the [Modify Transparent Proxy] Wizard, after deleting the transparent proxy,try to re-register it again.


1. Modification of the transparent proxy is processed asynchronously.For this reason, when the number of active processes on the Global Pane is "0," confirm that the changes made to the transparent proxyhave been reflected from the [Details] screen.

- 87 -

2. Confirm that when only one of the transparent proxies has been registered, that the status of the transparent proxy is "Waiting forConnection." When a pair of transparent proxies has been registered, confirm that the status of the transparent proxies are"Connected."In the event that the status is not as it is written above, refer to "Unable to connect to the transparent proxies to pair with" in the "Errorsduring Connection" section of the "Reference Guide."

4.5.7 Changing the IP Addresses of the Interfaces Used by TransparentProxies

Users of this product may wish to configure one set of IP addresses for the interfaces used by transparent proxies for use during the testingperiod before production, and after testing is complete, switch to another set of IP addresses for actual use in production.This section explains the procedure for changing the IP addresses of the interfaces used by transparent proxies.

Procedure

1. Execute the initialization wizard to change the IP address of the transparent proxy.For details, refer to "3.6.2.1 Executing the Initialization Wizard."

2. If the IP address of the WAN-side interface (including cases of combined use) has been changed, configure the [Pair IP Address] ofthe paired transparent proxy to the new IP address.For details, refer to "4.5.6 Modifying Transparent Proxies."

3. If the IP address of the LAN-side interface (including cases of combined use) has been changed, and if the default gateway of the TCPcommunication app is set to SCO-VA, the IP address that was changed will be set to the default gateway of the TCP communicationapp.


On the [Transparent Proxy List] screen or on the [Details] screen of the [Transparent Proxy] panel, confirm that the status of the transparentproxy is "Connected."For details on the [Transparent Proxy List] screen, refer to "4.5.1 Displaying the List of Transparent Proxies." For details on the [TransparentProxy] panel of the [Details] screen, refer to "4.5.3.1 Transparent Proxy Details-Basic Information."

4.6 Performing MaintenanceThis section explains maintenance.

4.6.1 Overview of MaintenanceThere are the following maintenance tasks:

- Recovering faulty server virtualization software

- Performing regular maintenance of server virtualization software

- Updating software

4.6.2 Recovering Faulty Server Virtualization SoftwareThis section explains the procedure for recovering faulty server virtualization software.The recovery procedure varies depending on whether the system uses high availability operation.

4.6.2.1 Recovery when Using High Availability OperationThis section explains the recovery procedure when using high availability operation.

Procedure

1. Repair or replace the faulty server.

2. Install and then start the server virtualization software.

- 88 -

3. If the information of a previous deployment of this product has been lost due to disk failure, reinstall this product.For details, refer to "Chapter 3 Installation and Setup."

4.6.2.2 Recovery when Not Using High Availability OperationThis section explains the recovery procedure when not using high availability operation.

Procedure

Information

If recovery can be performed in a short enough period of time such that there is no anticipated effect on operation, then it is not necessaryto perform steps 1 and 5 below.

1. If the TCP communication app is not influenced by a server virtual software failure, and if the default gateway of the TCPcommunication app is configured to SCO-VA, temporarily change the default gateway of the TCP communication app to the WANconnection router.

2. Repair or replace the faulty server.

3. Install and then start the server virtualization software.

4. If the information of a previous deployment of this product has been lost due to disk failure, reinstall this product.For details, refer to "Chapter 3 Installation and Setup."

5. Revert the settings modified in step 1 to their original state.

4.6.3 Performing Regular Maintenance of Server Virtualization SoftwareThis section explains the procedure for performing regular maintenance of server virtualization software.The regular maintenance procedure varies depending on whether the system uses high availability operation.

4.6.3.1 Regular Maintenance when Using High Availability OperationThis section explains the regular maintenance procedure when using high availability operation.

Procedure

1. Remove a single instance of server virtualization software on which this product is not operating (an inactive server) from the cluster.

2. Perform maintenance of the server instance that was removed from the cluster in step 1.

3. Once maintenance is complete, return the server instance to the cluster.If there are more than three server instances in the cluster, perform steps 1 through 3 again for each instance of server virtualizationsoftware on which this product is not operating.

4. Migrate this product from the instance of server virtualization software on which it is currently operating to another instance of servervirtualization software.

5. Remove the instance of server virtualization software on which this product was previously operated from the cluster.

6. Perform maintenance of the server instance that was removed from the cluster in step 5.

7. Once maintenance is complete, return the server instance to the cluster.

4.6.3.2 Regular Maintenance when Not Using High Availability OperationThis section explains the regular maintenance procedure when not using high availability operation.

Procedure

- 89 -

Note

If you are unable to prepare a different instance of server virtualization software, use the same procedure for maintenance as in "4.6.2.2Recovery when Not Using High Availability Operation."

1. Migrate this product to a different instance of server virtualization software.

2. Perform maintenance of the server.

3. Once maintenance is complete, return this product to the instance of server virtualization software you migrated it from.

4.6.4 Updating SoftwareThis section explains the procedure for updating software.

Preparations

Confirm that you have obtained the patch file.

Procedure

1. If the default gateway of the TCP communication app is configured to SCO-VA, temporarily change the default gateway of the TCPcommunication app to the WAN connection router.

2. Transfer the obtained patch file to the file transfer area.To transfer the file, use SFTP (using the file transfer user account) on the admin PC.For file transfer users, refer to "2.8.1.4 Designing the File Transfer User." For file transfer area, refer to "1.6.4 File Transfer Area."

Example

When the SCO-VA IP address is 192.0.2.10 and the obtained patch file is WAC100_S20180601-01.tar.gz



Connected to 192.0.2.10

sftp> put WAC100_S20180601-01.tar.gz <Enter>

Uploading WAC100_S20180601-01.tar.gz to /sftp/WAC100_S20180601-01.tar.gz

WAC100_S20180601-01.tar.gz

sftp> bye <Enter>


4. Execute the following command to display system information to confirm whether the patch file can be applied.

# wacadm system show <Enter>

For details on the command, refer to "wacadm system Command" in the "Reference Guide."To determine whether it is possible to apply the patch, refer to the document attached to the obtained patch file.

5. Execute the following command to stop the service.

# wacadm service stop fjsvwaccp-database.service <Enter>

# wacadm service stop fjsvwaccp-system.service <Enter>

# wacadm service stop fjsvwaccp-webserver.service <Enter>

# wacadm service stop fjsvwacdp-tproxy-management.service <Enter>

For details, refer to the "wacadm service Command" in the "Reference Guide."

- 90 -

6. Using the patch file that was transferred in Step 2, update the software via the following command.

Example

When the obtained patch file is WAC100_S20180601-01.tar.gz

# wacadm system patch-add -file WAC100_S20180601-01.tar.gz <Enter>

For details, refer to "wacadm system Command" in the "Reference Guide."Use the "wacadm dir delete" command to delete the patch file after applying.

Example

When WAC100_S20180601-01.tar.gz is no longer needed

# wacadm dir show <Enter>

WAC100_S20180601-01.tar.gz

------------------------

Size Used Avail Use%

2.0G 413M 1.6G 20%

# wacadm dir delete WAC100_S20180601-01.tar.gz <Enter>

rm: remove regular file 'WAC100_S20180601-01.tar.gz'? yes <Enter>

For details, refer to "wacadm dir Command" in the "Reference Guide."

7. Execute the following command to restart the system.

# wacadm power restart <Enter>

For details, refer to the "wacadm power Command" in the "Reference Guide."

8. Revert the settings modified in step 1 to their original state.

4.7 Stopping and Restarting the System and ServicesThis section explains the procedure for stopping and restarting the system and services.

Procedure

1. Confirm that there are no active processes by viewing the "Number of active processes" on the Global Pane and the [Audit Log List]screen of the Dashboard.

2. On the Global Pane, select [User Menu]-[Logout] to log out.


4. Execute the corresponding commands for the desired operations.For details of the commands, refer to "wacadm power Command" or "wacadm service Command" in the "Reference Guide."

Corresponding Command

When stopping the system # wacadm power stop <Enter>

When restarting the system # wacadm power restart <Enter>

When stopping services Execute the following when applicable to stop services.

# wacadm service stop fjsvwaccp-database.service <Enter>

# wacadm service stop fjsvwaccp-system.service <Enter>

- 91 -

Corresponding Command

# wacadm service stop fjsvwaccp-webserver.service <Enter>

# wacadm service stop fjsvwacdp-tproxy-management.service <Enter>

When restarting services Execute the following when applicable to restart services.

# wacadm service restart fjsvwaccp-database.service <Enter>

# wacadm service restart fjsvwaccp-system.service <Enter>

# wacadm service restart fjsvwaccp-webserver.service <Enter>

# wacadm service restart fjsvwacdp-tproxy-management.service

<Enter>

- 92 -

Appendix A Lists of Useful Design InformationThis appendix provides lists of information that is frequently referred to during design of this product.

A.1 List of Output Log FilesThe log files output by this product are shown below.

Table A.1 List of Output Log Files

Log Name Use and Content Reference Method Rotation

Event logs Records of messages sent fromtransparent proxies, messagesregarding the expiration of triallicenses, and messages related toprocess monitoring.

View these logs from the dashboard of the Web GUI.For details, refer to "4.4.2 Monitoring Event Logs."

Logs are stored for30 days.

Audit logs Records of login and operations. View these logs from the dashboard of the Web GUI.For details, refer to "4.4.3 Monitoring Audit Logs."

A.2 List of Used Port NumbersThe port numbers used by this product are listed below.

Table A.2 List of Used Port Numbers

Communication Source Communication Destination

UseServer

PortNumber

ServerPort

NumberUpdate

Admin PC Variablevalue

This product 22 Notpossible

SSH, SFTP

9856 Possible HTTPS

TCP client (*1) Possible Port of the target service for data transfer using UNAP

This product TCP server (*1) Possible Port of the connecting target service using TCP whenthe operation mode of a transparent proxy is"Terminate."

Mail server 25 Possible SMTP

DHCP server 67, 68 Notpossible

DHCP

DNS server 53 Notpossible

DNS

NTP Servers 123 Notpossible

NTP

LDAP or ADserver

389 Possible LDAP / Active Directory

Metadata server 80 Notpossible

For the communication of Cloud-init, which is used inclouds (OpenStack or K5)

Paired installationsof this product

(*2) Possible UNAP

*1: The port number specified for the target service during transparent proxy registration.

*2: The port number specified for UNAP communication during transparent proxy registration.

- 93 -

Appendix B System Configuration Example ofCoordination with the TCP CommunicationApp

This section shows an example system configuration of the TCP Communication App that coordinates with TCP.

B.1 System Configuration when Coordinating with Cloud StorageGateway

Configuration when Transferring Data from a Single Cloud Storage Gateway to a Single Cloud ObjectStorage

Install SCO-VA and register a single transparent proxy on both the client and server sides.

Configuration when Transferring Data from Multiple Cloud Storage Gateway to a Single Cloud ObjectStorage

On the client side, register a single transparent proxy in each SCO-VA. On the server side, register multiple transparent proxies in a singleSCO-VA.

- When there are multiple client networks

- 94 -

- When there is a single client network

Configuration when Transferring Data from Multiple Cloud Storage Gateway to Multiple Clouds' (OpenStackand K5) Object Storage

On the client side, register a single transparent proxy in each SCO-VA. On the server side, register a single transparent proxy in each SCO-VA.

B.2 System Configuration when Coordinating with an FTP Server

Configuration when Transferring Data from an FTP Client to an FTP Server

When coordinating with an FTP server, configure FTP to use Passive Mode, and install SCO-VA and register a single transparent proxyon both the client and server sides.

Configure the target service port numbers of the transparent proxy located on the FTP client side to contain the following "a." and "b."

a. The range of the port numbers used for FTP data transfer

b. The port number used for the FTP control connection when the operation mode of the transparent proxy located on the FTP serverside is "Terminate."

- 95 -

- 96 -

Appendix C Default Gateway Configuration Example ofCoordination with the TCP CommunicationApp

This section shows an example configuration of the default gateway for the TCP communication app that coordinates with TCP.

C.1 Default Gateway Configuration Example when Coordinatingwith Cloud Storage Gateway

This section explains the procedures for configuring the default gateway when coordinating with Cloud Storage Gateway.

When adding this product to an environment where Cloud Storage Gateway is already installed

Procedures

1. Change the gateway of Cloud Storage Gateway from the WAN connection router to the SCO-VA LAN-side interface IP address.To make changes, configure the network settings of Cloud Storage Gateway.For details, refer to the Cloud Storage Gateway "User's Guide."

When installing this product and Cloud Storage Gateway at the same time

Procedures

1. Install Cloud Storage Gateway as it is written in the manual and set the SCO-VA LAN-side interface IP address to the gateway ofCloud Storage Gateway. To set the gateway, configure the network settings of Cloud Storage Gateway.For details, refer to the Cloud Storage Gateway "User's Guide."

C.2 Default Gateway Configuration Example when Coordinatingwith FTP

This section explains the procedures for configuring the default gateway when coordinating with FTP.

Procedures

1. Configure the SCO-VA LAN-side interface IP address to the gateway of the OS where the FTP server and the FTP client are running.

- 97 -

user's guide - fujitsu · 2018. 4. 26. · google chrome(tm) chrome vmware vsphere(r) vmware -...

Documents