KEMP 360 Central

1 Introduction

KEMP 360 Central is a centralized management, orchestration, and monitoring application that enables the administration of deployed LoadMaster and select third party Application Delivery Controllers (ADC).

KEMP 360 Central provides the ability to perform administrative tasks on each or all of the attached devices. This provides ease of administration because multiple devices can be administered in one place, rather than accessing each individually.

Introduction.png

KEMP 360 Central provides critical features for managing application delivery and acceleration in modern heterogeneous IT infrastructures. With it, users can easily:

Monitor performance and usage statistics of the networks, sub-networks, and LoadMasters (including any Virtual Services, Real Servers and SubVSs), which are attached

Add/remove and monitor third party products such as AWS ELB, HAProxy, NGINX and F5 BIG-IP.

View a list of available Virtual Services at both network and LoadMaster level

View a list of available Real Servers at both a network and LoadMaster level

View a list of available SubVSs at both network and LoadMaster level

License LoadMasters locally using KEMP 360 Central with the Activation Server functionality

License the KEMP 360 Central using offline, closed network licensing

Allow KEMP 360 Central to access the Internet using a HTTP(S) proxy

Reboot a LoadMaster, or reboot multiple LoadMasters simultaneously

Upload application templates to KEMP 360 Central and deploy them to LoadMasters as needed

Upload LoadMaster firmware packages to KEMP 360 Central and update and deploy LoadMaster firmware as needed

Upload and perform offline, closed network firmware updates for KEMP 360 Central

Store backups of LoadMaster settings and restore them to LoadMasters as needed

Automatically configure syslog options in one or multiple LoadMasters

View and filter LoadMaster syslogs

Download diagnostic logs such as audit, debug and system logs

Configure SMTP settings to allow KEMP 360 Central to send emails regarding critical errors

KEMP 360 Central should only be used to manage LoadMasters that have firmware version 7.1-30b or above installed.

LoadMasters with firmware between 7.1-26 and 7.1-30b have reduced statistics functionality.

KEMP 360 Central does not work with LoadMaster firmware below 7.1-26.

KEMP 360 Central is only available on certain subscriptions. Please contact a KEMP representative if needed.

1.1 Document Purpose

This document provides details on each of the functions that are available in KEMP 360 Central.

1.2 Intended Audience

This document is for anyone interested in finding out more about KEMP 360 Central.

2 Activation and Initial Login

  1. To access the KEMP 360 Central UI, in your browser, enter the IP address of the instance. A license activation screen appears.

Activation and Initial Login.png

  1. Click Continue.

Activation and Initial Login_1.png

1. The End User License Agreement (EULA) is displayed. Click Agree to accept the EULA and continue.

Activation and Initial Login_2.png

2. If using the Online method, fill out the fields and click License Now.

An Order ID is supplied by KEMP when you purchase a KEMP 360 Central instance. Entering an Order ID is optional for standard licenses.

If using the Offline method, select Offline, obtain the license text, paste it into the field provided and click License Now.

If using manual licensing, provide the Fingerprint to a KEMP representative and enter the license string which they provide.

For detailed instructions on how to register for a KEMP ID and license the LoadMaster, refer to the KEMP 360 Central Licensing, Feature Description.

3. Enter your KEMP ID (the email address used when registering the KEMP account).

The Order ID is optional for standard licenses.

Users need a KEMP ID to license KEMP 360 Central. If you do not have a KEMP ID, click the link provided and register one. For step-by-step instructions on how to register for a KEMP ID, and for information on licensing in general, refer to the KEMP 360 Central Licensing, Feature Description.

4. Type your Password.

If you wish to display the password while entering it, click the eye icon.

5. Click License Now.

Activation and Initial Login_3.png

6. Enter a new admin password in the two text boxes provided and click Set Password.

Passwords must be a minimum of eight characters long, contain at least one upper case letter and one number. All special characters are valid. See the Appendix: Password Information for more information.

The option to change or reset a user password by clicking the Reset password link should be used only if the current password is known.

Users may log in to KEMP 360 Central as either the admin user.

An admin has access to the full range of options in KEMP 360 Central.

2.1 Logging Out

To log out of KEMP 360 Central, click the logout button, which appears in the top right of all screens.

Logging Out.png

2.2 Welcome Screen

When you configure your KEMP 360 Central for the first time, the Welcome to KEMP 360 Central screen opens. This screen enables you to add single LoadMasters, LoadMaster HA pairs, and third-party devices, and makes the process of configuring your KEMP 360 Central as quick and easy as possible. The Welcome to KEMP 360 Central screen also enables you to pre-populate the SMTP configuration with an existing configuration. This is covered in detail in the Adding Devices section.

Welcome Screen.png

When you have no devices configured, you can click Skip this step at the top right of the screen to continue without adding your LoadMaster. When you have one device set up, this button changes to I’ve completed my setup.

After you click Add Device, KEMP 360 Central looks at the configuration of the device you added. If it contains SMTP configuration settings, KEMP 360 Central pre-populates the SMTP settings on KEMP 360 Central using the LoadMaster settings. If KEMP 360 Central is already configured for SMTP, you can choose to replace the current SMTP settings with the settings from the newly added LoadMaster.

You can access the Welcome screen anytime after your first login by clicking the About and Help (question mark) icon in the bottom left of the screen and then clicking Welcome on Board.

Welcome 2.png

The SMTP Setting pane is pre-populated from the LoadMaster if there are currently no SMTP settings on KEMP 360 Central. Note that only the Email Address List, SMTP Host, Port and SMTP Host User fields are pre-populated. You must type in the SMTP Host User and SMTP Host Password fields (if required by the SMTP server), as well as the ‘From’ Email field.

From the KEMP 360 Central welcome page, you can perform several tasks.

The above section describes how to configure these details in the Welcome screen. These details can also be configured elsewhere:

Configure the administrator email settings (see the SMTP Settings section)

Add a device (see the  Device Management section)

3 KEMP 360 Central Interface Description

This section of the document describes the KEMP 360 Central interface.

image011.png

The Global Dashboard provides you with a high-level summary of the health and status of your devices. For more information, see the Global Dashboard section.

The Network and Device Administration screen explains how networks and devices are managed in KEMP 360 Central. For more information, see the Network and Device Management section.

The Global Repository is used to upload files (such as firmware, template and backup files) to KEMP 360 Central. For more information, see the Global Repository section.

The Access Control screen enables you to manage the different levels of access required by different users. For more information, see the Access Control section.

The Settings and Configuration icon provides access to a number of options in KEMP 360 Central including license management, reporting, and logging.

The About and Help sections are covered within this section.

3.1 About Screen

Clicking the question mark button on the bottom-left of the UI brings users to the KEMP 360 Central About and Help page. This page contains information about:

The KEMP 360 Central license features (including a link to update the license)

The KEMP 360 Central firmware version

The boot time and uptime of KEMP 360 Central

The KEMP 360 Central serial number, which is needed when contacting KEMP about support or license queries

To view a list of open source licenses, click View Licenses. Click View to view the applicable license.

3.2   Help Screen

The help screen provides a link to the KEMP documentation page and the KEMP Customer Support site.

4 Global Dashboard

The Global Dashboard provides you with a high-level summary of the health and status of your devices. It contains the following sections that provide you with more detailed information relating to the status of your LoadMaster: Device Overview, Infrastructure and Application Health. If you have WAF configured, there will be a section on WAF statistics.

Global Dashboard.png

4.1 Device Overview

This section contains two panels: Device Health and Top 3 Utilization.

In the Device Health panel, you can quickly see what percentage of your devices are healthy and unhealthy. In the graphic below, the percentage of healthy devices is 55%.

Device Overview.png

The shared IP of a LoadMaster HA pair does not appear on this widget.

If you hover your mouse over the Device Health panel, it displays the number of healthy devices, unhealthy devices and unknowns (unknowns refer to devices that have never been successfully contacted by KEMP 360 and so their status is unknown). If you click the Device Health panel, you can view the health of your devices in more detail (see graphic below).

The health status of an unknown device is not checked.

Device Overview_1.png

The Top 3 Utilization panel displays the top three resource consuming devices based on memory and CPU only. You can click each LoadMaster on this panel to view the Monitoring page for that device. However, if there are no devices configured, the Welcome to KEMP 360 Central screen appears.

4.2 Infrastructure

The Infrastructure section contains two or three panels depending on your local configuration: Local Licenses (Activation Server Local (ASL), licenses), Log Summary and Non-Local Licenses & Subscriptions.

The Local Licenses panel is only present if you have a Services Provider License Agreement (SPLA) build.

If you hover over the Local Licenses panel, you can see how many licenses are activated. If you click the Local Licenses panel, the Metered Licensing Management screen opens. Here you can view information on instances and report data.

The Log Summary panel displays a circular color-coded chart where you can immediately tell the proportion of different types of errors including critical, errors and warnings. This updates every second. If you click this panel, the Logging screen opens where you can filter the logs using several different criteria. See Logging for more information.

image015.png

The shared IP of a LoadMaster HA pair is not counted on these widgets.

In the Non-Local Licenses & Subscriptions panel you can quickly identify LoadMasters that are approaching or have passed an expiration date. The Non-Local Licenses & Subscriptions panel displays the number of Subscription and Non-Subscription licenses and these are color coded as follows:

  • Red: Expired
  • Orange: 7 Days
  • Yellow: 30 Days
  • Blue: 60 Days

Infrastructure_1.png

This feature does not include licenses activated by the KEMP 360 Central Activation Server Local (ASL) feature; these are reported in a separate dashboard widget.

You will receive an alert on the Non-Local Licenses & Subscriptions widget when a subscription expiration has occurred (or is about to occur within 7, 30 or 60 days). If the device does not have an Enterprise or Enterprise+ subscription, you will only be able to monitor the device because the configuration will be read only.

If the device has an in-support legacy license, it will have read-write support.

If you click View List on the Non-Local Licenses & Subscriptions widget, you can view the Licenses table, which provides information on the type of license and the expiration date. For more information on the Licenses table, refer to the Licenses section.

Licenses and subscriptions that are expired are shown in red in the table.

image010.png

4.3 Application Health

There are several panels in the Application Health section. These are Virtual Service Status, Real Server Status, Administratively Disabled, WAF Statistics and Active Connections.

apphealth1.png

Virtual Service Status – This uses a color coding and displays up to five Virtual Servers and five Real Servers. Green indicates the service is up and red indicates it is down. It also displays the number of Virtual Servers that are up out of the total number of Virtual Services. You can click View More to open the Monitoring page.

Real Server Status – This panel is similar to the Virtual Service Status panel and displays the same information for the Real Servers.

Administratively Disabled – This panel displays the number of Real Servers and Virtual Services that are administratively disabled (indicated by the yellow color).

WAF Statistics – This panel displays the following:

- The number of configured WAF services

- The total number of requests recorded

- The total number of events recorded

- The total number of alerts in the past 24 hours (indicated by the triangle at the top of the bar)

- The total number of events in the past 24 hours

- The total number of events in the past hour

Active Connections – This panel displays the following:

- The total number of active connections aggregated across all managed devices

- The lowest number of active connections recorded for a single device, across all managed devices

- The highest number of active connections recorded for a single device, across all managed devices

- The average number of active connections across all managed devices

If you click the Active Connections panel, the Network Metrics screen opens.

Because LoadMaster HA pairs are now recognized by KEMP 360 Central, statistics are no longer reported for duplicates.

 

5 Network and Device Management

This section discusses how networks and devices are managed in KEMP 360 Central. When you click the Network and Device Administration icon on the KEMP 360 Central UI, there is a networks area on the left displaying networks and devices.

image.png

A network is represented by its IP address, Classless Inter-Domain Routing (CIDR) address, or the nickname specified. It is possible to have a sub-network - this is represented by an indented network. To display status details about all networks, click All Networks. To display details on an individual network, click that network.

Devices added to a network are represented by an icon underneath the network. If the device was named when it was added, the nickname is displayed, otherwise IP address is shown.

Third-Party device status is represented by the following icons:

Icon

Status

image1.png

HA Proxy device is available/accessible

image8.png

image2.png

HA Proxy device is not available or it is inaccessible

Network and Device Management_4.png

NGINX device is available/accessible

Network and Device Management_5.png

NGINX device is not available or it is inaccessible

Network and Device Management_6.png

Amazon Web Services (AWS) Elastic Load Balancer (ELB) device is available/accessible

Network and Device Management_7.png

AWS ELB device is not available or it is inaccessible

Network and Device Management_8.png

F5 BIG-IP device is not available or is inaccessible

Network and Device Management_9.png

F5 BIG-IP device is available/accessible

Network and Device Management_10.png (spinning)

Device is rebooting

HA pair icon.png HA pair

If you want to see what the different icons represent, there is an icon legend at the bottom of the screen (Network and Device Management_11.png). Roll your mouse over this to view the legend.

Network and Device Management_12.png

Users should note that selecting a network or device will bring focus to the monitoring and configuration dialogs for the highlighted entity. Please ensure you choose the correct one before adjusting any settings.

5.1   Network Management

Within KEMP 360 Central, networks are the basic container used to group device instances. You can highlight a network by typing the name of the Network and clicking the Search icon. In addition, you can view all available networks by expanding All Networks.

5.1.1 Add a Network

1. Click the cloud icon on the left.

Add a Network.png

2. At the bottom-left, click the plus (+) icon and click Add a Network.

Add a Network_1.png

3. If creating a top-level network, users should select No Parent from the Parent Network drop-down list.

4. If this is the first time adding a network using the KEMP 360 Central instance, the Parent Node drop-down list does not appear.

5. If adding a subnet, select a parent network from the Parent Network drop-down list.

6. Enter a recognisable Nickname for the network.

7. If no Nickname is entered here the Network’s IP address will be displayed everywhere that the Nickname would have been shown.

8. Enter the IP address and CIDR in the Network Address box. The CIDR has a range from 1 to 31.

9. Click Apply. A message appears saying the network is added.

5.1.2 Modify a Network

Modify a Network.png

To edit an existing network, select the network on the left and click the pencil icon at the bottom of the screen. Make the changes as needed and click Apply.

If a sub-network or device resides underneath a parent network, do not make any changes to the parent network.

5.1.3 Remove a Network

To remove a network, select a network on the left, click the minus (-) icon at the bottom of the screen and click Remove on the confirmation pop-up.

When a network is deleted, all associated subnetworks and/or LoadMasters are also deleted.

5.2   Device Management

Networks constitute the top level of organization in KEMP 360 Central; the devices you add to the networks constitute the second level.

KEMP 360 Central should only be used to manage LoadMasters, which have firmware version 7.1-30b or above installed.

A pop-up message appears if a LoadMaster with a firmware version older than 7.1-30b is being added.

LoadMasters with firmware between 7.1-26 and 7.1-30b have reduced statistics functionality.

KEMP 360 Central does not work with firmware below 7.1-26.

5.2.1 Adding Devices

This section shows users how to add devices to KEMP 360 Central. Currently supported devices are: KEMP LoadMasters, LoadMaster HA Pairs, NGINX, HAProxy, AWS ELB, and F5 BIG-IP.

LoadMasters, like KEMP 360 Central itself, must be licensed to be activated. There are two ways to license a LoadMaster:

License the LoadMaster by contacting the KEMP license server on the Internet. For further information on LoadMaster licensing, refer to the KEMP 360 Central Licensing, Feature Description.

Using a locally provisioned KEMP 360 Central Activation Server

KEMP 360 Central’s optional Activation Server functionality allows you license client LoadMasters locally without needing to contact the KEMP license server. When activating a LoadMaster in this way, the LoadMaster automatically gets added to KEMP 360 Central. For more information on the Activation Server feature (including configuration), refer to the KEMP 360 Central Activation Server, Feature Description.

This section assumes that the Activation Server functionality is not being used.

You can add LoadMaster HA pairs that were created on the LoadMaster with KEMP 360 Central as one unit by adding the HA1 and HA2 pair as a shared IP address. The shared IP enables you to more effectively monitor the status and configuration of services across the LoadMaster HA pair. To successfully add a LoadMaster HA pair to KEMP 360 Central, both units must have the same username and password.

When you add a LoadMaster HA pair to KEMP 360 Central, the shared IP is not included in any statistics.

Before a device can be added to KEMP 360 Central, a network must exist. For steps on how to add a network, refer to the   Network Management section.

Adding Devices.png

1. Click the cloud icon on the left.

Adding Devices_1.png

2. Highlight the relevant network. For example: if the device IP address is 192.168.150.10, you must add the device to the network that contains that IP address in its range (as specified by the network’s CIDR address).

Adding Devices_2.png

3. Click the plus (+) icon in the bottom-left and select Add a Device.

5.2.1.1 Add Details for a LoadMaster

image020.png

Use the following steps when adding the details for a LoadMaster only:

1. Click the Plus icon at the bottom left of the screen then click Add a Device.

2. From the Device Type drop-down list, select LoadMaster.

3. Type the IP Address of the LoadMaster.

The LoadMaster address must be within the IP address range specified for the network you selected in Step 2, or an error is returned.

4. Enter the Port number.

5. In an Azure environment, type 8443 as the Port.

If no port is entered, the port defaults to 443.

6. Type the Username and Password of the LoadMaster.

7. Type the Alternate WUI Access address for LoadMasters licensed using ASL. If you do not specify a port number, it will be auto populated with the private port number.

If using Azure, this is the DNS name that appears in the Azure Dashboard screen for KEMP 360 Central.

8. Enter a Nickname for the LoadMaster.

If a Nickname is not entered here, the IP address of the LoadMaster will be used instead.

9. Click Apply. A message will appear when the LoadMaster is added.

5.2.1.2 Add Details for a LoadMaster HA Pair

Add a Device 2.png

Before you create a LoadMaster HA pair, you must ensure the following: 

  • The two LoadMaster HA mode units participating in the HA pair have already been added to KEMP 360 Central as LoadMaster type devices.
  • The two LoadMasters are available (up) and communicating successfully with KEMP 360 Central – their icons must be green or blue in the network tree.
  • You know the IP addresses and ports of the two HA mode LoadMaster units, in addition to the shared IP address and port.
  • Ensure that the credentials (username and password) are the same for both units.

After you ensure the prerequisites shown above are complete, perform the following steps to configure two HA mode LoadMasters into a LoadMaster HA pair:

1. Click the Network and Device Administration icon on the left.

2. Click the + icon on the lower left to open the Add a Device screen.

3. Enter or select the parameters shown in the table below:

Parameter

Description

Device Type Select LoadMaster HA Pair.
HA Shared IP : Port Type the IP address and port of the HA shared IP address used by the HA LoadMasters.
Platform The platforms available are Hardware / Local Hypervisor, AWS Cloud and Azure Cloud.
Nickname (Optional) A name for the device that will appear in the network tree on the left and elsewhere in the UI.
Username Password The username and password for the HA configuration. This username and password combination must be defined on both LoadMasters.
HA1 IP : Port Select the LoadMaster configured as HA1 in the LoadMaster WUI’s HA Configuration page.
HA2 IP : Port Select the LoadMaster configured as HA2 in the LoadMaster WUI’s HA Configuration page.

4. Click Apply. The Shared IP Address (or Nickname, if you supplied one) now appears in the appropriate place in the network tree on the left, with the two HA mode LoadMasters organized underneath, as shown in the example below.

You can perform the same steps on the Welcome on Board page.

LoadMaster HA pair.png

If you try to create a HA pair with at least one device that has not been contacted by KEMP 360 Central, you will get an error message.

5.2.1.3 Add Details for a Third Party Device

In addition to LoadMasters, KEMP 360 Central enables you to manage third party devices, including NGINX, HAProxy, AWS-ELB and F5 BIG-IP.

The following are the steps for adding a third party device to KEMP 360 Central:

Add a device.png

1. From the Device Type drop-down list, select the appropriate third party device.

2. The fields available on the screen vary depending on the Device Type selected (see the table below). Complete the fields as required. To view tool-tip text for a field, hover the cursor over the field.

3. When finished filling out the fields, click Apply.

Field

Description

NGINX

HAProxy

AWS-ELB

F5-BIGIP-LTM

IP Address

The IP address on which the user interface (UI) is available. The address must be within the IP address range of the specified network.

✓

✓

✓

✓

Port

Optional. The port on which the UI is running at the IP address specified. It defaults to 443.

✓

✓

✓

✓

Username/Password

The credentials required to log in to the administrative interface.

✓

✓

 

✓

Status URI

Required. The path element of a URI that KEMP 360 Central will use to gather status and statistics information from the device (for example, "/status", "/haproxy?status"). The supplied path is appended to the device IP address:port.

✓

✓

 

 

Access Key ID

Required. The Access Key ID for logging into the AWS-ELB access key ID

 

 

✓

 

Secret Access Key

Required. The secret access key for the specified AWS-ELB access key ID.

 

 

✓

 

AWS LB Name

Required. This name identifies the load balancer on the AWS.

 

 

✓

 

AWS Region

Required. The AWS region where this ELB is configured

 

 

✓

 

Public Address

Required only for Azure and ASL, otherwise optional. Specify the FQDN returned by DNS for the device type or specify the IP address followed by a colon and port number (for example, 10.10.10.10:443).

✓

✓

✓

✓

Nickname

Optional. Used in the KEMP 360 Central UI as an alias for this. If this is not specified, the IP address and port are used to identify this in the UI.

✓

✓

✓

✓

5.2.1.4 Network Detail Automation

When adding a LoadMaster to KEMP 360 Central, network information is automatically added and configured. Some points about this are provided below:

If the network does not already exist in KEMP 360 Central, it is added when the LoadMaster is added.

- The LoadMaster is added to the network containing the specified IP address, for example, if a LoadMaster with IP address 10.10.20.20 contains the following networks:
10.10.0.0/16

- 10.11.0.0/16
10.12.0.0/16
The LoadMaster is added to the 10.10.0.0/16 network.

If the primary network of the LoadMaster is altered (for example, from 10.10.10.20/16 to 10.10.10.20/24), the LoadMaster is moved into the new network.

Networks automatically organise themselves in the appropriate hierarchy, for example, the network 10.154.0.0/16 automatically becomes a subnet of 10.0.0.0/8 and existing 10.154.n.n/24 networks become subnets of 10.154.0.0/16.

Networks are not automatically removed if they are no longer present on attached LoadMasters.

When you add a device with ‘All Networks’ selected in the Network drop-down, KEMP 360 Central attempts to locate the new device within the network that has the smallest IP address range that contains the specified IP address for the device. For example, you add the following network 13.0.0.0/8. If you then add a device with an IP address that is within that network range, such as 13.0.0.11, KEMP 360 Central places the device within that network. If there are two existing networks that contain the IP address specified, for example, 13.0.0.0/8 and 13.0.0.0/24, KEMP 360 Central locates the new devices under the network with the smaller IP address range (in this case, 13.0.0.0/24).

5.2.2 Modify a Device

To edit an existing device, select the device on the left and click the pencil icon at the bottom of the screen. Make the changes as needed and click Apply to apply the changes.

Modify a Device.png

If your initial connection fails and you need to use an alternate address to access the WUI, type the address in the Alternate WUI Access field and click Apply. This is generally applicable in an Azure and AWS environment or if you have configuration problems with your LoadMaster.

If certificate-based authentication is being used to authenticate from KEMP 360 Central to the LoadMaster, it may not be possible to edit the Username and Password for the LoadMaster. For further information, refer to the Certificate-based LoadMaster Authentication section.

When you modify a device’s IP address, the list of networks shown in the Network drop-down list only contains networks whose IP address range contains the specified IP address. For example, you have two networks, 10.0.0.0/24 and 192.168.0.0/24, and you modify a device's IP address from 10.0.0.11 to 192.168.0.11. After you do this, only the 192 network appears in the Network drop-down list and not the 10 network.

If you are editing a LoadMaster HA pair, you must do it at the shared IP level. In addition, you must ensure that the parameters you provide are valid because they are checked by KEMP 360 Central. Therefore, you must use the correct IP address, correct credentials, and port numbers. If everything is set up and correct, it is verified by the system. If you want to delete a LoadMaster HA pair, you must delete the shared IP address. If you try to delete an individual LoadMaster, you will not be able to.

5.2.3 Modify a LoadMaster HA Pair

You cannot edit the nodes of a LoadMaster shared IP. For example, if the IP address of the LoadMaster HA node is changed for any reason, you can edit the IP address of the node that was changed on KEMP 360 Central. The updated IP address can then be seen on the shared IP in the HA1 or HA2 field. This is shown in the figures below. In the first figure, the individual node is selected and the IP address is updated. The second graphic shows the updated node after the IP was changed.

Changing node IP address.png

shared IP after node IP changed.png

If you want to move the LoadMaster HA pair to a different sub-network, you can only move it using the shared IP node only.

5.2.4 Remove a Device

To remove a device, select the relevant device from the left menu. Click the minus (-) icon at bottom-left and click Remove when the pop-up message appears. If you remove a shared IP address, it removes the two HA units under it. If you remove a shared IP address that contains ASL units, KEMP 360 Central attempts to deactivate both units.

5.2.5 Checking the Status of a Device

KEMP 360 Central updates the status and configuration information on two separate cycles:

• Status information for devices and services is updated every minute. This is essentially the information displayed on the Monitoring and Graphs tabs, such as availability and statistics.

• Configuration information is updated every 60 minutes. This is essentially the information displayed on the Service Configuration and System Configuration tabs, such as the number of services, SubVSs, real servers – and their parameters. You can also request a manual update of a particular device’s configuration at any time by following the procedure below.

 

image9.png

The status of each device is updated every minute. To check the current status of an individual device, perform the following steps:

1. Click the Network and Device Administration icon.

2. Locate the device whose configuration you want to update in the network tree and click on it. This opens the Monitoring tab for the device.

3. Click Update to request an immediate configuration update from the device. A progress bar appears when updating and a message appears informing you that the update was successful. If the device cannot be contacted, this button is disabled.

4. If there are any status changes to your device they will appear here.

If the update fails, a red warning message appears. To find out more information, you can check the system log.

The shared IP address of a LoadMaster HA pair does not show up on the Monitoring page but the status of the devices does.

5.2.6 Certificate-based LoadMaster Authentication

If you are using a KEMP 360 Central instance with version 1.6 or higher, and you add a LoadMaster with version 7.1.35 or higher, certificate-based authentication is used to authenticate the communications between KEMP 360 Central and the LoadMaster. To enable certificate-based authentication, KEMP 360 Central automatically configures some settings when a LoadMaster is added to it:

The Application Program Interface (API) is enabled on the LoadMaster. This is to ensure that KEMP 360 Central can communicate with the LoadMaster.

Session Management is enabled on the LoadMaster.

A local user is created on the LoadMaster which is used by KEMP 360 Central to authenticate to the LoadMaster. This user is provided with All Permissions on the LoadMaster.

A local certificate is generated for the local user created in the previous step. This certificate is then stored in KEMP 360 Central to authenticate to the LoadMaster.

The Admin Login Method on the LoadMaster is changed to Password or Client certificate. This is to enable certificate-based authentication on the LoadMaster.

When a LoadMaster is removed from KEMP 360 Central, none of the above settings change. For example, when you remove a LoadMaster from KEMP 360 Central, certificate-based authentication is not removed from the LoadMaster. It remains in effect and must be removed manually using the LoadMaster UI, if that is required.

If any of the requirements for certificate-based authentication are not met, for example if Session Management becomes disabled on the LoadMaster – the authentication will break and the LoadMaster credentials must be re-entered into KEMP 360 Central to re-establish the connection. For further information on certificate-based authentication in general, refer to the User Management, Feature Description.

image3.png

The workflow is as follows:

1. Add a LoadMaster to KEMP 360 Central using an administrative LoadMaster username and password.

2. KEMP 360 Central attempts to contact the LoadMaster using the credentials supplied. If it is successful, KEMP 360 Central then attempts to set up certificate authentication with the LoadMaster. If certificate authentication fails, you get an error message and see the icon on the device either remain as the 'never contacted' icon (for unmanaged devices) or change to the 'unauthorized' icon. If SMTP is set up correctly, you also receive an email message that certificate authentication has failed.

3. KEMP 360 Central continues to try and contact the device. If negotiating certificate authentication fails and/or contact is never established, you can edit the LoadMaster configuration on KEMP 360 Central so that KEMP 360 Central and LoadMaster will use only basic authentication (username and password) and will not attempt to negotiate certificate authentication. To do this:

a) Click the device in the network tree.

b) Click the Edit icon at the bottom left of the UI.

c) Under Authentication, click Basic.

d) Click Apply.

Since version 1.16 of KEMP 360 Central you can now choose to opt out of certificate authentication by editing the Authentication setting so that the unit uses basic authentication and does not attempt to establish certificate authentication. To change from Certificate to Basic authentication, re-enter your username and password for the device, select Basic and click Apply.

5.2.7 Unmanaged Devices

If there are any devices that KEMP 360 Central has never contacted successfully, these are clearly identified in the left frame in a node entitled Unmanaged Devices directly under All Networks. In addition, each unmanaged device has a specific icon that is easily recognized. If there are no unmanaged devices present, the Unmanaged Devices node is hidden and cannot be seen.

Network and Device Management_1.png

To address issues with Unmanaged Devices:

  • Check the credentials required to log into the device and if necessary edit the device and re-enter it into KEMP 360 Central
  • Ensure the device is properly connected to the network
  • Check the KEMP 360 Central logs and the logs on the device

When you add a device with All Networks selected in the Network drop-down, KEMP 360 Central attempts to locate the new device within the network that has the smallest IP address range that contains the specified IP address for the device. For example, you add the following network: 13.0.0.0/8. If you then add a device with an IP address that is within that network range, such as 13.0.0.11, KEMP 360 Central places the device within that network. If there were two existing networks that contain the IP address specified, for example, 13.0.0.0/8 and 13.0.0.0/24, KEMP 360 Central locates the new device under the network with the smaller IP address range (in this case, 13.0.0.0/24).

6   System Configuration

Adding Devices.png

It is possible to manage LoadMasters using the KEMP 360 Central interface. To access the LoadMaster configuration area, click the cloud icon in the menu on the left and then select the System Configuration tab.

The System Configuration section of KEMP 360 Central enables users to locally manage LoadMasters. Users may manage: templates; firmware; reboots; backup; restore and/or syslog settings for any LoadMaster on a network.

6.1 Open the LoadMaster UI from KEMP 360 Central

Clicking the Open WUI link will open a browser window to the LoadMaster UI. The read-only user does not have access to the Open WUI link. To click the Open WUI link, follow the steps below:

Open the LoadMaster UI from.png

1. Select the relevant LoadMaster on the left.

2. Click System Configuration.

Open the LoadMaster UI from_1.png

3. Clicking the Open WUI link in the menu will open the UI of the selected LoadMaster.

6.2 LoadMaster Reboot

KEMP 360 Central gives users the ability to centrally reboot LoadMasters. You can reboot a single LoadMaster or selected LoadMasters simultaneously.

Reboot a LoadMaster using the KEMP 360 Central interface by following these steps:

1. Click the relevant network or subnetwork in the left pane of the UI.

2. In the right pane, select the System Configuration tab and then expand the System Reboot section.

This displays a list of the LoadMasters on the network you selected in the previous step, as shown in the example below.

LoadMaster Reboot.png

3. To reboot a single LoadMaster, select the check box beside the LoadMaster for rebooting and click the Reboot button.

4. Reboot multiple LoadMasters by ticking the checkbox of each LoadMaster and then clicking the Reboot Selected button. Alternatively, choose the Select All checkbox and click the Reboot All button to reboot all LoadMasters in the relevant network.

LoadMaster Reboot_1.png

5. The system displays Rebooting… next to each rebooted unit until the unit is available again.

You can reboot your LoadMasters using the shared IP address or directly from the devices.

6.2.1 Schedule a LoadMaster Reboot

By carrying out the following steps, users can schedule the reboot of a single or multiple LoadMasters:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

3. In the left-hand menu, click the network to which the LoadMaster or LoadMasters you wish to schedule for a reboot is attached.

Schedule a LoadMaster Reboot.png

4. Expand the System Reboot section.

5. Select the check box of the LoadMaster or LoadMasters you wish to reboot and click the Schedule button.

If you wish to schedule a reboot of all LoadMasters in a network, enable the Select All check box.

image003.png

6. Enter the time, date and frequency, for which you wish to schedule the reboot.

Tasks cannot be scheduled within one hour of each other.

7. Click Schedule.

8. Further information on scheduling can be found in Scheduled Actions.

6.3 Template Management

Using a template automatically populates the settings in a Virtual Service. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

For more information on templates please refer to Virtual Services and Templates, Feature Description.

To add a template to a LoadMaster using KEMP 360 Central, the template file must first be uploaded to the KEMP 360 Central Global Repository.

6.3.1 Upload the Template to KEMP 360 Central Global Repository

To do this, use the following steps:

Upload the Template to KEMP.png

1. In the menu, click the Global Repository icon and then click Template Management.

Upload the Template to KEMP_1.png

2. Click Select Template.

3. Browse to and select the template file. Multiple files can be selected, if desired.

Upload the Template to KEMP_2.png

4. Click Upload.

5. Wait for the template file to finish uploading. A message appears when the upload completes.

6.3.2 Upload a Template File to a LoadMaster 

Once you have uploaded a template to KEMP 360 Central, the template can be installed on one or more LoadMasters. To do this, perform the following steps:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

Upload a Template File to.png

3. In the left pane, select the relevant network or LoadMaster.

4. In the right pane, expand the Templates section.

Upload a Template File to_1.png

If you selected a network instead of a LoadMaster, you can tick multiple LoadMasters and install a template on them all at one time.

5. From the Select a template to apply drop-down menu, click the template you wish to add.

6. Do one of the following:

If you selected a single LoadMaster in Step 3, click Upload Selected to install the template on that LoadMaster.

If you selected a network in Step 3, tick the LoadMasters on which you want to install the template, and then click Upload Template.

7. A message will appear when the upload completes.

6.4 Update the LoadMaster Firmware

To update the LoadMaster firmware using KEMP 360 Central, first upload the firmware update file to KEMP 360 Central Global Repository. Then, the desired LoadMasters can be updated with the selected firmware. Firmware updates can be immediate or scheduled for a future date, time and frequency.

6.4.1 Upload the LoadMaster Firmware Update File to the Global Repository

To do this, follow the steps below:

Upload the LoadMaster Firmware.png

1. In the menu, click the Global Repository icon and then click Firmware Management.

Upload the LoadMaster Firmware_1.png

2. Click Select Firmware.

3. Browse to, and select the firmware update file. Multiple files can be selected, if desired.

4. Click Upload.

5. Wait for the firmware update file to finish uploading.

6. A message appears when the upload completes.

6.4.2 Update the Firmware on Selected LoadMasters

When the firmware has been uploaded to KEMP 360 Central Global Repository, LoadMasters can be updated individually or in groups. To do this, follow the steps below:

The LoadMaster will be automatically rebooted after the firmware update has completed. This may result in a brief service outage. If possible, perform upgrades during a maintenance window or during known periods of reduced traffic.

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

Update the Firmware on Selected.png

3. Select either an individual LoadMaster, or a network - depending on whether you want to update an individual LoadMaster or multiple LoadMasters on a network.

You can perform firmware management on HA1, HA2, and the shared IP address. If you perform an update using the shared IP address, the original master remains as master.

Update the Firmware on Selected_1.png

4. Click Select a firmware to apply to display the list of available firmware updates.

5. Click the desired firmware version.

6. If a network was selected, select the check-box(es) of the LoadMaster(s) to be updated.

7. Click the Update Selected/Update All button.

A warning displays if the firmware version being installed is lower than the current LoadMaster firmware version. This may result in a loss of some functionality.

LoadMasters with firmware between 7.1-26 and 7.1-30b have reduced statistics functionality.

KEMP 360 Central does not work with firmware below 7.1-26.

8. Wait for the firmware update to complete.

When the update is finished, the LoadMaster automatically reboots.

When the firmware update is complete and the LoadMaster(s) successfully rebooted, the LoadMasters come back online and KEMP 360 Central reflects the LoadMaster status.

6.4.3 Schedule a LoadMaster Firmware Update

By carrying out the following steps, users can schedule the firmware update of one or multiple LoadMasters:

1. Upload the LoadMaster firmware update file, as described in the Upload the LoadMaster Firmware Update File to the Global Repository section.

2. Click the cloud icon on the left of the screen.

3. Select the System Configuration tab.

4. In the left-hand menu, select the relevant network.

Schedule a LoadMaster Firmware.png

5. Expand the Update LoadMaster Firmware section.

6. Select the check box of the LoadMaster or LoadMasters you wish to update the firmware of and click the Schedule button.

If you wish to schedule a firmware update of all LoadMasters in a network, select the Select All check box.

Schedule a LoadMaster Firmware_1.png

7. Enter the time, date and frequency, for which you wish to schedule the firmware update.

Tasks cannot be scheduled within one hour of each other.

8. Click Schedule.

Further information on scheduling can be found in the Scheduled Actions section.

6.5 Backup/Restore

KEMP 360 Central allows users to create a backup archive, store that backup centrally on KEMP 360 Central, and restore that backup archive onto any LoadMaster.

To restore the settings, a backup file must first exist in KEMP 360 Central.

There are two ways to take a backup. The method to use depends on whether the LoadMaster to be backed up exists in KEMP 360 Central:

If the LoadMaster exists in KEMP 360 Central: back up using KEMP 360 Central - refer to the Back Up a LoadMaster using KEMP 360 Central section for steps on how to do this.

If the LoadMaster does not exist in KEMP 360 Central: back up using the LoadMaster UI and upload the backup file to KEMP 360 Central. Refer to the Importing a LoadMaster Backup into KEMP 360 Central section for steps on how to do this.

6.5.1 Back Up a LoadMaster using KEMP 360 Central

LoadMasters which exist in KEMP 360 Central may be backed up in the following way:

1. In the KEMP 360 Central UI menu, click the cloud icon.

Upload a Template File to.png

2. Select the relevant Network/LoadMaster.

3. Select the System Configuration tab.

4. Expand the Backup/Restore section.

Back Up a LoadMaster using.png

5. If you selected a network, tick the LoadMasters which you would like to back up.

6. Click Backup/Backup Selected. A pop-up message displays saying the backup was created.

Once created, the backup file can be found in the Backup Repository section of the Global Repository.

You can also back up the shared IP address, HA1 and HA2 units of a LoadMaster HA pair.

6.5.2 Importing a LoadMaster Backup into KEMP 360 Central

For LoadMasters that do not exist in KEMP 360 Central, you can create a backup locally using the LoadMaster UI, and then upload it to KEMP 360 Central.

Importing a LoadMaster Backup.png

In the UI of the LoadMaster, go to System Configuration > System Administration > Backup/Restore > Create Backup File.

Then, upload the backup file to KEMP 360 Central by following the steps below:

1. In the KEMP 360 Central UI menu, click the Global Repository icon and then click Backup Repository.

Importing a LoadMaster Backup_1.png

2. Click Select Backup.

3. Browse to and select the relevant backup file.

Importing a LoadMaster Backup_2.png

4. Click Upload.

5. Wait for the backup file to upload.

A message will appear when the upload completes. The upload is now available for applying to LoadMasters under KEMP 360 Central control using the Restore backup functionality as described in the Restore LoadMaster Settings section.

6.5.3 Restore LoadMaster Settings

When a backup file is available in KEMP 360 Central, the settings can be restored to a LoadMaster. To do this, perform the following steps:

Please do not restore a non-Azure LoadMaster backup to an Azure LoadMaster.

1. Click the cloud icon on the left of the screen.

Restore LoadMaster Settings.png

2. Select the relevant network or LoadMaster.

3. Select the System Configuration tab.

4. Expand the Backup/Restore section.

Restore LoadMaster Settings_1.png

5. If the network was selected, select the check boxes of the relevant LoadMaster(s).

6. Click the Select a backup to restore button and select the desired backup file.

Restore LoadMaster Settings_2.png

7. Click the Restore Selected button.

8. A message will appear when the restore completes.

6.5.4 Schedule a LoadMaster Backup/Restore

By carrying out the following steps, users can schedule the backup/restore of a single or multiple LoadMasters, in the future:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

3. In the left-hand menu, click the network to which the LoadMaster or LoadMasters you wish to schedule for a backup/restore is attached.

Schedule a LoadMaster Backup.png

4. Expand the Backup/Restore section.

5. Select the check box of the LoadMaster or LoadMasters you wish to backup/restore and click the Schedule button.

If you wish to schedule a backup/restore of all LoadMasters in a network, enable the Select All check box.

image007.png

6. Enter the time, date and frequency, for which you wish to schedule the backup/restore.

Tasks cannot be scheduled within one hour of each other.

7. Click Schedule.

6.5.5 Backup and Restore KEMP 360 Central

As a KEMP 360 Central administrator, you can back up your KEMP 360 Central configuration using controls provided within the UI. This includes all KEMP 360 Central administrative settings, all managed device settings, all repository files and all statistics data. To use the backup feature, follow the steps below:

1. Click the Settings and Configuration icon.

2. Click Backup & Restore.

Backup and Restore KEMP 360.png

3. Type a password then click Backup. For details on password requirements, see the Appendix: Password Information. Depending on your browser, this prompts you to download a backup file in your Downloads folder or in a location you select.

4. Save the backup to the location where you want to store it.

To restore the backup file, follow the steps below:

1. Click Select File and browse to the location where the backup is stored.

2. Select the file then click Upload & Check. You can view the progress of the upload in the progress bar. If the upload is successful, you will see a notification on the screen.

The KEMP 360 Central instance on which you are restoring the archive must be licensed outside of the backup process and the license applied must match the license in effect on the system where the backup archive was created. If the license information does not match, the restore process will not continue.

Backup and Restore KEMP 360_1.png

3. Type the password used to create the backup archive, then click Restore.

Backup and Restore KEMP 360_2.png

4. Click Yes to the message that appears. For ASL LoadMasters, the following screen appears while the backup is being restored:


Backup and Restore KEMP 360_3.png

Backup and Restore KEMP 360_4.png

While a restore operation is in progress, API and UI access to KEMP 360 Central is blocked.

  1. After the operation completes, log in again.

6.5.6 Restoring KEMP 360 Central ASL Notes

If you are restoring an instance of KEMP 360 Central that uses ASL licensing, you may receive the message that appears in Step 4 of the previous procedure. Regardless of whether you choose to change the IP address of the newly restored unit or the unit on which the backup was taken, the managed devices (LoadMasters, and so on) that are defined on the newly restored unit, will continue to send syslogs, and so on, to the KEMP 360 Central IP address restored from the backup archive.

Therefore, when you select the system on which you will change the IP address, you can minimize the amount of additional changes you might need to make by selecting the system that you do not want to collect syslogs from. By doing this, you do not have to change IP addresses on all of the managed devices to point to the new IP address.

6.5.7 Configuring Syslog Collection from Managed Devices

You can configure KEMP 360 Central to collects logs from all managed devices that support exporting logs to a syslog server. This includes: LoadMaster, F5, NGINX, and HA-Proxy ADCs. (AWS ELB does not currently support remote syslog functionality.)

  • For LoadMaster, the appropriate syslog options on LoadMaster are configured by KEMP 360 Central when the device is added to KEMP 360 Central and the LoadMaster is contacted for the first time.
  • For other devices, you must add the KEMP 360 Central IP address to the list of remote syslog hosts using the UI for that device.

6.5.8 LoadMaster Syslog Collection

When a LoadMaster is first added to KEMP 360 Central, the KEMP 360 Central IP address is automatically appended to the existing list of syslog hosts. After this is set, all logs are sent to KEMP 360 Central and can be downloaded using the KEMP 360 Central interface. For more information relating to downloading the logs, refer to the System Logs section.

For a LoadMaster connected to KEMP 360 Central, you can edit the LoadMaster syslog settings using KEMP 360 Central by performing the following steps:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

LoadMaster Syslog Collection.png

3. Select the LoadMaster with the settings you wish to update.

When updating the syslog targets for a LoadMaster HA pair, use the shared IP address.

4. Go to Log Settings.

5. Expand the Syslog Options section.

LoadMaster Syslog Collection_1.png

6. Enter the relevant IP addresses of the one or more remote syslog servers in the relevant text boxes. Multiple IP addresses must be separated with a comma.

7. Click Submit to save the changes.

The syslog settings are then updated on the selected LoadMaster(s). The KEMP 360 Central view of the LoadMaster Syslog Options always remains correct.

Six different error message levels are defined and each message level may be sent to a different server. Notice messages are sent for information only; Emergency messages normally require immediate user action.

Up to 10 individual IP addresses can be specified for each of the Syslog fields. Multiple IP addresses must be separated by commas.

The following are examples of the type of message that may be seen after setting up a syslog server:

Emergency: Kernel-critical error messages

Critical: Unit 1 has failed and unit 2 is taking over as master (in a High Availability (HA) setup)

Error: Authentication failure for root from 192.168.1.1

Warn: Interface is up/down

Notice: Time has been synced

Info: Local advertised Ethernet address

Syslog messages cascade in an upwards direction. Thus, if a host is set to receive WARN messages, the message file will include message from all levels including and above WARN but none for levels below. 

If all six levels are set to the same hostn - multiple messages for the same error are sent to the same host.

6.5.8.1 Syslog Collection for F5, NGINX, and HAProxy

For F5, NGINX, and HAProxy devices, syslog collection must be enabled manually on the device through the native user interface. Once the device has been added to KEMP 360 Central and KEMP 360 Central is added as a syslog target to the device, KEMP 360 Central automatically starts collecting logs from these devices.

See the documentation for the device to configure remote syslog options to include the KEMP 360 Central IP address. Documentation current at the time this document was last updated is available at these links:

6.6 Licenses

A summary of license details for all the LoadMasters in All Networks or a specific network can be displayed by clicking Network and Device Administration, selecting the appropriate network node in the network hierarchy, clicking System Configuration, and opening the Licenses section. You can display the Licenses section for all networks by clicking Network and Device Administration > System Configuration. You can also display the License section for all networks by clicking the Global Dashboard icon then clicking View List on the Non-Local Licenses & Subscriptions widget.

By default, the licenses are sorted by IP address in ascending order. You can change the order of displayed results by clicking the arrows next to the IP Address column and the Expiration Date column. In the License or Subscription column the license type is displayed first and any subscription-based licenses will be indented below this.

A Classic license refers to a non-subscription-based (or legacy) license.

If you add a LoadMaster, it should appear in the Licenses table without having to refresh the page. If you do not see it, you may need to check the credentials specified for the device on KEMP 360 Central. Similarly, if you delete a LoadMaster, it will be removed from the list. Any LoadMasters that have passed their expiration date will appear in red in the Expiration Date column.

The Licenses table does not list any devices that are down or otherwise unreachable.

Licenses.png

There is no licensing information relating to the shared IP address.

6.7 HA Configuration

In the HA Configuration section (Settings and Configuration > HA Configuration), you can configure two KEMP 360 Central instances into a master-slave High Availability (HA) configuration as follows:

  • Both HA units are active in terms of enabling you to make changes to KEMP 360 Central and managed device configuration, synchronization of data, and gathering syslog output from managed devices.
  • Only the master unit generates statistics and communicates these to the slave unit periodically.
  • Scheduled actions can be configured on either unit and are communicated to the other unit, but they are executed only by the current master unit.

Currently, HA is supported only on non-Service Provider License Agreement (SPLA) instances of KEMP 360 Central.

Under normal operating conditions the master processes the scheduled tasks and the slave synchronizes repository files from the master. If the slave fails, nothing happens but when it recovers, it checks if the master is up. If the master is not up the slave becomes the master. If the master is up, the slave synchronizes repository files from the master and receives log files from it also.

When configuring two KEMP 360 Central instances into HA mode, both units must have at least one network defined for the initial synchronization to complete successfully. Remember, once the two units are initialized into HA mode, the configuration of the Preferred Master is propagated to the Preferred Slave, and the Preferred Slave’s configuration is overwritten. When the initial synchronization is complete, changes are propagated in both directions.

Before configuring two KEMP 360 Central instances into HA mode, decide which unit you want to be the Preferred Master. The Preferred Master will always assume the master role in the HA configuration when it is available. The other unit will become the Preferred Slave; should the Preferred Master become unavailable, the Preferred Slave will take over from the master and return control to the Preferred Master once it is available again.

To configure two KEMP 360 Central instances into HA mode, perform the following steps:

  1. Go to the unit you want to make the slave.
  2. Copy the HA Key of the peer you want to become the slave.
  3. Open the master and copy the HA Key from the previous step into the HA Key for the Other Peer field.
  4. Select the Preferred Master checkbox to ensure this device is the default master.
  5. Type the IP address of the slave unit in the IP Address for the Other Peer field.

HA Configuration.png

  1. Click Apply.
  2. Copy the HA Key of the Preferred Master.
  3. Open the Preferred Slave and copy the HA Key from the previous step into the HA Key for the Other Peer field.
  4. Type the IP address of the master unit in the IP Address for the Other Peer field.

HA Configuration_1.png

  1. Click Apply.

Both KEMP 360 Central HA units will try to contact one another every 30 seconds; this is called a heartbeat and is the method by which the two units determine when a fail over should occur. Since these heartbeats occur every 30 seconds, there can be up to a 30-second delay between the time that the current master HA unit becomes unavailable and the time that the current slave becomes aware of the outage and attempts to take over the master role.

The sequence number is mainly used for debugging and should match the sequence number on the peer. This is useful to check if the pairs are working correctly.

If the master goes down, this can be viewed in the HA Status panel after 30 seconds. If you click Refresh, you will see the error and the number of heartbeats that were missed. The slave now becomes the master. Once the original master comes back online, the system reverts to the original master as long as you selected the Preferred Master checkbox when you configured it.

You can configure a LoadMaster HA pair within a KEMP 360 Central HA pair.

7 Service Configuration

In the Service Configuration section, users perform various management tasks.

7.1   Virtual Service Management

Users can view a list of Virtual Services, add or delete a Virtual Service. They can also modify the basic properties of individual Virtual Services as required.

7.1.1 Display the List of Virtual Services Attached to a LoadMaster

To view the list of Virtual Services attached to a LoadMaster, perform the following steps:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. To display a particular Virtual Service from the list on the left, select the relevant network or LoadMaster.

Display the List of Virtual_1.png

KEMP 360 Central displays a list of Virtual Services attached to the selected instance.

The status of each Virtual Service is indicated by the color of the circle beside the IP address. Green indicates the Virtual Service is up while a red status means the Virtual Service is down. Edit and delete icons are also available on this screen.

For LoadMaster HA pairs, this must be done through the shared IP.

7.1.2 Add a Virtual Service

1. Click the cloud icon on the left of the screen.

image012.png

2. Click Service Configuration.

3. Select the LoadMaster to which you wish to add the Virtual Service.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

Add a Virtual Service.png

4. Click Add Virtual Service.

Add a Virtual Service_1.png

5. Enter the Virtual Address of the Virtual Service you are adding.

6. Enter the Port of the Virtual Service. The valid range is 3 – 65530.

When adding a Virtual Service, you must use an IP Address and Port combination which is unique on the LoadMaster.

7. Enter a recognisable, unique name as the Service Name, if desired.

8. Select the appropriate Protocol from the drop-down list.

Add a Virtual Service_2.png

9. Click Apply. A message will appear to inform you that the Virtual Service has been successfully added.

7.1.3 Modify a Virtual Service

Occasionally you may need to make changes to the settings of a Virtual Service. Changes are made in the Service Configuration section of KEMP 360 Central.

image018.png

1. Click Service Configuration.

2. Select the LoadMaster you wish to modify.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

Modify a Virtual Service.png

3. Click the pencil icon beside the Virtual Service you wish to modify.

4. Make any modifications, as needed.

Users can modify the following sections:

Basic Properties

Real Servers

Standard Options

5. When the changes are made click Apply.

Modify a Virtual Service_1.png

To deactivate a Virtual Service on this screen, click Disable.

7.1.4 Remove a Virtual Service

To delete a Virtual Service using KEMP 360 Central, in the Service Configuration section:

1. Click the X beside the Virtual Service you wish to delete. A dialog box appears asking you to confirm you wish to remove the Virtual Service.

2. Click Remove.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

7.1.5 Migrate a Virtual Service

It is possible to migrate an existing Virtual Service from one LoadMaster to another LoadMaster. To do this, follow the steps below:

This migrates Real Servers, SubVSs and some other configuration settings. However, not all settings are currently migrated.

Migrate a Virtual Service.png

1. Click the VS Motion Migrate icon.

Migrate a Virtual Service_1.png

2. Select the Target LoadMaster.

3. Modify the Virtual Address and Port, if needed.

4. Decide whether or not to enable the Virtual Service on the target LoadMaster.

5. Click Copy to copy the Virtual Service, or Move to move it (that is, move it to the target LoadMaster and remove it from the original LoadMaster).

If you are migrating a Virtual Service to a LoadMaster HA pair, ensure you migrate to the shared IP node and not the HA1 or HA2 individual unit.

7.2 SubVS Management

KEMP 360 Central users can view a list of SubVSs and add or delete a SubVSs. Users can also modify the basic properties of an individual SubVS as required.

7.2.1 Display a List of SubVSs on a Virtual Service

KEMP 360 Central users can view the list of SubVSs. The following steps show how to access the list:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Click the LoadMaster to which the Virtual Service whose SubVSs you wish to display are attached.

For LoadMaster HA pairs, you must do this through the shared IP address. You cannot do this through the HA1 or HA2 unit.

Display a List of SubVSs on_1.png

KEMP 360 Central displays the list of Virtual Services attached to a LoadMaster.

4. Click the edit icon of the Virtual Service whose list of SubVSs you wish to view.

Display a List of SubVSs on_2.png

5. Expand the SubVSs section. The list of attached SubVSs is displayed.

7.2.2 Add a SubVS

KEMP 360 Central users can add a SubVS. The following steps show how to add a SubVS to a Virtual Service:

1. Click the cloud icon on the left of the screen.

image012.png

2. Select the Service Configuration tab.

3. Select the relevant LoadMaster.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

4. Click the edit icon of the relevant Virtual Service.

Add a SubVS.png

5. Expand the Real Servers section.

Add a SubVS_1.png

6. Click the Real Servers/SubVSs toggle button.

7. Click the New SubVS button.

It is not possible to add a new SubVS if auto-scaling is enabled. To disable auto-scaling, click the Real Servers/SubVSs toggle button and remove the tick from the Auto Scale check box.

Add a SubVS_2.png

An ID number has been assigned to the SubVS.

8. Click the edit icon of the SubVS you added.

9. Make modifications to the following sections, as needed: 

Basic Properties

Real Servers

Standard Options

10. Click Apply.

7.2.3 Modify a SubVS

The following steps show how to modify a SubVS with KEMP 360 Central:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Select the relevant LoadMaster.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

Modify a Virtual Service.png

4. Click the edit icon of the relevant Virtual Service.

5. Expand the SubVSs section.

6. Click the edit icon of the SubVS you wish to modify.

7. Make modifications to the Basic Properties, Real Servers and Standard Options sections as necessary.

8. Click Apply.

7.2.4 Disable a Real Server for VS and SubVS

The following steps show how to disable a Real Server for VS and SubVS with KEMP 360 Central:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Click the LoadMaster to which the Virtual Service Real Server you want to disable is attached.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

4. Click the edit icon of the Virtual Service to which the Real Server you want to disable is attached.

5. Expand the Real Servers section.

6. Click the edit icon then clear the Enable Server checkbox.

7. Click Save to save your changes.

The same procedure applies when you want to disable the Real Server on a SubVS. You can check the status of the device on the LoadMaster. To reenable a device, just select the Enable Server checkbox and click Save.

7.3 Real Server Management

KEMP 360 Central displays Real Servers which have been added to LoadMasters. As Real Servers are attached to Virtual Services, they are visible by accessing the Edit section of the individual Virtual Services listed in the Service Configuration tab.

KEMP 360 Central users can view a list of Real Servers. They may also add or delete a Real Server.

7.3.1 Display a List of Real Servers on a Virtual Service

KEMP 360 Central users can view the list of Real Servers. The following steps show how to access the list:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Select the relevant LoadMaster.

For LoadMaster HA pairs, you must do this through the shared IP address. You cannot do this through the HA1 or HA2 unit.

Display a List of SubVSs on_1.png

KEMP 360 Central displays the list of Virtual Services attached to a LoadMaster.

4. Click the edit icon of the relevant Virtual Service.

Display a List of Real Servers.png

5. Expand the Real Servers drop-down list.

Display a List of Real Servers_1.png

7.3.2 Add a Real Server

Follow the instructions below to add a Real Server to a Virtual Service:

1. For the LoadMaster you wish to modify, display the list of Virtual Services attached (see the Display the List of Virtual Services Attached to a LoadMaster section).

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

2. Click the edit icon of the Virtual Service to which you wish to add the Real Server.

3. Expand the Real Server section.

4. Ensure the Real Servers/SubVSs toggle is set to Real Servers.

Add a Real Server.png

5. Click the New Real Server button.

6. Enter the following values in the appropriate text box:

IP

Port

Conn Limit

Weight

7. Click Save.

7.3.3 Modify a Real Server

This section shows how to modify an existing Real Server:

1. For the LoadMaster you wish to modify, display the list of Virtual Services attached (see the Display the List of Virtual Services Attached to a LoadMaster section).

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

2. Click the edit icon of the Virtual Service to which the Real Server you wish to modify is attached.

3. Expand the Real Servers section.

4. Click the edit icon of the Real Server which you wish to modify.

5. Modify any or all of the following values which display:

Port

Conn Limit

Weight

6. Click Save.

7.3.4 Remove a Real Server

This section shows how to remove a Real Server from a Virtual Service:

1. For the LoadMaster you wish to modify, display the list of Virtual Services attached (see the Display the List of Virtual Services Attached to a LoadMaster section).

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

2. Click the edit icon of the relevant Virtual Service.

3. Expand the Real Servers section.

4. Click the X symbol beside the Real Server you wish to remove.

7.3.5 Health Check

Health Check.png

You can configure the health check parameters for the Real Servers in the Health Check section. For further information on health checking in general, and detailed descriptions on each of these fields, please refer to the Health Checking, Feature Description.

8 Monitoring

image014.png

The Monitoring section of KEMP 360 Central displays the overall health of your HA pairs, Virtual Services, Real Servers, SubVSs, and WAF Statistics (if configured). All statistics update every minute.

In a LoadMaster HA pair configuration, only the shared IP node has a Monitoring section. HA1 and HA2 units do not have a Monitoring section.

image4.png

System Statistics are updated every minute. In the list view, as the percentage used increases - the bar changes from empty (at 0%) to green (1%) through white (50%) to dark red (99%).

System Statistics_1.png

To display the gauges as shown in the figure above, users should click the button with the gauge icon.

The System Statistics section enables users to monitor the following:

The percentage of the CPU spent processing in user mode

The percentage of the CPU spent processing in system mode

The amount of memory in use and the amount of memory free

The list view shows the percentage traffic that passes through each eth interface

Using the System Statistics section gives users the ability to monitor the statistics for an individual device.

There are a number of different LoadMaster HA statuses that could be present depending on whether units are active, in standby, or inactive as shown below. This status is maintained using an automatic ping between the units.

HA Configuration.png

The unit above is online and operational and the HA units are correctly paired. The A in the middle of the square indicates that this is the master (active) unit. The absence of an ‘A’ in the middle of the square indicates that this is not the master unit (standby).

Slave inactive.png

The master unit above is online and operational but the slave may be offline or misconfigured.

HA pair inactive.png

Both the master and slave units above are offline or misconfigured.

Master down.png

The master unit above is offline or misconfigured but the slave is in standby and operational.

Unauthorized.png

The master unit above is online but the HA status is unknown because the last connection to the device failed. Check the credentials of the device and log (both on the device and on KEMP 360 Central).

Shared and active unauthorized.png

The slave unit above is online but the HA status is unknown because the last connection to the device failed. Check the credentials of the device and log (both on the device and on KEMP 360 Central).

 

8.1 Network and Device Health

To view the overall network health of all networks in KEMP 360 Central, click All Networks. This informs you about the overall health percentage of your network, the number of Virtual Services that are down and the number of Real Servers that are down.

Network and Device Health.png

This section of the document fully explains the various sections and headings shown in the screenshots above. Network Health shows an aggregated health percentage value for the network being monitored. The network health percentage is calculated using the number of devices with an UP status on the network, against the total number of devices in that network.

SubNetworks health shows the status of each subnet individually. The subnetwork health percentage is based on the number of UP devices in the subnetwork against the total number of devices in that subnetwork.

In the Devices section, an icon is displayed for each device on the network. A red icon means that the device is down. A grey icon means the device is disabled. A green or blue icon means the device is up (blue is used to indicate a LoadMaster that was licensed using the Activation Server functionality).

Network and Device Health_3.png

Hovering over the device icons displays the IP address and status of that device.

Network and Device Health_4.png

When a network is selected on the left, the Virtual Services section displays – if available. In the Virtual Services section, there are icons for each Virtual Service on the network. Green indicates the Virtual Service is up while red means the Virtual Service is down. Hover help displays the Health and Admin Status of individual Virtual Services.

Network and Device Health_5.png

When a network is selected on the left, the Real Servers section displays – if available. In the Real Servers section, there are icons for each Real Server on the network. Green indicates the Real Server is up while red means the Real Server is down. Hover help displays the Health Status of individual Real Servers. Hover help, also displays the IP address of the individual Virtual Service and device, to which it is attached.

When users select an individual LoadMaster, the status of its Virtual Service(s) and Real Server(s) appears above the Connections graph, as shown in the following figure:

Network and Device Health_6.png

A green icon indicates that the Virtual Service or Real Server is up, a red icon indicates it is down and a grey icon indicates it is disabled.

The shared IP is not found in Network and Device Health.

8.2 Graphs

You can view all details relating to Network Metrics in the Graphs tab. To view the monitoring section of an individual KEMP 360 Central device, first click on the relevant network or device and then click Graphs in the top-right of the screen.

In a LoadMaster HA pair configuration, only the shared IP has a graph.

By clicking the drop-down arrow, you can display data ranging from the past hour to several years ago. In addition, all three graphs use the same horizontal width/scale so that time-based comparisons between the graph data are easier to visualize.

image5.png

image6.png

image7.png

The Network Metrics graph displays activity in and out of the Network Interfaces. You can display results in Bits (Network Interfaces), Bytes (Network Interfaces) or Packets (for Virtual Services) per second. You can also view results using various time scales from the last hour to the last 2 years. The graph is broken down into 72 data points so whatever timeframe you select is divided by 72. For example, if you select 1 year, then each data point is approximately 5 days. You can also place your cursor at any point on the graph to find the metrics at that time.

The SSL TPS graph displays the SSL Transactions Per Second (TPS) for a selected network, subnetwork or LoadMaster. You can display results in a similar way to the Network Metrics graph.

The Connections graph displays the total number of connections made to devices in a network or subnet being monitored by the KEMP 360 Central instance. You can display results in a similar way to the Network Metrics graph.

By selecting the appropriate network, subnetwork or LoadMaster icon in the left side-bar, KEMP 360 Central gives users the ability to monitor activity across the entire network (the results shown are an aggregate of the activity for all devices in the network), a subnet (an aggregate of all the devices in the subnet) or for an individual device.

Note that whichever device or network is highlighted in the left side-bar is the device or network you are working with. Please ensure you select the correct one.

9 Global Repository

Most of the screens in the Global Repository section in the UI relate to uploading files (such as firmware, template and backup files) to KEMP 360 Central. You can then upload these files to LoadMasters using KEMP 360 Central. The   System Configuration section of this document has details about those features.

Global Repository.png

To access the Global Repository - click the icon in the bottom-left corner of the UI.

9.1 Logging

The Logging screen enables you to display the system logs collected from the LoadMasters monitored by KEMP 360 Central. It also enables you to search and filter logs using several different criteria.

You cannot search for shared IP addresses on the Logging page.

image006.png

There are three main sections:

Source

Filter

Log Search Results

9.1.1 Source

The Source section is located on the top left of the Logging screen.

image008.png

There are two dropdown lists on the Source screen, Logfile and Range.

Logfile: Select the log source you want to display in the Logfile drop-down list. Currently, the only selection available is Remote Logs.

Range: Select from the following choices to set the time range for the log search:

Last 24 hours: Searches all log entries with a timestamp that occurred during the 24 hours before the current system time.

Last Week: Searches all log entries with a timestamp that occurred during

the 7 days before the current system date.

Last Month: Searches all log entries with a timestamp that occurred during

the month before the current system date.

Last Year: Searches all log entries with a timestamp that occurred during

the year before the current system date.

Everything: Searches all log entries.

Start Time: Searches all log entries with a timestamp that occurred during the time period starting from a user-specific date/time to the current system time.

Time Range: Searches all log entries with a timestamp that occurred during a user-specified date/time range.

For example, to view logs from midnight January 5th to midnight February 9th 2016:

  1. Select Time Range from the Range drop-down list.
  2. Select the required date and time from the From field.
  3. Select the required date and time from the To field.
  4. Input any extra filter options then click Search.
  5. Use the scrollbar to scroll through the results.

9.1.2 Filter

In the Filter section, you can further refine your search using several different fields. These are Text, Severity, Facility, Devices, Virtual Server (VS) and Real Server (RS). You can search using just one filter or multiple. The relationship between the fields is an implicit AND. For example, if you specify a device IP and a Real Server IP, only entries that contain both are selected for display. In addition, when you select one of these filters, you are presented with a list of the devices, Real Servers and Virtual Servers that KEMP 360 Central knows about.

  • Text: Type a plain text string in the Text field to filter the results further. This is a simple text search. Typing any text string selects all log entries that contain that text string anywhere in the entry. For example, if you type an IP address, the log viewer displays all lines that contain that IP address, regardless of what kind of device is assigned that IP address (LoadMaster, Virtual Service, Real Server, and so on).
  • Severity: There are a number of levels of severity you can use in your search to filter the log search results. These are shown in the table below:

Value

Severity

Description

Example

0

Emergency

System is unusable

Kernel-critical error messages

1

Alert

Should be corrected immediately

Loss of the primary ISP connection

2

Critical

Critical conditions

One unit has failed and the second unit is taking over as master (in a High Availability (HA) setup)

3

Error

Error conditions

Authentication failure for root from 192.168.1.1

 

4

Warning

May indicate that an error will occur if action is not taken

Interface is up/down

5

Notice

Events that are unusual, but not error conditions

Time has been synced

6

Informational

Normal operational messages that require no action

An application has started, paused or ended successfully.

7

Debug

Information useful to developers for debugging the application

 

  • Facility: The Facility filter enables you to select the type of log issue you want to search for. For example, kernel messages, user-level messages, mail systems, system daemons, and so on. To select a facility, click the drop-down arrow.
  • Devices, VS, RS: You can also filter results on specific devices, Virtual Services and Real Servers. The list is arranged by device type, that is, all LoadMasters, all F5 devices, all NGINX devices, and so on, are listed as a group. If you select a device type for the search (for example, click LoadMaster), then all logs for all LoadMasters are searched. If you pick a specific device, then only logs for that device are searched.

Filter.png

Any field that you use in a search is highlighted. To exclude a filter in a search, click the X on the right of the field. In addition, logging is user-specific. If you log out and log back in again, any data that you used in your search will still be visible, however, it will not be visible to other users.

  1. Click Search to filter the results based on the specified criteria.
  2. Click Export to export the results of the filter to a text file.

To export all log data, select Everything from the Range, clear any filters that have been set by clicking the X next to them, click Search, and then click Export.

9.1.3 Log Search Results

In the Log Search Results section, different columns display the syslog information:

Log Search Results.png

Time Generated (UTC): The generation time of the syslog message.

Source IP: The source IP address of the LoadMaster that the syslog came from.

Facility: The type of program that is logging the message. Messages with different facilities may be handled differently. RFC 3164 defines the list of facilities available.

Severity: The severity of the log file. This is also defined by RFC 3164.

Process ID: The ID number of the relevant process.

App Name: The name of the related application.

Message: The message component has these fields: <tag>, which should be the name of the program or process that generated the message, and <content>, which contains the details of the message.

The figure below displays an example of an exported log file. Note that each field in each line of the log is enclosed within brackets '[ ]' so that the data is clearly delimited.

Log Search Results_1.png

10 Access Control

You can administer users in the User Management screen, which you can access by clicking the Access Control icon in the bottom-left of the screen. Here you can manage the different levels of access required by different users.

There is one default user in KEMP 360 Central – the admin user. The admin user can perform all tasks in KEMP 360 Central. It is not possible to change the permissions of or delete the admin user. The admin user sets the permissions for new users. There are two permissions, read only and read write and these can be set for both Service Configuration and System Configuration.

Access Control.png

Descriptions of some terminology used in this section are below:

User: An identity on KEMP 360 Central defined as a username and password.

Group: A collection of users with assigned permissions to resources.

Permission: Defines the level of access a user or group has to a resource.

Resource: A LoadMaster or Virtual Service.

10.1 User Management

User Management.png

The User Management screen lists all KEMP 360 Central users. Here, you can modify, delete and disable users. You can add a new user by clicking the Add new User button and filling out the details. As an admin user, you can add new users and select their status as read only or read-write.

User Management_1.png

In the Modify User screen, you can update various details about the user including their password, email address and permissions. By default, user permissions are set to read only (for details on setting your password, see the Appendix: Password Information).

The User Permissions are broken down by the main sections in KEMP 360 Central:

Service Configuration: In the Service Configuration section, users perform various management tasks, such as adding, modifying and removing Virtual Services, SubVSs and Real Servers. Configure the user in a group to grant this level of access to individual devices and Virtual Services.

System Configuration: The System Configuration section of KEMP 360 Central enables users to centrally manage LoadMasters. Other items that can be managed include: templates, firmware updates, reboots, backups, restorations and syslog settings for any LoadMaster on a network.

10.2 Group Management

To access the Group Management screen, click the Access Control icon in the bottom-left of the screen and click Group Management.

Group Management.png

The Group Management screen lists any existing user groups. The Super Users group cannot be disabled or deleted because this is a default system group.

You can create a new group by clicking Add new Group.

The Status column shows whether the group is enabled or disabled. You can enable/disable a group by clicking the toggle button.

You can click the Edit (pencil) icon to edit a group or the Delete (X) icon to remove a group.

10.2.1 Group Details

Group Details.png

When adding a new group, you can specify the Group Name, a Description for the group and select whether or not to enable the group.

You can also change these settings for an existing group by modifying it.

10.2.2 Group Members

Group Members.png

When modifying a group, you can add and remove users to/from the group. To add or remove a user from the group, click the user listed to select them for addition/removal from the group. Different colors illustrate the status/operation. To remove any selection, click Reset. The table below provides a description of each color.

Color

Description

Group Members_1.png

The admin user is marked as blue because it is a member of all groups and cannot be removed.

Group Members_2.png

Grey users do not belong to the group.

Group Members_3.png

A green plus icon is displayed for users who have been selected to be added to the group.

Group Members_4.png

A dark green color indicates that the user is already a member of the group.

Group Members_5.png

The minus icon indicates a user who is a member of the group but has been selected to be removed from the group.

10.2.3 Group Resources

Group Resources.png

The Group resources section enables you to select what resources to give the group access to. The resources are listed by IP address. If a LoadMaster has Virtual Services, you can click the arrow to expand the list to see them. Select the relevant resources that you want to grant access to and click Apply. If a LoadMaster is not selected, but a Virtual Service underneath it is selected, the LoadMaster appears greyed out but selected in the display to indicate that something under it is selected.

It is recommended that you configure your shared IP, HA1, and HA2 into the same group.

11 KEMP 360 Central System Administration

This section deals with the administration of the KEMP 360 Central instance, rather than with the administration of individual networks and LoadMasters.

A number of administration tasks can be performed in KEMP 360 Central.

KEMP 360 Central System Administration.png

To access the KEMP 360 Central administration section, click the cog icon in the bottom-left of the screen.

KEMP 360 Central System Administration_1.png

The settings in the figure above are explained in the following sections.

11.1 Reboot/Shutdown KEMP 360 Central

Reboot Shutdown KEMP 360 Central.png

This section of the administration screen enables users to reboot or shut down the KEMP 360 Central instance.

When KEMP 360 Central is rebooted, it automatically attempts to re-connect to all previously configured LoadMasters. When rebooting, all settings are saved and take effect once the reboot is complete.

Clicking Shutdown powers down the KEMP 360 Central instance. After shutting down, the instance must be powered back on to turn the KEMP 360 Central instance back on. To power the instance back on, you must access the hypervisor or cloud platform where KEMP 360 Central is deployed. A shutdown of KEMP 360 Central does not affect the availability of the previously configured settings.

11.2 SMTP Settings

Configure SMTP to allow KEMP 360 Central to deliver email notifications to a user-defined email address list. There are a couple of prerequisites that must be in place for this to work:

KEMP 360 Central must be able to reach the SMTP Host and SMTP Port specified.

The SMTP Host User must be configured on the SMTP server.

Emails are sent when critical errors occur, such as a LoadMaster going down.

To configure the SMTP settings for KEMP 360 Central, follow the steps below:

SMTP Settings.png

1. Enter one or more email addresses in the Email Address List text box.

Up to eight email addresses can be entered - separate multiple email addresses with semi-colons.

2. Enter the IP address of the SMTP Host to be used for sending email.

3. Enter the port used by the SMTP host.

4. Enter the SMTP Host User name used to log into the SMTP host.

5. Enter the SMTP Host Password for the user name specified above.

At present, the SMTP Host User and SMTP Host Password fields are mandatory. If you do not want to specify a username or password - enter dummy details, save the settings, then clear those fields and save the settings again.

6. Select the Connection Security type. The choices are:

None – email is sent using an unencrypted link

TLS/SSL – email is sent using an encrypted link

7. Enter the email account from which KEMP 360 Central will send emails.

8. Click the Apply button.

9. A test email can be sent by clicking the Send Test Email button. The Send Test Email button only appears after settings have been entered and the Apply button clicked.

11.3 Enable Temporary SSH Access for Diagnostic Purposes

In this section of the KEMP 360 Central UI, users can grant KEMP Support access to the KEMP 360 Central instance. SSH access to the KEMP 360 Central host can be enabled by the administrator with a once-off activation code provided by KEMP Support. SSH access is enabled for 24 hours or until disabled by the administrator.

Users need both an SSH Public Key and an SSH access passcode as an SSH key pair is required to enable access.

Windows users should use PuTTY to generate a Public Key, while Unix users should use ssh-keygen.

1. Use PuTTY or ssh-keygen to generate an SSH Key.

2. Click the cog icon from the KEMP 360 Central menu.

3. Expand the Enable temporary SSH access for diagnostic purposes section.

Enable Temporary SSH Access.png

4. Enter an SSH Public Key code in the SSH Public Key text box and click Save SSH Key.

5. To generate the access passcode, click Regenerate.

6. Contact KEMP Support and provide them with the generated passcode.

7. KEMP Support will provide you with a code which grants diagnostic SSH access.

8. Enter the code received from KEMP Support into the Pass Code text box and then click Grant Access.

9. If you wish to revoke access to the KEMP 360 Central instance, click Revoke Access.

11.4 Proxy Settings

Proxy Settings.png

Configuring the settings in this section will allow KEMP 360 Central to access other networks using a HTTP(S) Proxy. Specify either an IP address or a domain here. Click the Test button to check if the proxy server is reachable.

12 Firmware Management

You can update the KEMP 360 Central firmware using the Firmware Management screen. You can check the current firmware version by clicking the question mark icon in the bottom-left of the KEMP 360 Central UI.

After updating the firmware – KEMP 360 Central must be rebooted.

A firmware update patch file is required to update the firmware offline. Contact KEMP Support to get the patch file.

To update the KEMP 360 Central firmware, follow the steps below:

Firmware Management.png

1. In the KEMP 360 Central UI, click the cog icon in the bottom-left corner.

2. Click Firmware Management.

Firmware Management_1.png

3. Click Select Firmware.

4. Browse to and select the firmware update file.

5. Click Upload. Once the image is uploaded to KEMP 360 Central, the Install button appears.

Firmware Management_2.png

6. A message appears asking if you want to proceed with the update. Click Continue to proceed.
You can view the progress of the upload in the progress bar.

Firmware Management_3.png

7. After the update, KEMP 360 Central reboots.

Do not make any further attempt to use the UI until the system has automatically rebooted, which takes a few minutes. After completing the update, the login screen is displayed.

13 License Management

The KEMP 360 Central license can be updated, if required. This would be required if, for example, if you upgrade to premium support.

To update your KEMP 360 Central license, complete the following steps:

License Management.png

1. In the bottom-left corner, click the cog icon.

2. Click License Management.

3. You can use online or offline licensing to update the KEMP 360 Central license. For further information and step-by-step instructions on each method, refer to the KEMP 360 Central Licensing, Feature Description.

After successfully licensing, a message displays saying the license has been updated. The license information can be viewed by clicking the help icon in the bottom-left of the screen and going to the About page.

14 Reporting

To open the Reporting section, click the Settings and Configuration icon then click Reporting. There are three sections within Reporting: Create Report, Recurring Reports and Global SMTP Settings.

14.1 Create Report

The controls in this feature enable you to specify either:

An on-demand report that is prepared immediately and that you can then either download locally or email to specific recipients.

A scheduled report that is run periodically at a specified interval and then emailed to specific recipients.

Note that if you want to email a report, the SMTP Settings (see the section below) must be provided beforehand.

To create an on-demand report, perform the following steps:

  1. Select the Report Now radio button (selected by default).
  2. Use the Report Date controls to specify the time period for the report.
  3. Use the check boxes in the Devices list to select the devices that will appear in the report. If you select a network node, all the devices in that network will be included.
  4. Do one of the following:
  • To download the report as a PDF file, click Download Report.
  • To email the report, check that the SMTP Settings are set, type a list of email addresses separated by semicolons (;) into the Email Address List, and click Email Report. A popup is displayed and a system message is logged indicating whether or not the email was sent successfully.

To schedule a report for some time in the future, perform the following steps:

  1. Select the Schedule Report radio button.
  2. Select the Report Type from the drop-down list. This can be daily, weekly or monthly. The start time and date of the report is set to 00:00:00 on the next full day, week, or month. For example, if today is Wednesday and you select Weekly, the report’s first run will be on the following Monday at 00:00:00.
  3. Use the check boxes in the Devices list to select the devices that appear in the report. If you select a network node, all the devices in that network are included.
  4. Type a list of email addresses separated by semicolons (;) into the Email Address List.
  5. Click Create Schedule. A notification appears informing you that you successfully created the scheduled report.

The name of the report is a Load Balancer Assessment report and it contains the following graphs:

  • Network Traffic (Incoming & Outgoing)
  • Number of Connections
  • SSL Transaction Per Second

Create Report.png

Create Report_1.png

Create Report_2.png

The diagrams above show examples of the different reports. The table under the graph provides more details depending on the report.

14.2 Recurring Reports

All previously created reports are listed in the order they were created. The table lists the first 128 characters of the device list, followed by the next run date, the frequency of the report, and the last run status (if applicable). Use the control at the right side of the table to delete a report.

14.3 Global SMTP Settings

This section shows the Global SMTP Settings, which are required to be set if you are emailing a report, or sending the report will fail. Note that these are the same settings as shown under Settings and Configuration > SMTP Settings and About and Help > Welcome On Board > SMTP Settings.

Note that the email address list specified in the Global SMTP Settings does not apply to emailed reports. Reports are emailed only to the recipient list specified when creating the report.

This feature is an important component for emailing reports and is covered in more detail in the SMTP Settings section.

15 Metered Licensing Management

This section displays ASL information and metrics data on LoadMasters under the control of KEMP 360 Central. There are three tabs: Activations, Metered Enterprise Licensing Agreement (MELA) Report, and Licenses. For further information, refer to the Metered Licensing Management, Feature Description.

15.1 Activations

The Activations tab opens when you click Metered Licensing Management.

image17.png

The chart displays the number of current active ASL activations. Below the chart you can view the maximum number of ASL licenses available (two in this case). The last two columns show: the license type that KEMP 360 Central provides and was installed on the LoadMaster; and the platform on which it is running. Unlike previous releases of KEMP 360 Central, since Version 1.18, you can license LoadMasters running on any hypervisor platform, not just the one on which KEMP 360 Central is running.

Any changes you make to the license in the LoadMaster are reflected on this screen. Change the default password on the LoadMaster from 1fourall.

If you activate the license then try and change the password on KEMP 360 Central, the LoadMaster enters an unauthorized state.

After you activate the license, locate the LoadMaster by clicking the Network and Device Administration tab, type the username and password for the LoadMaster, then click Apply. After the LoadMaster is recognized by KEMP 360 Central, it is represented by the blue icon for locally activated LoadMasters.

When using LoadMaster HA pairs, the shared IP address is not counted as an activation in MELA and is not reported on.

15.2 MELA Report

In this section, users can view a report displaying the number of active ASL instances. This report can be filtered by using a date range. To access the Metered Enterprise Licensing Agreement (MELA) report section, click the Settings and Configuration icon, click Metered Licensing Management, and click MELA Report. To view a graphical representation of the report, click View.

Reports can also be downloaded in zip format by selecting the Download Summary checkbox and clicking Download. The Download Summary checkbox determines the behavior of the Download button. When checked, a zip file is downloaded containing several data files, including the peak statistics values for each day. When unchecked, a single file is downloaded containing minute-by-minute statistics. The downloaded zip file contains three CSV files:

  • asl: An event report that displays events and the number of active ASL instances at the time of the event. The events recorded are as follows:

- Activation: An ASL LoadMaster has been activated using this KEMP 360 Central instance

- Deactivation: An ASL LoadMaster on this KEMP 360 Central instance has been deactivated

- Sync (Discrepancy): KEMP 360 Central has detected a discrepancy between the previously recorded instance count and the actual instance count, and has corrected the error

- Sync (No Discrepancy): No discrepancy has been detected. In the absence of other ASL events, this serves as the instance count for any given day. The sync task is performed in the following circumstances:

- If KEMP 360 Central is upgraded to v1.6 or later

- Daily at 12 pm

  • devices: A report displaying the currently active devices on KEMP 360 Central including the ID, device nickname, and device IP address.
  • ssl_tps: An SSL Transactions Per Second (TPS) report.
  • vs_bytes: A report displaying the number of Virtual Service bytes transferred.

These reports include minute-by-minute data from 00.00 hours of the start date selected up to the minute the report is run. To get a full report, leave the Download Summary check box cleared. To get a summarized report, select the Download Summarycheck box. This report produces an archive containing three files:

  • Daily peak TPS per ASL LoadMaster per day
  • Daily peak throughput (bytes per second) per ASL LoadMaster per day
  • All ASL activations or deactivations (and the number of active ASL instances at the time)

To view a MELA Report for a specific date range, select the date range then click View.

This report provides you with a graphical representation of the information such as the maximum number of ASL instances that were recorded during the report period, the peak number (top five devices) of SSL transactions, and the peak throughput (top five devices). The report displays usage data, which enables you to examine and validate the periodic billing statements you receive from KEMP for metered licensing.

If you select the Upload usage report to KEMP checkbox, a report is also sent to KEMP with the same data but different time profiles. If the automatic reporting fails, you can click Retry Upload.

Metered Licensing Report.png

 

ASL Instances.png

Peak SSL TPS.png

Peak SSL TPS All Devices.png

Peak Throughput.png

Peak Throughput 2.png

There is also a table under the graph that displays the information in tabular format. You can also view detailed individual graphs on the peak SSL transactions per second and peak throughput of all devices.

You can also view what license is assigned in the Event Type column in the ASL Instances table as shown in the image below.

Event Type Column.png

15.3 Licenses

This tab displays the different license types that are available, including the supported VLM types.

image16.png

From the figure, you can see that there are four columns: License Type, Supported VLM Types, Max Activations, and Activations.

The Max Activations column indicates the total number of activations allowed across all license types, which is 50 in this case.

 

When you change a license on the LoadMaster using ASL, the LoadMaster is not automatically rebooted. It must be rebooted manually to refresh the license.

To kill an ASL license from KEMP 360 Central, click the Network and Device Administration icon, select the device in the left frame and click the delete (minus) icon at the bottom of the left tree. A ‘Kill ASL Instance’ popup appears asking for confirmation. This both removes the device from KEMP 360 Central and deallocates the activated license that was used by the unit.

16 Scheduled Actions

In this section, users can view which, when and how often, actions are scheduled to take place. They can also edit or delete scheduled actions. The section displays all actions scheduled to take place on any and all LoadMasters that are controlled by the particular KEMP 360 Central instance.

16.1 View Scheduled Actions

To view scheduled actions on a KEMP 360 Central instance, complete the following steps:

  1. Click the cog icon on the left of the screen.
  2. Click Scheduled Actions.

image009.png

A full list of scheduled firmware updates, reboots and backups displays.

16.2 Modify Scheduled Actions

To make changes to scheduled actions, complete the following steps:

  1. Click the cog icon on the left of the screen.
  1. Click Scheduled Actions.

View Scheduled Actions.png

  1. Click the edit icon of the scheduled action you wish to modify.

Modify Scheduled Actions.png

1. Make changes, as required, to the scheduled settings.

Tasks cannot be scheduled within one hour of each other.

16.3 Delete a Scheduled Action

To delete a scheduled action, complete the following steps:

1. Click the cog icon on the left of the screen.

2. Click Scheduled Actions.

image004.png

 

3. Click the delete icon of the scheduled action you wish to discontinue.

 

image005.png

 

4. If you want to proceed, click Remove on the toaster message that appears.

17 Log Files

To access the KEMP 360 Central log files, click the Settings and configuration icon in the bottom-left of the screen and click Log Files.

Log Files.png

In this section of the KEMP 360 Central UI, users can download l KEMP 360 Central logs.

17.1 System Logs

The System Logs file includes KEMP 360 Central system logs.

System Logs.png

Perform the following steps to download the KEMP 360 Central system logs:

1. In the menu, click the Settings and configuration icon and then click Log Files.

2. Click the Download button next to System Logs. Your browser now displays a popup that enables you to view the downloaded logs using a local application of your choice, or save the logs.

17.2 Diagnostic Logs

In this section, users can download both Audit Logs and Debug Logs.

Diagnostic Logs.png

Use these logs as diagnostic tools when a problem has occurred. When the Download button is clicked, the logs download as a text file.

The Audit Logs display application logs, that is logs of actions completed in KEMP 360 Central, for example, adding a LoadMaster.

The Debug Logs are lower-level than the Audit Logs. The Debug Logs show logs relating to the application.

17.3   Log Settings

LoadMasters generate various warning and error messages using the syslog protocol. These messages are normally stored locally in the LoadMaster. KEMP 360 Central automatically configures the system log options for the LoadMasters to store the LoadMaster system logs in KEMP 360 Central.

To view the LoadMaster logs, go to the Global Repository and click Logging. For further information, refer to the Logging section.

For instructions on how to configure the syslog options, refer to the following section.

18 Appendix: Password Information

You must adhere to the following rules when creating a password in the User Management section:

Passwords must be a minimum of eight characters long and must contain at least one uppercase letter.

Passwords must contain at least one number.

All ASCII alphanumeric and printable special characters are supported.

The bar below the password field changes color based on the strength of your password. Blue indicates a weak password, orange a stronger password, while green indicates the strongest level.

To improve the strength of the password, use special characters, capital letters and numbers. Making your password long also increases its strength.

19 References

Related documents are listed below:

KEMP 360 Central API, Interface Description

KEMP 360 Central for Azure, Installation Guide

KEMP 360 Central Activation Server, Feature Description

Virtual Services and Templates, Feature Description

Web User Interface WUI, Configuration Guide

KEMP 360 Central Licensing, Feature Description

User Management, Feature Description

Health Checking, Feature Description

Metered Licensing Management, Feature Description

Last Updated Date

This document was last updated on 29 November 2017.

Was this article helpful?

0 out of 0 found this helpful

Comments