KEMP 360 Central

Contents

1 Introduction

KEMP 360 Central is a centralized management, orchestration, and monitoring application that enables the administration of deployed LoadMaster and select third party Application Delivery Controllers (ADC).

KEMP 360 Central provides the ability to perform administrative tasks on each or all of the attached devices. This provides ease of administration because multiple devices can be administered in one place, rather than accessing each individually.

Introduction.png

KEMP 360 Central provides critical features for managing application delivery and acceleration in modern heterogeneous IT infrastructures. With it, users can easily:

  • Monitor performance and usage statistics of the networks, sub-networks, and LoadMasters (including any Virtual Services, Real Servers and SubVSs), which are attached
  • Add/remove and monitor third party products such as AWS ELB, HAProxy, NGINX and F5 BIG-IP.
  • View a list of available Virtual Services at both network and LoadMaster level
  • View a list of available Real Servers at both a network and LoadMaster level
  • View a list of available SubVSs at both network and LoadMaster level
  • License LoadMasters locally using KEMP 360 Central with the local licensing functionality
  • License the KEMP 360 Central using offline, closed network licensing
  • Allow KEMP 360 Central to access the Internet using a HTTP(S) proxy
  • Reboot a LoadMaster, or reboot multiple LoadMasters simultaneously
  • Upload application templates to KEMP 360 Central and deploy them to LoadMasters as needed
  • Upload LoadMaster firmware packages to KEMP 360 Central and update and deploy LoadMaster firmware as needed
  • Upload and perform offline, closed network firmware updates for KEMP 360 Central
  • Store backups of LoadMaster settings and restore them to LoadMasters as needed
  • Automatically configure syslog options in one or multiple LoadMasters
  • View and filter LoadMaster syslogs
  • Download diagnostic logs such as audit, debug and system logs
  • Configure SMTP settings to allow KEMP 360 Central to send emails regarding critical errors

KEMP 360 Central should only be used to manage LoadMasters that have firmware version 7.1-30b or above installed.

LoadMasters with firmware between 7.1-26 and 7.1-30b have reduced statistics functionality.

KEMP 360 Central does not work with LoadMaster firmware below 7.1-26.

KEMP 360 Central is only available on certain subscriptions. Please contact a KEMP representative if needed.

1.1 Document Purpose

This document provides details on each of the functions that are available in KEMP 360 Central.

1.2 Intended Audience

This document is for anyone interested in finding out more about KEMP 360 Central.

2 Activation and Initial Login

Before you can begin using KEMP 360 Central to manage your LoadMasters, you must license it. There are three methods to activate a license – online, offline, or manually.

Online Licensing

Perform the following steps:

1. To access the KEMP 360 Central user interface (UI), in your browser, enter the IP address of the instance. A license activation screen appears.

Activation and Initial Login.png

2. Click Continue.

Activation and Initial Login_1.png

3. The End User License Agreement (EULA) is displayed. Click Agree to accept the EULA and continue.

Activation and Initial Login_2.png

4. Fill out the fields and click License Now.

An Order ID is only required for Metered Enterprise Licensing Agreement (MELA).

5. Enter your KEMP ID (the email address used when registering the KEMP account).

  • The Order ID is optional for standard licenses.
  • Users need a KEMP ID to license KEMP 360 Central. If you do not have a KEMP ID, click the link provided and register one.

6. Type your Password. If you want to display the password while entering it, click the eye icon.

7. Click License Now.

image32.png

8. A screen explaining the Call Home feature appears. This provides KEMP with system status information such as throughput, enabled features, Virtual Services, and Real Servers. It does not include any unique personal information or actual traffic from your network. If you do not want to enable this feature, clear the Enable call home check box and click Continue.

Activation and Initial Login_3.png

9. Enter a new admin password in the two text boxes provided and click Set Password.

Passwords must be a minimum of eight characters long, contain at least one upper case letter and one number. All special characters are valid. See the Appendix: Password Information for more information.

The option to change or reset a user password by clicking the Reset password link should be used only if the current password is known.

Users may log in to KEMP 360 Central as the admin user.

An admin has access to the full range of options in KEMP 360 Central.

The initial configuration of KEMP 360 Central is now complete.

Offline Licensing

If you can access KEMP 360 Central but KEMP 360 Central cannot access the internet, a license can be obtained using the offline method.

1. Access the KEMP 360 Central UI by entering the address in a web browser.

Ensure you add https:// before the address.

2. A warning may appear regarding website security certificates; click the continue/ignore option.

If this is the first time accessing the UI, the End User License Agreement (EULA) may need to be accepted.

image101.png

3. Select Offline.

4. Click the License link or go to the link provided on a computer that has internet access.

5. The Fingerprint and Serial Number are on the KEMP 360 Central screen, if available. Copy them and enter them on the Offline Licensing Page, if available.

image108.png

6. If you have a Service Provider License Agreement (SPLA), select the SPLA check box. Leave this box disabled for standard licenses.

7. Enter an Order ID if you have one. The Order ID is provided by KEMP when a license is purchased.

8. Select the Firmware Version.

9. Enter your KEMP ID and Password.

10. Click Generate License. An email is sent to the KEMP ID specified. This email contains a section called License Block.

11. Copy the License Block.

image102.png

12. In KEMP 360 Central - paste the License Block text into the text box provided.

13. Click License Now.

image103.png

14. Enter a new admin password in the two text boxes provided and click Set Password.

The bar in the middle represents the strength of the password. The fuller the bar is - the more secure the password is.

The initial configuration of KEMP 360 Central is now complete. If you receive any error during the process, contact KEMP Support.

Manual Licensing

Manual licensing involves a verbal transfer and manual entry of a license. This is usually used when there is a network configuration or there are security requirements that prevent internet connectivity of network devices or administrative systems. To license KEMP 360 Central using the manual method, follow the steps below:

1. Access the KEMP 360 Central UI by entering the address in a web browser.

2. Ensure to add https:// before the address.

3. A warning may appear regarding website security certificates. Click the continue/ignore option.

If this is the first time accessing the UI, the End User License Agreement (EULA) may need to be accepted.

image104.png

4. Contact your KEMP licensing representative.

5. Provide the KEMP representative with the Fingerprint, which is displayed.

6. The KEMP representative will provide you with a 32-character license string that must be entered in the text box provided. Dashes are automatically added while typing.

7. Click License Now.

8. Return to step 8 of Online Licensing and complete the procedure.

Session Inactivity

image97.png

If you are inactive on a KEMP 360 Central system for 24 hours, your UI session ends and you have to log in again. A dialog box appears 10 minutes before this time to notify you. The first time you log in, use the admin account with the password you specified in the previous step. You can then create additional user login accounts.

2.1 Logging Out

To log out of KEMP 360 Central, click the logout button, which appears in the top right of all screens.

Logging Out.png

2.2 Welcome Screen

When you configure your KEMP 360 Central for the first time, the Welcome to KEMP 360 Central screen opens. This screen enables you to add single LoadMasters, LoadMaster HA pairs, and third-party devices, and makes the process of configuring your KEMP 360 Central as quick and easy as possible. The Welcome to KEMP 360 Central screen also enables you to pre-populate the SMTP configuration with an existing configuration. This is covered in detail in the Adding Devices section.

Both steps are optional and can be skipped.

image29.png

image30.png

When you have no devices configured, you can click Skip this step at the top right of the screen to continue without adding your LoadMaster. When you have one device set up, this button changes to I’ve completed my setup.

After you click Add Device, KEMP 360 Central looks at the configuration of the device you added. If it contains SMTP configuration settings, KEMP 360 Central pre-populates the SMTP settings on KEMP 360 Central using the LoadMaster settings. If KEMP 360 Central is already configured for SMTP, you can choose to replace the current SMTP settings with the settings from the newly added LoadMaster.

You can access the Welcome screen anytime after your first login by clicking the About and Help (question mark) icon in the bottom left of the screen and then clicking Welcome on Board.

The SMTP Setting pane is pre-populated from the LoadMaster if there are currently no SMTP settings on KEMP 360 Central. Note that only the Email Address List, SMTP Host, Port and SMTP Host User fields are pre-populated. You must type in the SMTP Host User and SMTP Host Password fields (if required by the SMTP server), as well as the ‘From’ Email field. The Availability Alerts check box is enabled by default. When this option is enabled, email notifications are sent when the status of a device changes.

The above section describes how to configure these details in the Welcome screen. These details can also be configured elsewhere:

Configure the administrator email settings (see the SMTP Settings section)

Add a device (see the  Device Management section)

3 KEMP 360 Central Interface Description

This section of the document describes the KEMP 360 Central interface.

 

image48.png

The Global Dashboard provides you with a high-level summary of the health and status of your devices. For more information, see the Global Dashboard section.

image49.png

The Network and Device Administration screen explains how networks and devices are managed in KEMP 360 Central. For more information, see the Network and Device Management section.

image50.png

The Global Repository is used to upload files (such as firmware, template and backup files) to KEMP 360 Central. For more information, see the Global Repository section.

image51.png

The Access Control screen enables you to manage the different levels of access required by different users. For more information, see the Access Control section.

image52.png

The Settings and Configuration icon provides access to a number of options in KEMP 360 Central including license management, reporting, and logging.

image53.png

The About and Help sections are covered within this section.

3.1 About Screen

Clicking the question mark button on the bottom-left of the UI brings users to the KEMP 360 Central About and Help page. This page contains information about:

  • The KEMP 360 Central license features (including a link to update the license)
  • The KEMP 360 Central firmware version
  • The boot time and uptime of KEMP 360 Central
  • The KEMP 360 Central serial number, which is needed when contacting KEMP about support or license queries
  • To view a list of open source licenses, click View Licenses. Click View to view the applicable license.

3.2   Help Screen

The help screen provides a link to the KEMP documentation page and the KEMP Customer Support site.

4 Global Dashboard

References to ASL in screenshots should be read as Local Licensing.

The Global Dashboard provides you with a high-level summary of the health and status of your devices. It contains the following sections that provide you with more detailed information relating to the status of your LoadMaster: Device Overview, Infrastructure and Application Health. If you have WAF configured, there will be a section on WAF statistics.

Global Dashboard.png

4.1 Device Overview

This section contains two panels: Device Health and Top 3 Utilization.

In the Device Health panel, you can quickly see what percentage of your devices are healthy and unhealthy. In the graphic below, the percentage of healthy devices is 55%.

Device Overview.png

The shared IP of a LoadMaster HA pair does not appear on this widget.

If you hover your mouse over the Device Health panel, it displays the number of healthy devices, unhealthy devices and unknowns (unknowns refer to devices that have never been successfully contacted by KEMP 360 and so their status is unknown). If you click the Device Health panel, you can view the health of your devices in more detail (see graphic below).

image74.png

The Top 3 Utilization panel displays the top three resource consuming devices based on memory and CPU only. You can click each LoadMaster on this panel to view the Monitoring page for that device. However, if there are no devices configured, the Welcome to KEMP 360 Central screen appears.

4.2 Infrastructure

The Infrastructure section contains two or three panels depending on your local configuration: Local Licenses, Log Summary, and Non-Local Licenses & Subscriptions.

image54.png

Local Licenses

Local Licenses are licenses issued by KEMP 360 Central. The Local Licenses panel is only present if you have a Services Provider License Agreement (SPLA) build.

image55.png

If you hover over the Local Licenses panel, you can see how many licenses are activated.

image340.png

If you click the Local Licenses panel, the Metered Licensing Management screen opens. Here you can view information on instances and report data.

image56.png

Log Summary

The Log Summary panel displays a circular color-coded chart where you can immediately tell the proportion of different types of errors including critical, errors, and warnings. This updates every second. If no messages are received for 24 hours, an orange exclamation mark will be visible. If you click this panel, the Logging screen opens where you can filter the logs using several different criteria. See Logging for more information.

The HA Shared IP Address of a LoadMaster HA pair is not a licensed device, and so is not represented in the dashboard licensing widgets. HA Shared IP Addresses also do not contribute logs to the Log Summary widget because no log messages come directly from the Shared IP, but instead from the IP addresses of the two HA LoadMasters.

 

Infrastructure_1.png

Non-Local Licenses & Subscriptions

In the Non-Local Licenses & Subscriptions panel you can quickly identify LoadMasters that are approaching or have passed the Support expiration date. The Non-Local Licenses & Subscriptions panel displays the number of Subscription and Non-Subscription licenses and these are color-coded as follows:

  • Red: Expired
  • Orange: 7 Days
  • Yellow: 30 Days
  • Blue: 60 Days

This feature does not include locally-licensed LoadMasters.

You will receive an alert on the Non-Local Licenses & Subscriptions widget when a subscription expiration has occurred (or is about to occur within 7, 30 or 60 days). If the device does not have an Enterprise or Enterprise+ subscription, you will only be able to monitor the device because the configuration will be read only.

If the device has an in-support legacy license, it will have read-write support.

If you click View List on the Non-Local Licenses & Subscriptions widget, you can view the Licenses table, which provides information on the type of license and the expiration date. For more information on the Licenses table, refer to the Licenses section.

Licenses and subscriptions that are expired are shown in red in the table.

image010.png

4.3 Application Health

There are several panels in the Application Health section. These are Virtual Service Status, Real Server Status, Administratively Disabled, WAF Statistics and Active Connections.

application Health2.png

A redirect service is always considered up, unless the device on which it is hosted is itself considered down.

Virtual Service Status – This uses a color coding and displays up to five Virtual Servers and five Real Servers. Green indicates the service is up and red indicates it is down. It also displays the number of Virtual Servers that are up out of the total number of Virtual Services. You can click View More to open the Monitoring page.

Real Server Status – This panel is similar to the Virtual Service Status panel and displays the same information for the Real Servers.

Administratively Disabled – This panel displays the number of Real Servers and Virtual Services that are administratively disabled (indicated by the yellow color).

WAF Statistics – This panel displays the following:

- The number of configured WAF services

- The total number of alerts in the past 24 hours (indicated by the triangle at the top of the bar)

- The total number of events in the past 24 hours

- The total number of events in the past hour

Active Connections – This panel displays the following:

- The total number of active connections aggregated across all managed devices

- The lowest number of active connections recorded for a single device, across all managed devices

- The highest number of active connections recorded for a single device, across all managed devices

- The average number of active connections across all managed devices

If you click the Active Connections panel, the Network Metrics screen opens.

 

5 Network and Device Management

This section discusses how networks and devices are managed in KEMP 360 Central. When you click the Network and Device Administration icon on the KEMP 360 Central UI, there is a networks area on the left displaying networks and devices.

Date and Time UI.png

A network is represented by its IP address, Classless Inter-Domain Routing (CIDR) address, or the nickname specified. It is possible to have a sub-network - this is represented by an indented network. To display status details about all networks, click All Networks. To display details on an individual network, click that network.

Devices added to a network are represented by an icon underneath the network. If the device was named when it was added, the nickname is displayed, otherwise IP address is shown.

Third-Party device status is represented by the following icons:

Icon

Status

image1.png

HA Proxy device is available/accessible

image8.png

image2.png

HA Proxy device is not available or it is inaccessible

Network and Device Management_4.png

NGINX device is available/accessible

Network and Device Management_5.png

NGINX device is not available or it is inaccessible

Network and Device Management_6.png

Amazon Web Services (AWS) Elastic Load Balancer (ELB) device is available/accessible

Network and Device Management_7.png

AWS ELB device is not available or it is inaccessible

Network and Device Management_8.png

F5 BIG-IP device is not available or is inaccessible

Network and Device Management_9.png

F5 BIG-IP device is available/accessible

Network and Device Management_10.png (spinning)

Device is rebooting

HA pair icon.png LoadMaster HA pair

If you want to see what the different icons represent, there is an icon legend at the bottom of the screen (Network and Device Management_11.png). Roll your mouse over this to view the legend.

image63.png

Users should note that selecting a network or device will bring focus to the monitoring and configuration dialogs for the highlighted entity. Please ensure you choose the correct one before adjusting any settings. The term, Activation Server, can apply to any device licensed locally by KEMP 360 Central with perpetual or metered licensing.

5.1   Network Management

Within KEMP 360 Central, networks are the basic container used to group device instances. You can highlight a network by typing the name of the Network and clicking the Search icon. In addition, you can view all available networks by expanding All Networks.

5.1.1 Add a Network

1. Click the cloud icon on the left.

Add a Network.png

2. At the bottom-left, click the plus (+) icon and click Add a Network.

Add a Network_1.png

3. If creating a top-level network, users should select No Parent from the Parent Network drop-down list.

4. If this is the first time adding a network using the KEMP 360 Central instance, the Parent Node drop-down list does not appear.

5. If adding a subnet, select a parent network from the Parent Network drop-down list.

6. Enter a recognisable Nickname for the network.

7. If no Nickname is entered here the Network’s IP address will be displayed everywhere that the Nickname would have been shown.

8. Enter the IP address and CIDR in the Network Address box. The CIDR has a range from 1 to 31.

9. Click Apply. A message appears saying the network is added.

5.1.2 Modify a Network

Modify a Network.png

To edit an existing network, select the network on the left and click the pencil icon at the bottom of the screen. Make the changes as needed and click Apply.

If a sub-network or device resides underneath a parent network, do not make any changes to the parent network.

5.1.3 Remove a Network

To remove a network, select a network on the left, click the minus (-) icon at the bottom of the screen and click Remove on the confirmation pop-up.

When a network is deleted, all associated subnetworks and/or LoadMasters are also deleted.

5.2   Device Management

Networks constitute the top level of organization in KEMP 360 Central; the devices you add to the networks constitute the second level.

KEMP 360 Central should only be used to manage LoadMasters that have firmware version 7.1-30b or above installed.

A pop-up message appears if a LoadMaster with a firmware version older than 7.1-30b is being added.

LoadMasters with firmware between 7.1-26 and 7.1-30b have reduced statistics functionality.

KEMP 360 Central does not work with firmware below 7.1-26.

5.2.1 Adding Devices

This section shows users how to add devices to KEMP 360 Central. Currently supported devices are: KEMP LoadMasters, LoadMaster HA Pairs, NGINX, HAProxy, AWS ELB, and F5 BIG-IP.

LoadMasters, like KEMP 360 Central itself, must be licensed to be activated. There are two ways to license a LoadMaster:

  • License the LoadMaster by contacting the KEMP license server on the Internet.
  • License locally using KEMP 360 Central. 

You can add LoadMaster HA pairs that were created on the LoadMaster with KEMP 360 Central as one unit by adding the HA1 and HA2 pair as a shared IP address. The shared IP enables you to more effectively monitor the status and configuration of services across the LoadMaster HA pair. To successfully add a LoadMaster HA pair to KEMP 360 Central, both units must have the same username and password.

When you add a LoadMaster HA pair to KEMP 360 Central, the shared IP is not included in any statistics.

Before a device can be added to KEMP 360 Central, a network must exist. For steps on how to add a network, refer to the  Network Management section.

Adding Devices.png

1. Click the cloud icon on the left.

Adding Devices_1.png

2. Highlight the relevant network. For example: if the device IP address is 192.168.150.10, you must add the device to the network that contains that IP address in its range (as specified by the network’s CIDR address).

Adding Devices_2.png

3. Click the plus (+) icon in the bottom-left and select Add a Device.

5.2.1.1 Add Details for a LoadMaster

image020.png

Use the following steps when adding the details for a LoadMaster only:

1. Click the Plus icon at the bottom left of the screen then click Add a Device.

2. From the Device Type drop-down list, select LoadMaster.

3. Type the IP Address of the LoadMaster.

The LoadMaster address must be within the IP address range specified for the network you selected in Step 2, or an error is returned.

4. Enter the Port number.

5. In an Azure environment, type 8443 as the Port.

If no port is entered, the port defaults to 443.

6. Type the Username and Password of the LoadMaster.

7. Type the Alternate WUI Access address for LoadMasters licensed using local licensing. If you do not specify a port number, it will be auto populated with the private port number.

If using Azure, this is the DNS name that appears in the Azure Dashboard screen for KEMP 360 Central.

8. Enter a Nickname for the LoadMaster.

If a Nickname is not entered here, the IP address of the LoadMaster will be used instead.

9. Click Apply. A message will appear when the LoadMaster is added.

5.2.1.2 Add Details for a LoadMaster HA Pair

Add a Device 2.png

Before you create a LoadMaster HA pair, you must ensure the following: 

  • The two LoadMaster HA mode units participating in the HA pair have already been added to KEMP 360 Central as LoadMaster type devices.
  • The two LoadMasters are available (up) and communicating successfully with KEMP 360 Central – their icons must be green or blue in the network tree.
  • You know the IP addresses and ports of the two HA mode LoadMaster units, in addition to the shared IP address and port.
  • Ensure that the credentials (username and password) are the same for both units.

After you ensure the prerequisites shown above are complete, perform the following steps to configure two HA mode LoadMasters into a LoadMaster HA pair:

1. Click the Network and Device Administration icon on the left.

2. Click the + icon on the lower left to open the Add a Device screen.

3. Enter or select the parameters shown in the table below:

Parameter

Description

Device Type Select LoadMaster HA Pair.
HA Shared IP : Port Type the IP address and port of the HA shared IP address used by the HA LoadMasters.
Platform The platforms available are Hardware / Local Hypervisor, AWS Cloud and Azure Cloud.
Nickname (Optional) A name for the device that will appear in the network tree on the left and elsewhere in the UI.
Username Password The username and password for the HA configuration. This username and password combination must be defined on both LoadMasters.
HA1 IP : Port Select the LoadMaster configured as HA1 in the LoadMaster UI’s HA Configuration page.
HA2 IP : Port Select the LoadMaster configured as HA2 in the LoadMaster UI’s HA Configuration page.

4. Click Apply. The Shared IP Address (or Nickname, if you supplied one) now appears in the appropriate place in the network tree on the left, with the two HA mode LoadMasters organized underneath, as shown in the example below.

You can perform the same steps on the Welcome on Board page.

LoadMaster HA pair with date.png

If you try to create a HA pair with at least one device that has not been contacted by KEMP 360 Central, you will get an error message.

5.2.1.3 Add Details for a Third Party Device

In addition to LoadMasters, KEMP 360 Central enables you to manage third party devices, including NGINX, HAProxy, AWS-ELB and F5 BIG-IP.

The following are the steps for adding a third party device to KEMP 360 Central:

Add a device.png

1. From the Device Type drop-down list, select the appropriate third party device.

2. The fields available on the screen vary depending on the Device Type selected (see the table below). Complete the fields as required. To view tool-tip text for a field, hover the cursor over the field.

3. When finished filling out the fields, click Apply.

Field

Description

NGINX

HAProxy

AWS-ELB

F5-BIGIP-LTM

IP Address

The IP address on which the user interface (UI) is available. The address must be within the IP address range of the specified network.

✓

✓

✓

✓

Port

Optional. The port on which the UI is running at the IP address specified. It defaults to 443.

✓

✓

✓

✓

Username/Password

The credentials required to log in to the administrative interface.

✓

✓

 

✓

Status URI

Required. The path element of a URI that KEMP 360 Central will use to gather status and statistics information from the device (for example, "/status", "/haproxy?status"). The supplied path is appended to the device IP address:port.

✓

✓

 

 

Access Key ID

Required. The Access Key ID for logging into the AWS-ELB access key ID

 

 

✓

 

Secret Access Key

Required. The secret access key for the specified AWS-ELB access key ID.

 

 

✓

 

AWS LB Name

Required. This name identifies the load balancer on the AWS.

 

 

✓

 

AWS Region

Required. The AWS region where this ELB is configured

 

 

✓

 

Alternate WUI Access

Optional. Can be specified as an FQDN or an IP address and port.

✓

✓

✓

✓

Nickname

Optional. Used in the KEMP 360 Central UI as an alias for this. If this is not specified, the IP address and port are used to identify this in the UI.

✓

✓

✓

✓

5.2.1.4 Network Detail Automation

When adding a LoadMaster to KEMP 360 Central, network information is automatically added and configured. Some points about this are provided below:

If the network does not already exist in KEMP 360 Central, it is added when the LoadMaster is added.

- The LoadMaster is added to the network containing the specified IP address, for example, if a LoadMaster with IP address 10.10.20.20 contains the following networks:
10.10.0.0/16

- 10.11.0.0/16
10.12.0.0/16
The LoadMaster is added to the 10.10.0.0/16 network.

If the primary network of the LoadMaster is altered (for example, from 10.10.10.20/16 to 10.10.10.20/24), the LoadMaster is moved into the new network.

Networks automatically organise themselves in the appropriate hierarchy, for example, the network 10.154.0.0/16 automatically becomes a subnet of 10.0.0.0/8 and existing 10.154.n.n/24 networks become subnets of 10.154.0.0/16.

Networks are not automatically removed if they are no longer present on attached LoadMasters.

When you add a device with ‘All Networks’ selected in the Network drop-down, KEMP 360 Central attempts to locate the new device within the network that has the smallest IP address range that contains the specified IP address for the device. For example, you add the following network 13.0.0.0/8. If you then add a device with an IP address that is within that network range, such as 13.0.0.11, KEMP 360 Central places the device within that network. If there are two existing networks that contain the IP address specified, for example, 13.0.0.0/8 and 13.0.0.0/24, KEMP 360 Central locates the new devices under the network with the smaller IP address range (in this case, 13.0.0.0/24).

5.2.2 Modify a Device

To edit an existing device, select the device on the left and click the pencil icon at the bottom of the screen. Make the changes as needed and click Apply to apply the changes.

Modify a Device.png

If your initial connection fails and you need to use an alternate address to access the UI, type the address in the Alternate WUI Access field and click Apply. This is generally applicable in an Azure and AWS environment or if you have configuration problems with your LoadMaster.

If certificate-based authentication is being used to authenticate from KEMP 360 Central to the LoadMaster, it may not be possible to edit the Username and Password for the LoadMaster. For further information, refer to the Certificate-based LoadMaster Authentication section.

When you modify a device’s IP address, the list of networks shown in the Network drop-down list only contains networks whose IP address range contains the specified IP address. For example, you have two networks, 10.0.0.0/24 and 192.168.0.0/24, and you modify a device's IP address from 10.0.0.11 to 192.168.0.11. After you do this, only the 192 network appears in the Network drop-down list and not the 10 network.

If you are editing a LoadMaster HA pair, you must do it at the shared IP level. In addition, you must ensure that the parameters you provide are valid because they are checked by KEMP 360 Central. Therefore, you must use the correct IP address, correct credentials, and port numbers. If everything is set up and correct, it is verified by the system. If you want to delete a LoadMaster HA pair, you must delete the shared IP address. If you try to delete an individual LoadMaster, you will not be able to.

5.2.3 Modify a LoadMaster HA Pair

You cannot edit the nodes of a LoadMaster shared IP. For example, if the IP address of the LoadMaster HA node is changed for any reason, you can edit the IP address of the node that was changed on KEMP 360 Central. The updated IP address can then be seen on the shared IP in the HA1 or HA2 field. This is shown in the figures below. In the first figure, the individual node is selected and the IP address is updated. The second graphic shows the updated node after the IP was changed.

Changing node IP address.png

shared IP after node IP changed.png

If you want to move the LoadMaster HA pair to a different sub-network, you can only move it using the shared IP node only.

5.2.4 Remove a Device

To remove a device, select the relevant device from the left menu. Click the minus (-) icon at bottom-left and click Remove when the pop-up message appears. If you remove a shared IP address, it removes the two HA units under it. If you remove a shared IP address that contains locally licensed units, KEMP 360 Central attempts to deactivate both units.

If you remove a MELA LoadMaster, the license is deregistered, returned to the unused pool, and the LoadMaster enters its grace period.

5.2.5 Checking the Status of a Device

KEMP 360 Central updates the status and configuration information on two separate cycles:

• Status information for devices and services is updated every minute. This is essentially the information displayed on the Monitoring and Graphs tabs, such as availability and statistics.

• Configuration information is updated every 60 minutes. This is essentially the information displayed on the Service Configuration and System Configuration tabs, such as the number of services, SubVSs, real servers – and their parameters. You can also request a manual update of a particular device’s configuration at any time by following the procedure below.

 

image9.png

The status of each device is updated every minute. To check the current status of an individual device, perform the following steps:

1. Click the Network and Device Administration icon.

2. Locate the device whose configuration you want to update in the network tree and click on it. This opens the Monitoring tab for the device.

3. Click Update to request an immediate configuration update from the device. A progress bar appears when updating and a message appears informing you that the update was successful. If the device cannot be contacted, this button is disabled.

4. If there are any status changes to your device they will appear here.

If the update fails, a red warning message appears. To find out more information, you can check the system log.

The shared IP address of a LoadMaster HA pair does not show up on the Monitoring page but the status of the devices does.

5.2.6 Certificate-based LoadMaster Authentication

If you are using a KEMP 360 Central instance with version 1.6 or higher, and you add a LoadMaster with version 7.1.35 or higher, certificate-based authentication is used to authenticate the communications between KEMP 360 Central and the LoadMaster. To enable certificate-based authentication, KEMP 360 Central automatically configures some settings when a LoadMaster is added to it:

  • The Application Program Interface (API) is enabled on the LoadMaster. This is to ensure that KEMP 360 Central can communicate with the LoadMaster.
  • Session Management is enabled on the LoadMaster.
  • A local user is created on the LoadMaster which is used by KEMP 360 Central to authenticate to the LoadMaster. This user is provided with All Permissions on the LoadMaster.
  • A local certificate is generated for the local user created in the previous step. This certificate is then stored in KEMP 360 Central to authenticate to the LoadMaster.
  • The Admin Login Method on the LoadMaster is changed to Password or Client certificate. This is to enable certificate-based authentication on the LoadMaster.

When a LoadMaster is removed from KEMP 360 Central, none of the above settings change. For example, when you remove a LoadMaster from KEMP 360 Central, certificate-based authentication is not removed from the LoadMaster. It remains in effect and must be removed manually using the LoadMaster UI, if that is required.

If either the LoadMaster user account or certificate used by KEMP 360 Central is removed from the LoadMaster, or if any of the LoadMaster settings required for certificate authentication listed above are modified, then certificate authentication breaks. This means that KEMP 360 Central will not be able to gather statistics and configuration data from the LoadMaster. To fix this issue, edit the device definition on KEMP 360 Central, change from Certificate Authentication to Basic Authentication, and re-enter the LoadMaster credentials. This re-establishes contact with the device. After contact is re-established, you can switch back to Certificate Authentication if you want.

For more information on user and session management on the LoadMaster, refer to the User Management, Feature Description in the LoadMaster documentation.

image3.png

The workflow is as follows:

1. Add a LoadMaster to KEMP 360 Central using an administrative LoadMaster username and password.

2. KEMP 360 Central attempts to contact the LoadMaster using the credentials supplied. If it is successful, KEMP 360 Central then attempts to set up certificate authentication with the LoadMaster. If certificate authentication fails, you get an error message and see the icon on the device either remain as the 'never contacted' icon (for unmanaged devices) or change to the 'unauthorized' icon. If SMTP is set up correctly, you also receive an email message that certificate authentication has failed.

3. KEMP 360 Central continues to try and contact the device. If negotiating certificate authentication fails and/or contact is never established, you can edit the LoadMaster configuration on KEMP 360 Central so that KEMP 360 Central and LoadMaster will use only basic authentication (username and password) and will not attempt to negotiate certificate authentication. To do this:

a) Click the device in the network tree.

b) Click the Edit icon at the bottom left of the UI.

c) Under Authentication, click Basic.

d) Click Apply.

Since version 1.16 of KEMP 360 Central you can now choose to opt out of certificate authentication by editing the Authentication setting so that the unit uses basic authentication and does not attempt to establish certificate authentication. To change from Certificate to Basic authentication, re-enter your username and password for the device, select Basic and click Apply.

5.2.7 Unmanaged Devices

If there are any devices that KEMP 360 Central has never contacted successfully, these are clearly identified in the left frame in a node entitled Unmanaged Devices directly under All Networks. In addition, each unmanaged device has a specific icon that is easily recognized. If there are no unmanaged devices present, the Unmanaged Devices node is hidden and cannot be seen.

Network and Device Management_1.png

To address issues with Unmanaged Devices:

  • Check the credentials required to log into the device and if necessary edit the device and re-enter it into KEMP 360 Central
  • Ensure the device is properly connected to the network
  • Check the KEMP 360 Central logs and the logs on the device

When you add a device with All Networks selected in the Network drop-down, KEMP 360 Central attempts to locate the new device within the network that has the smallest IP address range that contains the specified IP address for the device. For example, you add the following network: 13.0.0.0/8. If you then add a device with an IP address that is within that network range, such as 13.0.0.11, KEMP 360 Central places the device within that network. If there were two existing networks that contain the IP address specified, for example, 13.0.0.0/8 and 13.0.0.0/24, KEMP 360 Central locates the new device under the network with the smaller IP address range (in this case, 13.0.0.0/24).

If you add a LoadMaster and give it incorrect credentials, it is added to the Unmanaged Devices section. If you then apply the correct credentials and select All Networks, the LoadMaster is added to the correct subnet based on its administration IP address. Where subnets overlap, the smaller of the sub-networks is selected.

6   System Configuration

Adding Devices.png

It is possible to manage LoadMasters using the KEMP 360 Central interface. To access the LoadMaster configuration area, click the cloud icon in the menu on the left and then select the System Configuration tab.

The System Configuration section of KEMP 360 Central enables users to locally manage LoadMasters. Users may manage: templates; firmware; reboots; backup; restore and/or syslog settings for any LoadMaster on a network.

Disk Space

A daemon is run every 30 minutes to look at your disk space.

image98.png

Depending on your configuration, if your system has a single OS partition, there are two critical limits that are set, one by the system and the other is configurable (see Storage). The system critical disk alert is triggered if the disk space equals or exceeds 95% of the total disk space available. If this occurs, a notification appears on the UI alerting you of this and it is essential that you contact KEMP Support. In addition, an email containing the same information is also sent to the list of recipients configured in the SMPT Settings. The audit log is also updated with this information.

If you have two partitions (OS and data), there is a separate critical threshold for the data partition (this is not configurable). If the data partition exceeds 95% usage, you will see the alert on the UI and be notified by email if your email address is configured in the SMTP Settings.

The UI warning remains displayed, and notifications are sent every 30 minutes until the available amount of disk space is increased by KEMP Support, so that normal system operation can continue. If disk space consumption continues to increase, KEMP 360 Central eventually stops collecting statistics and log data from managed devices.

6.1 Open the LoadMaster UI from KEMP 360 Central

Clicking the Open UI link will open a browser window to the LoadMaster UI. The read-only user does not have access to the Open WUI link. To click the Open WUI link, follow the steps below:

Open the LoadMaster UI from.png

1. Select the relevant LoadMaster on the left.

2. Click System Configuration.

Open the LoadMaster UI from_1.png

3. Clicking the Open WUI link in the menu will open the UI of the selected LoadMaster.

6.2 LoadMaster Reboot

KEMP 360 Central gives users the ability to centrally reboot LoadMasters. You can reboot a single LoadMaster or selected LoadMasters simultaneously.

Reboot a LoadMaster using the KEMP 360 Central interface by following these steps:

1. Click the relevant network or subnetwork in the left pane of the UI.

2. In the right pane, select the System Configuration tab and then expand the System Reboot section.

This displays a list of the LoadMasters on the network you selected in the previous step, as shown in the example below.

LoadMaster Reboot.png

3. To reboot a single LoadMaster, select the check box beside the LoadMaster for rebooting and click the Reboot button.

4. Reboot multiple LoadMasters by ticking the check box of each LoadMaster and then clicking the Reboot Selected button. Alternatively, choose the Select All check box and click the Reboot All button to reboot all LoadMasters in the relevant network.

LoadMaster Reboot_1.png

5. The system displays Rebooting… next to each rebooted unit until the unit is available again.

You can reboot your LoadMasters using the shared IP address or directly from the devices.

6.2.1 Schedule a LoadMaster Reboot

By carrying out the following steps, users can schedule the reboot of a single or multiple LoadMasters:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

3. In the left-hand menu, click the network to which the LoadMaster or LoadMasters you wish to schedule for a reboot is attached.

Schedule a LoadMaster Reboot.png

4. Expand the System Reboot section.

5. Select the check box of the LoadMaster or LoadMasters you wish to reboot and click the Schedule button.

If you wish to schedule a reboot of all LoadMasters in a network, enable the Select All check box.

image003.png

6. Enter the time, date and frequency, for which you wish to schedule the reboot.

Tasks cannot be scheduled within one hour of each other.

7. Click Schedule.

8. Further information on scheduling can be found in Scheduled Actions.

6.3 Template Management

Using a template automatically populates the settings in a Virtual Service. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

For more information on templates please refer to Virtual Services and Templates, Feature Description.

To add a template to a LoadMaster using KEMP 360 Central, the template file must first be uploaded to the KEMP 360 Central Global Repository.

6.3.1 Upload the Template to KEMP 360 Central Global Repository

To do this, use the following steps:

Upload the Template to KEMP.png

1. In the menu, click the Global Repository icon and then click Template Management.

Upload the Template to KEMP_1.png

2. Click Select Template.

3. Browse to and select the template file. Multiple files can be selected, if desired.

Upload the Template to KEMP_2.png

4. Click Upload.

5. Wait for the template file to finish uploading. A message appears when the upload completes.

6.3.2 Upload a Template File to a LoadMaster 

Once you have uploaded a template to KEMP 360 Central, the template can be installed on one or more LoadMasters. To do this, perform the following steps:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

Upload a Template File to.png

3. In the left pane, select the relevant network or LoadMaster.

4. In the right pane, expand the Templates section.

Upload a Template File to_1.png

If you selected a network instead of a LoadMaster, you can tick multiple LoadMasters and install a template on them all at one time.

5. From the Select a template to apply drop-down menu, click the template you wish to add.

6. Do one of the following:

If you selected a single LoadMaster in Step 3, click Upload Selected to install the template on that LoadMaster.

If you selected a network in Step 3, tick the LoadMasters on which you want to install the template, and then click Upload Template.

7. A message will appear when the upload completes.

6.4 Update the LoadMaster Firmware

To update the LoadMaster firmware using KEMP 360 Central, first upload the firmware update file to KEMP 360 Central Global Repository. Then, the desired LoadMasters can be updated with the selected firmware. Firmware updates can be immediate or scheduled for a future date, time and frequency.

6.4.1 Upload the LoadMaster Firmware Update File to the Global Repository

To do this, follow the steps below:

Upload the LoadMaster Firmware.png

1. In the menu, click the Global Repository icon and then click Firmware Management.

Upload the LoadMaster Firmware_1.png

2. Click Select Firmware.

3. Browse to, and select the firmware update file. Multiple files can be selected, if desired.

4. Click Upload.

5. Wait for the firmware update file to finish uploading.

6. A message appears when the upload completes.

6.4.2 Update the Firmware on Selected LoadMasters

When the firmware has been uploaded to KEMP 360 Central Global Repository, LoadMasters can be updated individually or in groups. To do this, follow the steps below:

The LoadMaster will be automatically rebooted after the firmware update has completed. This may result in a brief service outage. If possible, perform upgrades during a maintenance window or during known periods of reduced traffic.

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

Update the Firmware on Selected.png

3. Select either an individual LoadMaster, or a network - depending on whether you want to update an individual LoadMaster or multiple LoadMasters on a network.

You can perform firmware management on HA1, HA2, and the shared IP address. If you perform an update using the shared IP address, the original master remains as master.

Update the Firmware on Selected_1.png

4. Click Select a firmware to apply to display the list of available firmware updates.

5. Click the desired firmware version.

6. If a network was selected, select the check-box(es) of the LoadMaster(s) to be updated.

7. Click the Update Selected/Update All button.

A warning displays if the firmware version being installed is lower than the current LoadMaster firmware version. This may result in a loss of some functionality.

LoadMasters with firmware between 7.1-26 and 7.1-30b have reduced statistics functionality.

KEMP 360 Central does not work with firmware below 7.1-26.

8. Wait for the firmware update to complete.

When the update is finished, the LoadMaster automatically reboots.

When the firmware update is complete and the LoadMaster(s) successfully rebooted, the LoadMasters come back online and KEMP 360 Central reflects the LoadMaster status.

6.4.3 Schedule a LoadMaster Firmware Update

By carrying out the following steps, users can schedule the firmware update of one or multiple LoadMasters:

1. Upload the LoadMaster firmware update file, as described in the Upload the LoadMaster Firmware Update File to the Global Repository section.

2. Click the cloud icon on the left of the screen.

3. Select the System Configuration tab.

4. In the left-hand menu, select the relevant network.

Schedule a LoadMaster Firmware.png

5. Expand the Update LoadMaster Firmware section.

6. Select the check box of the LoadMaster or LoadMasters you wish to update the firmware of and click the Schedule button.

If you wish to schedule a firmware update of all LoadMasters in a network, select the Select All check box.

Schedule a LoadMaster Firmware_1.png

7. Enter the time, date and frequency, for which you wish to schedule the firmware update.

Tasks cannot be scheduled within one hour of each other.

8. Click Schedule.

Further information on scheduling can be found in the Scheduled Actions section.

6.5 Backup/Restore

KEMP 360 Central allows users to create a backup archive, store that backup centrally on KEMP 360 Central, and restore that backup archive onto any LoadMaster.

To restore the settings, a backup file must first exist in KEMP 360 Central.

There are two ways to take a backup. The method to use depends on whether the LoadMaster to be backed up exists in KEMP 360 Central:

If the LoadMaster exists in KEMP 360 Central: back up using KEMP 360 Central - refer to the Back up a LoadMaster and/or SSL Certificates using KEMP 360 Central section for steps on how to do this.

If the LoadMaster does not exist in KEMP 360 Central: back up using the LoadMaster UI and upload the backup file to KEMP 360 Central. Refer to the Importing a LoadMaster Backup into KEMP 360 Central section for steps on how to do this.

6.5.1 Back up a LoadMaster and/or SSL Certificates using KEMP 360 Central

LoadMasters that exist in KEMP 360 Central may be backed up in the following way:

1. In the KEMP 360 Central UI menu, click the cloud icon.

Upload a Template File to.png

image122.png

2. Select a network (as shown in the first image), to backup multiple units. To backup a single unit, navigate to that unit in the network tree (as shown in the second image).

3. Select the System Configuration tab.

4. Expand the Backup/Restore section.

image114.png

5. If you selected a network, select the LoadMasters that you would like to back up. If you selected a single LoadMaster, select that LoadMaster. You can select the Select All checkbox to select all LoadMasters.

6. Click Backup.

image115.png

A pop-up message appears with three options:

  • Configuration Only: Select this option to back up your LoadMaster configuration only.
  • SSL Certificates Only: Select this option to back up your SSL certificates only.
  • Both: Select this option to back up both your LoadMaster configuration and SSL certificates.
  • All backups are password-protected, so you will be prompted for a password that will be required upon restore. If you select SSL Certificates Only, an additional password is required for the certificate archive.

    If you select ‘SSL Certificates Only’, an additional password will be required for the certificate archive.

7. Select the option you want.

8. Click Confirm. A pop-up message displays saying the backup was created.

image118.png

After you create the backups, the backup files can be found in the Backup Repository section of the Global Repository. The downloaded zip file contains a configuration archive, a certificate archive, or both. These can be extracted from the zip file and applied to a LoadMaster outside of KEMP 360 Central, using either the LoadMaster UI or the LoadMaster API.

SSL certificate archives and combined configuration and SSL certificate archives will be accepted by the UI/API and uploaded to the system, but they will produce an error when applied to a LoadMaster.

6.5.2 Importing a LoadMaster Backup into KEMP 360 Central

For LoadMasters that do not exist in KEMP 360 Central, you can create a backup locally using the LoadMaster UI, and then upload it to KEMP 360 Central.

Importing a LoadMaster Backup.png

In the UI of the LoadMaster, go to System Configuration > System Administration > Backup/Restore > Create Backup File.

Then, upload the backup file to KEMP 360 Central by following the steps below:

1. In the KEMP 360 Central UI menu, click the Global Repository icon and then click Backup Repository.

Importing a LoadMaster Backup_1.png

2. Click Select Backup.

3. Browse to and select the relevant backup file.

Importing a LoadMaster Backup_2.png

4. Click Upload.

5. Wait for the backup file to upload.

A message will appear when the upload completes. The upload is now available for applying to LoadMasters under KEMP 360 Central control using the Restore backup functionality as described in the Restore LoadMaster and/or SSL Certificate Settings section.

6.5.3 Restore LoadMaster and/or SSL Certificate Settings

When a backup file is available in KEMP 360 Central, the settings can be restored to a LoadMaster.

Please do not restore a non-Azure LoadMaster backup to an Azure LoadMaster

1. Click the cloud icon on the left of the screen.

Restore LoadMaster Settings.png

image121.png

2. Select a network (as shown in the first image), to backup multiple units. To backup a single unit, navigate to that unit in the network tree (as shown in the second image)t

3. Select the System Configuration tab.

4. Expand the Backup/Restore section.

Restore LoadMaster Settings_1.png

5. If you selected a network, select the LoadMasters that you would like to back up. If you selected a single LoadMaster, select that LoadMaster. You can select the Select All checkbox to select all LoadMasters.

image117.png

A pop-up message appears with three options:

  • Configuration Only: Select this option to back up your LoadMaster configuration only.
  • SSL Certificates Only: Select this option to back up your SSL certificates only.
  • Both: Select this option to back up both your LoadMaster configuration and SSL certificates.

6. Click the Select a backup to restore button and select the desired backup file.

image120.png

7. A dialog box appears showing you what files are contained in that backup.

8. Type your password that you used to create the backup.

9. Click the Restore button.

10. A message appears when the restore completes.

Note that you cannot schedule a restore.

LoadMaster backup archives are not included in KEMP 360 Central backup archives. If you want to create copies of your LoadMaster backups, download them manually to another device.

6.5.4 Schedule a LoadMaster Backup

By carrying out the following steps, users can schedule the backup of a single or multiple LoadMasters, in the future:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

3. In the left-hand menu, click the network to which the LoadMaster or LoadMasters you wish to schedule for a backup is attached.

Schedule a LoadMaster Backup.png

4. Expand the Backup/Restore section.

5. Select the check box of the LoadMaster or LoadMasters you wish to backup and click the Schedule button.

If you wish to schedule a backup of all LoadMasters in a network, enable the Select All check box.

image007.png

6. Enter the time, date and frequency, for which you wish to schedule the backup.

Tasks cannot be scheduled within one hour of each other.

7. Click Schedule.

6.5.5 Backup and Restore KEMP 360 Central

As a KEMP 360 Central administrator, you can back up your KEMP 360 Central configuration using controls provided within the UI. This includes all KEMP 360 Central administrative settings, all managed device settings, all repository files and all statistics data. To use the backup feature, follow the steps below:

1. Click the Settings and Configuration icon.

2. Click Backup & Restore.

Backup and Restore KEMP 360.png

3. Type a password then click Backup. For details on password requirements, see the Appendix: Password Information. Depending on your browser, this prompts you to download a backup file in your Downloads folder or in a location you select.

4. Save the backup to the location where you want to store it.

To restore the backup file, follow the steps below:

1. Click Select File and browse to the location where the backup is stored.

2. Select the file then click Upload & Check. You can view the progress of the upload in the progress bar. If the upload is successful, you will see a notification on the screen.

The KEMP 360 Central instance on which you are restoring the archive must be licensed outside of the backup process and the license applied must match the license in effect on the system where the backup archive was created. If the license information does not match, the restore process will not continue.

Backup and Restore KEMP 360_1.png

3. Type the password used to create the backup archive, then click Restore.

Backup and Restore KEMP 360_2.png

4. Click Yes to the message that appears. For locally licensed LoadMasters, the following screen appears while the backup is being restored:


Backup and Restore KEMP 360_3.png

Backup and Restore KEMP 360_4.png

While a restore operation is in progress, API and UI access to KEMP 360 Central is blocked.

  1. After the operation completes, log in again.

6.5.6 Configuring Syslog Collection from Managed Devices

You can configure KEMP 360 Central to collects logs from all managed devices that support exporting logs to a syslog server. This includes: LoadMaster, F5, NGINX, and HA-Proxy ADCs. (AWS ELB does not currently support remote syslog functionality.)

  • For LoadMaster, the appropriate syslog options on LoadMaster are configured by KEMP 360 Central when the device is added to KEMP 360 Central and the LoadMaster is contacted for the first time.
  • For other devices, you must add the KEMP 360 Central IP address to the list of remote syslog hosts using the UI for that device.

6.5.7 LoadMaster Syslog Collection

When a LoadMaster is first added to KEMP 360 Central, the KEMP 360 Central IP address is automatically appended to the existing list of syslog hosts. After this is set, all logs are sent to KEMP 360 Central and can be downloaded using the KEMP 360 Central interface. For more information relating to downloading the logs, refer to the System Logs section.

For a LoadMaster connected to KEMP 360 Central, you can edit the LoadMaster syslog settings using KEMP 360 Central by performing the following steps:

1. Click the cloud icon on the left of the screen.

2. Select the System Configuration tab.

LoadMaster Syslog Collection.png

3. Select the LoadMaster with the settings you wish to update.

When updating the syslog targets for a LoadMaster HA pair, use the shared IP address.

4. Go to Log Settings.

5. Expand the Syslog Options section.

LoadMaster Syslog Collection_1.png

6. Enter the relevant IP addresses of the one or more remote syslog servers in the relevant text boxes. Multiple IP addresses must be separated with a comma.

7. Click Submit to save the changes.

The syslog settings are then updated on the selected LoadMaster(s). The KEMP 360 Central view of the LoadMaster Syslog Options always remains correct.

Six different error message levels are defined and each message level may be sent to a different server. Notice messages are sent for information only; Emergency messages normally require immediate user action.

Up to 10 individual IP addresses can be specified for each of the Syslog fields. Multiple IP addresses must be separated by commas.

The following are examples of the type of message that may be seen after setting up a syslog server:

Emergency: Kernel-critical error messages

Critical: Unit 1 has failed and unit 2 is taking over as master (in a High Availability (HA) setup)

Error: Authentication failure for root from 192.168.1.1

Warn: Interface is up/down

Notice: Time has been synced

Info: Local advertised Ethernet address

Syslog messages cascade in an upwards direction. Thus, if a host is set to receive WARN messages, the message file will include message from all levels including and above WARN but none for levels below. 

If all six levels are set to the same hostn - multiple messages for the same error are sent to the same host.

6.5.7.1 Syslog Collection for F5, NGINX, and HAProxy

For F5, NGINX, and HAProxy devices, syslog collection must be enabled manually on the device through the native user interface. Once the device has been added to KEMP 360 Central and KEMP 360 Central is added as a syslog target to the device, KEMP 360 Central automatically starts collecting logs from these devices.

See the documentation for the device to configure remote syslog options to include the KEMP 360 Central IP address. Documentation current at the time this document was last updated is available at these links:

6.6 Licenses

A summary of license details for all the LoadMasters in All Networks or a specific network can be displayed by clicking Network and Device Administration, selecting the appropriate network node in the network hierarchy, clicking System Configuration, and opening the Licenses section. You can display the Licenses section for all networks by clicking Network and Device Administration > System Configuration. You can also display the License section for all networks by clicking the Global Dashboard icon then clicking View List on the Non-Local Licenses & Subscriptions widget.

By default, the licenses are sorted by IP address in ascending order. You can change the order of displayed results by clicking the arrows next to the IP Address column and the Expiration Date column. In the License or Subscription column the license type is displayed first and any subscription-based licenses will be indented below this.

A Classic license refers to a non-subscription-based (or legacy) license.

If you add a LoadMaster, it should appear in the Licenses table without having to refresh the page. If you do not see it, you may need to check the credentials specified for the device on KEMP 360 Central. Similarly, if you delete a LoadMaster, it will be removed from the list. Any LoadMasters that have passed their expiration date will appear in red in the Expiration Date column.

The Licenses table does not list any devices that are down or otherwise unreachable.

Licenses.png

For LoadMaster HA Pairs, there is no licensing information displayed for the HA Shared IP Address ‘device’. This is because the HA Shared IP does not belong to one particular device, but instead is passed between the two HA units. To see the licensing information for a LoadMaster HA Pair, you must look at the licensing information for the individual HA units in the pair.

6.7 HA Configuration

In the HA Configuration section (Settings and Configuration > HA Configuration), you can configure two KEMP 360 Central instances into a master-slave High Availability (HA) configuration as follows:

  • Both HA units are active in terms of enabling you to make changes to KEMP 360 Central and managed device configuration, synchronization of data, and gathering syslog output from managed devices.
  • Only the master unit generates statistics and communicates these to the slave unit periodically.
  • Scheduled actions can be configured on either unit and are communicated to the other unit, but they are executed only by the current master unit.

Under normal operating conditions the master processes the scheduled tasks and the slave synchronizes repository files from the master. If the slave fails, nothing happens, but when it recovers, it checks if the master is up. If the master is not up, the slave becomes the master. If the master is up, the slave synchronizes repository files from the master.

When configuring two KEMP 360 Central instances into HA mode, both units must have at least one network defined for the initial synchronization to complete successfully. When the initial synchronization is complete, changes are propagated in both directions.

Before configuring two KEMP 360 Central instances into HA mode, decide which unit you want to be the Preferred Master. The Preferred Master always assumes the master role in the HA configuration when it is available. The other unit becomes the Preferred Slave; should the Preferred Master become unavailable, the Preferred Slave takes over from the master and returns control to the Preferred Master once it is available again.

image77.png

To configure two KEMP 360 Central instances into HA mode, perform the following steps:

If the KEMP 360 Central units that you are configuring into an HA pair already have configurations on them, determine which of the configurations you want to keep (if any). The system that has the configuration you want to keep should be configured first, so that it goes into Master mode. The configuration on the other unit will be overwritten when it assumes the Slave mode.

1. Open the KEMP 360 Central UI of both units that you want to configure into HA mode (Settings and Configuration > HA Configuration).

2. On the UI of the unit that you want to make the Slave, copy the HA Key for this Peer from the HA Configuration section.

3. On the UI of the unit you want to become the Master:

a) Paste the HA Key you copied in the previous step into the HA Key for the Other Peer field.

b) Select the Preferred Master check box.

c) Type the IP address of the Slave unit into the IP Address for the Other Peer field.

d) Click Apply.

Wait until the Our State field in the HA Status section indicates that this unit has assumed the Master state before moving on to the next step. This is critical to ensuring that both units assume the desired state and the intended configuration is propagated. This may take a few minutes.

4. On the UI of the unit that has just entered the Master state, copy the HA Key for this Peer from the HA Configuration section.

5. On the UI of the unit you want to become the Slave:

a) Paste the HA Key you copied in the previous step into the HA Key for the Other Peer field.

b) Type the IP address of the Slave unit into the IP Address for the Other Peer field.

c) Click Apply.

Wait until the Our State field in the HA Status accordion indicates that this unit has assumed the Slave state. This may take a few minutes.

The HA Configuration is complete once the HA status accordion shows that one unit is in the Master state, one unit is in the Slave state, and that heartbeats are being actively exchanged between the two HA units.

Both KEMP 360 Central HA units try to contact one another every 30 seconds; this is called a heartbeat and is the method by which the two units determine when a fail over should occur. Since these heartbeats occur every 30 seconds, there can be up to a 30-second delay between the time that the current master HA unit becomes unavailable and the time that the current slave becomes aware of the outage and attempts to take over the master role.

The sequence number is mainly used for debugging and should match the sequence number on the peer. This is useful to check if the pairs are working correctly.

If the master goes down, this can be viewed in the HA Status panel after 30 seconds. If you click Refresh, you see the error and the number of heartbeats that were missed. The slave now becomes the master. Once the original master comes back online, the system reverts to the original master if you selected the Preferred Master check box when you configured it.

You can configure a LoadMaster HA pair within a KEMP 360 Central HA pair.

6.8 HA Configuration in KEMP 360 Central SPLA or MELA Deployments

When you have a KEMP 360 Central HA pair deployed in an SPLA or MELA environment, both units must be running the same version of KEMP 360 Central. If you upgrade one unit in the pair, you must upgrade the other unit as soon as possible to maintain consistent HA operation.

For SPLA/MELA HA, KEMP 360 Central checks that the following are true at every HA poll:

  • Both units are licensed for SPLA
  • Both units have the same local license setting – that is, they are either both licensed for local licensing or are both not licensed for local licensing.
  • Both units have the same MELA license setting – that is, they are either both licensed for MELA or are both not licensed for MELA.
  • Both units are running the same version of KEMP 360 Central.

If any of these values are not true, KEMP 360 Central returns an error and moves itself into standalone mode (that is, out of HA mode).

The most likely reasons for this occurring are: one of the HA units’ license was updated or a backup was restored to one or both of the units, which resulted in a licensing mismatch between the units.

Managed LoadMasters can grab a license from either KEMP 360 Central unit and can re-license against either unit; the license then ‘migrates’ from one KEMP 360 Central unit to the other. Note that if the LoadMaster re-licenses from both units in quick succession, both units may indicate that the LoadMaster is licensed by the other unit. This can be addressed by re-licensing the unit again, and then waiting a few minutes for the re-license to synchronize across the pairs.

MELA reports from either HA unit contain all MELA LoadMasters licensed across both KEMP 360 Central HA units. A unit licensed against the ‘other’ peer is indicated in the MELA report by including the device ID from the other KEMP 360 Central HA unit in parentheses, as shown below:

image64.png

If one of the KEMP 360 Central HA units in a pair is removed from the HA pair, all actively licensed LoadMasters are moved to the other KEMP 360 Central unit as ‘normal’ (that is, not activated by KEMP 360 Central) devices. These units must be re-licensed against the remaining KEMP 360 Central unit. To do this, you must:

  • Remove the existing normal (green) unit from KEMP 360 Central.
  • Re-license the LoadMaster from the LoadMaster web user interface (UI) against the remaining KEMP 360 Central instance.

In releases before Version 1.23, it was not possible to take a backup from one HA unit (for example, the Master) and use it to replace the other unit (the Standby) in the HA pair; this broke the HA configuration.

In Version 1.23 and later releases, doing the above no longer breaks the HA configuration, but you must still check that the Disable, Preferred Master, IP Address for the Other Peer, and HA Key for the Other Peer settings are correct for your configuration. That is, under normal operation, neither unit should be disabled, only one unit should have the Preferred Master option selected, and the IP Address for the Other Peer and HA Key for the Other Peer should contain information obtained from the UI for the other unit in the HA pair.

7 Service Configuration

In the Service Configuration section, users perform various management tasks.

7.1   Virtual Service Management

Users can view a list of Virtual Services, add or delete a Virtual Service. They can also modify the basic properties of individual Virtual Services as required.

7.1.1 Display the List of Virtual Services Attached to a LoadMaster

To view the list of Virtual Services attached to a LoadMaster, perform the following steps:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. To display a particular Virtual Service from the list on the left, select the relevant network or LoadMaster.

Display the List of Virtual_1.png

KEMP 360 Central displays a list of Virtual Services attached to the selected instance.

The status of each Virtual Service is indicated by the color of the circle beside the IP address. Green indicates the Virtual Service is up while a red status means the Virtual Service is down. Edit and delete icons are also available on this screen.

For LoadMaster HA pairs, this must be done through the shared IP.

7.1.2 Add a Virtual Service

1. Click the cloud icon on the left of the screen.

image012.png

2. Click Service Configuration.

3. Select the LoadMaster to which you wish to add the Virtual Service.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

Add a Virtual Service.png

4. Click Add Virtual Service.

Add a Virtual Service_1.png

5. Enter the Virtual Address of the Virtual Service you are adding.

6. Enter the Port of the Virtual Service. The valid range is 3 – 65530.

When adding a Virtual Service, you must use an IP Address and Port combination which is unique on the LoadMaster.

7. Enter a recognisable, unique name as the Service Name, if desired.

8. Select the appropriate Protocol from the drop-down list.

Add a Virtual Service_2.png

9. Click Apply. A message will appear to inform you that the Virtual Service has been successfully added.

7.1.3 Modify a Virtual Service

Occasionally you may need to make changes to the settings of a Virtual Service. Changes are made in the Service Configuration section of KEMP 360 Central.

image018.png

1. Click Service Configuration.

2. Select the LoadMaster you wish to modify.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

Modify a Virtual Service.png

3. Click the pencil icon beside the Virtual Service you wish to modify.

4. Make any modifications, as needed.

Users can modify the following sections:

Basic Properties

Real Servers

Standard Options

5. When the changes are made click Apply.

Modify a Virtual Service_1.png

To deactivate a Virtual Service on this screen, click Disable.

7.1.4 Remove a Virtual Service

To delete a Virtual Service using KEMP 360 Central, in the Service Configuration section:

1. Click the X beside the Virtual Service you wish to delete. A dialog box appears asking you to confirm you wish to remove the Virtual Service.

2. Click Remove.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

7.1.5 Migrate a Virtual Service

It is possible to migrate an existing Virtual Service from one LoadMaster to another LoadMaster. To do this, follow the steps below:

This migrates Real Servers, SubVSs and some other configuration settings. However, not all settings are currently migrated.

Migrate a Virtual Service.png

1. Click the VS Motion Migrate icon.

Migrate a Virtual Service_1.png

2. Select the Target LoadMaster.

3. Modify the Virtual Address and Port, if needed.

4. Decide whether or not to enable the Virtual Service on the target LoadMaster.

5. Click Copy to copy the Virtual Service, or Move to move it (that is, move it to the target LoadMaster and remove it from the original LoadMaster).

If you are migrating a Virtual Service to a LoadMaster HA pair, ensure you migrate to the shared IP node and not the HA1 or HA2 individual unit.

7.2 SubVS Management

KEMP 360 Central users can view a list of SubVSs and add or delete a SubVSs. Users can also modify the basic properties of an individual SubVS as required.

7.2.1 Display a List of SubVSs on a Virtual Service

KEMP 360 Central users can view the list of SubVSs. The following steps show how to access the list:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Click the LoadMaster to which the Virtual Service whose SubVSs you wish to display are attached.

For LoadMaster HA pairs, you must do this through the shared IP address. You cannot do this through the HA1 or HA2 unit.

Display a List of SubVSs on_1.png

KEMP 360 Central displays the list of Virtual Services attached to a LoadMaster.

4. Click the edit icon of the Virtual Service whose list of SubVSs you wish to view.

Display a List of SubVSs on_2.png

5. Expand the SubVSs section. The list of attached SubVSs is displayed.

7.2.2 Add a SubVS

KEMP 360 Central users can add a SubVS. The following steps show how to add a SubVS to a Virtual Service:

1. Click the cloud icon on the left of the screen.

image012.png

2. Select the Service Configuration tab.

3. Select the relevant LoadMaster.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

4. Click the edit icon of the relevant Virtual Service.

Add a SubVS.png

5. Expand the Real Servers section.

Add a SubVS_1.png

6. Click the Real Servers/SubVSs toggle button.

7. Click the New SubVS button.

It is not possible to add a new SubVS if auto-scaling is enabled. To disable auto-scaling, click the Real Servers/SubVSs toggle button and remove the tick from the Auto Scale check box.

Add a SubVS_2.png

An ID number has been assigned to the SubVS.

8. Click the edit icon of the SubVS you added.

9. Make modifications to the following sections, as needed: 

Basic Properties

Real Servers

Standard Options

10. Click Apply.

7.2.3 Modify a SubVS

The following steps show how to modify a SubVS with KEMP 360 Central:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Select the relevant LoadMaster.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

Modify a Virtual Service.png

4. Click the edit icon of the relevant Virtual Service.

5. Expand the SubVSs section.

6. Click the edit icon of the SubVS you wish to modify.

7. Make modifications to the Basic Properties, Real Servers and Standard Options sections as necessary.

8. Click Apply.

7.2.4 Disable a Real Server for VS and SubVS

The following steps show how to disable a Real Server for VS and SubVS with KEMP 360 Central:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Click the LoadMaster to which the Virtual Service Real Server you want to disable is attached.

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

4. Click the edit icon of the Virtual Service to which the Real Server you want to disable is attached.

5. Expand the Real Servers section.

6. Click the edit icon then clear the Enable Server check box.

7. Click Save to save your changes.

The same procedure applies when you want to disable the Real Server on a SubVS. You can check the status of the device on the LoadMaster. To reenable a device, just select the Enable Server check box and click Save.

7.3 Real Server Management

KEMP 360 Central displays Real Servers which have been added to LoadMasters. As Real Servers are attached to Virtual Services, they are visible by accessing the Edit section of the individual Virtual Services listed in the Service Configuration tab.

KEMP 360 Central users can view a list of Real Servers. They may also add or delete a Real Server.

7.3.1 Display a List of Real Servers on a Virtual Service

KEMP 360 Central users can view the list of Real Servers. The following steps show how to access the list:

1. Click the cloud icon on the left of the screen.

image018.png

2. Select the Service Configuration tab.

3. Select the relevant LoadMaster.

For LoadMaster HA pairs, you must do this through the shared IP address. You cannot do this through the HA1 or HA2 unit.

Display a List of SubVSs on_1.png

KEMP 360 Central displays the list of Virtual Services attached to a LoadMaster.

4. Click the edit icon of the relevant Virtual Service.

Display a List of Real Servers.png

5. Expand the Real Servers drop-down list.

Display a List of Real Servers_1.png

7.3.2 Add a Real Server

Follow the instructions below to add a Real Server to a Virtual Service:

1. For the LoadMaster you wish to modify, display the list of Virtual Services attached (see the Display the List of Virtual Services Attached to a LoadMaster section).

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

2. Click the edit icon of the Virtual Service to which you wish to add the Real Server.

3. Expand the Real Server section.

4. Ensure the Real Servers/SubVSs toggle is set to Real Servers.

Add a Real Server.png

5. Click the New Real Server button.

6. Enter the following values in the appropriate text box:

IP

Port

Conn Limit

Weight

7. Click Save.

7.3.3 Modify a Real Server

This section shows how to modify an existing Real Server:

1. For the LoadMaster you wish to modify, display the list of Virtual Services attached (see the Display the List of Virtual Services Attached to a LoadMaster section).

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

2. Click the edit icon of the Virtual Service to which the Real Server you wish to modify is attached.

3. Expand the Real Servers section.

4. Click the edit icon of the Real Server which you wish to modify.

5. Modify any or all of the following values which display:

Port

Conn Limit

Weight

6. Click Save.

7.3.4 Remove a Real Server

This section shows how to remove a Real Server from a Virtual Service:

1. For the LoadMaster you wish to modify, display the list of Virtual Services attached (see the Display the List of Virtual Services Attached to a LoadMaster section).

For LoadMaster HA pairs, this should be done through the shared IP node rather than the device node.

2. Click the edit icon of the relevant Virtual Service.

3. Expand the Real Servers section.

4. Click the X symbol beside the Real Server you wish to remove.

7.3.5 Health Check

Health Check.png

You can configure the health check parameters for the Real Servers in the Health Check section. For further information on health checking in general, and detailed descriptions on each of these fields, please refer to the Health Checking, Feature Description.

8 Monitoring

image014.png

The Monitoring section of KEMP 360 Central displays the overall health of your HA pairs, Virtual Services, Real Servers, SubVSs, and WAF Statistics (if configured). All statistics update every minute.

In a LoadMaster HA pair configuration, only the shared IP node has a Monitoring section. HA1 and HA2 units do not have a Monitoring section.

image4.png

System Statistics are updated every minute. In the list view, as the percentage used increases - the bar changes from empty (at 0%) to green (1%) through white (50%) to dark red (99%).

System Statistics_1.png

To display the gauges as shown in the figure above, users should click the button with the gauge icon.

The System Statistics section enables users to monitor the following:

The percentage of the CPU spent processing in user mode

The percentage of the CPU spent processing in system mode

The amount of memory in use and the amount of memory free

The list view shows the percentage traffic that passes through each eth interface

Using the System Statistics section gives users the ability to monitor the statistics for an individual device.

There are a number of different LoadMaster HA statuses that could be present depending on whether units are active, in standby, or inactive as shown below. This status is maintained using an automatic ping between the units.

HA Configuration.png

The unit above is online and operational and the HA units are correctly paired. The A in the middle of the square indicates that this is the master (active) unit. The absence of an ‘A’ in the middle of the square indicates that this is not the master unit (standby).

Slave inactive.png

The master unit above is online and operational but the slave may be offline or misconfigured.

HA pair inactive.png

Both the master and slave units above are offline or misconfigured.

Master down.png

The master unit above is offline or misconfigured but the slave is in standby and operational.

Unauthorized.png

The master unit above is online but the HA status is unknown because the last connection to the device failed. Check the credentials of the device and log (both on the device and on KEMP 360 Central).

Shared and active unauthorized.png

The slave unit above is online but the HA status is unknown because the last connection to the device failed. Check the credentials of the device and log (both on the device and on KEMP 360 Central).

If you have WAF services configured, you can view WAF details at the network (includes all sub-networks), sub-network (that sub-network only), and individual device level.

image80.png

 

 

8.1 Network and Device Health

To view the overall network health of all networks in KEMP 360 Central, click All Networks. This informs you about the overall health percentage of your network, the number of Virtual Services that are down and the number of Real Servers that are down.

image74.png

This section of the document fully explains the various sections and headings shown in the screenshots above. Network Health shows an aggregated health percentage value for the network being monitored. The network health percentage is calculated using the number of devices with an UP status on the network, against the total number of devices in that network.

SubNetworks health shows the status of each subnet individually. The subnetwork health percentage is based on the number of UP devices in the subnetwork against the total number of devices in that subnetwork.

Subnetwork Health.png

Hovering over the subnetwork health icon displays the Nickname, Device Status, Service Status, SubVS Status, and Real Server Status.

In the Devices section, an icon is displayed for each device on the network. A red icon means that the device is down. A grey icon means the device is disabled. A green or blue icon means the device is up (blue is used to indicate a LoadMaster that was licensed using the local licensing functionality).

Device Nickname.png

Hovering over the device icons displays the device type, IP address, the status of that device, and the device nickname - if available.

Full Name.png

Hovering over the header at the top of the User Interface (UI) also displays the full nickname for the device.

VS Nickname.png

When a network is selected on the left, the Virtual Services section displays – if available. In the Virtual Services section, there are icons for each Virtual Service on the network. Green indicates the Virtual Service is up while red means the Virtual Service is down. A redirect service is always considered up, unless the device on which it is hosted is itself considered down. Hover help displays the Health Status, Admin Status, LoadMaster IP address, Virtual Service IP address, and the VS Nickname, if available, of individual Virtual Services.

Real Server Nickname.png

When a network is selected on the left, the Real Servers section displays – if available. In the Real Servers section, there are icons for each Real Server on the network. Green indicates the Real Server is up while red means the Real Server is down. Hover help displays the Health Status, Admin Status, Loadmaster IP address, Real Server IP address, Virtual Service IP address, and the VS Nickname, if available, of individual Real Servers.

SubVS Nickname.png

In the SubVSs section, there are icons for each SubVS on the network. Green indicates the SubVS is up while red means the SubVS is down. Hover help displays the Health Status, Admin Status, Loadmaster IP address, SubVS number, SubVS Nickname, if available, Virtual Service IP address, and the VS Nickname, if available, of individual SubVSs. The SubVS Nickname displayed on KEMP 360 Central is the same as the nickname used for that SubVS on the LoadMaster. The tooltip displays the full SubVS Nickname. The SubVS number is the same number used on LoadMaster on the SubVS configuration screens (click View / Modify Services > Modify > SubVSs); they are not the numbers displayed in the View /Modify Services table).

When users select an individual LoadMaster, the status of its Virtual Service(s) and Real Server(s) appears above the Connections graph, as shown in the following figure:

Network and Device Health_6.png

A green icon indicates that the Virtual Service or Real Server is up, a red icon indicates it is down and a grey icon indicates it is disabled.

The shared IP is not found in Network and Device Health.

8.2 Graphs

You can view all details relating to Network Metrics in the Graphs tab. To view the monitoring section of an individual KEMP 360 Central device, first click on the relevant network or device and then click Graphs in the top-right of the screen.

In a LoadMaster HA pair configuration, only the shared IP has a graph.

By clicking the drop-down arrow, you can display data ranging from the past hour to several years ago. In addition, all three graphs use the same horizontal width/scale so that time-based comparisons between the graph data are easier to visualize.

image5.png

image6.png

image7.png

The Network Metrics graph displays activity in and out of the Network Interfaces. You can display results in Bits (Network Interfaces), Bytes (Network Interfaces) or Packets (for Virtual Services) per second. You can also view results using various time scales from the last hour to the last 2 years. The graph is broken down into 72 data points so whatever timeframe you select is divided by 72. For example, if you select 1 year, then each data point is approximately 5 days. You can also place your cursor at any point on the graph to find the metrics at that time.

The SSL TPS graph displays the SSL Transactions Per Second (TPS) for a selected network, subnetwork or LoadMaster. You can display results in a similar way to the Network Metrics graph.

The Connections graph displays the total number of connections made to devices in a network or subnet being monitored by the KEMP 360 Central instance. You can display results in a similar way to the Network Metrics graph.

By selecting the appropriate network, subnetwork or LoadMaster icon in the left side-bar, KEMP 360 Central gives users the ability to monitor activity across the entire network (the results shown are an aggregate of the activity for all devices in the network), a subnet (an aggregate of all the devices in the subnet) or for an individual device.

Note that whichever device or network is highlighted in the left side-bar is the device or network you are working with. Please ensure you select the correct one.

9 Global Repository

Most of the screens in the Global Repository section in the UI relate to uploading files (such as firmware, template and backup files) to KEMP 360 Central. You can then upload these files to LoadMasters using KEMP 360 Central. The   System Configuration section of this document has details about those features.

Global Repository.png

To access the Global Repository - click the icon in the bottom-left corner of the UI.

9.1 Logging

The Logging screen enables you to display the system logs collected from the LoadMasters monitored by KEMP 360 Central. It also enables you to search and filter logs using several different criteria.

You cannot search for shared IP addresses on the Logging page.

image006.png

There are three main sections:

Source

Filter

Log Search Results

9.1.1 Source

The Source section is located on the top left of the Logging screen.

image008.png

There are two dropdown lists on the Source screen, Logfile and Range.

Logfile: Select the log source you want to display in the Logfile drop-down list. Currently, the only selection available is Remote Logs.

Range: Select from the following choices to set the time range for the log search:

Last 24 hours: Searches all log entries with a timestamp that occurred during the 24 hours before the current system time.

Last Week: Searches all log entries with a timestamp that occurred during

the 7 days before the current system date.

Last Month: Searches all log entries with a timestamp that occurred during

the month before the current system date.

Last Year: Searches all log entries with a timestamp that occurred during

the year before the current system date.

Everything: Searches all log entries.

Start Time: Searches all log entries with a timestamp that occurred during the time period starting from a user-specific date/time to the current system time.

Time Range: Searches all log entries with a timestamp that occurred during a user-specified date/time range.

For example, to view logs from midnight January 5th to midnight February 9th 2016:

  1. Select Time Range from the Range drop-down list.
  2. Select the required date and time from the From field.
  3. Select the required date and time from the To field.
  4. Input any extra filter options then click Search.
  5. Use the scrollbar to scroll through the results.

9.1.2 Filter

In the Filter section, you can further refine your search using several different fields. These are Text, Severity, Facility, Devices, Virtual Server (VS) and Real Server (RS). You can search using just one filter or multiple. The relationship between the fields is an implicit AND. For example, if you specify a device IP and a Real Server IP, only entries that contain both are selected for display. In addition, when you select one of these filters, you are presented with a list of the devices, Real Servers and Virtual Servers that KEMP 360 Central knows about.

  • Text: Type a plain text string in the Text field to filter the results further. This is a simple text search. Typing any text string selects all log entries that contain that text string anywhere in the entry. For example, if you type an IP address, the log viewer displays all lines that contain that IP address, regardless of what kind of device is assigned that IP address (LoadMaster, Virtual Service, Real Server, and so on).
  • Severity: There are a number of levels of severity you can use in your search to filter the log search results. These are shown in the table below:

Value

Severity

Description

Example

0

Emergency

System is unusable

Kernel-critical error messages

1

Alert

Should be corrected immediately

Loss of the primary ISP connection

2

Critical

Critical conditions

One unit has failed and the second unit is taking over as master (in a High Availability (HA) setup)

3

Error

Error conditions

Authentication failure for root from 192.168.1.1

 

4

Warning

May indicate that an error will occur if action is not taken

Interface is up/down

5

Notice

Events that are unusual, but not error conditions

Time has been synced

6

Informational

Normal operational messages that require no action

An application has started, paused or ended successfully.

7

Debug

Information useful to developers for debugging the application

 

  • Facility: The Facility filter enables you to select the type of log issue you want to search for. For example, kernel messages, user-level messages, mail systems, system daemons, and so on. To select a facility, click the drop-down arrow.
  • Devices, VS, RS: You can also filter results on specific devices, Virtual Services and Real Servers. The list is arranged by device type, that is, all LoadMasters, all F5 devices, all NGINX devices, and so on, are listed as a group. If you select a device type for the search (for example, click LoadMaster), then all logs for all LoadMasters are searched. If you pick a specific device, then only logs for that device are searched.

Filter.png

Any field that you use in a search is highlighted. To exclude a filter in a search, click the X on the right of the field. In addition, logging is user-specific. If you log out and log back in again, any data that you used in your search will still be visible, however, it will not be visible to other users.

  1. Click Search to filter the results based on the specified criteria.
  2. Click Export to export the results of the filter to a text file.

To export all log data, select Everything from the Range, clear any filters that have been set by clicking the X next to them, click Search, and then click Export.

9.1.3 Log Search Results

In the Log Search Results section, different columns display the syslog information:

Log Search Results.png

Time Generated (UTC): The generation time of the syslog message.

Source IP: The source IP address of the LoadMaster that the syslog came from.

Facility: The type of program that is logging the message. Messages with different facilities may be handled differently. RFC 3164 defines the list of facilities available.

Severity: The severity of the log file. This is also defined by RFC 3164.

Process ID: The ID number of the relevant process.

App Name: The name of the related application.

Message: The message component has these fields: <tag>, which should be the name of the program or process that generated the message, and <content>, which contains the details of the message.

The figure below displays an example of an exported log file. Note that each field in each line of the log is enclosed within brackets '[ ]' so that the data is clearly delimited.

Log Search Results_1.png

10 Access Control

You can administer users in the User Management screen, which you can access by clicking the Access Control icon in the bottom-left of the screen. Here you can manage the different levels of access required by different users.

There is one default user in KEMP 360 Central – the admin user. The admin user can perform all tasks in KEMP 360 Central. It is not possible to change the permissions of or delete the admin user. The admin user sets the permissions for new users. There are two permissions, read only and read write and these can be set for both Service Configuration and System Configuration.

Access Control.png

Descriptions of some terminology used in this section are below:

User: An identity on KEMP 360 Central defined as a username and password.

Group: A collection of users with assigned permissions to resources.

Permission: Defines the level of access a user or group has to a resource.

Resource: A LoadMaster or Virtual Service.

10.1 User Management

User Management.png

The User Management screen lists all KEMP 360 Central users. Here, you can modify, delete and disable users. You can add a new user by clicking the Add new User button and filling out the details. As an admin user, you can add new users and select their status as read only or read-write.

User Management_1.png

In the Modify User screen, you can update various details about the user including their password, email address and permissions. By default, user permissions are set to read only (for details on setting your password, see the Appendix: Password Information).

The User Permissions are broken down by the main sections in KEMP 360 Central:

Service Configuration: In the Service Configuration section, users perform various management tasks, such as adding, modifying and removing Virtual Services, SubVSs and Real Servers. Configure the user in a group to grant this level of access to individual devices and Virtual Services.

System Configuration: The System Configuration section of KEMP 360 Central enables users to centrally manage LoadMasters. Other items that can be managed include: templates, firmware updates, reboots, backups, restorations and syslog settings for any LoadMaster on a network.

If a user updates their password, the current login session is invalidated, and they must log in again using their new password.

10.2 Group Management

To access the Group Management screen, click the Access Control icon in the bottom-left of the screen and click Group Management.

Group Management.png

The Group Management screen lists any existing user groups. The Super Users group cannot be disabled or deleted because this is a default system group.

You can create a new group by clicking Add new Group.

The Status column shows whether the group is enabled or disabled. You can enable/disable a group by clicking the toggle button.

You can click the Edit (pencil) icon to edit a group or the Delete (X) icon to remove a group.

10.2.1 Group Details

Group Details.png

When adding a new group, you can specify the Group Name, a Description for the group and select whether or not to enable the group.

You can also change these settings for an existing group by modifying it.

10.2.2 Group Members

Group Members.png

When modifying a group, you can add and remove users to/from the group. To add or remove a user from the group, click the user listed to select them for addition/removal from the group. Different colors illustrate the status/operation. To remove any selection, click Reset. The table below provides a description of each color.

Color

Description

Group Members_1.png

The admin user is marked as blue because it is a member of all groups and cannot be removed.

Group Members_2.png

Grey users do not belong to the group.

Group Members_3.png

A green plus icon is displayed for users who have been selected to be added to the group.

Group Members_4.png

A dark green color indicates that the user is already a member of the group.

Group Members_5.png

The minus icon indicates a user who is a member of the group but has been selected to be removed from the group.

10.2.3 Group Resources

Group Resources.png

The Group resources section enables you to select what resources to give the group access to. The resources are listed by IP address. If a LoadMaster has Virtual Services, you can click the arrow to expand the list to see them. Select the relevant resources that you want to grant access to and click Apply. If a LoadMaster is not selected, but a Virtual Service underneath it is selected, the LoadMaster appears greyed out but selected in the display to indicate that something under it is selected.

It is recommended that you configure your shared IP, HA1, and HA2 into the same group.

11 KEMP 360 Central System Administration

This section deals with the administration of the KEMP 360 Central instance, rather than with the administration of individual networks and LoadMasters.

A number of administration tasks can be performed in KEMP 360 Central.

KEMP 360 Central System Administration.png

To access the KEMP 360 Central administration section, click the cog icon in the bottom-left of the screen.

KEMP 360 Central System Administration_1.png

The settings in the figure above are explained in the following sections.

11.1 Reboot/Shutdown KEMP 360 Central

Reboot Shutdown KEMP 360 Central.png

This section of the administration screen enables users to reboot or shut down the KEMP 360 Central instance.

When KEMP 360 Central is rebooted, it automatically attempts to re-connect to all previously configured LoadMasters. When rebooting, all settings are saved and take effect once the reboot is complete.

Clicking Shutdown powers down the KEMP 360 Central instance. After shutting down, the instance must be powered back on to turn the KEMP 360 Central instance back on. To power the instance back on, you must access the hypervisor or cloud platform where KEMP 360 Central is deployed. A shutdown of KEMP 360 Central does not affect the availability of the previously configured settings.

11.2 SMTP Settings

Configure SMTP to allow KEMP 360 Central to deliver email notifications to a user-defined email address list. There are a couple of prerequisites that must be in place for this to work:

KEMP 360 Central must be able to reach the SMTP Host and SMTP Port specified.

The SMTP Host User must be configured on the SMTP server.

Emails are sent when important events occur such as a device going down or becoming available again.

To configure the SMTP settings for KEMP 360 Central, follow the steps below:

image27.png

1. Enter one or more email addresses in the Email Address List text box.

Up to eight email addresses can be entered - separate multiple email addresses with semi-colons.

2. Enter the IP address of the SMTP Host to be used for sending email.

3. Enter the port used by the SMTP host.

4. Enter the SMTP Host User name used to log into the SMTP host.

5. Enter the SMTP Host Password for the user name specified above.

At present, the SMTP Host User and SMTP Host Password fields are mandatory. If you do not want to specify a username or password - enter dummy details, save the settings, then clear those fields and save the settings again.

6. Select the Connection Security type. The choices are:

None – email is sent using an unencrypted link

TLS/SSL – email is sent using an encrypted link

7. Enter the email account from which KEMP 360 Central will send emails.

8. Clear the Availability Alerts check box if you do not want to receive notifications when a device goes up or down.

You may want to disable the Availability Alerts check box if, for example, you have any maintenance scheduled. When enabled, an email is sent when a device goes down and when it goes up again. For down emails, the email gives the name of the device and the date and time it went down. For up emails, the email gives the name of the device, the date and time it became available, and the date and time when the device was last contacted successfully.

9. Click the Apply button.

10. A test email can be sent by clicking the Send Test Email button. The Send Test Email button only appears after settings have been entered and the Apply button clicked.

11.3 Enable Temporary SSH Access for Diagnostic Purposes

In this section of the KEMP 360 Central UI, users can grant KEMP Support access to the KEMP 360 Central instance. SSH access to the KEMP 360 Central host can be enabled by the administrator with a once-off activation code provided by KEMP Support. SSH access is enabled for 24 hours or until disabled by the administrator.

Users need both an SSH Public Key and an SSH access passcode as an SSH key pair is required to enable access.

Windows users should use PuTTY to generate a Public Key, while Unix users should use ssh-keygen.

1. Use PuTTY or ssh-keygen to generate an SSH Key.

2. Click the cog icon from the KEMP 360 Central menu.

3. Expand the Enable temporary SSH access for diagnostic purposes section.

Enable Temporary SSH Access.png

4. Enter an SSH Public Key code in the SSH Public Key text box and click Save SSH Key.

5. To generate the access passcode, click Regenerate.

6. Contact KEMP Support and provide them with the generated passcode.

7. KEMP Support will provide you with a code which grants diagnostic SSH access.

8. Enter the code received from KEMP Support into the Pass Code text box and then click Grant Access.

9. If you wish to revoke access to the KEMP 360 Central instance, click Revoke Access.

11.4 Proxy Settings

Proxy Settings.png

Configuring the settings in this section will allow KEMP 360 Central to access other networks using a HTTP(S) Proxy. Specify either an IP address or a domain here. Click the Test button to check if the proxy server is reachable.

11.5 Call Home Settings

If you are licensing KEMP 360 Central for the first time, you are prompted to set the Call Home feature (it is enabled by default). This provides KEMP with system status information such as throughput, enabled features, Virtual Services, and Real Servers. It does not include any unique personal information or actual traffic from your network. KEMP 360 Central initiates a connection to KEMP once every 24 hours.

If you upgrade from a release that does not support Call Home to a release that does support Call Home, then Call Home is disabled after the upgrade. You can enable Call Home manually after upgrade.

 

image31.png

You can enable or disable the Call Home feature at any time by going to Settings and Configuration > System Settings > Call Home Settings.

12 License Management

The KEMP 360 Central license can be updated, if required. This would be required if, for example, if you upgrade to premium support.

To update your KEMP 360 Central license, complete the following steps:

License Management.png

1. In the bottom-left corner, click the cog icon.

2. Click License Management.

3. You can use online or offline licensing to update the KEMP 360 Central license.

After successfully licensing, a message displays saying the license has been updated. The license information can be viewed by clicking the help icon in the bottom-left of the screen and going to the About page.

13 Firmware Management

You can update the KEMP 360 Central firmware using the Firmware Management screen. You can check the current firmware version by clicking the question mark icon in the bottom-left of the KEMP 360 Central UI.

After updating the firmware – KEMP 360 Central must be rebooted.

A firmware update patch file is required to update the firmware offline. Contact KEMP Support to get the patch file.

Online updates are not supported. You must download the patch file from KEMP to the system you use to access the KEMP 360 Central UI and then upload the patch through the UI.

To update the KEMP 360 Central firmware, follow the steps below:

Firmware Management.png

1. In the KEMP 360 Central UI, click the cog icon in the bottom-left corner.

2. Click Firmware Management.

Firmware Management_1.png

3. Click Select Firmware.

4. Browse to and select the firmware update file.

5. Click Upload. Once the image is uploaded to KEMP 360 Central, the Install button appears.

Updating KEMP 360 Central Firmware.png

6. Click Install to continue.

Updating KEMP 360 Central Firmware2.png

image1.png

KEMP 360 Central now runs a self-test as part of the firmware upgrade. If the self-test fails, an email is sent (based on SMTP configuration) and cancels the upgrade process. If no SMTP is configured, you can view the process details in the System log file. Since Version 1.23, we have improved the logging of the firmware upgrade process.

7. Upgrading the system firmware requires a system reboot after the update is applied. Click Yes to continue the upgrade or click No to cancel.
You can view the progress of the upload in the progress bar.

Firmware Management_3.png

8. After the update, KEMP 360 Central reboots. If you either get an error message during the upgrade process or the system is still running the same release after upgrade, check the system log (click Settings and Configuration > Log Files) for any related messages during the time period that you attempted the upgrade.

Do not make any further attempt to use the UI until the system has automatically rebooted, which takes a few minutes. After completing the update, the login screen is displayed.

Since version 1.19, if you try to navigate away from this screen while the system is updating, the Under Maintenance page appears until the upgrade is complete.

14 Reporting

To open the Reporting section, click the Settings and Configuration icon then click Reporting. There are three sections within Reporting: Create Report, Recurring Reports and Global SMTP Settings.

015.png

14.1 Create Report

The controls in this feature enable you to specify either:

An on-demand report that is prepared immediately and that you can then either download locally or email to specific recipients

A scheduled report that is run periodically at a specified interval and then emailed to specific recipients

An Availability PDF report for selected devices

Note that if you want to email a report, the SMTP Settings (see the section below) must be provided beforehand.

To create an on-demand report, perform the following steps:

1. Select the Report Now radio button (selected by default).

2. Use the Report Date controls to specify the time period for the report.

3. Use the check boxes in the Devices list to select the devices that will appear in the report. If you select a network node, all the devices in that network will be included.

Report Nickname.png

Hovering over a device name in the Create Report section displays the full nickname for the device.

4. Do one of the following:

  • To download the report as a PDF file, click Download Report.
  • To email the report, check that the SMTP Settings are set, type a list of email addresses separated by semicolons (;) into the Email Address List, and click Email Report. A popup is displayed and a system message is logged indicating whether or not the email was sent successfully.

To schedule a report for some time in the future, perform the following steps:

  1. Select the Schedule Report radio button.
  2. Select the Report Type from the drop-down list. This can be daily, weekly or monthly. The start time and date of the report is set to 00:00:00 on the next full day, week, or month. For example, if today is Wednesday and you select Weekly, the report’s first run will be on the following Monday at 00:00:00.
  3. Use the check boxes in the Devices list to select the devices that appear in the report. If you select a network node, all the devices in that network are included.
  4. Type a list of email addresses separated by semicolons (;) into the Email Address List.
  5. Click Create Schedule. A notification appears informing you that you successfully created the scheduled report.

The name of the report is a Load Balancer Assessment report and it contains the following graphs:

  • Network Traffic (Incoming & Outgoing)
  • Number of Connections
  • SSL Transaction Per Second

Create Report.png

Create Report_1.png

Create Report_2.png

The diagrams above show examples of the different reports. The table under the graph provides more details depending on the report.

To create an Availability report, perform the following steps:

5. Select Availability as the Report type then select either Summary or Detail.

  • Summary is the default report type
  • Detail provides more information

6. Select the devices you want to run the report for.

7. To send the report by email, type an email address in the Email Address List field and click Email Report.

8. To download the report, click Download Report.

Availability Report.png

 

Summary Report

Summary Report.png

The Summary report displays a tabulated picture of each device's availability. It contains the following columns:

  • Device Name: Displays the device nickname. If there is no nickname, a dash is displayed instead.
  • Device IP Address:Port: Displays the IP address and the port number of each device.
  • Device Type: Lists the types of devices.
  • Average Availability:
    • Device: Displays the average percent of time that the device was working.
    • Service: Displays the average percent of time that the Service was working. This value cannot be greater than the device value because it is possible that some of the services were down.
    • Real Server: Displays the average percent of time that the Real Server was working.
  • Status at Time of Report: Indicates if the device was up or down at the time the report was run.

If a device is not supported, it appears as 0% in the table.

Detail Report

The Detail report is broken down into two sections; the Device Availability Report and the Service Availability Summary Report.

Detailed Report.png

The Device Availability Report displays the total downtime and total uptime of each device you run the report for. It also contains a table that displays the uptime and downtime in alternate rows including the specific date and time from when the device was working until the date and time the device went down. The next row then displays the same information for when the device was down and so on. It also displays this time period in total minutes and then breaks it down into days, hours, and minutes.

You can also display the same data for sub-Virtual Services and third-party devices.

14.2 Recurring Reports

All previously created reports are listed in the order they were created. The table lists the first 128 characters of the device list, followed by the next run date, the frequency of the report, and the last run status (if applicable). Use the control at the right side of the table to delete a report.

Recurring Report Nickname.png

Hovering over a device name in the Recurring Reports section displays the full nickname for the device.

14.3 Global SMTP Settings

This section shows the Global SMTP Settings, which are required to be set if you are emailing a report, or sending the report will fail. Note that these are the same settings as shown under Settings and Configuration > SMTP Settings and About and Help > Welcome On Board > SMTP Settings.

Note that the email address list specified in the Global SMTP Settings does not apply to emailed reports. Reports are emailed only to the recipient list specified when creating the report.

This feature is an important component for emailing reports and is covered in more detail in the SMTP Settings section.

15 License a LoadMaster for Metered Licensing

References to ASL in screenshots should be read as Local Licensing.

This section displays local licensing information and metrics data on LoadMasters under the control of KEMP 360 Central. There are three tabs: Activations, Metered Enterprise Licensing Agreement (MELA) Report, and Licenses.

15.1 Activations

The Activations tab opens when you click Metered Licensing Management.

image123.png

The chart displays the number of current active locally-licensed activations. Below the chart you can view the maximum number of locally-licensed activations available (500 in this case) and the current number of locally-licensed activations. Beneath this information there is a table that gives more detail on the current activations. There are several filters above the table you can use to filter each column to view the information you need. To add all filters, select the All check box. The License Type column shows the license type that KEMP 360 Central provides and was installed on the LoadMaster while the VLM Name column displays the platform on which it is running.

If a LoadMaster has been blocked by KEMP 360 Central, you can unblock it by selecting the Unblock check box for the relevant activation, then click Unblock Selected. F

Unlike previous releases of KEMP 360 Central, since Version 1.18, you can license LoadMasters running on any hypervisor platform, not just the one on which KEMP 360 Central is running.

Any changes you make to the license in the LoadMaster are reflected on this screen.

After you activate the license, locate the LoadMaster by clicking the Network and Device Administration tab, type the username and password for the LoadMaster, then click Apply. After the LoadMaster is recognized by KEMP 360 Central, it is represented by the blue icon for locally activated LoadMasters.

When using LoadMaster HA pairs, the shared IP address is not counted as an activation in MELA and is not reported on.

15.1.1 MELA Report

When Metered Licensing is active on KEMP 360 Central, usage statistics are gathered from all licensed LoadMaster instances. This usage data may be viewed online or downloaded as a zip file.

In this section, users can view a report displaying the number of active locally-licensed instances. This report can be filtered by using a date range. To access the Metered Enterprise Licensing Agreement (MELA) report section, click the Settings and Configuration icon, click Metered Licensing Management, and click MELA Report. To view a graphical representation of the report, click View.

Reports can also be downloaded in zip format by selecting the Download Summary check box and clicking Download. The Download Summary check box determines the behavior of the Download button. When checked, a zip file is downloaded containing several data files, including the peak statistics values for each day. When unchecked, a single file is downloaded containing minute-by-minute statistics. The downloaded zip file contains three CSV files:

  • asl: An event report that displays events and the number of active locally-licensed instances at the time of the event. The events recorded are as follows:

- Activation: A locally-licensed LoadMaster has been activated using this KEMP 360 Central instance

- Deactivation: A locally-licensed LoadMaster on this KEMP 360 Central instance has been deactivated

- Sync (Discrepancy): KEMP 360 Central has detected a discrepancy between the previously recorded instance count and the actual instance count, and has corrected the error

- Sync (No Discrepancy): No discrepancy has been detected. In the absence of other local licensing events, this serves as the instance count for any given day. The sync task is performed in the following circumstances:

- If KEMP 360 Central is upgraded to v1.6 or later

- Daily at 12 pm

  • devices: A report displaying the currently active devices on KEMP 360 Central including the ID, device nickname, and device IP address.
  • ssl_tps: An SSL Transactions Per Second (TPS) report.
  • vs_bytes: A report displaying the number of Virtual Service bytes transferred.

These reports include minute-by-minute data from 00.00 hours of the start date selected up to the minute the report is run. To get a full report, leave the Download Summary check box cleared. To get a summarized report, select the Download Summary check box. This report produces an archive containing three files:

  • Daily peak TPS per ASL LoadMaster per day
  • Daily peak throughput (bytes per second) per ASL LoadMaster per day
  • All ASL activations or deactivations (and the number of active ASL instances at the time)

To view a MELA Report for a specific date range, select the date range then click View.

This report provides you with a graphical representation of the information such as the maximum number of locally-licensed instances that were recorded during the report period, the peak number (top five devices) of SSL transactions, and the peak throughput (top five devices). The report displays usage data, which enables you to examine and validate the periodic billing statements you receive from KEMP for metered licensing.

If you select the Upload usage report to KEMP check box, a report is also sent to KEMP with the same data but different time profiles. If the automatic reporting fails, you can click Retry Upload.

Metered Licensing Report.png

 

ASL Instances.png

Peak SSL TPS.png

Peak SSL TPS All Devices.png

Peak Throughput.png

Peak Throughput 2.png

There is also a table under the graph that displays the information in tabular format. You can also view detailed individual graphs on the peak SSL transactions per second and peak throughput of all devices.

You can also view what license is assigned in the Event Type column in the locally-licensed Instances table as shown in the image below.

Event Type Column.png

MELA reports from either HA unit in a HA pair contain all MELA LoadMasters licensed across both KEMP 360 Central HA units. A unit licensed against the ‘other’ peer is indicated in the MELA report by including the device ID from the other KEMP 360 Central HA unit in parentheses, as shown below:

image64.png

Each HA unit records data for the LoadMasters that it has licensed, unless only one of the HA units is available. Therefore, if a KEMP 360 Central failover occurs during the selected report period, the MELA reports for both HA devices must be consulted to get a complete profile of a LoadMaster's traffic.

15.2 ASL Settings

image72.png

You can access ASL Settings (local license settings) by clicking Settings and Configuration and selecting the System Settings section.

 

The Block Unconfirmed ASL Activations After drop-down list enables you to specify the allowed period that a LoadMaster can appear in the network tree without being contacted by KEMP 360 Central. When a LoadMaster activates a license, its login credentials must then be added to KEMP 360 Central so that first contact with the LoadMaster can be made. Once this timer expires, if the correct credentials have not been added and a successful first contact has not been made, then the license is deregistered and the LoadMaster is in an unlicensed state.. The available time ranges are Never (default value), 1 hour, 8 hours, 1 day, 2 days, 3 days, and 7 days.

 

If a value other than Never is selected, KEMP 360 Central periodically checks for MELA LoadMasters that have never been contacted by KEMP 360 Central and deregister the licenses of any such LoadMasters found. A notification appears warning you about which LoadMasters will be affected by this action and when they will be affected. This notification also appears when you are logged in as an administrator and this feature is enabled. You will see a list of LoadMasters that are scheduled to be blacklisted.

 

After a LoadMaster is blacklisted, you must unblock the LoadMaster from the Metered Licensing Activations screen to be able to relicense it again.

 

16 License a LoadMaster with a Local License

KEMP 360 Central can locally license LoadMaster instances. The LoadMaster licenses available depend on the License applied to KEMP 360 Central. Local licenses may be issued for metered licenses (MELA) or as capacity based.

16.1 Prerequisites

Before you can license a LoadMaster locally, your KEMP 360 Central instance must be enabled to support it using a license update. Contact your local KEMP Representative for more information.

The availability of local licensing is based on your license with KEMP Technologies. The IP address assigned must be able to communicate with KEMP 360 Central.

To use local licensing, you need an IP address and port number. This is the IP address and port number of the KEMP 360 Central instance being used to license the LoadMaster.

For information on how to retrieve these details, refer to the Retrieve the Details Needed to License a LoadMaster using KEMP 360 Central section.

16.2 Using the Local Licensing Functionality

With KEMP 360 Central local licensing functionality, it is possible to license a number of LoadMasters locally using KEMP 360 Central - without the need to contact the KEMP licensing server. The maximum number of LoadMasters that can be licensed locally depends on your license agreement with KEMP Technologies.

When you initially deploy a locally licensed-enabled LoadMaster, a KEMP 360 Central Activation Settings screen appears. Enter the details for KEMP 360 Central. The LoadMaster then contacts KEMP 360 Central to license the LoadMaster. Following licensing, the LoadMaster must be activated in KEMP 360 Central. Detailed, step-by-step instructions are provided in the following sections.

Local activation only works with specific Virtual LoadMaster (VLM) builds. Contact KEMP Support to access the VLM build for your local license instance.

16.2.1 License a LoadMaster using KEMP 360 Central

When an SPLA LoadMaster is initially deployed, a screen appears asking if you want to use KEMP 360 Central Licensing (formerly Local Activation on pre-7.2.43 LoadMasters) or Online Licensing.

When a locally licensed LoadMaster is initially deployed, a screen (similar to the one above) appears. If this screen does not appear, you are not using the correct version of the LoadMaster. Contact a KEMP representative if this is the case.

The KEMP 360 Central (with local licensing enabled) details must be configured in the LoadMaster web User Interface (UI) so the LoadMaster can contact KEMP 360 Central. Follow the steps below to activate the LoadMaster:

1. Type the Host details of KEMP 360 Central in the Host text box.

2. Type the Port to access KEMP 360 Central on in the Port text box.

The internal IP address and host name can be found in the Dashboard screen of the KEMP 360 Central instance. The hostname is based on the instance name, which is specified when originally creating the instance. If you are not using Azure, the default hostname is K360Central.

3. Click Activate. The available license types are displayed.

4. Select the relevant license type and click Continue. The notice below then appears.

If you want to hide the notice above from appearing when activating (or updating) a locally licensed LoadMaster, you can select the Hide Activation Settings Message (this is found in System Configuration > System Administration > Update License on the LoadMaster). On first login the notice is expanded by default but on subsequent logins, the notice is collapsed by default.

This can only be performed by an administrator.

The LoadMaster is now licensed against KEMP 360 Central, thus using one of the available licenses.

16.2.2 Activate the LoadMaster in KEMP 360 Central

After completing the steps in the previous section, the LoadMaster is now licensed. However, the LoadMaster must be activated within KEMP 360 Central. To do this, complete the following steps in KEMP 360 Central:

1. Click the cloud icon on the left then click All Networks.

2. Select the relevant LoadMaster.

3. Click the edit icon in the bottom-left.

4. Enter the IP of the LoadMaster instance in the IP Address text box.

If using Azure, this is the DNS name that appears in the Dashboard screen for KEMP 360 Central.

5. Enter the Port used to communicate with the LoadMaster.

If using Azure, the Port should be set to 8443.

If Network Address Translation (NAT) is being used between your LoadMaster and KEMP 360 Central (for example, your LoadMaster is located in a public cloud), ensure that the IP address in the device settings is the publicly accessible IP address.

6. Enter the Username and Password used to access the LoadMaster.

7. Click Apply.

LoadMasters with a blue icon indicate that the LoadMaster was licensed using the local licensing functionality. Green LoadMaster icons represent a LoadMaster that is in an up status but was not licensed using the local licensing functionality.

KEMP 360 Central tracks the activated systems by maintaining a list of activated VLMs and MAC addresses. This list can be accessed by clicking the cog icon and selecting Metered Licensing Management. Ensure the MAC addresses of the VLMs are unique by checking the VLM hardware options through a hypervisor. This allows proper tracking of the VLMs. If the license limit of VLMs is reached, KEMP 360 Central will not activate any more VLMs. If the limit is reached, a warning message appears on screen and an existing active VLM instance must be unlicensed (deregistered) before a new VLM can be licensed. The maximum number of VLMs allowed is based on your agreement with KEMP Technologies. To deregister a VLM, refer to the Deregistering a LoadMaster section.

Alternatively, to add more available licenses to the KEMP 360 Central – contact KEMP to update your license and then update the KEMP 360 Central license (click the cog icon > License Management). For further information on licensing, refer to the KEMP Feature Description on the KEMP Documentation Page.

The LoadMaster periodically checks for the presence of the locally activated license (KEMP 360 Central). If the locally activated license cannot be found, or there are any errors, an error message is displayed and the VLM stops working after a predetermined length of time based on your agreement with KEMP. If an activation check fails, an error message appears on the LoadMaster home screen indicating that activation failed.

16.2.3 Retrieve the Details Needed to License a LoadMaster using KEMP 360 Central

Before you can license a LoadMaster using KEMP 360 Central, you must first retrieve the IP address (available on the About screen of KEMP 360 Central) and port number. Alternatively, you can type an FQDN (depends on customer environment) and port number and click Set Hostname.

16.3 Deregistering a LoadMaster

LoadMaster licenses can be deregistered and removed permanently if needed.

KEMP recommends taking a backup of the LoadMaster configuration before deregistering it. Manual backups can be taken by going to System Configuration > System Administration > Backup/Restore in the main menu of the LoadMaster web UI, or by going to cloud icon > System Configuration > Backup/Restore in the KEMP 360 Central interface.

When a LoadMaster is deregistered, it frees up another instance to be registered. For example, if you have reached the LoadMaster limit (local license limit) and you deregister one LoadMaster, you can now activate another LoadMaster.

There are two ways to deregister the LoadMaster - using KEMP 360 Central or using the LoadMaster. Refer to the relevant section below for step-by-step instructions.

KEMP strongly recommends deregistering a LoadMaster using the KEMP 360 Central UI, rather than the LoadMaster UI. Deregistering a LoadMaster from the LoadMaster UI can lead to the LoadMaster having an unknown state in KEMP 360 Central. In these cases, it is not easy to remove the LoadMaster from KEMP 360 Central and the unknown LoadMaster is still taking up an available license.

16.3.1 Deregister using KEMP 360 Central

To deregister a LoadMaster using KEMP 360 Central, complete the following steps:

1. Click the cloud icon on the left.

2. Select the LoadMaster to be removed.

3. Click the remove button (minus icon) in the bottom-left.

4. Click Yes to the warning message that appears.

5. The LoadMaster instance is rebooted and returns to the KEMP 360 Central Activation Settings screen when it comes back up.

6. There is now an available, free license instance, which can be viewed on the System Administration page. This is because an active license has been removed.

16.3.2 Deactivate using the LoadMaster UI

Follow the steps below in the relevant VLM web UI to deregister it:

1. In the main menu, go to System Configuration > Miscellaneous Options > KEMP 360 Central Activation Settings.

2. Click Deactivate.

3. When the license is killed, the VLM automatically reboots. After the reboot, the VLM is unlicensed and the Licensing screen appears. You can re-license the LoadMaster by selecting either Online Licensing or KEMP 360 Central Licensing.

The LoadMaster is also removed from any KEMP 360 Central monitored networks it is attached to. There is now an available, free license instance in the local license pool. This is because an active license has been removed.

16.4 Download Metrics and Instance Data

Metrics and local licensing instance data can be downloaded from KEMP 360 Central. To do this, complete the following steps:

1. Click the cog icon.

2. Click Metered Licensing Management and select the MELA Report tab.

3. Specify the date range and click Download.

To look at a graphical representation of the data, click View MELA Report.

16.5 Troubleshooting

If you try to license and there are any issues, a number of checks are performed automatically and the results and associated error message are displayed.

These checks perform the following tasks:

  • Ping Default Gateway
  • Ping DNS Servers
  • Ping Licensing Server
  • Ping Activation Server

You can also manually check the KEMP 360 Central debug log. If there are no entries relating to local licensing, it means the connection to KEMP 360 Central has failed.

KEMP 360 Central notifies you if there are disk space issues that prevent normal operation, and you should contact KEMP support immediately to resolve those issues. Note that while deploying a new KEMP 360 Central instance and applying a previously created backup can also bring your configuration back online, you will lose all statistics and log data by re-deploying in this manner. The best practice is to contact KEMP Support even if you do re-deploy, so that support personnel can attempt to remedy your issues and recover historical data.

16.6 Troubleshooting ASL Personal Inventory Failures

When a LoadMaster is successfully activated by KEMP 360 Central, a log message that looks like the following is added to the audit log:

Activating ASL instance 172.16.188.1 with ASL License VLM-MAX. Current activations is 5

The current activation is per license type and not the total number of all active instances. When a LoadMaster is successfully re-licensed by KEMP 360 Central, two log messages that are similar to the ones below are added to the audit log:

ASL Instance 172.16.188.1 license change. Old license was VLM-MAX and current activations is 4

 

Activating ASL instance 172.16.188.1 with ASL License VLM-5000G. Current activations is 2

Similarly, the current activation is per license type. The first log message refers to old licenses and the next refers to the new license type. When an activation failure is observed on the LoadMaster ASL Activation page, the reason for the failure can be determined by looking at the debug log on KEMP 360 Central as shown below:

Debug Log Message Description
ASL instance limit already reached. Cannot issue more licenses KEMP 360 Central has already activated the maximum number of LoadMasters permitted. To activate another LoadMaster, you must de-activate a currently activated LoadMaster or contact KEMP to obtain a new license that increases the number of LoadMasters that KEMP 360 Central can activate.
ASL License given by lic_type_id <integrer> does not meet the requirements. An internal error occurred; contact customer support.
No message in debug log and also no message of successful activation in audit log. The activation request was refused because KEMP 360 Central is not configured to provide licenses that match the LoadMaster’s platform type.
Cannot verify ASL instance check. Is the request really coming from a LoadMaster? This occurs if KEMP 360 Central is unable to verify whether the request came from a LoadMaster or something else. The LoadMaster sends specific headers in its requests.

16.7 Licenses

This tab displays the different license types that are available, including the supported VLM types.

From the figure, you can see that there are four columns: License Type, Supported VLM Types, Max Activations, and Activations.

 

The Max Activations column indicates the total number of activations allowed across all license types, which is 50 in this case.

 

When you change a license on the LoadMaster using ASL, the LoadMaster is not automatically rebooted. It must be rebooted manually to refresh the license.

To kill an ASL license from KEMP 360 Central, click the Network and Device Administration icon, select the device in the left frame and click the delete (minus) icon at the bottom of the left tree. A ‘Kill ASL Instance’ popup appears asking for confirmation. This both removes the device from KEMP 360 Central and deallocates the activated license that was used by the unit.

17 Scheduled Actions

In this section, users can view which, when and how often, actions are scheduled to take place. They can also edit or delete scheduled actions. The section displays all actions scheduled to take place on any and all LoadMasters that are controlled by the particular KEMP 360 Central instance.

17.1 View Scheduled Actions

To view scheduled actions on a KEMP 360 Central instance, complete the following steps:

  1. Click the cog icon on the left of the screen.
  2. Click Scheduled Actions.

A full list of scheduled firmware updates, reboots and backups displays.

17.2 Modify Scheduled Actions

To make changes to scheduled actions, complete the following steps:

  • 1. Click the cog icon on the left of the screen.

  • 2. Click Scheduled Actions.

3. Click the edit icon of the scheduled action you wish to modify.

4. Make changes, as required, to the scheduled settings.

Tasks cannot be scheduled within one hour of each other.

17.3 Delete a Scheduled Action

To delete a scheduled action, complete the following steps:

1. Click the cog icon on the left of the screen.

2. Click Scheduled Actions.

 

3. Click the delete icon of the scheduled action you wish to discontinue.

 

 

4. If you want to proceed, click Remove on the toaster message that appears.

18 Log Files

To access the KEMP 360 Central log files, click the Settings and configuration icon in the bottom-left of the screen and click Log Files.

In this section of the KEMP 360 Central UI, users can download l KEMP 360 Central logs.

18.1 System Logs

The System Logs file includes KEMP 360 Central system logs.

Perform the following steps to download the KEMP 360 Central system logs:

1. In the menu, click the Settings and configuration icon and then click Log Files.

2. Click the Download button next to System Logs. Your browser now displays a popup that enables you to view the downloaded logs using a local application of your choice, or save the logs.

18.2 Diagnostic Logs

In this section, users can download both Audit Logs and Debug Logs.

Use these logs as diagnostic tools when a problem has occurred. When the Download button is clicked, the logs download as a text file.

The Audit Logs display application logs, that is logs of actions completed in KEMP 360 Central, for example, adding a LoadMaster.

The Debug Logs are lower-level than the Audit Logs. The Debug Logs show logs relating to the application.

18.3   Log Settings

LoadMasters generate various warning and error messages using the syslog protocol. These messages are normally stored locally in the LoadMaster. KEMP 360 Central automatically configures the system log options for the LoadMasters to store the LoadMaster system logs in KEMP 360 Central.

To view the LoadMaster logs, go to the Global Repository and click Logging. For further information, refer to the Logging section.

For instructions on how to configure the syslog options, refer to the following section.

19 Date and Time

If there is a discrepancy in the time on your version of KEMP 360 Central, this can cause issues such as MELA reports not being sent on time and other scheduled tasks being executed at unexpected times. To mitigate against this, when you upgrade your version of KEMP 360 Central to Version 1.21 or deploy a new version, Network Time Protocol (NTP) synchronization is enabled by default.

The date and time appears on the top right of the User Interface (UI). To view the current time settings, click the Settings and Configuration icon then click Date & Time.

To automatically set the time using an NTP server (enabled by default), select the Enable NTP check box and click Apply. The machine automatically synchronizes its time with a NTP server (pool.ntp.org is used by default). KEMP 360 Central checks every hour (35 minutes past the hour) and after reboots, to check if there is any discrepancy between the local time and the NTP server. If there is a discrepancy, KEMP 360 Central updates according to the time of the NTP server being used. If the NTP server fails or goes down at any time, a warning notification appears on the UI to the left of the time when the scheduled contact is not made.

You can have up to three NTP servers in the Time Servers field. You must list the NTP servers in order of preference and separate each one using a comma. You can specify a time server as an IP address, a fully qualified domain name (FQDN) or a public NTP server pool name. The time servers entered are validated on use, not when configured. If KEMP 360 Central cannot successfully contact the first time server, it tries the second time server (if specified); and, if that does not work, it tries the third time server (if specified). If all specified time servers cannot be contacted, then the warning described above is displayed in the banner.

KEMP 360 Central automatically displays the time zone of your local KEMP 360 Central session as determined by your browser. If you change your browser time zone setting, this is reflected on KEMP 360 Central. In the screenshot below, the system date and time is shown at the top of the display, along with the time zone (UTC-01:00) currently being used by the browser.

In the example above, the time zone is changed to Atlantic/Azores on the local machine, however, KEMP 360 Central displays the system date and time and also the time relative to UTC. The local time zone used by the browser is used in the KEMP 360 Central UI to display most time and date information, including scheduled actions (like backups and firmware upgrades) and the graphical data displays on the Graphs tab. The log viewer, however, uses UTC time to display log entries to make it easier to coordinate times between log events.

To manually set the time, ensure the Enable NTP check box is clear, then set the date and time using the dropdown menus provided. If you try to change the time manually, the following warning appears:

Do not change the time manually unless you are not using NTP. KEMP does not recommend manual date/time changes and recommends using NTP

You can authenticate the NTP server using a shared secret and key. To do this:

1. Select the Authenticate check box. This activates the NTP Shared Secret and NTP Key ID fields.

2. Select the NTP Key Type (at present, this is either MD5 or SHA-1).

3. Type the NTP Shared Secret string. This can be up to 40 characters in length. If it is more than 20 characters, it is treated as a hex string.

The NTP Shared Secret must match the shared secret specified in the NTP time server’s configuration, or authentication with the NTP server will fail and the time will not be synchronized. If you specify multiple time servers, they must all use the same NTP authentication parameters.

4. Type the NTP Key ID. This must be in the range from 1 to 65534.

5. Click Apply to apply the changes.

20 Storage

To ensure your installation of KEMP 360 Central remains functional, you can control how much data is retained using the Storage feature. You access this by clicking Settings and Configuration > Storage. After you set a value, click Apply to apply the change.

There are four settings you can manage here:

  • Statistics Retention Threshold (default value is 90 Days)
  • Log Retention Threshold (default value is 90 Days)
  • Log Message Retention on Ingress (default value is Error)
  • Disk Usage Alert Threshold (default value is 80%)

The default values are for a new system. On upgrade, no changes are made to the existing settings for these controls. If you are upgrading from a system that does not support these controls, the retention thresholds are set to 'unlimited' to match the effective settings in older releases.

Statistics Retention Threshold

Here you can set the maximum number of days that managed device statistics data are retained. Any data above this threshold is deleted periodically. The available options are Unlimited, 90 Days, 180 Days, 270 Days, and 360 Days.

Log Retention Threshold

This is the maximum number of days that managed device log data are retained for. Any data above this threshold is deleted periodically. The available options range from Unlimited to 360 Days.

Log Message Retention on Ingress

This option refers to the lowest log message severity level accepted on receipt from a managed device. Any message received containing a lower severity level is dropped on receipt, regardless of the log level setting on the managed device. Besides Disabled, the range of options, from highest to lowest priority, is as follows: Emergency, Alert, Critical, Error, Warning, Notice, and Info.

Disk Usage Alert Threshold

This option enables you to set the percentage of disk space at which the system begins sending storage alerts. The alerts are sent until the disk space usage falls below the specified percentage. The values range from 50% to 95%.

When the system reaches a disk alert threshold set by the user, an orange alert appears on the UI informing you about this (this is also stored in Syslog). When this happens, you could select a shorter Statistics Retention Threshold or Log Retention Threshold to free up space. If you do not, there is a critical disk alert threshold set by the system of 95%. If this threshold is reached, the system sends out another alert and stops collecting logs and statistics until you contact Support. An email notification alert is also sent to anyone who has their SMTP settings configured.

If you change the Statistics Retention Threshold, any data older than the set value will no longer be available for graphs or reporting.

 

21 UI Access Control

By default, KEMP 360 Central allows connections from any client network, however, you can create a whitelist where you can specify what networks you want UI access to be available on. If you try to access a KEMP 360 Central machine from a network or IP address that is not on the whitelist, an error occurs and you will not be allowed access to the system.

To access the UI Access Control, on the UI, click Settings and Configuration > UI Access Control.

The whitelist applies to UI access only. API access to KEMP 360 Central remains open to any network that has a route to KEMP 360 Central. This is required to support API access from all managed devices.

By default, the All (Whitelist is inactive) option is selected. You can edit the whitelist when it is in either the inactive or active state. To add an entry to the whitelist, perform the following steps:

1. Click the plus icon.

2. Type the IP address of the network (or individual IP address) you want to add to the whitelist and click Add.

You can add multiple IP addresses by separating each address with a comma. You can also type the IP address in CIDR format, for example, 192.168.100.0/24, to whitelist a range of IP addresses.

3. To remove an IP address from the whitelist, select the address and click the minus icon.

As a lockout protection mechanism, the IP address of the device from where the UI is being accessed is always added to the whitelist, even if it is not specified by the user.

4. Click Apply to apply your changes.

If you are using a private IP address, that address is automatically added to the whitelist. The same applies for a public IP address.

After you have added all the IP addresses you need to the whitelist, you can then enable the whitelist by selecting the Specific Clients & Networks Only (Whitelist is active) option and clicking Apply.

22 Appendix: Password Information

You must adhere to the following rules when creating a password in the User Management section:

Passwords must be a minimum of eight characters long and must contain at least one uppercase letter.

Passwords must contain at least one number.

All ASCII alphanumeric and printable special characters are supported.

The bar below the password field changes color based on the strength of your password. Blue indicates a weak password, orange a stronger password, while green indicates the strongest level.

To improve the strength of the password, use special characters, capital letters and numbers. Making your password long also increases its strength.

23 References

Related documents are listed below:

KEMP 360 Central API, Interface Description

KEMP 360 Central for Azure, Installation Guide

Virtual Services and Templates, Feature Description

Web User Interface WUI, Configuration Guide

User Management, Feature Description

Health Checking, Feature Description

Last Updated Date

This document was last updated on 09 October 2018.

Was this article helpful?

0 out of 0 found this helpful

Comments