Thunder Device Manager

Devices

Thunder Device Manager is a micro-service of A10 HarmonyTM Controller. As the name suggests, it allows users to centrally manage all the A10 Thunder devices from the Harmony Portal. If the number of devices increase, then it becomes more and more difficult to keep the inventory and keep device configuration on the devices up-to-date. Upgrading devices or pushing any small change in application configuration becomes a very time consuming task.

Thunder device manager allows users to create logical groups of devices so that configuration can be pushed to set of devices in easy manner without logging into each device. It also allows to schedule upgrade of devices, and automatically abort the upgrade chain in case upgrade fails on a device.

While device manager displaces basic information about device as part of inventory, detailed analytics of the device and applications is available in Harmony Portal dashboard.

Device List

The Devices page displays a list of ACOS devices that are currently being managed by the Thunder Device Manager. From this page, you can add a device, delete a device, or create a backup configuration file for a device, as well as performing other tasks.

In the current release, Thunder Device Manager supports the ability to manage the following types of A10 Networks devices running on ACOS 4.1.x:

  • AX Series
  • Thunder Series
  • vThunder (formerly known as “SoftAX”)

To access the Thunder Device Manager’s Devices page, navigate as follows:

  1. Select Devices >> Device List.

    _images/device-list.png

    Description of the column headings in the Device List:

    • Status
      Indicates the status of the device:
      • (Green, arrow up) – Both ping and http/https are running.
      • (Orange, arrow up) – Ping is running.
      • (Red, arrow down) – Neither ping nor http/https are running.
    • Name
      Name of the device. Click on name link to view Device Detail information.
    • IP Address
      Displays the IPv4 or IPv6 address of the managed device.
    • Model
      Shows the model of the device.
    • Partitions
      Displays the number of partitions for each device.
    • SW Info
      Shows the software version and build number.
    • Memory
      Displays the memory usage percentage.
    • CPU
      Shows the Control and Data usage. Hover over the field for more details.
    • Uptime
      Displays the uptime for the device in days, hours and minutes.
    • Device Groups
      Displays the Device Group associated with the device.
    • Actions
      Click on the drop-down list in the Actions column:
      • Rescan - Updates all fields for device.
      • Save Config - Save the current configuration on device.
      • Reboot - Reboot the device.
      • Show User - Displays the Device User.

    The following buttons appear at the top right of this window:

    • Refresh

      Refreshes the current listing by retrieving a list of devices from database.

    • Delete

      Delete one or more devices that have been selected, using check boxes in the Devices page.

    • Add Devices

      Displays a a dialog panel that can be used to discover a one or more devices. Click this button to discover network devices to be managed. (The current Thunder Device Manager release does not support discovery of devices other than through Thunder Device Manager management interface (eth0).

      Advanced Settings - Clicking on the Advanced button allows configuration of the sampling interval for both metrics and logs.

    • Backup Config

      Shows a device configuration backup dialog panel that can be used to perform configuration backups on devices that have been selected, using check boxes in the Devices page.

Backing up a Configuration

  1. Select the check box for the device which you want to perform a a backup configuration.

  2. Click the Backup Config button to display a window similar to that shown below:

    _images/device-configuration-backup.png
  3. To create a Device Configuration Backup, configure the following options:

    • Schedule Type

      Select whether you want to perform an immediate backup, or schedule a backup at a recurring time.

      If you select Schedule, the following additional fields are displayed: - Start Datetime - Schedule Option

    • Start Datetime
      If scheduling the backup for a future time, then enter the desired time in the field to specify the date and time when the backup should begin. Enter the date/time in the following format:

      mm/dd/yyyy hh:mm AM/PM

    • Schedule Option

      Click the drop-down menu and select the interval at which the backup configuration snapshots will be taken. Options include:

      • One Time
        The backup config file will be created at the time entered in the ‘Start Datetime’ field.
      • Every 6 Hours
        The backup will be done automatically, on a 6-hour basis, starting at the time entered in the ‘Start Datetime’ field.
      • Every 12 Hours
        The backup will be done automatically, on a 12-hour basis, starting at the time entered in the ‘Start Datetime’ field.
      • Daily
        The backup will be done automatically, on an hourly basis, starting at the time entered in the ‘Start Datetime’ field. The Interval time can range from 1-6 days.
      • Weekly
        The backup will be automatically done every week, starting at the day of week entered in the ‘Start Datetime’ field.
      • Bi-weekly
        The backup will be automatically done every other week, starting at the day of week entered in the ‘Start Datetime’ field.
      • Monthly
        Select a number ranging from 1–12 in the Interval field. The backup will be done automatically, on a monthly basis, starting from the date entered in the ‘Start Datetime’ field.
    • Save Config Before Backup

      Select Yes or No to save a device configuration prior to this backup operation.

    • Description

      Text description for the backup job.

    • Remote

      De-select this check box if you wish to save the backup config file on the Thunder Device Manager.

      Select this check box to specify a remote destination for the backup job.

      NOTE: If this option is used, configuration backups will not be shown in the Thunder Device Manager Configuration Backup listing.

      Selecting this check box reveals the following additional fields:

      • Backup Method
        Select scp, ftp or tftp. Selecting tftp prompts only the Host and File Name fields that are required to fill in.
      • Username
        User name used to log on to the remote device.
      • Password
        Password needed to access the remote device.
      • Host
        IP address of the remote device.
      • File Location
        Absolute path to the directory where you want to store your backup.
      • File Name
        Name of the Device Configuration Backup File.

Steps to Create a Report/Report Schedule

  1. Click the Report button at the upper right.

  2. From the Type drop-down list, select the type of report you wish to create.

    • Inventory Report
  3. For the Schedule Type options, select Immediate or Schedule.

  4. If Schedule is selected, enter the Start Datetime in the following format: mm/dd/yyyy HH:MM AM/PM

  5. and select a schedule option from the Schedule Option drop-down list.

  6. The PDF and CSV check boxes indicate the file format of the report. Select a check box to generate a report of your format preference.

  7. In the Email field, enter the email addresses to whom the reports should be sent to. Use a comma to separate email addresses when configuring.

  8. In the Description field, enter a description about the created report generation.

  9. Click OK when done.

    Device List Summary Report fields:

    • Device Name
      The name of the device.
    • Serial Number
      The serial number of the device.
    • Model
      The device model.
    • Management IP
      The management IP address of the device.
    • Image
      The version running on the device.
    • Date in service
      The service date of the device.
    • License Renewal Date
      The date for license renewal.
    • Location
      The location information of the device.
    • Notes
      Any notes made about a device is included in the report.
    • Harmony Controller
      Register or de-register a device with the HarmonyTM Controller. Enter the required information to add a device. Device information can also be edited, or the device can be removed from Harmony’s management.

Device Groups

The Device Groups page displays a list of device groups. From this page, you can create a new device group, delete a device group, or add devices to an existing device group. The benefit of adding managed devices to a device group is that you can streamline the configuration process. For example, you could push a config file to all devices in a group at once.

To access the device groups page, navigate as follows:

  1. Select Devices >> Device Groups.

    _images/device-group.png

    Description of the Column Headings in the Device Groups:

    • Group Name
      Displays the Group Name of the Device Group.
    • Devices
      Lists the devices in the Device Group. Hover over the specific field to see list of devices and their IP that is associated with group.
    • Description
      Displays the text from the Device Group Description.
    • Actions
      Click the Edit hyperlink to modify the membership of the devices in a group.

    From this page, you can select one of the following buttons at the top right of this window:

    • Click Refresh to update the list of device groups.
    • Click Delete to delete one or more selected device groups from the list.
    • Click Create to create a new device group. Enter a Group Name, select one or more devices, enter the description, and click Submit.

    Alternatively, you can select one of the following options under the Actions column of the table:

    • Click the Edit hyperlink. From here, you can modify the membership of the devices in a group.

Default Credentials

The Default Credentials page allows you to specify the default device credentials Thunder Device Manager can use when discovering devices. These default credentials should be used to try accessing devices if no other credentials have been provided for the managed devices. From this page, you can add or delete the default credentials Thunder Device Manager will use when attempting to discover a device via HTTPS or CLI.

To access the Default Credentials page, navigate as follows:

  1. Select Devices >> Default Credentials.

    _images/default-credentials.png

    From this page, you can select one of the following buttons along the upper right-most corner of the page:

    • Click Refresh to update the list of default device credentials.
    • Click Delete to delete one or more selected default device credentials from the list.
    • Click Create to open a Default Credentials window. In Credentials For, HTTPS and CLI are available.
    • Select HTTPS in Default Credential Window to enter a new set of default device credentials to be used to access the device via HTTPS.
    • Click Submit.
    _images/create-https.png

    From this modal window, configure the options:

    • Username
      Enter the default administrative username needed to access the managed device.
    • Password
      Enter the default password for the administrative user needed to access the managed device.
    • Confirm Password
      Confirm the default password for the administrative user needed to access the managed device.
    • Timeout
      Enter the timeout period. This is the number of minutes the CLI session can be idle before it times out and is terminated.
    • Retries
      Enter the number of attempts Thunder Device Manager can repeatedly attempt to establish a connection if the first try fails.

    Or

    • Select CLI in the Default Credential Window to enter a new set of default device credentials to be used to access the device via CLI.
    • Click Submit.
    _images/create-cli.png

    From this modal window, configure the options:

    • Username

      Enter the default administrative username needed to access the managed device.

    • Password

      Enter the default password for the administrative user needed to access the managed device.

    • Confirm Password

      Confirm the default password for the administrative user needed to access the managed device.

    • Enable User Name

      Enter the default administrative username needed to access Privileged EXEC level for the managed device. This level is also called the “enable” level because the enable command is used to gain access. Privileged EXEC level can be password secured.

    • Enable Password

      Enter the default password associated with the administrative username needed to access Privileged EXEC level for the managed device.

    • Confirm Enable Password

      Confirm the default password associated with the administrative username needed to access Privileged EXEC level for the managed device.

    • Timeout

      Enter the timeout period. This is the number of minutes the CLI session can be idle before it times out and is terminated.

    • Retries

      Enter the number of attempts Thunder Device Manager can repeatedly attempt to establish a connection if the first try fails.

      Credential Devices configurations can be edited by clicking Edit in the Action column for the default device credentials.

Device Upgrade

The Device Upgrade feature allows you to transfer software release images from a remote server onto the Thunder Device Manager using SCP, and then perform a device image upgrade by deploying a device upgrade job against a device.

  1. Select Devices >> Device Upgrade from the main menu.

    A table appears, which lists the upgrade images that have been copied to Thunder Device Manager. These files can be used to upgrade the Thunder Device Manager managed devices. If the table is empty, you must upload image upgrades from a remote server. In this release, you can upload an image into Thunder Device Manager by specifying the SCP information for which the ACOS image can be downloaded from.

  2. If no images are displayed in the table, you can copy an image from a server by selecting Load Image at the upper right-most corner of the page.

    A pop-up modal window appears, prompting you to enter information about the server from which the image will be transferred to the Thunder Device Manager.

    Enter values in the following fields:

    • SCP File Name
      enter the name of the image you want to upload.
    • SCP File Path
      enter the image store path. This has to be the exact path starting from the server root.
    • SCP Host Name
      enter the IP address for the server from which the image will be uploaded.
    • SCP User Name
      enter the username for the server from which the image will be uploaded.
    • SCP Password
      enter the authenticated password associated with the username for the server from which the image will be uploaded. For protection purposes, this field is not displayed in plain text.
    • Description
      enter a description for the image.
    1. After entering the image information, click Submit.
    2. Thunder Device Manager will attempt to access the image on the remote server using the information you provided.
    • If successful, a confirmation message appears at the top of the screen and the image is added to the table.
    • If unsuccessful, an error message appears at the top of the screen, and the image is not added to the table.

    Description of columns in the Device Upgrade page:

    • File Name
      Displays the name of the image file.
    • Created
      Displays the date and time that the image file was created.
    • Description
      Displays the description information entered when the image file was copied to Thunder Device Manager.
    • Size
      Displays the size of the image file.
    • Actions
      Displays the available actions that can be performed with the image file:
    • Edit
      click the edit button to edit the information associated with this image.
    • Upgrade
      To upgrade one or more of the managed devices using this image, click the upgrade link. A pop-up window appears, containing device upgrade information. Select the target device that you wish to upgrade from the drop-down menu.

Upgrading Your Devices

Once you have loaded upgrade images onto your Thunder Device Manager, you can push the upgrade images out to your managed devices.

  1. Click on the Upgrade link in the Actions column of the desired upgrade image. The Device Upgrade window will appear.

  2. Select the device or configured device group you wish to upgrade from the corresponding fields.

  3. Select your schedule type. You can chose to upgrade your device immediately or at a later date. If you wish to schedule the upgrade at a later date, select the Schedule option and the Start Datetime field will appear for you to selected when the upgrade will take place from the drop-down calendar. You will also need to enter a specific time on your selected date for when the upgrade will take place.

  4. Select where the upgrade image will be stored using the Primary/Secondary radio buttons.

  5. Select whether to save the configuration prior to the upgrade.

  6. Indicate whether you wish to reboot your selected device/device group after the upgrade is successful.

  7. If you wish to add a description of the upgrade you can do so in the corresponding field.

  8. Click Submit.

    Click Confirm if the task is configured correctly.

    Note: For device upgrade and backup configuration to work in Thunder Device Manager, you need to set the password authentication to Yes in HarmonyTM Controller host’s /etc/ssh/sshd_config and restart the sshd service.

Reports

The Reports feature consists of two tabs, Report Scheduler and Reports.

Reports Tab

The Reports page allows you to view existing inventory reports through the Reports tab. By clicking on Report on the Device List page, an inventory report can be created. The following buttons appear on this page:

  • Refresh
    Refreshes the current listing.
  • Delete
    Delete one or more reports that have been selected, using check boxes in the Reports page.
  • Email
    Email a report to the email address(es). Note: Select the report(s) to email prior to clicking on Email.

Available Reports:

  • Name

    The filename of the report is displayed.

  • Type

    The report type information is displayed.

  • Creation Time

    The date and time the report was created is displayed.

  • Description

    The description provided during report creation appears here.

  • Actions

    Allows you to email or download an existing report.

    • Email
      Email an existing report
    • Download
      Download an existing report

Report Scheduler Tab

The Report Scheduler page allows you to view existing report schedule information, and allow you to create report schedules or a single report.

The following buttons appear on this page:

  • Refresh
    Refreshes the current listing.
  • Unschedule
    Delete one or more schedules that have been selected, using check boxes in the Report Scheduler page. This only works for active schedules.
  • Create
    Create a schedule for report generation, or create a report.

Steps to Create a Report or Report Schedule

  1. Click the Create button at upper right.

  2. From the Type drop-down list, select the type of report you wish to create.

    • Inventory Report
  3. For the Schedule Type options, select Immediate or Schedule.

  4. If Schedule is selected, enter the Start Datetime in the following format: mm/dd/yyyy HH:MM AM/PM.

  5. Select a schedule option from the Schedule Option drop-down list.

  6. The PDF and CSV check boxes indicate the file format of the report. Select a check box to generate a report of your format preference.

  7. In the Email field, enter the email addresses to whom the reports should be sent to. Use a comma to separate email addresses when configuring.

  8. In the Description field, enter a description about the created report generation.

  9. Click OK

    Report Scheduler:

    • Status

      Displays if a schedule is still active or finished.

    • Schedule Name

      Displays the name of the schedule.

    • Report Type

      Displays the report generation type.

    • Creation Time

      The date and time the report or schedule generation occurred is displayed.

    • Description

      The description provided during report creation appears here.

    • Start Time

      Displays the time when the first report generation will occur from a configured schedule.

    • Next Run Time

      Displays the time when the next report generation will occur from a configured schedule.

    • Actions

      Allows you to email or download an existing report.

      • Edit - Modify an existing active report schedule.

        • Reports - Move to the Reports page.

Settings

The Settings option offers the following features:

  • Connection
  • Device Rescan
  • Health Monitor

Connection

Connection allows you to enter the basic parameters that will define the sessions when Thunder Device Manager is attempting to discover managed devices. You can modify the properties for CLI, SNMP, or HTTPS sessions, and you can indicate which protocol port should be used, the duration of the idle timeout value, and the number of retry attempts.

  1. Select Devices >> Settings from the main menu.

  2. Select Connection tab.

    _images/connection.png
  3. To modify the Connection properties for the CLI, do as follows:

  1. Enter the port number Thunder Device Manager should use when attempting to establish a CLI session with a managed device. For example, to use SSH enter port 22.
  2. Type the value in the field to specify the idle Timeout period for the CLI session.
  3. Type the value in the field to specify the Retry Attempts for the CLI session. This will specify how many times Thunder Device Manager should attempt to establish a CLI session with a managed device before giving up.
  4. Click Save to store your changes.
  5. To modify the Discovery properties for SNMP, do as follows:
  1. Enter the port number Thunder Device Manager should use when attempting to use SNMP to communicate with a managed device. For example, to use the standard SNMP port, enter a value of 161.
  2. Type the value in the field to specify the idle Timeout period for the SNMP session.
  3. Type the value in the field to specify the number of Retry Attempts. This will specify how many times Thunder Device Manager should attempt to establish an SNMP session with a managed device before giving up.
  4. Click Save to store your changes.
  1. To modify the Discovery properties for HTTPS, do as follows:
  1. Enter the port number Thunder Device Manager should use when attempting to use HTTPS to communicate with a managed device. For example, to use the standard HTTPS port, enter a value of 443.
  2. Type the value in the field to specify the idle Timeout period for the HTTPS session.
  3. Type the value in the field to specify the number of Retry Attempts. This is the number of times Thunder Device Manager should attempt to establish an HTTPS session with a managed device before giving up.
  4. Click Save to store your changes.

Device Rescan

The Device Rescan page allows you to set up periodic rescans from Thunder Device Manager. When a device rescan job has been created, the job can be viewed from the Scheduler (System>>Scheduler), and past jobs can be viewed from Job Execution Log.

  1. Navigate to Devices >> Settings and click on the Device Rescan tab.
  2. In the Start Datetime field, enter the scheduled time for the device rescan in the following format: mm/dd/yyyy hh:mm AM/PM
  3. In the Schedule Option drop-down list, select a time interval.
  4. In the Description field, enter any information you wish to include regarding this action.
  5. Click Save to finish.

Health Monitor

The Health Monitors page allows you to configure basic Thunder Device Manager health monitors, which Thunder Device Manager uses to poll for devices under its management. In the current release, the following health monitors are supported:

  • PING
  • HTTPS
  1. Select Devices >> Settings >> Health Monitor.

    _images/health-monitor.png
  2. To modify the properties for the PING health monitor, do as follows:

  1. In the Retry Attempts field, enter the number of times Thunder Device Manager should attempt to PING a managed device before determining that the device has failed the health check. The up and down arrows may be used to increase or decrease the value in this field by 1.
  2. In the Timeout (In seconds) field, enter the number of seconds Thunder Device Manager should wait after sending a PING to a managed device before determining that the device has failed the health check. The up and down arrows may be used to increase or decrease the value in this field by 1.
  3. Click Save to store your changes.
  4. To modify the properties for the HTTPS health monitor, do as follows:
  1. Although HTTPS health checks are supported, their properties (such as Retry Attempts and Timeout value) cannot be modified in the current release.
  2. (Optional) You can modify the Interval, which is the period at which the health monitor will repeat the check. By default, the interval is set to 30 seconds.
  3. Click Save to store your changes.

Statistics Display

The Statistics Display page allows you to set up an automatic refresh for the index table and statistics that are displayed in the Thunder Device Manager GUI.

If desired, you can change the automatic refresh rate of index tables and stats by doing the following:

  1. Navigate to Devices >> Settings and click on the Statistics Display tab.

    _images/statistics-display.png
  2. To configure the Index Table automatic refresh rate interval, enter the interval rate in the Index Table field. The number of repeated attempts ranges from 5-30 seconds.

  3. To configure the Statistics automatic refresh rate interval, enter the interval rate in the Stats field. The range is 5-30 seconds.

  4. Click Save to save any changes.

Configurations

Config Backups

This section covers the process of creating a backup configuration file for a managed device, viewing previously saved backup config files, modifying the contents of a backup config file, restoring an Thunder Device Manager-managed device using a previously saved backup config file, or deleting all configurations.

Note: The backup and restore process applies to start up configurations, not running configurations.

Creating a Backup Configuration File for a Managed Device

You can create a backup configuration for your Thunder Device Manager-managed devices. The configuration file for the device can be saved on the Thunder Device Manager or on a remote server, and from there, it can be modified locally on Thunder Device Manager or pushed to other devices. To create a backup configuration file:

  1. Access the backup function from the Thunder Device Manager GUI by navigating to Configurations >> Config Backups.

    Note: A similar function also exists from Devices >> Device List.

  2. Click the Backup Config button at the upper, right-most corner.

  3. After clicking the Backup Config button, the Device Configuration Backup page appears.

    _images/hourly-schedule.png
  4. From the Device Configuration Backup window, after selecting the devices and/or device groups, you can continue with the device configuration backup by filling out the rest of the field.

  5. When finished configuring the options in the Device Configuration Backup Page, click Submit to send the device configuration backup request.

    If the backup is set to occur immediately, a confirmation message will appear, indicating whether the backup was successful.

Remote Restore

If you wish to remotely restore a configuration onto a device, perform the following steps:

  1. Click the Remote Restore button to display the Remote Restore Configuration window.

  2. To remotely restore a configuration, configure the following options:

    • Device - Select the device from the drop-down list.
    • Schedule Type - Select whether you want to perform an immediate remote restore backup, or schedule a remote restore backup at a recurring time.

    If you select Schedule, the following additional fields are displayed:

    • Start Datetime
    • Schedule Option

    The following fields are displayed for both immediate remote restore backup and schedule a remote restore backup:

    • Description
    • Restore Methods
    • Start Datetime
      If scheduling the remote restore backup for a future time, then enter the desired time in the field to specify the date and time when the remote restore backup should begin. Enter the date/time in the following format:
      mm/dd/yyyy hh:mm AM/PM
    • Schedule Option
      Click the drop-down menu and select the interval at which the remote restore backup configuration snapshots will be taken. Options are:
      • One Time – The remote restore will be done at the time entered in the ‘Start Datetime’ field.
    • Description
      Text description for the remote restore job.
    • Restore Methods
      Select from the available methods: scp, ftp or tftp. Enter the following information:
      • Username – User name on the remote server. (Appears for scp and ftp)
      • Password – Password for the account used to access the remote server. (Appears for scp and ftp)
      • Host – IP address where the remote server is running.
      • File Path – File path on the remote server where the backup file is located.
  3. Click Submit.

Deleting all Configurations

If you wish to delete all configurations, click on the “v” check box to expand and then click on “Delete all Configurations”.

Viewing Saved Configuration Backup Files

When you have finished saving backup configuration files for one or more managed devices, you can view the inventory of backup files from the Configuration Backups page.

To view the previously saved Backup Configuration files, navigate as follows:

  1. Select Configurations >> Config Backups.

    _images/config-backups.png

    Description of the columns in the Configuration Backups:

    • Backup ID

      Displays the auto-generated name of the backup config file. This identifier is a combination of the device model number and the timestamp associated with the backup config file.

    • Device

      Displays the host name of the managed device.

    • Source IP

      Displays the IP address of the managed device.

    • Description

      Displays the description information entered when the image file was copied to Thunder Device Manager.

      Note: A default configuration backup file is automatically created when a managed device is first discovered by Thunder Device Manager. The Description field for this default file is, “Auto Config Backup”. An example appears in the figure above.

    • Created Time

      Displays the date and time that the backup config file is created.

    • Actions

      Displays the available actions that can be performed with the backup config file:

      • Contents
        Click the Contents link to modify the contents of a backup config file.
      • Restore
        Click the Restore link to restore a managed device using a saved config file.

Restoring a Device from a Backup Configuration File

You can use a previously-saved backup configuration file to restore an Thunder Device Manager-managed device to a previous state. This may be helpful if, for example, you need to roll back recent changes to a configuration file.

To restore a managed device using a previously-saved backup configuration file, navigate to the Thunder Device Manager GUI’s Configuration Backup page as follows:

  1. Select Configurations >> Config Backups.

    The inventory of backup configuration files appears in the Config Backups table.

  2. Click the Restore link in the far-right Actions column, for the config file you wish to use to restore the managed device.

    _images/restore-config.png
  3. The devices field list is populated with the IP of the managed device for which you selected the Restore hyperlink.

  4. For the Schedule Type, select the Immediate radio button.

  5. Enter a description in the Description field.

  6. When finished configuring the options in the Restore Configuration window, click Submit to send the device restore request.

    Navigate to System >> Job Execution Results to see if the restore operation has succeeded or failed. If it has succeeded, an ACOS device reboot without a saving the configuration is needed to allow the restored configuration to take effect.

    Additional Notes about the Configuration Backups table:

    • The most recent Backup Config files appear near the top of the Backups table.
    • Instead of creating a configuration backup from the Device List page, you can also create a configuration backup file from this page by clicking Backup Config at the upper, right-most corner of the page. A pop-up modal window appears, but you must choose the devices or device group you want to back up from the list of currently-available devices.

Device Configs

The Device Configs page has an inventory of the most recent backup configuration files. From this page, you can edit portions of a backup configuration file, then save it locally to Thunder Device Manager, and push it to a managed device.

Note: To see all available configuration backup files of a specific device, navigate to Configurations >> Config Backups, and click Contents for that device.

To edit portions or snippets of a backup configuration file, navigate as follows:

  1. Select Configurations >> Config Backups.

  2. Click the Contents hyperlink under the Actions column.

    _images/CLI-configs-tab.png

    Columns in Configuration Backups Contents:

    • Name

      Displays the name of this portion of the config file.

    • Partition

      Displays the partition (shared or private) of this portion of the config file.

    • Size

      Displays the size (in bytes) of this portion of the config file.

    • Actions

      The Action column displays the available actions that can be performed with this portion of the config file.

      • Save As
        click the Save As link to modify this portion of the configuration backup file.
  3. Select one of the tabs under the menu bar to specify which portion of the config file to work on, for example: CLI Configs, aFleX Scripts, or Class-Lists.

    • To view a non-editable version of the “chunk” of the config file, click the hyperlinked name of the config file from the Name column of the table.
    • To view an editable version of the “chunk” of the config file, click Save As link from the Actions column of the table.
    _images/CLI-config-startup.png

NOTE: When naming a file to be saved as a Local Config, do not enter special characters, (such as ‘?’,’#’, ‘*’, and so on) in the File Name, as this can cause issues when attempting to push the file to other devices.

  1. (Optional) You can enter a modified name for the config portion in the File Name field.
  2. Edit the configuration that appears in the Content area.
  3. Click Save.

The modified section of the config file (such as the CLI sample shown above), is saved locally on the Thunder Device Manager.

To delete a device configuration file, navigate as follows:

  1. Select Configurations >> Device Configs.
  2. Select the aFlex Scripts, WAF Policies (ADC only), BW-Lists (ADC Only) or Class-Lists tab and click Delete.

Local Configs

The Local Configs page has an inventory of the chunks or portions of the backup config files that you modified. These are saved locally on the Thunder Device Manager, and from this Local Configs page, you can push the chunks or snippets of the configuration file (that you just modified) to other managed devices.

Description of columns in Local Configs:

  • Name

    Name of the system file.

  • Last Modified Time

    Shows the date and time when the file was last modified.

  • Type

    For Class-Lists, indicates the class list type: IPv4, IPv6, Aho-Corasick, DNS, String, String Caseinsensitive.

  • Actions - • Edit

    Allows you to edit the content of the selected configuration file.

    • Push
      Allows you to push the configuration to a managed device or device group.

To push portions or snippets of a backup configuration file, navigate as follows:

  1. Select Configurations >> Local Configs.

    _images/local-configs.png
  2. (Optional) From the Local Configs page, you can further edit portions of the config file by clicking the Edit link under the Actions column. (For information about editing a CLI Config Snippet, or another portion of a config file.)

  3. When you are finished modifying the portion of the configuration backup file, you can push that portion of the config to another device by clicking the Push link, which appears in the right-most Actions column.

    Note: The Push action for CLI Config Snippets applies when you wish to put a running configuration onto a device or device group.

    CAUTION: When pushing a CLI config snippet, make sure your CLI snippet is not device specific! Some commands cannot be pushed as CLI config snippets. Refer to the “known issues” section of the Release Notes for a list of restricted CLI commands.

  4. Select one or more devices to choose where the CLI snippet (or other portion of the config file) will get pushed.

  5. Select one or more device groups from the Device Groups section of the page to choose the group(s) to push the CLI snippet.

  6. Click the Partitions drop-down menu and select Shared or the name of the private partition. This selection will determine where on the target device (i.e. which partition) the configuration snippet will be pushed. Note that the configuration snippet will be pushed to this same partition across all of the selected target devices (if multiple devices are selected).

  7. Configure the Schedule Type by selecting Immediate, if not already selected.

  8. Configure the Interval, and any other mandatory options in the Push Configuration window.

  9. When finished configuring the Push Device Configuration window, click Submit.

    The process of pushing other portions of the Config file (e.g., aFleX script, or Class-List) to managed devices is virtually the same as the procedure shown above. However, when pushing a CLI configuration snippet, that small snippet is merged with the running config on the target device, whereas when pushing an aFleX script, or Class-List, then the whole file is pushed to the target device, overwriting any existing files on the target device.

Creating a Configuration

Perform the following steps based on the configuration you wish to create:

  • CLI Config Snippet, aFleX Script, WAF Policies, BW-Lists, Class-Lists
  • Enter the name in the Name field.
  • Enter the Content in the Content field.
  • Click Submit.

SSL Management Local Config

The SSL Management Local Config page has an inventory of the SSL files that you have saved locally on Thunder Device Manager. From this page, you can push the files to other managed devices.

Description of columns in Local Configs:

  • Name

    Name of the system file.

  • Last Modified Time

    Shows the date and time when the file was last modified.

  • Expiration Date

    Indicates the expiration date of the certification or key.

  • Type

    For SSL certs, indicates if certificate or key is selected.

  • Actions - • Edit

    Allows you to edit the content of the selected SSL file.

    • Push
      Allows you to push the file to a managed device or device group.

Editing an SSL file

From the Local Config tab, click the Edit link under the Actions column for the file you wish to edit.

Pushing an SSL file

From the Local Config tab, click the Push link under the Actions column for the file you wish to push.

_images/push.png

#.Select one or more devices to determine where the file will get pushed.

#.Select the group from the Device Groups section of the page.

#.Configure the Schedule Type by selecting Immediate, if not already selected.

#.Configure the Interval, and any other mandatory options in the Push Configuration window.

#.When finished configuring the Push Device Configuration window, click Submit.

Creating an SSL Cert

  1. Click on the SSL Cert type: Certificate, Key
  2. Enter the name in the Name field.
  3. Enter the Content in the Content field.
  4. Click Submit.

Import an SSL Cert

  1. Click on the SSL Cert type: Certificate, Key, CA-Certificate, CSR, CRL.
  2. Enter the name in the Name field.
  3. In File Upload, click Choose File and select the file to import.
  4. Click Submit.

SSL Management Device Config

The SSL Management Device Config page has an inventory of the most recent SSL files. From this page, you can edit an SSL file, then save it locally to Thunder Device Manager.

To edit an SSL file, navigate as follows:

  1. Select Configurations >> SSL Management >> Device SSL Certs.

  2. Click the Save As hyperlink under the Actions column, at far-right.

  3. Click Save.

    _images/device-ssl-certs.png

To delete a device’s SSL certificate, key, or CRL file, navigate as follows:

  1. Select Configurations >> SSL Management.

  2. Click on the Device SSL Certs tab.

    From here, select the checkbox next to the SSL related file you wish to delete from a device and click on Delete.

    Columns in Configuration Backups Contents:

    • Name

      Displays the name of this file.

    • Device

      Displays the name of the device.

    • Partition

      Displays the partition (shared or private) where the file is located.

    • Expiration Date

      Displays the expiration date of an SSL certificate.

    • Size

      Displays the size (in bytes) of this file.

    • Actions

      The Action column displays the available actions that can be performed with this portion of the config file.

      • Save As
        Click the Save As link to modify an SSL file.

System

Events

The Events page enables you to view activities that have transpired on the Thunder Device Manager as it operates. Each tracked activity includes the time, type, severity level of the specific action, and managed device involved. Most tracked events will be device management activities in addition to external device SNMP traps.

To access to the Thunder Device Manager Events page, navigate as follows:

  1. Select System >> Events.

    • The “Unacknowledged Events” list is displayed by default. However, you can toggle back and forth between the “Unacknowledged Events” and “Acknowledged Events” pages by clicking the appropriate Events tab.

    • You can use filters to reduce this list of events such that only events containing a particular word or phrase are displayed. To do so, simply enter a string in the Search field at upper left and then click the drop-down menu and specify which field should be searched. Choices include the following:

      • Type
      • Device IP
      • Description

    Action buttons appear across the right-most side of this Unacknowledged Events:

    • Refresh

      Refreshes the current events page by retrieving a list of events from the database.

    • Acknowledge/Unacknowledge

      You can acknowledge an event so that it is moved to the “Acknowledged Events” to indicate that the event has been looked at, or “acknowledged.” An acknowledged event can similarly be “unacknowledged” to move it back to the “Unacknowledged Events” if you wish to flag it for later review. Click on the v icon next to Acknowledge, and click on Acknowledge All Events to acknowledge all events.

      Description of the Column Headings in the Events page:

      • Created Time
        Indicates the date and time when the event was created.
      • Type
        Indicates the type of the event. This is an internal definition.
      • Severity
        Indicates the severity of the event. This can include:
      • Critical
        An event that threatens to take down numerous network devices. Requires immediate action.
      • Major
        An event that has taken down at least one network device. Requires action.
      • Minor
        An event associated with partial failure of a device. The device requires attention.
      • Warning
        An event that may require action. Non-urgent.
      • Normal
        An event that has occurred but does not warrant action. Used for information purposes only.
      • Cleared
        An event which occurred but for which the underlying cause has been addressed.
      • Unknown
        An event for which the severity level cannot be determined by Thunder Device Manager.
      • Source IP
        Indicates the IP address of the internal or external machine that triggered the event.
      • Description
        This is a free-form text field.
      • Event data
        Hover over the View link to display a pop-up window containing additional details about an event. Click View to view in an expanded window.

Audit Logs

The Thunder Device Manager Audit Logs page displays actions that Thunder Device Manager has taken or noticed as it handles device management providing information on what component was involved, the severity of the action, and user. For example, this page displays information on logins, logging out of users and modifications to configurations, and actions such as deleting a backup device configuration.

Note that this page displays logs associated with events on the Thunder Device Manager, and this page does not display logs associated with the managed devices (to learn about logs associated with the managed devices.

To access the Thunder Device Manager Logs page, navigate as follows:

  1. Select System >> Audit Logs.

  2. Click the Component drop-down menu and select an item to filter.

  3. Click the Severity drop-down menu to filter which logs are displayed based on the severity of the associated event. Severity levels are standard for SYSLOG and include the following:

    • All Severity
    • DEBUG
    • INFO
    • NOTICE
    • WARNING
    • ERROR
    • CRITICAL
    • ALERT
    • EMERGENCY
  4. You can further filter the logs displayed by entering a date and time in the Start Time and End Time fields.

  5. Click the Search button to run the search and filter down the list, or click Reset Filters to start again.

Alerts

The Alerts page displays issues of high severity where administrators can configure what alerts are shown based on the type and severity through the Configure Alerts feature.

To access the Alerts page, navigate as follows:

  1. Select System >> Alerts.

  2. You can reduce the list of alerts displayed by entering a string in the Search field at upper left and/or use the additional drop-down menu for further filtering options.

    Action buttons appear across the right-most side of this page:

    • Configure Alerts
      Configure the notification severity of SNMP, syslog and internal Thunder Device Manager alerts.
    1. Click on Configure Alerts.

      _images/configure-alerts.png
    2. Click on the SNMP check box for to enable or disable SNMP alerts. Choose the severity of the alert from the drop-down menu.

    3. Click on the Syslog check box for to enable or disable Syslog alerts. Choose the severity of the alert from the drop-down menu.

    4. Click on the Device Manager Internal check box for to enable or disable Thunder Device Manager Internal alerts. Choose the severity of the alert from the drop-down menu.

    5. Click Submit.

    NOTE: Alert severities greater than the one chosen from the drop-down menu will be shown as well. Severity from highest to lowest is as follows: EMERGENY, ALERT, CRITICAL and ERROR. So if you select “ERROR”, then alerts would be displayed for ERROR, CRITICAL, ALERT and EMERGENCY.

    • Refresh
      Refreshes the Alerts page by retrieving a list of alerts from the database.

Scheduler

The Scheduler page displays a list of all of the jobs that Thunder Device Manager has scheduled for its managed devices. For example, if you configured Thunder Device Manager to create a backup configuration for a particular ACOS device at a future time, then the task will appear in the schedule list.

From the Scheduler page, you can perform the following tasks:

  • Viewing scheduled tasks
    For example, you can view details associated with scheduled tasks, such as the name of the task, when it is scheduled to run, and when the job was first created. In addition to displaying future tasks, the Schedule page also includes past tasks that have already been triggered.
  • Scheduling a task to be added to the scheduler
    The Scheduler page appears anytime you begin a workflow to perform a task (such as creating a device configuration backup or performing a device upgrade) at a future time.

Viewing scheduled tasks

To access the Scheduler page and view the tasks that have been scheduled, navigate as follows:

  1. Select System >> Scheduler.

    Note that this page just displays jobs you already scheduled elsewhere in the GUI, and you cannot initiate the process of scheduling a job or task from this window.

    _images/scheduler.png
  2. (Optional) To remove a yet-to-be-fired job from the schedule, select the check box next to the job and then click the Unschedule button at the upper right corner of the page.

    Column Headings in the Scheduler List:

    • Status
      Indicates status of a scheduled job.
    • Name
      Name of the scheduled task.
    • Created Time
      Indicates the date and time when the scheduled task was originally created.
    • Executor
      Process that scheduled the job.
    • Description
      Optional user-configured description of scheduled job.
    • Details
      Clicking and hovering over the View link will give you more details on about the job, including the managed device ID and IP address.
    • Scheduled
      Indicates the date and time when the task is scheduled to be fired.
    • Start Time
      Indicates that the task is scheduled to run at future time, but is not fired.
    • Next Run Time
      Indicates the time and date that this task will run in the future.

Scheduling a Task

  1. Navigate to the relevant link for the task you would like to schedule.

  2. Configure the following options:

    • Schedule Type

      Schedules a backup job to be taken immediately or at a later scheduled time and date.

      • Immediate
        Schedules a backup job to be taken immediately.
      • Schedule
        Schedules a backup job to be run in the future. The parameters for a Schedule type of back up is displayed. Schedules a backup job to be run in the future. The parameters for a Schedule type of back up is displayed.
    • Start Datetime

      The starting date/time of the job.

    • Schedule Option

      One Time, Every 6 Hours, Every 12 Hours, Daily, Weekly, Bi-weekly, or Monthly.

    • Description

      A free-form textual description for the job.

    • Remote

      If checked, allows user to specify an external destination for the backup job. Note that if this option is used, configuration backups will not be shown in Thunder Device Manager’s Device Configuration Backup listing.

Job Execution Results

The Job Execution Results page displays a listing of the job executions and their results.

A job is simply a common task performed by the Thunder Device Manager for one of its managed devices, such as creating a backup config file. The Job Execution Results page displays information about the status of that task, as well as whether it has completed, and whether or not is was successful.

Note that a job can be composed of multiple results. For example, if Thunder Device Manager is scheduled to perform a device backup job that includes two or more devices, the backup operation could succeed for one device while failing for the other.

To access the Job Execution Results page, navigate as follows:

  1. Select System >> Job Execution Results from the main menu.

    _images/job-execution-results.png

    Column Headings in the Job Execution Result list:

    • Name
      Name of the scheduled job.
    • Created Time
      Indicates the date and time when the job was originally created.
    • Trigger Time
      Indicates the date and time when the job is scheduled to actually occur.
    • Results Summary
      This column lists the total number of jobs scheduled in that selected log, and divides those jobs into Successes, Failures, Exceptions, and Pending executions.
    • Description
      Free form text field that describes the job.
    • Task Executor
      Specifies the page there the job was configured.

    Click the “+” icon next to a Name of the job to expand it and show the following additional fields.

    • Data

      Lists the administrator who set up the job, host IP, and encrypted password.

    • Finish Time

      Indicates the date and time when the job was finished.

    • Result Status

      Indicates the status of the job. A job result can be in one of the following states:

      • Job has started, but the results have not yet been recorded because the job has just started and is in progress.
      • Job has completed, with successful results (Result Status = 1).
      • Job has completed, with error results (Result Status = 2).

Tech Support

The Tech Support page allows you to quickly provide Tech Support with information to help assist with any issues that are encountered.

To compile log information that may assist in problem solving an issue, navigate as follows:

  1. Select System >> Tech Support from the main menu.

    _images/tech-support.png
  2. Click on Create Download. A “Please Wait” message will momentarily appear.

  3. Click on Download Tech Support Archive in the Action column to download a tar file containing various log information that can be provided to technical support.

    To know more about device manager, you can check out the following video:

Configuring the Virtual Router Redundancy Protocol (VRRP)

To configure the VRRP cluster perform the following steps:

  1. On the VRRP cluster, run the Config sync command. For example:

    configure sync running all-partitions auto-authentication $OTHER_HA_MEMBER_IP

  2. Register the HA cluster to Harmony Controller.

  3. Manually configure the changes, once the cluster is registered.

  4. If HA members are registered as separate clusters on Harmony Controller, then de-register all the HA members individually and make sure there is no cluster entry on Harmony Controller for any of the members.

  5. Run the config sync command.

    NOTE: This is needed even if the existing configurations are already synchronized across HA members.

  6. Register Thunder HA members one after another to Harmony Controller and all the members will be placed under one single HA cluster.