On-boarding Thunder to Harmony Controller

Prior to on-boarding users need to have installed Harmony Controller and for detailed instructions refer to A10 Harmony Controller Installation.

To on-board the first-time users on Harmony Controller follow the steps:

  1. Super-admin logs in on a fresh Install

  2. Administrator log in while the Harmony Controller is already set up


Both users can use the following but few options will be limited for a new user flow post set-up based on the role.

It is recommended that the users should have Thunder provisioned with the correct license before attempting to configuring features that are managed by the license.

System Set-up Checks

NTP Set-up

Time should be in sync while performing installation or there are possibilities of unsuccessful deployment. Refer to Network Time Protocol section for additional information.

If Thunder and Harmony clock are not in sync we need to set the clock using Harmony Controller’s operator console.

  • Check the time on Harmony box using the command “date”:

    [root@ip-10-0-1-101 ~]# date
    Tue July 10 10:32:32 UTC 2019
  • Check the time on Thunder box using command “sh clock”:

    thunder-azure(NOLICENSE)#show clock


We allow +30 seconds difference between Thunder device and Harmony Controller.

Harmony Controller and Thunder Compatibility

Network Reachability between Harmony Controller and Thunder

Refer to Pre-requisites section.


For Harmony Controller 5.1.0 release onwards, users need to specify the port 443 in Harmony Controller profile manually, and for previous releases the default was 8443 port.

Set up Organization

  1. First provider is set-up during HC install. Refer to A10 Harmony Controller Installation to set-up first provider during installation.

  2. Create one or more tenants. Refer to Adding a Tenant to add tenants.

  3. Create users. Refer to Adding Users to create users.

  4. Set up remote authentication. Refer to Remote Authentication and Authorization section to set-up remote authentication.

Adding Harmony Apps

  1. Install any additional apps, if needed.

  2. Update installed apps. Refer to Harmony Apps documentation available at installapp to install or update the apps.

Registering Thunder Devices

  1. Add cluster and devices

  2. Register Thunder devices

Registering Thunder Devices Behind a Firewall

In order for Thunder devices behind a firewall to be able to connect to Harmony, the Ingress port 25500 must be opened on Harmony, in SaaS deployments.

For registration of Thunder devices to Harmony to succeed, devices should be registered through CLI option using (Note: The parameter ‘tunnel’ should be set to enable):

harmony-controller profile
host controller.example.com use-mgmt-port
provider root
user-name user@company.com
password encrypted pwl23ABCDefgh (The password is displayed as an encrypted text)
region India
availability-zone Bangalore
tunnel enable

SaaS tunnel support is supported for all the modes of Thunder i.e. standalone device, HA and VCS.

In VCS mode, tunnel parameter needs to be enabled only in the Master and the same will be pushed to all the blades. In HA, the tunnel parameter needs to be enabled in each device individually.

To check the tunnel status we can use use:

show harmony-controller status

or a new command for ACOS 5.2 and higher:

sh harmony-controller tunnel-stats

Registering Thunder Devices within the Firewall

In order for Thunder devices outside the firewall, devices should be registered using the User Interface and refer to Provisioning the Cluster.

  1. Provision cluster partitions to tenants and name the Logical Partitions.

  2. Scan configuration behavior and Cluster Partition assignments.

  3. Re-assign of Logical Partition. Refer to the Infrastructure documentation available at add_devices to set-up the infrastructure.

The analytics or data is displayed when the mapping is synced with the devices successfully.