Getting Started
Unpacking and Setting up the system
See the Appliance Quick Start guide to get your system set up and ready to use.Accessing the ET/BWMGR GUI
You can access the Graphical User Interface by accessing the system via HTTP on the default address (http://192.168.0.100 by default). If you've set up a host name for the system, you can access it via the base root address.. The GUI is described in the V8 Gui Manual. It’s strongly recommended that you fully read this manual before starting with the GUI so you understand how things work. The GUI is a tool but you should also know what the GUI is doing so you’re not completely lost when you have problems or encounter a bug.Starting the ET/BWMGR
The default method for starting the BWMGR is to run it at boot time by enabling it in the Services Tab (as outlined in the Quick Start Guide). However it’s useful to understand how the startup system works and how you can start and stop the bwmgr manually.To start at boot, the bwmgr_enable variable must be set in /etc/rc.conf.
bwmgr_enable=“YES”This will start the bwmgr service (defined in /usr/local/etc/rc.d/bwmgr) by running bwmgrStarup, which runs the startup script that has all of the rules (/etc/rc.bwmgr).You can also start the service manually using the service command:
service bwmgr startNote that this will also run bwmgrStartup. You don’t usually want to rerun all of your rules, so there’s little reason to start the bwmgr this way. You could also run bwmgrStartup manually.If you just want to stop the bwmgr for 1 reason or anther, you can use the bwmgr utility:
# bwmgr stopand then restart it again#bwmgr startWhen you install a new license you may need to start is manually. Also, if your license isn’t working, you need to start it manually with the bwmgr utility to get an error code to determin what’s wrong.Using the CLI (Command-Line Interface)
Many common tasks can be done using the GUI, but the bwmgr utility allows you to do more things and also to get an understanding of what you are actually doing. It’s not a bad idea to learn to add simple rules with the GUI before using the GUI so you’ll have a better understanding of how the rules work. Rules in the startup script (/etc/rc.bwmgr) are stored in CLI format, so if you understand how rules are supposed to look to can better fine errors and to fix things that change with you upgrade the system.Accessing the System with a Terminal
The GUI has an integrated terminal app where you can enter command line command via your browser. Alternatively you can use Telnet or SSH to access the system from a remote terminalThe terminal app that runs in the browser is ttyd and it’s started in the /etc/rc.local file.
#!/bin/sh
/usr/local/bin/ttyd -t rendererType=canvas -p 8080 -t fontSize=20 login&The default port is 8080 and there are other options as well. You can change these options to your liking. Note that the terminal runs intependently of the GUI as well as a component of the GUI. You can access a terminal fro m a browser on the port it’s running on; so make sure you have the port properly firewalled from users outside your network. By default you can access the terminal with http://192.168.0.100:8080.
You can also access the system via Telnet or SSH via a terminal app on a remote system.
To Change the Root or Admin Password:
# passwd root
# passwd adminTo Change the GUI Password
# bwmgr guipassword USER NEWPASSWORDSecuring the System
Once you have the machine configured, it's a good idea to restrict access to server ports, such as Telnet, SSH, and the ET/BWMGR and ET/Admin GUI.System Backups
Setting up the Hard Drive Backup System
On appliances with two or more drive bays, the additional drives can be used for backups. Looking at the front of the case, the main disk is always installed in the left-most drive bay, and the first backup disk immediately to the right. Disks are numbered from left to right. On a newly purchased appliance, any backup disks will have a copy of the main disk as it was shipped. The backup task is not enabled by default on new appliances. You must enable the scheduled task that backs up the contents of the main disk to the backup disk(s).Enabling/Configuring the Hard Drive Backup
To enable automatic backups, edit /etc/crontab to include a line that runs diskutil. On current systems running FreeBSD 9.1, the first backup disk will be named "ada1".in which case you should change DISK to the name of your second drive, which is typically named ada1. You can double-check this with the diskutil list command:/usr/local/bin/diskutil backup ada1 fullThe entry may also readdiskutil backup DISK full
#diskutil listada0 (Root): [152627 MB] WDC WD1600AAJS-08B4A0/01.03A01> Serial ATA II
ada1 [152627 MB] WDC WD1600AAJS-00YZCA0/01.03B01> Serial ATA II
To change the status or configure the time(s) at which the backup occurs, edit /etc/crontab
Diskutil crontab
To enable the backup, remove the hashtab (comment indicator) at the beginning of the line. The first 2 entries are minutes and hours. So the setting above would enable a backup at 2:10 AM.It's a good idea to check the first time to make sure it works. Just mount the backup disk and look at a log file like /var/log/messages to see when the update occurred.The backup utility will not run until the corresponding job is enabled.
Preparing a new Backup Disk
Appliances are shipped with a working mirror backup drive. To prepare a new drive:diskutil ada1 build
diskutil ada1 backup
bwmgr_license register-backup
bwmgr_license check-backupWhat to do if your main Hard Drive Fails
If your main disk fails, then you can switch to a backup disk.- Halt and power-down the appliance, if it is not already powered off.
- Remove the main drive. Appliances will typically have a button-and-lever release on the front of the drive bay that will allow the drive to be removed. First press the button, and the lever should be released. Unfold the lever before sliding the drive out.
- Remove the spare drive, using the same procedure.
- Insert the spare drive into the primary drive bay, using the lever to lock it into place.
- Boot the appliance.
Initializing a new backup hard drive
If you have an older appliance has IDE disks, then you must power-off the appliance before installing the replacement drive. SATA drives, with the exception of the Root drive, can be installed while the appliance is running. Once you have installed the backup drive, run the following command as the "root" user, using the the target disk name. Run "diskutil list" to show the available drives if you are unsure which disk name to use. Our example shows the typical name "ada1".#diskutil listada0 (Root): [152627 MB] WDC WD1600AAJS-08B4A0/01.03A01> Serial ATA II
ada1 [152627 MB] WDC WD1600AAJS-00YZCA0/01.03B01> Serial ATA II
#diskutil build ada1
This will partition and format the backup disk.
Backing up your Database
If you don't have a dual disk system, it's prudent to back up your database. Database crashes are a common occurranceUsing Bypass/Failover Cards
Almost all appliances sold by Emerging Technologies have a hardware bypass (AKA Failover) card installed. During normal system operation, when the unit is powered on, has booted successfully, and the ET/BWMGR has started, the Failover ports act as normal network ports. If the system loses power or crashes, the ports will enter bypass mode, in which the ports are connected physically as with a cross-over coupler. This will enable traffic to pass unrestricted through the failover ports.You can also manually take the system offline to do maintenance, using the ET/BWMGR GUI. Click on the "Bypass" tab, and click on Close, which will bypass the failover ports. It is also recommended you take the unit offline in this manner before performing system upgrades.
Appliances are shipped with bypass function disabled; the system should be set up with bypass closed. Traffic should pass with the system powered down and with the system powered up and the bypass closed. When setting up the system, you can open the bypass manually in the GUI and the links should come up; if bridges are set up traffic should pass. You need to test that the connection re-establishes when you close the bypass; when the bypass is closed, the 2 switches or routers connected to the BWMGR have to re-establish a link. the BYPASS hardware does add quite a bit of capacitance to the line (likely out of spec), so you have to make sure you have switches and wires that will work. Sometimes a long or poor quality wire will not be able to connect when the bypass card is in the circuit.
Enabling the bypassd daemon
Systems are shipped with the bypass daemon disabled to give you an opportunity to set up the system. The bypass daemon is started in /etc/rc.local. When you're ready to put the system into production, you'll need to uncomment the line that enables it.# Open the bypass ports and start the watchdog#/usr/bwmgr/utils/bypassdRemove the # before the line with bypassd so that the daemon is run at boot. To run the daemon from the command line, simply run it.# bypassdOther Appliance Functions
Enabling SNMP
To enable SNMP, you must enable the daemon in your /etc/rc.conf startup configuration:bsnmpd_enable="YES"
bsnmpd_flags=""To verify that it's running, use the bsnmpwalk command:
serverA# bsnmpwalk
sysDescr.0 = etserver 1657590134 FreeBSD 9.1-RELEASE
sysObjectId.0 = begemotSnmpdAgentFreeBSD
sysUpTime.0 = 537
sysContact.0 = sysmeister@example.com
sysName.0 =serverA
sysLocation.0 = Room 200
sysServices.0 = 76
sysORLastChange.0 = 4
sysORID[1] = begemotSnmpdTransUdp
sysORID[2] = begemotSnmpdTransLsock
sysORID[3] = snmpMIB
...It should dump the entire default MIB to the screen.
For detailed information about configuring snmpd, please see the online manual.
Bandwidth Reports
Creating the "bwdata" table
Before you can use Bandwidth Reports, you must enable a secondary storage of stats information in the MySQL database. This allows for quick access to the required data for the applications that need it. You can create the necessary tables using the buildbwdata command, or by setting the value of Enable BWdata to "1" in the Settings tab of the GUI.Enabling bwdata storage
There are two ways to store data in bwdata.The first way is to run buildbwdata at intervals, for example, once every hour. This is very efficient, but the reports will lag up to 1 hour behind actual usage. This can be done by enabling a schedule task in "cron".
The second way is to enable storing of stats every time the stats are updated (every 5 minutes). Visit the "Settings" tab in the ET/BWMGR GUI, turn on the "Enable BWdata" setting, then click on "Save Settings".
Using SSL Encryption with the graphical interface:
If you are using a browser that supports secure connections via SSL, then you may wish to enable SSL in the web interface. Click on the "Admin" tab, then select the "Admin Configuration" icon. Select the "SSL Encryption" icon. Check the top box to enable SSL encryption, then click "save". You may have to log in to the ET/ADMIN again. Your browser may also pop up several notices about expired certificates. Accept the certificates and continue. Much like SSH, SSL encrypts the web traffic generated by the ET/ADMIN interface, including initial password authentication, and is recommended for all remote access. Please note that when connecting directly to the ET/ADMIN interface with SSL enabled, you must use the URI scheme "https://host.name:10000". Using the "http://" prefix (or no prefix) will not connect properly.Checking System Processes:
You can see a list of the active processes running on the system by connecting to the ET/ADMIN interface, selecting "System Functions," and then "Running Processes."Rebooting the System
From the ET/ADMIN main menu, select the "Admin" tab, then the "Bootup and Shutdown" icon. Clicking on "Shutdown" will halt the machine. To boot the machine after halting requires either a hard reset or "ctrl-alt-delete" from a keyboard. Clicking on "Reboot" will restart the machine. Both options will prompt for confirmation before actually bringing the system down.Post-Configuration Security
Once you have your system configured and running in a stable manner, there are a few simple steps you can and should take to ensure that only authorized users can access the system. These appliances are not meant to be accessable by the internet at large, except in specific cases (for example, those users running a web server and/or allowing their customers to view graphs.) The below examples assume the bandwidth manager has an address of 192.168.1110, and the machines allowed to connect are in the subnet 192.168.0/24 (netmask of 255.255.255.224).* Create firewall rule(s) that enable only your local net, or individual machines, access to your system. This rule should be created on the outside interface.
# bwmgr em2 -x 1000 -name IntAllow -fw -ipprot tcpconnect -saddr 192.168.1.0 -saddrmsk 255.255.255.224 -daddr 192.168.1.110* On your external (outside) interface, create a firewall rule that denies ALL access to the IP address of your system. Or, if you are using the Failover hardware, create this rule on the administrative port. Leave room in your ruleset to create specific allow rules if you have an employee who needs to work on the machine remotely, or to allow traffic to a specific port (80) in the event that you allow your customers to view their graphs.# bwmgr fxp0 -x 1500 -name DenyAll -fw -ipprot tcpconnect -daddr 207.252.1.110 -priority FW-Deny* Change the default passwords for admin, root, and the "admin" user in the ET/Admin GUI. This is less of a priority if you've already blocked external access to the machine, but it is still a good thing to do. If, for some reason, you do not block access to the bandwidth manager appliance, changing the passwords is an absolute requirement.Repairing a database
See TroubleshootingUsing the Demo/Installation USB Flash Drive
The USB Appliance Demo image allows you to boot your system and perform various functions, including repairing a hard drive crash, restoring files and even upgrading the base operating system on your drive. In the event of a physical drive failure, it can be used to rebuild a system using a blank hard drive, and load it with the latest release.Re-installing from the USB Demo requires an active auto-update subscription.If you received a USB stick with your appliance, it has a factory-fresh installation on it, ready for recovery. If you are using a new stick, or you wish to update the software on the existing stick, you can run a backup to the stick.
The first time you use a device, you will need to use the build command to create and format the required filesystems. If your device was previously used as a USB Demo, then you will want to run build, as the Demo image is artificially limited to 2GB, and running build will ensure full use of the device.#diskutil da0 build
Backup the appliance to the USB device:
#diskutil install da0
a 2GB or higher capacity stick is needed for use in this fashion, and a 4GB+ may be required for full backups on some systems with a large number of stats-enabled rules.