Blue Coat Systems Blue Coat Systems SG Appliance manual To view the fingerprint of the key

Page 11

Chapter 2: Monitoring the SG Appliance

Setting up Director and SG Appliance Communication

Director and the SG appliance use SSHv2 as the default communication mode. SSHv1 is not supported.

For Director to successfully manage multiple appliances, it must be able to communicate with an appliance using SSH/RSA and the Director’s public key must be configured on each system that Director manages.

When doing initial setup of the SG appliance from Director, Director connects to the device using the authentication method established on the device: SSH with simple authentication or SSH/RSA. SSH/RSA is preferred, and must also be set up on Director before connecting to the SG appliance.

Director can create an RSA keypair for an SG appliance to allow connections. However, for full functionality, Director’s public key must be configured on each appliance. You can configure the key on the system using the following two methods:

Use Director to create and push the key.

Use the import-director-client-keyCLI command from the SG appliance.

Using Director to create and push client keys is the recommended method. The CLI command is provided for reference.

Complete the following steps to put Director’s public key on the SG appliance using the CLI of the appliance. You must complete this procedure from the CLI. The Management Console is not available.

Note: For information on creating and pushing a SSH keypair on Director, refer to the Blue Coat Director Installation Guide.

Log in to the SG appliance you want to manage from Director.

1.From the (config) prompt, enter the ssh-console submode:

SGOS#(config) ssh-consoleSGOS#(config ssh-console)

2.Import Director’s key that was previously created on Director and copied to the clipboard.

Important: You must add the Director identification at the end of the client key. The example shows the username, IP address, and MAC address of Director. “Director” (without quotes) must be the username, allowing you access to passwords in clear text.

SGOS#(config services ssh-console) inline director-client-keyPaste client key here, end with "..." (three periods)

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAvJIXt1ZausE9qrcXem2IK/mC4dY8Cxxo1/ B8th4KvedFY33OByO/pvwcuchPZz+b1LETTY/zc3SL7jdVffq00KBN/ ir4zu7L2XT68ML20RWa9tXFedNmKl/iagI3/QZJ8T8zQM6o7WnBzTvMC/ ZElMZZddAE3yPCv9+s2TR/Ipk=director@10.25.36.47-2.00e0.8105.d46b

...

ok

To view the fingerprint of the key:

SGOS#(config sshd) view director-client-key clientID

jsmith@granite.example.com

83:C0:0D:57:CC:24:36:09:C3:42:B7:86:35:AC:D6:47

11

Image 11
Contents Blue Coat Systems SG Appliance Contact Information Contents Diagnostics Appendix a Glossary Index Volume 9 Managing the Blue Coat SG Appliance Document Conventions About Managing the SG ApplianceVolume 9 Managing the Blue Coat SG Appliance Automatically Registering the SG Appliance with Director Using Director to Manage SG SystemsTo register the appliance with a Director Related CLI Commands for Director RegistrationDirector Registration Requirements Registering the SG Appliance with DirectorTo view the fingerprint of the key Setting up Director and SG Appliance CommunicationTo view the system summary statistics Monitoring the System and DisksSystem Summary To delete a keyTo view the system environment statistics Viewing System Environment SensorsTo view disk status or take a disk offline Viewing Disk StatusTo view SSL accelerator cards Setting Up Event Logging and NotificationConfiguring Which Events to Log Viewing SSL Accelerator Card InformationEnabling Event Notification Setting Event Log SizeRelated CLI Commands for Setting the Event Logging Level Related CLI Commands to Set the Event Log SizeSyslog Event Monitoring To enable event notificationsRelated CLI Commands to Enable Event Notifications Related CLI Commands to Enable Syslog Monitoring Viewing Event Log Configuration and ContentViewing the Event Log Configuration To enable syslog monitoringViewing the Event Log Contents Enabling Snmp Configuring SnmpTo enable and configure Snmp Related CLI Commands to Enable and Configure SnmpTo set or change community strings Configuring Snmp Community StringsRelated CLI Commands for Enabling Snmp Traps Configuring Snmp TrapsTo enable Snmp traps Health Monitoring Requirements Configuring Health MonitoringAbout Health Monitoring About the Health Monitoring Metric TypesAbout License Expiration Metrics Health Monitoring ExampleAbout the Licensing Metrics About Health Monitoring NotificationAbout the General Metrics Metric Threshold States and Corresponding Values About the Status MetricsTo change the threshold and notification properties Changing Threshold and Notification PropertiesGetting a Quick View of the SG Appliance Health To review the health monitoring statistics Viewing Health Monitoring StatisticsRelated CLI Syntax to View Health Monitoring Statistics TroubleshootingVolume 9 Managing the Blue Coat SG Appliance To restart the SG appliance Restarting the SG ApplianceHardware and Software Restart Options Restore-Defaults Restoring System DefaultsKeep-Console Factory-DefaultsTo clear the DNS cache To restore system defaultsClearing the DNS Cache Clearing the Object CacheUpgrading the SG Appliance Troubleshooting TipClearing the Byte Cache Clearing Trend StatisticsTo upgrade the SG appliance SG Appliance 5.x Version UpgradeRelated CLI Syntax to Upgrade the Sgos Software To view details for an Sgos system version To view Sgos system replacement optionsManaging SG Appliance Systems To set the SG appliance to run on the next hardware restart Setting the Default Boot SystemExample Session To unlock a system Locking and Unlocking SG Appliance SystemsReplacing an SG Appliance System To lock a systemTo delete a system Deleting an SG Appliance SystemDisk Reinitialization Multi-Disk SG AppliancesTo delete multiple objects from the SG appliance Single-Disk SG ApplianceDeleting Objects from the SG Appliance To delete a single object from the SG applianceDiagnostics To send service information automatically Diagnostic Reporting Service InformationSending Service Information Automatically To manage bandwidth for service information Managing the Bandwidth for Service InformationRelated CLI Syntax to Send Service Information To send service information Configure Service Information SettingsSGOS#diagnostics service-info subcommands To edit an existing snapshot job Creating and Editing Snapshot JobsTo create a new snapshot job Related CLI Syntax to Edit an Existing Snapshot Job Following subcommands are availableCommon Pcap Filter Expressions Packet Capturing the Job UtilityPcap File Name Format Using Filter Expressions in the CLI Configuring Packet CapturingTo enable, stop, and download packet captures Diagnostics Viewing Current Packet Capture Data Related CLI Syntax to Define Packet Capturing SettingsTo view current packet capture statistics To configure core image restart optionsCore Image Restart Options Uploading Packet Capture DataRelated CLI Syntax to Manage Heartbeats and Monitoring Diagnostic Reporting HeartbeatsTo set daily heartbeats and/or Blue Coat monitoring Related CLI Syntax to Configure and View CPU Monitoring Diagnostic Reporting CPU MonitoringTo configure and view CPU monitoring Volume 9 Managing the Blue Coat SG Appliance Selecting the Graph Scale StatisticsTraffic Mix Viewing Traffic Distribution StatisticsAbout Bypassed Bytes Understanding Chart DataRefreshing the Data To view bandwidth usage or gain statistics About the Default Service StatisticsViewing Bandwidth Usage or Gain To view client and server byte statistics Viewing Client Byte and Server Byte Traffic DistributionViewing Traffic History Supported Proxy Types and Services Unsupported Proxy Types To view client and server byte or bandwidth gain statistics Viewing the ADN HistoryViewing Bandwidth Management Statistics Viewing Protocol StatisticsSSL History To view CPU utilization Viewing System StatisticsResources Statistics Viewing CPU UtilizationTo view concurrent users Viewing Concurrent UsersTo view memory use statistics Viewing Disk Use StatisticsViewing Memory Use Statistics To view disk use statisticsTo view data allocation statistics Viewing Data Allocation Statistics in RAM and on DiskContents Statistics To view the event log Event Logging StatisticsTo view failover statistics Failover StatisticsActive Sessions-Viewing Per-Connection Statistics To view proxied sessions Analyzing Proxied SessionsViewing Proxied Sessions About the Proxied Sessions StatisticsProvided. See Viewing Sessions with Multiple Connections on Cache Hit Is unavailable if the content is non-cacheable or for Cifs Viewing Sessions with Multiple Connections Using the Tool TipsAbout MMS Streaming Connections MMS Understanding the Tree ViewAbout the Byte Totals What Is Not DisplayedFiltering the Display Analyzing Bypassed Connections Statistics Viewing Html and XML Views of Proxied Sessions DataTo view bypassed connections Viewing Bypassed ConnectionsAbout the Bypassed Connection Statistics 14. Filter Drop-Down List Viewing Health Check Statistics Viewing the Access LogViewing Html and XML Views of Bypassed Connections Data Viewing Health Monitoring StatisticsUsing the CLI show Command to View Statistics Statistics Volume 9 Managing the Blue Coat SG Appliance Appendix a Glossary URL Appendix a Glossary Drtr Icmp Volume 9 Managing the Blue Coat SG Appliance MACH5 MIB NTP 100 Network Tunneling tab 102 103 104 Index 106 Snmp 108