Configuration-Mode Commands

alarm enable

Enables the specified alarm.

Syntax

[no] alarm type enable

Parameters

type

The alarm type:

•autolicense_error: This alarm triggers on a virtual appliance when the Ivanti Licensing Portal cannot respond to a license request with valid licenses.

•autolicense_info: This alarm triggers if the Ivanti Licensing Portal has information regarding licenses for a virtual appliance.

•backup_generate_fail: This alarm triggers when the generation of a Services Director backup fails.

•backup_transfer_fail: This alarm triggers when the transfer of a generated Services Director backup fails.

•cpu_util_indiv: This alarm indicates whether the system has reached the CPU threshold for any of the CPUs in the system. If the system has reached the CPU threshold, check your settings. If your alarm thresholds are correct, reboot the appliance.

•flash_error: This alarm indicates that the system has detected an error with the flash drive hardware. At times, the USB flash drive that holds the system images might become unresponsive; the appliance continues to function normally. When this error triggers you cannot perform a software upgrade, as the appliance is unable to write a new upgrade image to the flash drive without first power cycling the system. To reboot the appliance, enter the reload command to automatically power cycle the appliance and restore the flash drive to its proper function.

•fs_mnt: This alarm indicates that one of the mounted partitions is full or almost full. The alarm is triggered when only 7% of free space is remaining.

•hardware: This alarm indicates the overall health of the hardware.

•ipmi: This alarm indicates that the system has detected an Intelligent Platform Management (IPMI) event. This alarm is not supported on all appliance models.

•license_expired: This alarm triggers if any feature has at least one license installed, but all of them are expired.

•license_expiring: This alarm triggers if one or more features is going to expire within two weeks. The license expiring and license expired alarms are triggered per feature; for example, if you install two license keys for a feature, LK1-FOOxxx (expired) and LK1-FOO-yyy (not expired), the alarms do not trigger, because the feature has one valid license.

•licensing: This alarm is the parent licensing alarm and triggers if any of the appliance_unlicensed alarms are active.

•link_duplex: This alarm is triggered when an interface was not configured for half-duplex negotiation but has negotiated half-duplex mode. Half-duplex significantly limits the optimization service results. This alarm is enabled by default.

•link_io_errors: This alarm is triggered when the link error rate exceeds 0.1% while either sending or receiving packets. This threshold is based on the observation that even a small link error rate reduces TCP throughput significantly. A properly configured LAN connection should experience very few errors. The alarm clears when the rate drops below 0.05%. This alarm is enabled by default.

•link_state:aux:half_duplex: Interface aux Half-Duplex.

•link_state:aux:io_errors: Interface aux Errors.

•link_state:aux:link_error: Interface aux Down.

•link_state:primary:half_duplex: Interface primary Half-Duplex.

•link_state:primary:io_errors: Interface primary Errors.

•link_state:primary:link_error: Interface primary Down.

•linkstate: This alarm indicates that the system has detected a link that is down. The system notifies you through SNMP traps, email, and alarm status. By default, this alarm is not enabled. The no alarm linkstate enable command disables the link state alarm.

•local_db_fail: Local Database Failure.

•local_ssc_fail: Local SSC Failure.

•master_password_fail: This alarm triggers when the Services Director is not running because the master password is corrupt/unavailable/waiting for user input.

•paging: This alarm indicates whether the system has reached the memory paging threshold. If 100 pages are swapped approximately every two hours the appliance is functioning properly. If thousands of pages are swapped every few minutes, then reboot the system. If rebooting does not solve the problem, contact Ivanti Support.

•peer_ssc_fail: Peer SSC Connectivity Failure.

•secure_vault: This alarm indicates a general secure vault error.

•secure_vault_unlocked: This alarm indicates whether the secure vault is unlocked. When the vault is unlocked, SSL traffic is not optimized and you cannot encrypt a data store.

•ssc_ha_event: hwCluster errors.

•ssl: This alarm indicates whether the system has detected an SSL error.

•sticky_staging_dir: This alarm indicates that the system has detected an error while trying to create a process dump.

•upgrade: This alarm indicates the status of an upgrade.

Usage Guidelines

Enabling alarms is optional.

The no command option disables all statistical alarms. The no alarm <type>enable command disables specific statistical alarms.

Examples

amnesiac # alarm hardware enable

Related Commands

alarm error-threshold

Sets a threshold to trigger an alarm.

Syntax

[no] alarm type error-threshold threshold-level

Parameters

type

See alarm enable for a complete listing and description of alarm types.

threshold-level

Specify the threshold level. The threshold level and possible values depend on the alarm type.

Usage Guidelines

The no version of the command resets the threshold to the default level.

Examples

amnesiac (config) # alarm cpu_util_indiv error-threshold 80

Related Commands

alarm rate-limit

Sets the alarm rate-limit values.

Syntax

alarm type rate-limit [email | snmp] term {long | medium | short} {count value | window duration-seconds}

Parameters

type

See alarm enable for a complete listing and description of alarm types.

Sets rules for email.

snmp

Sets rules for SNMP.

term

Sets the alarm event rate-limit term value. Valid choices are:

•long

•medium

•short

count value

Sets the count value. The default values are 50 (long), 20 (medium), and 5 (short).

window duration-seconds

Sets the duration of time, in seconds, that the window remains open. The default values are 604,800 (long), 86,400 (medium), and 3600 (short).

Usage Guidelines

There are three term values--long, medium, and short. Each has a window, which is a number of seconds, and a maximum count. If, for any term value, the number of alarm events exceeds the maximum count during the window, the corresponding email/SNMP notifications are not sent.

Examples

amnesiac (config) # alarm cpu_util_indiv rate-limit email term short window 30

Related Commands

alarms reset-all

Globally sets all alarms to their default settings.

Syntax

alarms reset-all

Usage Guidelines

Use this command to reset all the alarms to their default settings.

Examples

amnesiac (config) # alarms reset-all
All alarms reset to default settings

Related Commands

show alarm username password 7

arp

Creates static ARP entries in the ARP table.

Syntax

[no] arp ip-addr MAC-addr

Parameters

ip-addr

Specify the IP address of the appliance.

MAC-addr

Specify the MAC address.

Usage Guidelines

The no command option disables ARP static entries.

Examples

amnesiac (config) # arp 10.0.0.1 00:07:E9:55:10:09

Related Commands

show arp

authentication policy enable

Enables the authentication policy for account control.

Syntax

[no] authentication policy enable

Usage Guidelines

An authentication policy enables you to define a set of policies to enforce user login behavior and password strength. Passwords are mandatory when account control is enabled.

After you enable the authentication policy, the current passwords for all users expire. At the next login, each user is prompted to change their password, placing the new password under the account control authentication policy.

When account control is enabled and an administrator uses the username password 7 command, the password automatically expires. Because the encrypted password cannot be checked against the configured password policy, the user is prompted to change their password at login.

Examples

amnesiac (config) # authentication policy enable

Related Commands

authentication policy login max-failures

Sets the maximum number of unsuccessful login attempts before temporarily locking the user’s access to the appliance.

Syntax

[no] authentication policy login max-failures count [unlock-time seconds]

Parameters

count

Specify the maximum number of unsuccessful login attempts before a temporary account lockout.

unlock-time seconds

Specify the number of seconds the system waits before the user can log in again after an account lockout. If this optional parameter is not specified, the unlock time defaults to 300 seconds.

Usage Guidelines

The no authentication policy login max-failures command resets the maximum number of unsuccessful login attempts allowed to the default value, which is zero, indicating that the account lockout is disabled. This command takes no parameters.

Examples

amnesiac (config) # authentication policy login max-failures 3

Related Commands

show alarm

authentication policy password

Configures the authentication policy password settings for account control.

Syntax

[no] authentication policy password {change-days days | dictionary enable | difference count | expire days [warn] | length length | lock days | lower-case count | numeric count | repeat count | reuse-interval count | special count | upper-case count}

Parameters

change-days days

Specify the minimum number of days before which passwords cannot be changed.

dictionary enable

Prevents the use of any word found in the dictionary as a password.

difference count

Specify the minimum number of characters that must change between an old and new password. The default for the strong security template is 4.

If the authentication policy password difference <count> value is set to a value greater than zero, a non-administrator must specify the new and old passwords by entering the username password [old-password] command. Administrators are never required to enter an old password when changing an account password.

expire days

Specify the number of days the current password stays in effect. To set the password expiration to 24 hours, specify 0. To set the password expiration to 48 hours, specify 1. Specify a negative number to turn off password expiration.

length length

Specify the minimum password length. The default setting for the strong security template is 14 alphanumeric characters.

lock days

Specify the number of days before an account with an expired password locks.

lower-case count

Specify the minimum number of lowercase letters required in the password. The default for the strong security template is 1.

numeric count

Specify the minimum number of numeric characters required in the password. The default for the strong security template is 1.

repeat count

Specify the maximum number of times a character can occur consecutively.

reuse-interval count

Specify the number of password changes allowed before a password can be reused. The default for the strong security template is 5.

special count

Specify the minimum number of special characters required in the password. The default for the strong security template is 1.

upper-case count

Specify the minimum number of uppercase letters required in the password. The default for the strong security template is 1.

Usage Guidelines

Passwords are mandatory when account control is enabled. Passwords for all users expire as soon as account control is enabled. This behavior forces the user to create a new password that follows the password characteristics defined in the password policy.

Empty passwords are not allowed when account control is enabled.

Examples

amnesiac (config) # authentication policy password expire 60 warn 3

Related Commands

authentication policy template, username password, username password 7, show alarm

authentication policy template

Specify the authentication policy template for password policy configuration.

Syntax

authentication policy template {strong | basic}

Parameters

strong

Specifies the strong security policy template.

basic

Specifies the basic security policy template.

Usage Guidelines

The authentication policy template strong command sets the password policy to more stringent enforcement settings. Selecting this template automatically pre-populates the password policy with stricter settings commonly required by higher security standards, such as for the Department of Defense.

To remove the strong security template and return to the basic password policy, use the authentication policy template basic command.

When account control is enabled for the first time, the password policy is set to the basic template.

Examples

amnesiac (config) # authentication policy template strong

amnesiac # show authentication policy
Authentication policy enabled: yes
Maximum unsuccessful logins before account lockout: 3
Wait before account unlock: 300 Seconds
Minimum password length: 14
Minimum upper case characters in password: 1
Minimum lower case characters in password: 1
Minimum numerical characters in password: 1
Minimum special characters in password: 1
Minimum interval for password reuse: 5
Minimum characters diff for password change: 4
Prevent dictionary words in password: yes
User passwords expire: 60 days
Warn user of an expiring password: 7 days before
User accounts with expired passwords lock: 305 days

amnesiac (config) # authentication policy template basic

amnesiac # show authentication policy
Authentication policy enabled: yes
Maximum unsuccessful logins before account lockout: none
Wait before account unlock: 300 Seconds
Minimum password length: 6
Minimum upper case characters in password: 0
Minimum lower case characters in password: 0
Minimum numerical characters in password: 0
Minimum special characters in password: 0
Minimum interval for password reuse: 0
Minimum characters diff for password change: 0
Prevent dictionary words in password: yes
User passwords expire: never
Warn user of an expiring password: 7 days before
User accounts with expired passwords lock: never

Related Commands

show alarm

authentication policy user lock never

Configures the user account lock settings for account control management.

Syntax

[no] authentication policy user username lock never

Parameters

username

Specify the user login: admin, monitor, or shark.

Usage Guidelines

0 password

Specify a bootloader password in clear text.

7 password

Specify a bootloader password with an encrypted string. The encrypted string is the hash of the clear text password and is 35 bytes long. The first 3 bytes indicate the hash algorithm and the next 32 bytes are the hash values.

Examples

amnesiac (config) # boot bootloader password 0 182roy
amnesiac (config) # boot bootloader password 7 $1$qyP/PKii$2v9FOFcXB5a3emuvLKO3M

Related Commands

show images

boot system

Boots the specified partition the next time the system is rebooted.

Syntax

boot system partition

Parameters

partition

Specify the partition to boot: 1 or 2

Examples

amnesiac (config) # boot system 1

Related Commands

show images

cli clear-history

Clears the command history for the current user.

Syntax

cli clear-history

Examples

amnesiac (config) # cli clear-history

Related Commands

cli default auto-logout

Sets the keyboard inactivity time for automatic log out.

Syntax

[no] cli default auto-logout minutes

Parameters

minutes

Specify the number of minutes before log out occurs.

Usage Guidelines

To disable timeout:

cli default auto-logout 0

The no command option disables the automatic logout feature.

Examples

amnesiac (config) # cli default auto-logout 25

Related Commands

cli default paging enable

Sets the ability to view text one screen at a time.

Syntax

[no] cli default paging enable

Usage Guidelines

The no command option disables paging.

Examples

amnesiac (config) # cli default paging enable

Related Commands

cli session

Sets CLI options for the current session only.

Syntax

[no] cli session {auto-logout minutes | paging enable | terminal length lines | terminal type terminal_type | terminal width number-of-characters}

Parameters

auto-logout minutes

Sets the number of minutes before the CLI automatically logs out the user. The default value is 15 minutes. The no command option disables the automatic logout feature.

paging enable

Sets paging. With paging enabled, if there is too much text to fit on the page, the CLI prompts you for the next page of text. The no command option disables paging.

terminal length lines

Sets the terminal length. The no command option disables the terminal length.

terminal type terminal_type

Sets the terminal type. The no command option disables the terminal type.

terminal width number-of-characters

Sets the terminal width. The no command option disables the terminal width.

Usage Guidelines

The no command option disables CLI option settings.

Examples

amnesiac (config) # cli session auto-logout 20

Related Commands

clock timezone

Sets the current time zone.

Syntax

clock timezone zone

Parameters

zone

Specify the time zone name: Africa, America, Antarctica, Arctic, Asia, Atlantic_Ocean, Australia, Europe, GMT-offset, Indian_Ocean, Pacific_Ocean, UTC.

Usage Guidelines

The default value is GMT-offset.

Examples

Specify the location of the configuration file to download in URL, scp://, or ftp:// format.

filename

Create a new name for the configuration file.

Usage Guidelines

To copy one configuration file to another appliance:

•Fetch the configuration time from the remote:

configuration fetch <url-to-remote-config> <new-config-name>

•Activate the newly-fetched configuration

configuration switch-to <new-config-name>

Examples

amnesiac (config) # configuration fetch http://domain.com/westcoast newconfig
amnesiac (config) # configuration switch-to newconfig

Related Commands

configuration jump-start

Restarts a simple configuration wizard.

Syntax

configuration jump-start

Usage Guidelines

The configuration wizard lets you set five basic configuration parameters with a single command. Press Enter to accept the value displayed or enter a new value.

For a Services Director on the AWS platform, you can only set the hostname using the wizard.

Examples

*** Services Director on VMware and KVM ***

amnesiac (config) # configuration jump-start
Pulse Services Director configuration wizard.

Step 1: Hostname? [host-1234]
Step 2: Use DHCP on primary interface? [no]
Step 3: Primary IP address? [10.62.165.135]
Step 4: Netmask? [255.255.192.0]
Step 5: Default gateway? [10.62.128.1]

You have entered the following information:
1. Hostname: host-1234
2. Use DHCP on primary interface: no
3. Primary IP address: 10.62.165.135
4. Netmask: 255.255.192.0
5. Default gateway: 10.62.128.1

To change an answer, enter the step number to return to.
Otherwise hit <enter> to save changes and exit.
To continue setup, navigate your web browser to the address configured above

*** Services Director on AWS ***

amnesiac (config) # configuration jump-start
Pulse Services Director configuration wizard.

Step 1: Hostname? [host-5678]

You have entered the following information:
1. Hostname: host-5678

To change an answer, enter the step number to return to.
Otherwise hit <enter> to save changes and exit.
To continue setup, navigate your web browser to the address configured above

Related Commands

configuration merge

Merges common configuration settings from one system to another.

Syntax

configuration merge filename new-config-name

Parameters

filename

Name of file from which to merge settings.

new-config-name

Specify the new configuration name.

Usage Guidelines

configuration switch-to

Loads a new configuration file and makes it the active configuration.

Syntax

configuration switch-to filename

Parameters

filename

Specify the filename. The default filenames are:

•initial: Specify the initial configuration.

•initial.bak: Specify the initial backup configuration.

•cold: Specify the configuration file before SDR has occurred.

•working: Specify the current configuration.

Examples

amnesiac (config) # configuration switch-to westcoast

Related Commands

configuration upload

Uploads the configuration file.

Syntax

configuration upload filename http,-ftp,-or-scp-URL-(e.g.-scp://username:password@host/path) | [active]

Parameters

filename

Specify the configuration filename.

http,-ftp,-or-scp-URL-(e.g.-scp://username:password@host/path)

Specify the HTTP, FTP, or scp URL.

active

Sets the uploaded file to the active configuration file.

Examples

amnesiac (config) # configuration upload initial scp://test:MyPassword@example/tmp/

Related Commands

configuration write

Writes the current, active configuration file to memory.

Syntax

configuration write [to filename]

Parameters

to filename

Save the running configuration to a file.

Examples

amnesiac (config) # configuration write

Related Commands

debug generate dump

Generates a report you can use to diagnose misconfiguration in deployments.

Syntax

Parameters

full

Generate a full system dump.

brief

Generates a brief system dump.

rsp

Generate a full system dump, including VMware Server data.

stats

Generates a full system dump including .dat files.

all-logs

Generate a full system dump with .dat files and all logs.

blockstore

Generate a full system dump with .dat files, all logs, and blockstore phash.

blockstore-fifo

Generate a full system dump with .dat files, all logs, blockstore phash, and fifo.

upload url

Generate a full system dump upload to the specified URL.

Usage Guidelines

If the upload URL points to a directory on the upload server, you must specify the trailing slash "/". For example, "ftp://ftp.xxxxxxxx.com/incoming/" rather than "ftp://ftp.xxxxxxxx.com/incoming". The file name as it exists on the appliance is renamed to the file name specified in the URL.

After the dump generation, the upload is done in the background so you can exit the command-line interface without interrupting the upload process.

Examples

amnesiac (config) # debug generate dump brief
amnesiac (config) # debug generate dump upload ftp://ftp.xxxxxxxxx.com/incoming/

email autosupport enable

Enables automatic email notification of significant alarms and events to Ivanti Support.

Syntax

[no] email autosupport enable

The no command option disables the SMTP server.

Examples

amnesiac (config) # email mailhub mail-server.example.com

Related Commands

email mailhub-port

Sets the email port for email notifications.

Syntax

[no] email mailhub-port port

Parameters

port

Specify the email port for email notifications.

Usage Guidelines

The no command option disables the email port.

Examples

amnesiac (config) # email mailhub-port 135

Related Commands

email notify events enable

Enables email notification for events.

Syntax

[no] email notify events enable

Usage Guidelines

The no command option disables email notification.

Examples

amnesiac (config) # email notify events enable

Related Commands

email notify events recipient

Sets the email address for notification of events.

Syntax

[no] email notify events recipient email-addr

Parameters

email-addr

Specify the email address of the user to receive notification of events.

Usage Guidelines

The no command option disables email address for notification.

Examples

amnesiac (config) # email notify events recipient [email protected]
amnesiac (config) # email notify events recipient [email protected]

Related Commands

email notify failures enable

Enables email notification of system failures, such as core dumps.

Syntax

[no] email notify failures enable

Usage Guidelines

The no command option disables email notification.

Examples

amnesiac (config) # email notify failures enable

Related Commands

email notify failures recipient

Enables email notification of system failures, such as core dumps.

Syntax

[no] email notify failures recipient email-addr

Parameters

recipient email-addr

Specify the email address of the user to receive notification of failures.

Usage Guidelines

The no command option disables email notification.

You must enter separate commands for each email address. Each command line accepts only one email address.

Examples

amnesiac (config) # email notify failures recipient [email protected]

Related Commands

email send-test

Sends a test email to all configured event and failure recipients.

Syntax

email send-test

Usage Guidelines

You can also access this command from enable mode.

Examples

amnesiac (config) # email send-test

Related Commands

events max-age

Sets the maximum age for keeping history events.

Syntax

events max-age period

Parameters

period

Specify the time period to keep events:

•minute: Specifies one minute.

•hour: Specifies one hour.

•day: Specifies one day.

•week: Specifies one week.

•month: Specifies one month.

•year: Specifies one year.

•decade: Specifies ten years.

Examples

amnesiac (config) # events max-age month

Related Commands

events reset

Resets the history daemon and drop-event history tables.

filename

Specify the filename.

ftp, or scp URL (e.g.scp://username:password@host/path)

Specify the FTP or scp URL.

Examples

amnesiac (config) # file debug-dump upload mydebug.txt

scp://me:[email protected]/mypath

Related Commands

file process-dump delete

Deletes the specified crash dump file.

Syntax

file process-dump delete filename

Parameters

filename

Specify the filename.

Examples

amnesiac (config) # file process-dump delete mycrash.txt

Related Commands

file process-dump upload

Uploads the specified crash dump file.

Syntax

file process-dump upload filename {https,-http,-ftp,-or-scp-URL:-scp://username:password@hostname/path/filename | case-number}

Parameters

filename

Specify the filename.

https,-http,-ftp, or -scp URL: scp://username:password@hostname/path/filename

Specify the URL.

case-number

Specify the customer case number. The case number is a convenient and intuitive method to upload a crash dump file to Ivanti Technical Support without using a URL. Ivanti Technical Support recommends using a case number. The case number is a numeric string.

Examples

amnesiac (config) # file process-dump

upload mycrash.txt scp://mylogin:mypassword@myhostname/path/filename
amnesiac (config) # file process-dump upload mycrash.txt 194170

Related Commands

show images, show host-label

fips enable

Enables FIPS mode.

Syntax

[no] fips enable

Usage Guidelines

FIPS is a publicly announced set of validation standards developed by the United States National Institute of Standards and Technology (NIST) for use by government agencies and by government contractors.

FIPS 140-2 is a technical and worldwide standard for the implementation of cryptographic modules. FIPS validation makes the appliance more suitable for use with government agencies that have formal policies requiring use of FIPS 140-2 validated cryptographic software.

To achieve FIPS compliance on a Ivanti appliance, you must run a software version that includes the Riverbed Cryptographic Security Module (RCSM) v1.0, configure the system to run in FIPS operation mode, and adjust the configuration of any features that are not FIPS compliant.

The RCSM is validated to meet FIPS 140-2 Level 1 requirements. Unlike FIPS 140-2 Level 2 validation, which requires physical security mechanisms, Level 1 validates the software only.

For more information on the FIPS implementation, see the FIPS Administrator’s Guide.

Examples

Parameters

name

Specify the name of the host label.

•Host labels are case sensitive and can be any string consisting of letters, the underscore ( _ ), or the hyphen ( - ). There cannot be spaces in host labels. There is no limit on the number of host labels you can configure.

•To avoid confusion, do not use a number for a host label.

•Host labels that are used in QoS rules cannot be deleted.

•Host label changes (that is, adding and removing hostnames inside a label) are applied immediately by the rules that use the host labels that you have modified.

hostname hostname,-.-.-.

Specify a hostname or a comma-separated list of hostnames.

•Hostnames are case insensitive.

•You can configure a maximum of 100 unique hostnames across all host labels.

•A maximum of 64 subnets and hostnames per host label is allowed.

subnet X.X.X.X/XX,. . .

Specify an IPv4 subnet for the specified host label or a comma-separated list of IPv4 subnets. Use the format X.X.X.X/XX.

Usage Guidelines

Host labels are names given to lists of hosts (IP addresses, IP subnets, and hostnames) that you can specify to match the source and destination network when configuring QoS rules. For example, you can specify host labels to define a set of hosts for which QoS classification and QoS marking rules apply. You can configure a mixture of subnets and hostnames for each label. A maximum of 64 subnets and hostnames per host label is allowed. You can configure a maximum of 100 unique hostnames across all host labels.

Hostnames referenced in a host label are automatically resolved through a DNS. The system resolves them immediately after you add a new host label or after you edit an existing host label. The system also automatically re-resolves hostnames daily. If you want to resolve a hostname immediately, use the resolve host-labels command.

Examples

amnesiac (config) # host-label test hostname xxxxxxxx.com,example.com subnet 192.168.0.1/32, 192.168.0.2/32,10.0.0.0/8
amnesiac (config) # qos basic classification global-app add global-app-name MyGlobalApp class-name Realtime vlan 1 traffic all srcport 123 srcnet test

Related Commands

hostname

Sets the hostname for this system.

Syntax

[no] hostname hostname

Parameters

hostname

Specify the hostname. Do not include the domain name.

Usage Guidelines

You cannot change the IP address of a Services Director when:

•the Services Director VA is running the Setup Wizard.

•the Services Director is already part of an HA pair.

The no command option removes the hostname for this appliance.

Examples

amnesiac (config) # hostname park

Related Commands

show hosts

image boot

Boots the specified system image by default.

Syntax

image boot partition

Parameters

partition

Specify the partition to boot: 1 or 2.

Examples

amnesiac (config) # image boot 1

Related Commands

show version

interface

Configures system interfaces.

Syntax

[no] interface interfacename options

Parameters

interfacename

Specify the interface name: lo, aux, lan0_0, wan0_0, primary, in-path0_0. The interface name varies according to the Ivanti product your are configuring. For example: primary, aux. For details, see the CLI online help.

options

Each interface has the following configuration options:

•arp: Adds static entries to the ARP cache - Configure the string of this interface.

•dhcp renew: Enables DHCP on the interface or renews DHCP. Setting DHCP on the auxiliary interface only provides an IP lease, and does not update the gateway, routes, and DNS settings.

•dhcp dynamicdns: Enables DHCP hostname registration with dynamic DNS.

•duplex speed: Specify the duplex speed: auto, full, half. The default value is auto.

•ip address ipaddr netmask: Specify the IP address and netmask for the interface.

•ipv6 address ipv6addr prefix-length: Specify the IPv6 address and prefix length for the interface. Your appliance can have both an IPv4 address and an IPv6 address. You can only configure one IPv6 address per in-path interface. For example:

amnesiac (config) # interface primary ipv6 address 2001:38dc:52::e9a4:c5:6282 64

•mtu speed: Specify the MTU. The MTU is set on the in-path interface; it propagates automatically to the LAN and the WAN. The no command option disables the MTU setting. The default value is 1500.

•shutdown: Shuts down the interface.

•speed speed: Specify the speed for the interface: auto, 10, 100, 1000. The default value is 100.

Usage Guidelines

You cannot change the IP address of a Services Director when:

•the Services Director VA is running the Setup Wizard.

•the Services Director is already part of an HA pair.

The no command option disables the interface settings.

Examples

amnesiac (config) # no interface inpath0_0 fail-to-bypass enable

Related Commands

show interfaces

ip default-gateway

Sets the default gateway for the appliance.

Syntax

[no] ip default-gateway ip-addr

Parameters

ip-addr

Specify the IP address of the management interface.

Usage Guidelines

interface

Specify the interface.

ipv6-address

Specify the IPv6 address of the in-path gateway.

Usage Guidelines

Support for IPv6 is enabled by default. The no command option deletes the in-path default gateway for IPv6 routing.

Examples

amnesiac (config) # ipv6 in-path-gateway inpath0_0 2001:38dc:52::e9a4:c5:6282

Related Commands

ipv6 route, ipv6 default-gateway

ipv6 route

Adds IPv6 routes in addition to the default gateway, if needed.

Syntax

[no] ipv6 route IPv6-destination prefix-length gateway

Parameters

IPv6-destination

Specify the IPv6 address.

prefix-length

Specify the IPv6 prefix length.

gateway

Specify the IPv6 address of the gateway.

Usage Guidelines

Support for IPv6 is enabled by default. The no command option removes the specified IPv6 route.

Examples

amnesiac (config) # ipv6 route 2001:38dc:52::e9a4:c5:6282 64 2001:38dc:52::1

Related Commands

show email, ipv6 default-gateway

ip name-server

Adds a DNS name server.

Syntax

[no] ip name-server ip-addr

Parameters

ip-addr

Specify the name server IP address.

Usage Guidelines

The no command option removes a DNS name server.

Examples

amnesiac (config) # ip name-server 10.10.10.1

Related Commands

show hosts

ip route

Adds a static route.

Syntax

[no] ip route network-prefix netmask netmask-length next-hop-ip-addr

Parameters

network-prefix

Specify the network prefix.

netmask

Specify the netmask. For example: 255.255.255.0

netmask-length

Specify the netmask length. For example: /24

next-hop-ip-addr

Specify the next hop IP address.

Usage Guidelines

The no command option disables the static route. If no ip route is run with only a network prefix and mask, it deletes all routes for that prefix.

Examples

amnesiac (config) # ip route 192 193.166.0/24 10.10.10.1

Related Commands

job command

Schedules CLI command execution for a specified time in the future.

Syntax

[no] job job-id command sequence-# "cli-command"

Parameters

job-id

Specify the job identification number.

sequence-#

Specify the sequence number for job execution. The sequence number is an integer that controls the order in which a CLI command is executed. CLI commands are executed from the smallest to the largest sequence number.

"cli-command"

Specify the CLI command. Enclose the command in double-quotes.

Usage Guidelines

A job includes a set of CLI commands and a time when the job runs. Jobs are run one time only, but they can be reused.

Any number of CLI commands can be specified with a job and are executed in an order specified by sequence numbers. If a CLI command in the sequence fails, no further commands in the job are executed. A job can have an empty set of CLI commands.

The output of all commands executed are viewable after job execution by running the show job <job-id> command. The output of each job is only available for the last run; it is re-written upon each execution.

The job output and any error messages are saved. Jobs can be canceled and rescheduled.

The no job <job-id> command <sequence #> command option deletes the CLI command from the job.

The no job <job-id> command option removes all statistics associated with the specified job. If the job has not executed, the timer event is canceled. If the job was executed, the results are deleted along with the job statistics.

Examples

amnesiac (config) # job 10 command 1 "show info"
amnesiac (config) # job 10 command 2 "show connections"
amnesiac (config) # job 10 command 3 "show version"

Related Commands

show job, show jobs

job comment

Adds a comment to the job for display when show jobs is run.

Syntax

[no] job job-id comment "<comment>"

Parameters

job-id

Specify the job identification number.

comment "<comment>"

Specify the comment for the job. Enclose the description in double-quotes.

Usage Guidelines

The no command option deletes the comment.

Examples

amnesiac (config) # job 10 "comment this is a test"

Related Commands

show job, show jobs

job date-time

Sets the date and time for the job to execute.

Syntax

[no] job job-id date-time hh: mm: ss | yyyy/ mm/ dd

Parameters

job-id

Specify the job identification number.

hh: mm: ss

Specify the time for the job to execute.

yyyy/ mm/ dd

Specify the date for the job to execute.

Usage Guidelines

job-id

Specify the job identification number.

seconds

Specify how frequently the recurring job should execute.

Examples

amnesiac (config) # job 10 recurring 36000

Related Commands

show job, show jobs

license client fetch

Forces the license client to update immediately.

Syntax

license client fetch

Usage Guidelines

If there is a change in your account (such as if Ivanti has given you an extra license), and the change will be updated whenever the license client runs next, but you want to force it to run immediately, then you can use the license client fetch command.

Examples

amnesiac # license client fetch

license client init

Initializes the license client.

Syntax

license client init license-number

Parameters

license-number

Specify the license number.

Usage Guidelines

The license client communicates with the license server. It has two main functions:

Adds a license server.

Syntax

[no] license server hostname [port number] [priority number]

Parameters

hostname

Specify the hostname of the computer that contains the license server.

port number

Optionally, specify the port number on which the license server is listening. The default is port 80.

priority number

Specify the order in which the license server is added. 0 is the highest priority and 9 is the lowest priority. The default priority is 9.

Usage Guidelines

The license server provides licenses to Services Director.

The no command option deletes the license server specified.

The default license server is the server hosted at Ivanti headquarters.

The no license server <hostname> priority command resets the priority in which the specified license server is added to the default value (9 is the lowest priority).

The no license server <hostname> port command resets the license server port to the default port.

Examples

*** create license server, no feedback ***

amnesiac (config) # license server MyLicenseServer port 88 priority 1

*** list license servers to confirm creation***

amnesiac (config) # show license-servers
Server Name Port Priority

--------------- --------------- ---------------

MyLicenseServer 88 1

Related Commands

show licenses

logging

Adds a remote system log (syslog) server to the system.

Syntax

[no] logging ip-addr | [trap log-level]

Parameters

ip-addr

Specify the IP address for the syslog server.

trap log-level

Specify the trap log level of the syslog server:

•emerg: Emergency, the system is unusable.

•alert: Action must be taken immediately.

•critical: Critical conditions.

•err: Error conditions.

•warning: Warning conditions.

•notice: Normal but significant conditions, such as a configuration change. This is the default setting.

•info: Informational messages.

Usage Guidelines

Usage Guidelines

Examples

amnesiac (config) # logging files rotation criteria size 100

Related Commands

logging files rotation force

Rotates logs immediately.

Syntax

logging files rotation force

Usage Guidelines

Examples

amnesiac (config) # logging files rotation force

Related Commands

logging files rotation max-num

Sets the maximum number of log files to keep locally.

Syntax

logging files rotation max-num number

Parameters

number

Specify the number of log files to keep locally. The range is 1-100. The default value is 10.

Usage Guidelines

Examples

amnesiac (config) # logging files rotation max-num 10

Related Commands

logging filter

Sets the minimal level of messages arriving from the specified process to the local subsystem.

Syntax

logging filter process level

Parameters

process

Specify the application process:

•alarmd: Alarm control and management.

•cli: Command-Line Interface.

•mgmtd: Device control and management, which directs the entire device management system. It handles message passing between various management daemons, managing system configuration and general application of system configuration on the hardware underneath through the hald.

•hald: Hardware Abstraction Daemon, which handles access to the hardware.

•pm: Process Manager, which handles launching of internal system daemons and keeps them up and running.

•sched: Process Scheduler, which handles one-time scheduled events.

•rscored: REST Core Services.

•rstild: REST Translation Interface.

•ssc: Stingray Services Director.

•statsd: Statistics Collector, which handles queries and storage of system statistics.

•wdt: Watchdog Timer, the motherboard watchdog daemon.

•webasd: Web Application Process, which handles the Web user interface.

level

Specify the trap log level:

•emerg: Emergency, the system is unusable.

•alert: Action must be taken immediately.

•critical: Critical conditions.

•err: Error conditions.

•warning: Warning conditions.

•notice: (Default) Normal but significant conditions, such as a configuration change.

•info: Informational messages.

If you have set different log levels for each remote syslog server, this option changes all remote syslog servers to have a single log level.

Usage Guidelines

Use this command to capture data when a appliance is not able to sustain the flow of logging data that is being committed to disk.

This command overrides the logging local command. This command creates a global setting that controls all output, including remote hosts.

All CIFS protocol related messages are logged at level debug, and the remainder at the level notice.

All remote logging hosts (if defined) also log at logging trap setting and at the logging filter process.

The no logging filter all command deletes all filters.

Examples

amnesiac (config) # logging filter cli alert

Related Commands

logging local

Sets the minimum severity of log messages saved on the local syslog servers.

Syntax

[no] logging local log-level

Parameters

log-level

Specify the logging severity level. The follow severity levels are supported:

•emerg: Emergency, the system is unusable.

•alert: Action must be taken immediately.

•crit: Critical conditions.

•err: Error conditions.

•warning: Warning conditions.

•notice: (Default) Normal but significant conditions, such as a configuration change.

•info: Informational messages.

The default value is notice.

Usage Guidelines

The no command option sets the severity level for logging to none (no logs are sent).

Examples

amnesiac (config) # logging local notice

Related Commands

logging trap

Sets the minimum severity for messages sent to the remote syslog servers.

Syntax

[no] logging trap log-level

Parameters

log-level

Specify the logging severity level. The follow severity levels are supported:

•emerg: Emergency, the system is unusable.

•alert: Action must be taken immediately.

•crit: Critical conditions.

•err: Error conditions.

•warning: Warning conditions.

•notice: (Default) Normal but significant conditions, such as a configuration change.

•info: Informational messages.

Usage Guidelines

The no command option sets the severity level for logging to none.

Examples

amnesiac (config) # logging trap notice

Related Commands

ntp authentication trusted keys, ntp peer key, ntp server key, show ntp, show ntp authentication

ntp authentication

Configures the Network Time Protocol (NTP) authentication settings to authenticate NTP servers and peers.

Syntax

[no] ntp authentication key key-id secret {plaintext | 0 plaintext | 7 encrypted-string}

Parameters

key key-id

Specify the key identifier. The key ID values must be in the range 1 - 65534.

secret {plaintext | 0 plaintext | 7 encrypted-string}

Specify the shared secret parameter. Choose one of the following:

•plaintext: Specify a shared secret in plain text. This option is the same as the 0 <plaintext> option and is provided for backward compatibility.

•0 plaintext: Specify a shared secret in plain text.

•7 encryptedstring: Specify a shared secret with an encrypted string.

Usage Guidelines

The no version of the command removes NTP authentication settings.

NTP authentication involves three steps that you can perform in any order:

•Configure a key ID using the ntp authentication command.

•Add the configured key ID to the trusted keys list using the ntp authentication trusted-keys command.

•Configure the NTP server or peer with the key ID using the ntp server key or ntp peer key command.

Examples

amnesiac (config) # ntp authentication key 56732 secret zza419

Related Commands

ntp authentication trusted keys

Adds a configured key ID to the trusted keys list.

Syntax

[no] ntp authentication trustedkeys key-id [key id, ...]

Parameters

key key-id [key id, ...]

Specify the key identifier. The key ID values must be in the range 1 - 65534. You can specify multiple key IDs in the same list, separated by commas. When specifying multiple key IDs separated by commas, you must enclose them in quotes.

Usage Guidelines

Use this command to add the configured key ID to the trusted keys list.

The no command removes a key from the trusted key list.

•NTP authentication involves three steps that you can perform in any order:

[no] ntp peer hostname | ip-addr [ version number ]

Parameters

hostname | ip-addr

Specify the NTP peer hostname or IP address.

version number

Specify the NTP version number. You do not need to specify the version number for the no ntp server command.

Usage Guidelines

The no command option disables an NTP peer.

Examples

amnesiac (config) # ntp peer 10.10.10.1

Related Commands

show ntp, show ntp active-peers

ntp peer key

Configures an NTP peer with an authentication key ID.

Syntax

[no] ntp peer host-name | ip-addr key key-id

Parameters

hostname | ip-addr

Specify the NTP peer hostname or IP address.

key key-id [key id, ...]

Usage Guidelines

The no command option removes the authentication key from the NTP peer configuration.

[no] ntp server hostname | ip-addr key key-id

Parameters

hostname | ip-addr

Specify the hostname or IP address of the NTP server to authenticate.

key key-id

Specify the key identifier. The key ID values must be in the range 1 - 65534.

Usage Guidelines

The no version of the command removes the authentication key from the NTP server.

NTP authentication involves three steps that you can perform in any order:

•Configure a key ID using the ntp authentication command.

•Add the configured key ID to the trusted keys list using the ntp authentication trusted-keys command.

•Configure the NTP server or peer with the key ID using the ntp server key or ntp peer key command.

Examples

amnesiac (config) # ntp server companyserver key 56732

Related Commands

ntp authentication, ntp authentication trusted keys, ntp peer key, show ntp authentication

papi rest access_code import

Imports an existing REST access code.

Syntax

[no] papi rest access_code import desc description data data

Parameters

desc description

Describe how the access code will be used.

data data

Copy and enter the raw data output generated by the papi rest access_code generate command on a peer appliance.

Usage Guidelines

Use the papi rest access_code import command to import access codes generated by another appliance so that a client can use the same access code to communicate through the REST API to multiple appliances.

Examples

amnesiac (config) # papi rest access_code import desc cascadeflow data <data>

Related Commands

show papi rest access_codes

remote dhcp

Enables DHCP on the remote management port.

Syntax

remote dhcp

Examples

amnesiac (config) # remote dhcp

Related Commands

show remote ip

remote ip address

Manually sets the IP address of the remote management port.

Syntax

remote ip address ip-addr

Parameters

ip-addr

Specify the IP address to assign to the remote management port.

Usage Guidelines

Access to the appliance through the remote port requires the use of the IPMI tool utility. You can download a Linux version at http://sourceforge.net/projects/ipmitool/files/. You can obtain a Windows version of the IPMI tool on the Document CD that ships with your system or from Ivanti Support.

This utility must to be run on an administrator's system outside of the appliance to access the remote port functions. Check the man page for IPMItool for a full list of capabilities (although not all the commands are supported on RiOS hardware platforms).

To configure the remote management port:

•Physically connect the REMOTE port to the network. You cable the remote management port to the Ethernet network in the same manner as the Primary interface.

•Install the IPMItool on the client machine.

•Assuming the IP address is 192.168.100.100, the netmask is 255.255.255.0, and the default gateway is 192.168.100.1, assign an IP address to the remote management port:

amnesiac (config) # remote dhcp
- or -
amnesiac (config) # remote ip address 192.168.100.100
amnesiac (config) # remote ip netmask 255.255.255.0
amnesiac (config) # remote ip default-gateway 192.168.100.1

•Verify the IP address is set properly.

amnesiac (config) # show remote ip

Ping the new management IP address from a remote computer, and verify it replies.

To secure the remote port, assign a password to the port:

amnesiac (config) # remote password <newpassword>

Set the remote port bit-rate to match the current serial port bitrate. Typically, this value is 9.6.

amnesiac (config) # remote bitrate 9.6

[no] remote password password

Parameters

password

Specify the password to connect to the remote management port.

Usage Guidelines

To set a remote management port password:

•On the appliance, assign a password to the remote management port:

amnesiac (config) # remote password TestPassword

•Using the IPMItool on a remote computer, view the power status of the appliance. If you are using the Windows version of IPMItool, replace all references to ipmitool with ipmitool.exe.

ipmitool -H <remote port ip address> -P "testpassword" chassis power status

The displayed output should state Chassis Power is on.

You can download a Linux version at http://sourceforge.net/projects/ipmitool/files/. You can obtain a Windows version of the IPMI tool on the Document CD that ships with your system or from Ivanti Support.

Examples

amnesiac (config) # remote password TestPassword

Related Commands

show remote ip

resolve host-labels

Forces the system to resolve host labels immediately.

Syntax

resolve host-labels

Usage Guidelines

You can use the resolve host-labels command to force a resolve operation instead of waiting for the daily automatic resolve instance. Every time this command is executed, the next automatic resolve instance is reset to occur 24 hours later.

Examples

amnesiac # resolve host-labels

Related Commands

host-label, show host-label

secure-vault

Manages the secure vault password and unlocks the secure vault.

Syntax

secure vault new-password password | reset-password old-password | unlock password

Parameters

new-password password

Specify an initial or new password for the secure vault.

reset-password old-password

Specify the old secure vault password to reset it.

unlock password

Specify the current password to unlock the secure vault.

Usage Guidelines

The secure vault is an encrypted file system on the appliance where all SSL server settings, other certificates (the CA, peering trusts, and peering certificates) and the peering private key are stored. The secure vault protects your SSL private keys and certificates when the appliance is not powered on.

You can set a password for the secure vault. The password is used to unlock the secure vault when the appliance is powered on. After rebooting the appliance, SSL traffic is not optimized until the secure vault is unlocked with the unlock <password> parameter.

Data in the secure vault is always encrypted, whether or not you choose to set a password. The password is used only to unlock the secure vault.

To change the secure vault password:

•Reset the password with the reset-password <password> parameter.

•Specify a new password with the new-password <password> parameter.

Examples

amnesiac (config) # secure-vault unlock mypassword

show ssc access-profile

Displays details for a specified access profile. An access profile is used for vTM user authentication only.

Syntax

show ssc access-profile access-profile-name access-profile-name

Parameters

access-profile-name

Specify the name of the required access profile.

Examples

Related Commands

ssc access-profile add-perm-group, ssc access-profile create access-profile-name, ssc access-profile list, ssc access-profile remove-perm-group, ssc access-profile update access-profile-name

show ssc analytics-profile

Displays details for a specified analytics profile. This is used for vTM analytics purposes.

Syntax

show ssc analytics-profile id

Parameters

Specify a unique identifier for the analytics profile, either its tag or UUID.

Examples

Related Commands

ssc analytics-profile create, ssc analytics-profile delete, ssc analytics-profile list, ssc analytics-profile update

show ssc app-template

Displays details for a specified application template.

Syntax

show ssc app-template template-name template-id

Parameters

template-id

Specify a unique identifier for the application template, either its tag or UUID.

Examples

*** list all application templates ***

amnesiac (config) # ssc app-template list

+----------------------------+

| Templates |

+----------------------------+

| Http Service Template__1.0 |

+----------------------------+

*** show details for a specific application template ***
amnesiac (config) # show ssc app-template template-name "Http Service Template__1.0"

+-------------------+-----------------------------------------------------------...

| Field | Value

+-------------------+-----------------------------------------------------------...

| description | Load balance a http service

| required_features | [u'']

| children | None

| name | Http Service Template

| parameters | [

| | {

| | "name": "Specify the back-end nodes",

| | "parameters": [

| | {

| | "default": [

| | "127.0.0.1:80",

| | "127.0.0.2:80"

| | ],

| | "description": "Please enter the hostname and ...

| | "name": "pool_nodes",

| | "type": "array"

| | }

| | ]

| | },

| | {

| | "name": "Specify the service",

| | "parameters": [

| | {

| | "default": "Service Name",

| | "description": "A brief name to identify the ...

| | "name": "instance_name",

| | "type": "string"

| | },

| | {

| | "default": 80,

| | "description": "Please specify a port for the ...

| | "name": "public_port",

| | "type": "number"

| | }

| | ]

| | }

| | ]

| author | Nick Davidson and Paul Carroll

| min_vtm_version | 18.2

| version | 1.0

| date_created | 2019-03-13 14:13:04

| template_id | Http Service Template__1.0

+-------------------+-----------------------------------------------------------...

Related Commands

show ssc app-template-instance, ssc app-template import, ssc app-template list, ssc app-template-instance create, ssc app-template-instance list, ssc app-template-instance update

show ssc app-template-instance

Displays details for a specified application template instance.

Syntax

show ssc app-template-instance template-instance-name template_instance-id

Parameters

template_instance-id

Specify a unique identifier for the application template instance, either its tag or UUID.

Examples

*** list all application templates ***

amnesiac (config) # ssc app-template-instance list

+-------------------------------+---------------------+----------------------------+

| Template Instance | Cluster ID | Template ID +

--------------------------------+---------------------+----------------------------+

| Template-Instance-EGSR...GS45 | Cluster-CRCF...Z5WS | Http Service Template__1.0 |

+-------------------------------+---------------------+----------------------------+

*** show details for a specific application template instance ***
amnesiac (config) # show ssc app-template-instance template-instance-name
Template-Instance-EGSR-J5D2-UKIE-GS45

+----------------------+---------------------------------------+

| Field | Value |

+----------------------+---------------------------------------+

| template_instance_id | Template-Instance-EGSR-J5D2-UKIE-GS45 |

| tag | |

| cluster_id | Cluster-CRCF-9WDA-T1HE-Z5WS |

| result | None |

| children | None |

| parameters | { |

| | "instance_name": "Web Server", |

| | "pool_nodes": [ |

| | "127.0.0.1:80", |

| | "127.0.0.2:80" |

| | ], |

| | "public_port": 80 |

| | } |

| pending_action | None |

| template_id | Http Service Template__1.0 |

+----------------------+---------------------------------------+

Related Commands

show ssc app-template , ssc app-template import, ssc app-template list, ssc app-template-instance create, ssc app-template-instance list, ssc app-template-instance update

show ssc backup sd-va config

Displays the configured settings for the Services Director VA backup service.

Syntax

show ssc backup sd-va config

Usage Guidelines

The command returns the following values:

•remote-sys: IP address of the remote system.

•remote-sync-freq: The synchronization frequency (local to remote), expressed as a number of units. Units are days (d), hours (h) and minutes (m). For example, "2d" represents two days.

•backup-data-trans: The protocol to perform the remote transfer ("scp" or "ftp"). 2

•remote-sys-user: Remote username.

•backup-retain: The number of local backup files to be retained. For example, 3.

•remote-sys-path: Remote directory for backup files. For example, "/var/home/root".

•backup-freq: The backup frequency (to local), expressed as a number of units. Units are days (d), hours (h) and minutes (m). For example, "6h" represents six hours.

•remote-sys-pass: Password for the remote user.

This command is also available in user and enable mode.

Examples

Related Commands

ssc backup sd-va config clear, ssc backup sd-va config create, ssc backup sd-va config update, ssc backup sd-va restore local, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg clear, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

show ssc backup sd-va local

Lists local backups produced by the Services Director VA backup service.

Syntax

show ssc backup sd-va local

Usage Guidelines

This command is also available in user and enable mode.

Examples

amnesiac (config) # show ssc backup sd-va local
+----------------------------------------------+---------------------+
| Local Backup files | Creation time |
+----------------------------------------------+---------------------+
| backup_10.62.167.199_2015-09-08_16-53-02.zip | 2015-09-08 16:53:03 |
| backup_10.62.167.199_2015-09-08_16-54-01.zip | 2015-09-08 16:54:03 |
| backup_10.62.167.199_2015-09-08_16-55-01.zip | 2015-09-08 16:55:02 |
| backup_10.62.167.199_2015-09-08_16-56-01.zip | 2015-09-08 16:56:03 |
+----------------------------------------------+---------------------+

Related Commands

show ssc backup sd-va config, show ssc backup sd-va restore remotecfg, ssc backup sd-va config create

show ssc backup sd-va restore remotecfg

Lists remote backups produced by the Services Director VA backup service.

Syntax

show ssc backup sd-va restore remotecfg

Usage Guidelines

This command is also available in user and enable mode.

Examples

Related Commands

show ssc backup sd-va local, show ssc backup sd-va config, ssc backup sd-va config create

show ssc backup vtm-cluster cluster-name backup-name

Displays full details for the specified backup.

Syntax

show ssc backup vtm-cluster cluster-name cluster-id backup-name backup_id

Parameters

cluster-id

Specify the required cluster.

backup_id

Specify the required backup schedule.

Usage Guidelines

Use the show ssc backup vtm-cluster cluster-name <cluster_id> backups command to view all backups for a specified cluster.

Use the no ssc backup vtm-cluster cluster-name <cluster_id> backup-name <backup_id> command to delete the specified backup.

Examples

Related Commands

show ssc backup vtm-cluster cluster-name backups, show ssc backup vtm-cluster cluster-name task, show ssc backup vtm-cluster cluster-name tasks, show ssc backup vtm-cluster schedule, show ssc backup vtm-cluster schedules

show ssc backup vtm-cluster cluster-name backups

Displays all backups for a specified cluster.

Syntax

[no] show ssc backup vtm-cluster cluster-name cluster-id backups

Parameters

cluster-id

Specify the ID of the required cluster.

Usage Guidelines

Use the show backup vtm-cluster cluster-name <cluster_id> backup <backup_id> command to view all backups for a specified cluster.

Use the no ssc backup vtm-cluster cluster-name <cluster_id> backup-name <backup_id> command to delete the specified backup.

Examples

Related Commands

show ssc backup vtm-cluster cluster-name backup-name, show ssc backup vtm-cluster cluster-name task, show ssc backup vtm-cluster cluster-name tasks, show ssc backup vtm-cluster schedule, show ssc backup vtm-cluster schedules

show ssc backup vtm-cluster cluster-name task

Displays full details for the specified backup task.

Syntax

show ssc backup vtm-cluster cluster-name cluster-id task task_id

Parameters

cluster-id

Specify the required cluster.

task_id

Specify the required backup task.

Usage Guidelines

Use the show ssc backup vtm-cluster cluster-name <cluster_id> tasks command to view all tasks for a specified cluster.

Use the no ssc backup vtm-cluster cluster-name <cluster_id> task <task_id> command to delete the specified task.

Examples

Related Commands

show ssc backup vtm-cluster cluster-name backup-name, show ssc backup vtm-cluster cluster-name backups, show ssc backup vtm-cluster cluster-name tasks, show ssc backup vtm-cluster schedule, show ssc backup vtm-cluster schedules

show ssc backup vtm-cluster cluster-name tasks

Displays all tasks for a specified cluster.

Syntax

show ssc backup vtm-cluster cluster-name cluster-id tasks

Parameters

cluster-id

Specify the name of required cluster.

Usage Guidelines

Use the show ssc backup vtm-cluster cluster-name <cluster_id> task <task_id> command to view all tasks for a specified cluster.

Use the no ssc backup vtm-cluster cluster-name <cluster_id> task <task_id> command to delete the specified task.

Examples

Related Commands

show ssc backup vtm-cluster cluster-name backup-name, show ssc backup vtm-cluster cluster-name backups, show ssc backup vtm-cluster cluster-name task, show ssc backup vtm-cluster schedule, show ssc backup vtm-cluster schedules

show ssc backup vtm-cluster schedule

Display full details for a specified backup schedule.

Syntax

show ssc backup vtm-cluster schedule schedule-id

Parameters

schedule-id

Specify the required backup schedule.

Usage Guidelines

Use the no ssc backup vtm-cluster schedule command to delete the specified schedule.

Examples

Related Commands

show ssc backup vtm-cluster schedules

Displays a list of all defined backup schedules.

Syntax

show ssc backup vtm-cluster schedules

Examples

Related Commands

show ssc certificate

Displays Services Director SSL certificate in text format.

Syntax

show ssc certificate

Usage Guidelines

This command is also available in user and enable mode.

Examples

amnesiac (config) # show ssc certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
Signature Algorithm:
Issuer:
Validity
Not Before: May 29 13:56:14 2013 GMT
Not After : May 29 13:56:14 2015 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (1024 bit)
Modulus:

*** a partial listing ***

show ssc cloud-reg

Displays details for a specified cloud registration resource.

Syntax

show ssc cloud-reg id name

Parameters

name

Specify a unique identifier for the cloud registration, either its tag or UUID.

Usage Guidelines

This command does not display the user data required for cloud registration. The show ssc cloud-reg user-data command displays this user data.

Examples

Related Commands

show ssc cloud-reg user-data id, ssc cloud-reg create, ssc cloud-reg delete, ssc cloud-reg list

show ssc cloud-reg user-data id

Displays the user-data for a specified cloud registration resource.

Syntax

show ssc cloud-reg user-data id name

Parameters

name

Specify a unique identifier for the cloud registration resource, either its tag or UUID.

Usage Guidelines

This command does not display the general properties for the cloud registration. The show ssc cloud-reg id command displays this information.

It is intended that you copy the output of this command to the clipboard, and then paste it into the Amazon Web Services (AWS) EC2 instance creation wizard when you create the first cloud-based vTM in a cluster. See the Pulse Secure Services Director Getting Started Guide for full details of this process.

This text is always displayed in base64 format.

Examples

| Property | Value

+------------------------------------+---------------------------------------------

| metering_health > alert_reason | Possible under-accounting or over-accounting

db-user-name name

Displays the user for the remote database used by the Services Director.

ip-address ip-addr

name

Specify the name of the feature pack.

Examples

amnesiac (config) # show ssc feature-pack fpname ENT-ENTERPRISE_full

+-------------+----------------+

| Field | Value |

+-------------+----------------+

| info | |

| status | Active |

| stm_sku | ENT-ENTERPRISE |

| add_on_skus | [] |

| excluded | |

| skus | ENT-ENTERPRISE |

+-------------+----------------+

Related Commands

show ssc feature-pack fpname, ssc feature-pack create fpname, ssc feature-pack list, ssc feature-pack update fpname

show ssc high-avail certificate

Displays the high availability certificate for a high availability node.

Usage Guidelines

This command is identical to ssc high-avail file-replication reset.

show ssc high-avail list

Displays a list of nodes in the current HA pair.

This command is identical to ssc high-avail reset.

show ssc host host-name

Displays vTM instance host details.

Syntax

show ssc host host-name name dns [ status-check [true | false]]

Parameters

name

Specify the name of the host.

status-check [true | false]

Specify true or false to display host status check information.

Examples

amnesiac (config) # show ssc host host-name demo-01.cam.demo.com status-check true

+------------------------+----------------------+

| Field | Value |

+------------------------+----------------------+

| install_root | /root/install |

| username | root |

| retained_info_dir | None |

| va_management_user | |

| hw_cluster_node | None |

| work_location | /var/cache/ssc |

| cpu_cores | None |

| status_check | {} |

| info | demo |

| status | Active |

| va_management_password | |

| usage_info | |

| host_id | demo-01.cam.demo.com |

| hw_slot_number | None |

| size | None |

+------------------------+----------------------+

Related Commands

ssc host add host-name

show ssc instance instance-name

Displays vTM instance details.

Syntax

show ssc instance instance-name name [status-check [true | false] ] [show-passwords [true | false]]

Parameters

name

Specify the name of the Traffic Manager instance.

status-check

Specify true or false to display a status check of the (deployed) instance.

show-passwords

Specify true or false to display the administration password.

Examples

Related Commands

ssc instance create instance-name

show ssc kpti

Displays Kernel Page-Table Isolation (KPTI) settings for the Services Director.

Syntax

show ssc kpti

Examples

*** KPTI is enabled ***

amnesiac (config) # show ssc kpti

KPTI is currently enabled, and will remain enabled after a reboot.

*** KPTI is enabled now but will change state at the next reboot ***

amnesiac (config) # show ssc kpti

KPTI is currently enabled, but will be disabled after a reboot.

*** KPTI is disabled now but will change state at the next reboot ***

amnesiac (config) # show ssc kpti

KPTI is currently disabled, but will be enabled after a reboot.

*** KPTI is disabled ***

amnesiac (config) # show ssc kpti

KPTI is currently disabled, and will remain disabled after a reboot.

Related Commands

ssc kpti

show ssc license enterprise

Displays Services Director enterprise license details.

Syntax

show ssc license enterprise [add-on key | bandwidth key | controller key | resource-pack key]

Parameters

add-on key

Specify the (older) add-on license key.

bandwidth key

Specify the bandwidth license key.

controller key

Specify the name of the controller license key.

resource-pack key

Specify the name of the (newer) resource pack key.

Usage Guidelines

Add-on licenses are used with older controller licenses. Resource pack licenses are used with newer controller licenses.

Examples

amnesiac (config) # show ssc license enterprise bandwidth 3420186a93f3c58857e21f1cf
+---------------------------+-------------------------------------------------------
| Field | Value
+---------------------------+-------------------------------------------------------
| status | Active
| valid_until | 2016-10-07

| timestamp | 2016-09-27T21:37:13.1475037433

| controller_license | ERSSC381243-0000-42B9

| bandwidth | 5000.0

| valid_from | Perpetual

| serial | 342005

| license_key | LK1-ERSSCTPSTM_B_400:5:342015:20160927T2137131475...
| controller_license_serial | 381243

| stm_sku | STM-400

| valid | True

+---------------------------+-------------------------------------------------------

Related Commands

show ssc license license-name, show ssc license-file

show ssc license license-name

Displays the details for the named license.

Syntax

show ssc license license-name unique-name

Parameters

unique-name

Specify the unique name of the license.

Usage Guidelines

This command is also available in user and enable mode.

Examples

*** show the universal license ***
amnesiac (config) # show ssc license license-name universal_v4
+------------------------+----------------------------------------------------------
| Field | Value

+------------------------+----------------------------------------------------------
| status | Active

| health_check_results | []

| info | Universal license, installed with vX.X of Services Dir...

| last_health_check_time | None

| default | True

| health_check_status | Not yet run

| generic_errors | None

| type | universal

+------------------------+----------------------------------------------------------

Related Commands

show ssc license enterprise, show ssc license-file

show ssc license-file

name

Specify the name of the Services Director manager.

Examples

Related Commands

ssc manager list, ssc manager update manager-name

show ssc metering warning instance-name

Displays metering warning information for a specified Traffic Manager instance.

Syntax

show ssc metering warning instance-name name

Parameters

instance-name name

Specify the name of the required Traffic Manager instance.

Usage Guidelines

Any current instance can be specified. Where no warning exists, this is indicated.

To identify all instances with a warning, see ssc owner create.

Examples

Related Commands

show ssc dashboard, show ssc settings metering, ssc metering warning list, ssc settings metering update

show ssc owner

Displays a specified owner.

Syntax

show ssc owner name

Parameters

name

Specify the name of the owner.

Examples

| Field | Value |

+---------------+------------------------------------+

| instances | [u'cerulean-01'], [u'cerulean-02'] |

| tag | JK |

| timezone | Etc/GMT |

| email_address | |

| children | None |

| secret | banana |

| clusters | [u'Cerulean-Cluster'] |

| owner_id | Owner-WUPO-RLBZ-SAPQ-RAM3 |

+---------------+------------------------------------+

Related Commands

ssc owner create, ssc owner delete, ssc owner list, ssc owner update

show ssc registration

Displays details for a specified self-registration request.

Syntax

show ssc registration registration-id

Parameters

registration-id

Specify the ID for the self-registration request.

Usage Guidelines

Some fields will only be populated once the request is Accepted:

•instance_name

•feature_pack

•bandwidth

•owner

•access_profile (optional).

Examples

Related Commands

ssc registration delete, ssc registration list, ssc registration update

show ssc reg-policy

Displays a specified registration policy.

Syntax

show ssc reg-policy name

Parameters

name

Specify the name of the registration policy.

Examples

Related Commands

ssc reg-policy create, ssc reg-policy delete, ssc reg-policy list, ssc reg-policy update

show ssc sd-admin-ca

Displays full details of a specified Services Director CA certificate. This certificate is required to enable communications with a secure LDAP authentication server.

Syntax

show ssc sd-admin-ca admin-ca-name ca-certificate-name

Parameters

admin-ca-name ca-ertificate-name

Specify the name or ID of a CA certificate present on Services Director.

Examples

*** List all CA certificates on Services Director ***
amnesiac (config) # ssc sd-admin-ca list

+------+------------------------------+

| Name | Unique ID |

+------+------------------------------+

| CA-1 | Admin-CA-5XJ0-HP0Y-YQAX-69O2 |

| CA-2 | Admin-CA-6J21-KKH3-VSAJ-3209 |

+------+------------------------------+

*** Display details for a CA certificate ***

amnesiac (config) # show ssc sd-admin-ca admin-ca-name CA-1

+-----------------------+-------------------------------------------------------...

| Field | Value

+-----------------------+-------------------------------------------------------...

| admin_ca_id | Admin-CA-5XJ0-HP0Y-YQAX-69O2

| tag | CA-1

| certificate_authority | -----BEGIN CERTIFICATE-----

| | MIIDSzCCAjOgAwIBAgIQciGh+iQigI5d1LTxq9pEEG9w0BAQsFADAl...

| | TC+Rno87nWeTLHXwRVWOJhwlspgaN66dPyOw43bkzh7JTALTWBXKJs...

| | PCuhDlHZSui0p1auJnIIg3pmqyANx/bw==

| | -----END CERTIFICATE-----

| children | None

+-----------------------+-------------------------------------------------------...

Related Commands

ssc sd-admin-ca create, ssc sd-admin-ca list, ssc sd-admin-ca update, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name

show ssc sd-authenticator

Displays full details of a specified Services Director authenticator. This can be for an LDAP, RADIUS or TACACS+ server.

Syntax

show ssc sd-authenticator auth-name authenticator-name

Parameters

auth-name authenticator-name

Specify the name of the Services Director authenticator.

Examples

*** List Services Director authenticators ***
amnesiac (config) # ssc sd-authenticator list
+--------------+-----------------------------------+
| Name | Unique ID |
+--------------+-----------------------------------+
| bbotservices | Authenticator-Y4RC-M3OI-J1BE-5N96 |

| SecureLDAP | Authenticator-V3JW-M4GT-B1NG-43FT |

+--------------+-----------------------------------+

*** Display details for a secure LDAP authenticator ***

amnesiac (config) # show ssc sd-authenticator auth-name SecureLDAP

+------------------------------+---------------------------------------------+

| Description | Value |

+------------------------------+---------------------------------------------+

| Name | SecureLDAP |

| Type | ldap |

| Status of SD authenticator | enabled |

| Server Address | dc1.dev-win17.demo.com |

| DN Method | construct |

| Filter | sAMAccountName=%u |

| Base DN | CN=Users,DC=dev-win19,DC=demo,DC=com |

| SSL mode | starttls |

| Fallback SD permission group | Permission-Group-PYS6-1U8P-HNEG-OARS |

| Server Port | 389 |

| Timeout | 10 |

| Group Attribute | memberOf |

| Group Field | CN |

| Bind DN | %[email protected] |

| Group Filter | |

| Search DN | |

| Search Password | ***** |

+------------------------------+---------------------------------------------+

Related Commands

ssc sd-authenticator add ldap auth-name, ssc sd-authenticator add radius auth-name, ssc sd-authenticator add tacacs_plus auth-name, ssc sd-authenticator list, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name, ssc sd-authenticator update radius auth-name, ssc sd-authenticator update tacacs_plus auth-name

show ssc sd-permission-group

Displays details for a specified Services Director permission group.

Syntax

show ssc sd-permission-group pg-name permission-group

Parameters

pg-name permission-group

Specify the required permission-group.

Usage Guidelines

This command is also available in user and enable mode.

Typically, there is a single Services Director permission group, with full access. The name of this permission group matches the group returned by the authenticator.

Examples

Related Commands

ssc sd-permission-group create pg-name, ssc sd-permission-group list, ssc sd-permission-group update pg-name

show ssc search-endpoint

Displays details for a specified Search Endpoint resource. This endpoint is used to retrieve analytics data from your chosen Analytics System.

Syntax

show ssc search-endpoint id endpoint-id

Parameters

id endpoint-id

Specify a unique identifier for the search endpoint, either its tag or UUID.

Usage Guidelines

This command is only used for Search Endpoint resources. Collection Endpoint resources are handled separately, by an equivalent "collection-endpoint" command.

Examples

*** list all search-endpoints ***

amnesiac (config) # ssc search-endpoint list

+-------------------------------------+-----------------+

| ID | Tag |

+-------------------------------------+-----------------+

| Search-Endpoint-P5Y0-8JS4-X0BS-2P9M | JK-EP-Search-01 |

+-------------------------------------+-----------------+

*** display details for a specific search-endpoint ***

amnesiac (config) # show ssc search-endpoint name JK-EP-Search-01

+-----------------------------+----------------------------------------------------

| Field | Value

+-----------------------------+----------------------------------------------------

| verify_tls | True

| search_endpoint_id | Search-Endpoint-P5Y0-8JS4-X0BS-2P9M

| tag | JK-EP-Search-01

| auth_password | password

| auth_username | admin

| search_endpoint_address | demo.com:2020

| use_tls | True

| search_endpoint_certificate | LS0tLS1CRUdJTiBDRVJUSUZJCk1JSUNXRENDQWNHZ0F3UJBZ...

Displays Services Director analytics settings.

Syntax

show ssc settings analytics

Examples

amnesiac (config) # show ssc settings analytics

+-------------------------+-------------------+

| Field | Value |

show ssc settings fla-check

Related Commands

ssc settings master-password update

show ssc settings metering

Displays metering and log check interval settings.

Syntax

show ssc settings metering

Examples

Related Commands

show ssc dashboard, show ssc metering warning instance-name, ssc metering warning list, ssc settings metering update

show ssc settings monitoring

Displays Services Director monitoring settings.

The purge_deleted_vtm, purge_deleted_vtm_interval, and purge_deleted_vtm_check_period settings can only be updated via the REST API.

Syntax

show ssc settings monitoring

Examples

amnesiac (config) # show ssc settings monitoring

+-----------------------------------+----------+

| Field | Value |

+-----------------------------------+----------+

| controller_failure_period | 180 |

| instance_failure_period | 180 |

| host_failure_period | 180 |

| instance_monitor_interval | 60 |

| auto_cleanup_vtms | all_vtms |

| purge_deleted_vtm | False |

| monitor_email_interval | 60 |

| purge_deleted_vtm_interval | 42 |

| purge_deleted_vtm_check_period | 86400 |

| overdue_monitoring_warning_period | 300 |

| host_monitor_interval | 60 |

| controller_monitor_interval | 60 |

+-----------------------------------+----------+

Related Commands

ssc settings monitoring update

show ssc settings security

Displays Services Director security settings.

Syntax

show ssc settings security

Examples

amnesiac (config) # show ssc settings security

+-----------------------------------+------------------------------------------...

| Field | Value

+-----------------------------------+------------------------------------------...

| max_login_attempts | 0

| user_lockout_duration_minutes | 15

| candidate_service_ssl_certificate |

| auth_success_cache_time_seconds | 30

| auth_failure_cache_time_seconds | 10

| ssl-cipher-list | ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+...

+-----------------------------------+------------------------------------------...

Related Commands

ssc settings security update

show ssc settings telemetry

Displays Services Director phone home telemetry status.

Syntax

show ssc settings telemetry

Examples

amnesiac (config) # show ssc settings telemetry

+--------------------+-----------------------------------------------------+

| Field | Value |

+--------------------+-----------------------------------------------------+

| destination | https://telemetry.cam.demo.com/product-feedback/1.0 |

| phone_home_enabled | True |

+--------------------+-----------------------------------------------------+

Related Commands

show ssc settings telemetry archives, ssc settings telemetry update enabled

show ssc settings telemetry archives

Lists the telemetry files that have been created by Services Director.

Syntax

show ssc settings telemetry archives

Usage Guidelines

To view the contents of archived telemetry files, start the Operating System shell (see Accessing the OS Shell) and view the files from there.

To enable the creation and export of telemetry data, see ssc settings telemetry update enabled).

Examples

amnesiac (config) # show ssc settings telemetry archives

+---------------------+--------------------------------+

| Date | Path |

+---------------------+--------------------------------+

| 2018-05-24 13:17:48 | /var/opt/tms/telemetry/telem_1 |

| 2018-05-24 13:17:49 | /var/opt/tms/telemetry/telem_2 |

| 2018-05-24 13:17:51 | /var/opt/tms/telemetry/telem_3 |

| 2018-05-24 13:31:11 | /var/opt/tms/telemetry/telem_4 |

| 2018-05-24 13:31:16 | /var/opt/tms/telemetry/telem_5 |

+---------------------+--------------------------------+

Related Commands

show ssc settings telemetry , ssc settings telemetry update enabled

show ssc settings throughput

Displays Services Director bandwidth-pack expiry warning settings.

Syntax

show ssc settings throughput

Examples

amnesiac (config) # show ssc settings throughput
+---------------------+-------+
| Field | Value |
+---------------------+-------+
| expiry_warning_days | 30 |
+---------------------+-------+

Related Commands

ssc settings throughput update exp-warningdays

show ssc sku sku-name

Displays Services Director SKU details.

Syntax

show ssc sku [ show-all [ true | false ] ] sku-name name

Parameters

name

Specify the name of the SKU.

Usage Guidelines

By default, the auto-completion for sku-name only includes SKUs that are compatible with your license.

The show-all switch affects how auto-completion of sku-name. If show-all is set to true, the auto-completion for the SKU names includes all SKUS, and not just those that are compatible with your license.

Examples

*** auto-completion (tab key) is limited to SKUS compatible with your license ***
amnesiac (config) # show ssc sku sku-name <tab>
ENT-ADVANCED ENT-ENTERPRISE ENT-WAFPROXY STM-100 STM-200 STM-300 STM-400
STM-WAFPROXY

*** auto-completion (tab key) includes all SKUS, not just compatible ones ***

amnesiac (config) # show ssc sku show-all true sku-name <tab>

BR-ADC-UTILM-WAFP1G-U-01 BR-ADC-UTLM-ADV150M-U-01 BR-ADC-UTLM-ENT10G-U-01

BR-ADC-UTLM-ENT60M-U-01 BR-ADC-UTLM-STD500M-U-01 BR-ADC-UTILM-WAFP3G-U-01

BR-ADC-UTLM-ADV1G-U-01 BR-ADC-UTLM-ENT10M-U-01 BR-ADC-UTLM-STD100M-U-01

BR-ADC-UTLM-STD5G-U-01 BR-ADC-UTILM-WAFP400M-U-01 BR-ADC-UTLM-ADV200M-U-01

BR-ADC-UTLM-ENT150M-U-01 BR-ADC-UTLM-STD10G-U-01 BR-ADC-UTLM-STD60M-U-01

BR-ADC-UTILM-WAFP50M-U-01 BR-ADC-UTLM-ADV20M-U-01 BR-ADC-UTLM-ENT1G-U-01

BR-ADC-UTLM-STD10M-U-01 ENT-ADVANCED BR-ADC-UTILM-WAFP5G-U-01

BR-ADC-UTLM-ADV300M-U-01 BR-ADC-UTLM-ENT200M-U-01 BR-ADC-UTLM-STD150M-U-01

ENT-ENTERPRISE BR-ADC-UTLH-ADVHRLY-U-01 BR-ADC-UTLM-ADV3G-U-01

BR-ADC-UTLM-ENT20M-U-01 BR-ADC-UTLM-STD1G-U-01 ENT-WAFPROXY

BR-ADC-UTLH-ENTHRLY-U-01 BR-ADC-UTLM-ADV40M-U-01 BR-ADC-UTLM-ENT300M-U-01

BR-ADC-UTLM-STD200M-U-01 STM-100 BR-ADC-UTLH-STDHRLY-U-01

BR-ADC-UTLM-ADV500M-U-01 BR-ADC-UTLM-ENT3G-U-01 BR-ADC-UTLM-STD20M-U-01

STM-200 BR-ADC-UTLM-ADV100M-U-01 BR-ADC-UTLM-ADV5G-U-01

BR-ADC-UTLM-ENT40M-U-01 BR-ADC-UTLM-STD300M-U-01 STM-300

BR-ADC-UTLM-ADV10G-U-01 BR-ADC-UTLM-ADV60M-U-01 BR-ADC-UTLM-ENT500M-U-01

BR-ADC-UTLM-STD3G-U-01 STM-400 BR-ADC-UTLM-ADV10M-U-01

BR-ADC-UTLM-ENT100M-U-01 BR-ADC-UTLM-ENT5G-U-01 BR-ADC-UTLM-STD40M-U-01

STM-WAFPROXY

*** show details for an included SKU ***

amnesiac (config) # show ssc sku sku-name STM-400

+--------------------+-----------------------------------------------------------

| Field | Value

+--------------------+-----------------------------------------------------------

| status | Active

| pricing_model | hourly

| add_on_skus | [u'ADD-FIPS', u'ADD-WAF', u'ADD-WEBACCEL']

| feature_tier | STM-400

| features | anlyt : Enable Realtime Analytics.

| | auto : Enable Autoscaling.

| | bwm : Enable Bandwidth Management classes.

| | cache : Enable Web Caching

| | comp : Enable Compression

| | cr : Do not limit the user to cut-down RuleBuilder ...

| | evnts : Enable Events and Actions

| | glb : Enable Global Load Balancing

| | java : Enable Java.

| | kcd : Kerberos Constrained Delegation

| | lbcel : Array of cells.

| | lbcon : Least connection based.

| | lbfail: Balance failure class (used only for testing ...

| | lbone : Always choose first node in a pool (used ...

| | lbrnd : Random.

| | lbrob : Round robin.

| | spnam : Named node session persistence.

| | spsar : Transparent session affinity.

| | spssl : SSL session ID session persistence.

| | spuni : Universal session persistence.

| | spxze : X-Zeus-backend cookie session persistence.

| | ssl : Enable SSL

| | svcprt: Enable Service Protection classes

| | ts : Enable TrafficScript

| | xml : Enable XML functions in TrafficScript.

| info |

| stm_u | STM-400

| fixed_..._usage | None

| ent | True

| resource_unit | None

| csp | True

+--------------------+-----------------------------------------------------------

Related Commands

ssc sku list

show ssc stm images

Displays list of vTM imported images

Syntax

show ssc stm images

Examples

amnesiac (config) # show ssc stm images
----------------------------------------
ZeusTM101_Linux-x86_64.tgz

Related Commands

ssc stm import-image file

show ssc stm license-file

Displays a list of Virtual Traffic Manger licenses.

Syntax

show ssc stm license-file

Usage Guidelines

This command is also available in user and enable mode.

Examples

Specify the name or ID of a CA certificate present on Services Director.

Examples

*** List all CA certificates on Services Director ***
amnesiac (config) # ssc vtm-admin-ca list

+----------+----------------------------------+

| Name | Unique ID |

+----------+----------------------------------+

| VTM-CA-1 | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4 |

| VTM-CA-2 | VTM-Admin-CA-6J21-KKH3-VSAJ-3209 |

+----------+----------------------------------+

*** Display details for a vTM CA certificate ***

amnesiac (config) # show ssc vtm-admin-ca admin-ca-name VTM-CA-1

+-----------------------+-------------------------------------------------------...

| Field | Value

+-----------------------+-------------------------------------------------------...

| admin_ca_id | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4

| tag | CA-1

| certificate_authority | -----BEGIN CERTIFICATE-----

| | MIICWDCCAcGgAwIBAgIJAOmKu/JQQpwnMA0GCSqGSIb3DQEBCwUAMl...

| | XF9oRLSissZA+pXJe4kUT7R01jpCWWd0G4v5Dl+UaoesbALTWBXKJs...

| | Otq69iXpnasFp5flIihAAd4VLGTwC4cNo7ax+Q==

| | -----END CERTIFICATE-----

| children | None

+-----------------------+-------------------------------------------------------...

Related Commands

ssc vtm-admin-ca create, ssc vtm-admin-ca list, ssc vtm-admin-ca update, ssc vtm-authenticator add ldap auth-name, ssc vtm-authenticator list, ssc vtm-authenticator update ldap auth-name

show ssc vtm-authenticator

Displays full details of a specified vTM authenticator. This can be for an LDAP, RADIUS or TACACS+ server.

Syntax

show ssc vtm-authenticator auth-name authenticator-name

Parameters

authenticator-name

Specify the name of the vTM authenticator.

Examples

*** example secure LDAP authenticator ***
amnesiac (config) # show ssc vtm-authenticator auth-name "LDAP Server"
+-------------------------------+---------------------------------------------+

| Description | Value |

+-------------------------------+---------------------------------------------+

| Name | LDAP Server |

| Type | ldap |

| Server Address | dc1.dev-win19.demo.com |

| DN Method | construct |

| Filter | sAMAccountName=%u |

| Base DN | CN=Users,DC=dev-win19,DC=demo,DC=com |

| SSL mode | |

| Fallback vTM permission group | admin |

| Server Port | 389 |

| Timeout | 30 |

| Group Attribute | memberOf |

| Group Field | CN |

| Bind DN | %u@dev- win19.demo.com |

| Group Filter | |

| Search DN | |

| Search Password | ***** |

+-------------------------------+---------------------------------------------+

Related Commands

ssc vtm-admin-ca create, ssc vtm-authenticator add radius auth-name, ssc vtm-authenticator add tacacs_plus auth-name, ssc vtm-authenticator list, ssc vtm-authenticator update ldap auth-name, ssc vtm-authenticator update radius auth-name, ssc vtm-authenticator update tacacs_plus auth-name

show ssc vtm-permission-group

Displays details for a specified vTM permission group.

Syntax

show ssc vtm-permission-group pg-name permission-group

Parameters

pg-name permission-group

Specify the required permission-group.

Usage Guidelines

This command is also available in user and enable mode.

There are four default permission groups (admin, Demo, Monitoring and Guest), and you can create additional vTM permission groups, see ssc vtm-permission-group list.

Each permission supports the following access levels: ro (read-only), full.

Where a permission branch node and all of its leaf nodes share a permission, only the permission branch node and its access level are displayed.

Where all permissions share a single access level, the permission "all" is used. The admin permission group has this setting by default.

Examples

*** show permissions for the admin group ***
amnesiac (config) # show ssc vtm-permission-group pg-name admin
+--------------+---------------------------------------------------+--------+
| Parameter | Value | |
+--------------+---------------------------------------------------+--------+
| Name | admin | |
| Unique Name | admin | |
| Description | Full access to all pages | |
| Timeout | 30 | |
| Permissions: | ------------------------------------------------- | ------ |
| | Permission String | Access |
| | ------------------------------------------------- | ------ |
| | all | full |
+--------------+---------------------------------------------------+--------+

*** show permissions for the Demo group ***
amnesiac (config) # show ssc vtm-permission-group pg-name Demo
+--------------+---------------------------------------------------+--------+
| Parameter | Value | |
+--------------+---------------------------------------------------+--------+
| Name | Demo | |
| Unique Name | Demo | |
| Description | Full access, except to user management / system | |
| Timeout | 30 | |
| Permissions: | ------------------------------------------------- | ------ |
| | Permission String | Access |
| | ------------------------------------------------- | ------ |
| | Access_Management | ro |
| | Alerting | full |
| | Appliance_Console | none |
| | Aptimizer | full |
| | Audit_Log | full |
| | Backup | ro |
| | Bandwidth | full |
| | Catalog | full |
| | Config_Summary | full |
| | Configure | full |
| | Connections | full |
| | Custom | full |
| | DateTime | ro |
| | Diagnose | full |
.

*** show permissions for the Guest group ***
amnesiac (config) # show ssc vtm-permission-group pg-name Guest
+--------------+---------------------------------------------------+--------+
| Parameter | Value | |
+--------------+---------------------------------------------------+--------+
| Name | Guest | |
| Unique Name | Guest | |
| Description | Read-only access | |
| Timeout | 30 | |
| Permissions: | ------------------------------------------------- | ------ |
| | Permission String | Access |
| | ------------------------------------------------- | ------ |
| | Access_Management | ro |
| | Alerting | ro |
| | Appliance_Console | none |
| | Aptimizer | ro |
| | Audit_Log | none |
| | Backup | ro |
| | Bandwidth | ro |
| | Catalog | ro |
| | Config_Summary | ro |
| | Configure | ro |
| | Connections | full |
| | Custom | ro |
| | DateTime | ro |
| | Diagnose | ro |
| | Draining | ro |
.

| | Rate | ro |
| | Reboot | ro |
| | Request_Logs | ro |
| | Restart | ro |
| | Rules | ro |
| | SLM | ro |
| | SNMP | ro |
| | SOAP_API | none |
| | SSL | ro |
| | Security | ro |
| | Service_Protection | ro |
| | Shutdown | ro |
| | Statd | full |
| | Support | ro |
| | Traffic_IP_Groups | ro |
| | Traffic_Managers | ro |
| | Traffic_Managers!AddRemove | none |
| | Traffic_Managers!Upgrade | none |
| | Virtual_Servers | ro |
| | Web_Cache | full |
| | Web_Cache!Clear | none |
| | Wizard | ro |
+--------------+---------------------------------------------------+--------+

*** show permissions for the Monitoring group ***
amnesiac (config) # show ssc vtm-permission-group pg-name Monitoring
+--------------+---------------------------------------------------+--------+
| Parameter | Value | |
+--------------+---------------------------------------------------+--------+
| Name | Monitoring | |
| Unique Name | Monitoring | |
| Description | Access only to config summary / monitoring pages | |
| Timeout | 30 | |
| Permissions: | ------------------------------------------------- | ------ |
| | Permission String | Access |
| | ------------------------------------------------- | ------ |
| | Access_Management | none |
| | Access_Management!LocalUsers!Edit | full |
| | Access_Management!LocalUsers!EditOtherUsers | none |
| | Alerting | none |
| | Appliance_Console | none |
| | Aptimizer | none |
| | Audit_Log | none |
| | Backup | none |
| | Bandwidth | none |
| | Catalog | none |
| | Config_Summary | full |
| | Configure | none |
| | Connections | full |
| | Custom | none |
.

Related Commands

ssc vtm-permission-group create pg-name, ssc vtm-permission-group list, ssc vtm-permission-group update pg-name

snmp-server acl

Configures changes to the View-Based Access Control Model (VACM) ACL configuration.

Syntax

[no] snmp-server acl group name security-level level read-view name

Parameters

group name

Specify the name of the SNMP server community.

security-level level

Specify the security level for this ACL entry.

•noauth: Does not authenticate packets and does not use privacy. This is the default setting.

•auth: Authenticates packets but does not use privacy.

•authpriv: Authenticates packets and uses privacy.

This setting determines whether a single atomic message exchange is authenticated.

A security level applies to a group, not to an individual user.

read-view name

Specify that read requests will be restricted to this view.

Usage Guidelines

The no command option disables an SNMP server community.

Examples

amnesiac (config) # snmp-server acl group ReadOnly security-level auth read-view ReadOnly

Related Commands

snmp-server community

Sets an SNMP read-only server community.

Syntax

[no] snmp-server community name

Parameters

name

Specify the name of the SNMP server community.

The # and - characters are not allowed at the beginning of the <name> argument. If you use either of these characters at the beginning of the <name> argument, the CLI returns the following error message:

% Invalid SNMP community name

Usage Guidelines

Specify a group name.

security-name name

Specify a name to identify a requester (allowed to issue gets and sets) or a recipient (allowed to receive traps) of management data. The security name is also required to make changes to the VACM security name configuration.

security-model model

Specify one of the following security models:

•v1: Enables SNMPv1 security model.

•v2c: Enables SNMPv2c security model.

•usm: Enables User-based Security Model (USM).

Usage Guidelines

The no command option disables the SNMP server group.

Examples

amnesiac (config) # snmp-server group rvbdgrp security-name pulse security-model v1

Related Commands

snmp-server host

Configures hosts to which to send SNMP traps.

Syntax

[no] snmp-server host {hostname | IPv4-addr | IPv6-addr} traps community-string

Parameters

hostname | IPv4-addr | IPv6-addr

Specify the hostname, IPv4 address, or IPv6 address for the SNMP server.

traps community-string

Send traps to the specified host. Specify the password-like community string to control access. Use a combination of uppercase, lowercase, and numerical characters to reduce the chance of unauthorized access to the appliance. The # and - characters are not allowed at the beginning of the <community string> argument.

If you specify a read-only community string, it takes precedence over this community name and allows users to access the entire MIB tree from any source host. If this is not desired, delete the read-only community string.

Usage Guidelines

The no command option disables the SNMP server host.

Examples

amnesiac (config) # snmp-server host 10.0.0.1 traps public

Related Commands

show snmp, snmp-server community, snmp-server security-name

snmp-server host version

Configures the SNMP version of traps to send to the host.

Syntax

[no] snmp-server host {hostname | IPv4-addr | IPv6-addr} traps version { 1 | 2 c | 3 remote-user name} password encrypted key auth-protocol {MD5 | SHA} security-level {noauth | auth | authpriv} | plain-text text auth-protocol MD5 | SHA [ security-level {noauth | auth | authpriv}] | [priv-protocol {AES | DES} priv-key {encrypted key | plaintext text}] [port port]

Parameters

hostname-or-ip-addr

Specify the hostname, IPv4 address, or IPv6 address for the SNMP server.

traps

Send traps to the specified host.

version

Specify the SNMP version of traps to send to this host:

•1: Specifies SNMPv1.

•2c: Specifies SNMPv2c.

•3: Specifies SNMPv3. This setting requires the remote-user property to be set.

remote-user name

For SNMPv3 specify the user name.

password

Specify the password type:

•encrypted: Enable encrypted password authentication. Thisa require

•plaintext: Enable plain-text password authentication.

encrypted key

For SNMPv3 specify the user password.

auth-protocol

Specify the authorization protocol:

•MD5: Enable MD5 security protocol.

•SHA: Enable SHA security protocol.

security-level

Specify the security level:

•noauth: Specify no authorization required.

•auth: Specify authorization required.

•authpriv: Specify authorization and privacy required.

priv-protocol

Specify the privacy protocol:

•AES: Specify CFB128-AES-128 as the privacy protocol.

•DES: Specify CBC-DES as the privacy protocol.

priv-key

Specify the privacy key:

•encrypted key: Specify encrypted privacy key.

•plaintext text: Specify plain-text privacy key. The plain-text privacy key must be at least 8 characters.

port port

Optionally, specify the destination port.

Usage Guidelines

The no command option disables the SNMP server host.

Examples

amnesiac (config) # snmp-server host 10.0.0.1 traps version 1 "public 99162?" port 1234

Related Commands

snmp-server ifindex

Adds a custom index value for an interface.

Syntax

snmp-server ifindex interface index

Parameters

interface

snmp-server listen enable

Enables SNMP server interface restrictions (that is, it enables access control and blocks requests on all the interfaces).

Syntax

[no] snmp-server listen enable

Usage Guidelines

The no command option disables SNMP interface restrictions.

SNMP interface restrictions are not available through the Management Console.

Examples

amnesiac (config) # snmp-server listen enable

Related Commands

snmp-server listen interface

Adds an interface to the SNMP server access restriction list.

Syntax

[no] snmp-server listen interface interface

Parameters

interface

Specify the interface: primary, aux, inpath0_0, rios_lan0_0, rios_wan0_0

Usage Guidelines

If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces.

Configures the system to use the IP address of the specified interface in the SNMP trap header.

Syntax

[no] snmp-server trap-interface interface

Parameters

interface

Specify the interface.

Usage Guidelines

The trap interface setting sets which interface IP address is used in the agent-address header field of SNMP v1 trap Protocol Data Units (PDUs). It does set the interface for the trap.

Traps are sent out the Primary interface. If the primary interface is physically disconnected, no traps are sent. Traps can be sent out the auxiliary interface if the trap receiver is reachable from the auxiliary interface.

The no command option disables the trap interface.

Examples

amnesiac (config) # snmp-server trap-interface aux

Related Commands

snmp-server trap-test

Generates an SNMP trap test.

Syntax

snmp-server trap-test

Usage Guidelines

Use this command to send a sample trap test to ensure that the SNMP server is monitoring the appliance.

Examples

amnesiac (config) # snmp-server trap-test

Related Commands

snmp-server user

Configures changes to the User-Based Security (UBS) model.

Syntax

[no] snmp-server user name password {encrypted key | plaintext text} auth-protocol {MD5 | SHA} [priv-protocol {AES | DES} priv-key {encrypted key | plain-text text}]

Parameters

name

Specify the user name.

password

Specify the password type:

•encrypted key: Enable encrypted password authentication.

•plaintext text: Enable plain-text password authentication. The plain-text password must be at least 8 characters.

auth-protocol

Specify the authorization protocol:

•MD5: Enable MD5 security protocol.

•SHA: Enable SHA security protocol.

priv-protocol

Specify the privacy protocol:

•AES: Specify CFB128-AES-128 as the privacy protocol.

•DES: Specify CBC-DES as the privacy protocol.

priv-key

Specify the privacy key:

•encrypted key: Specify encrypted privacy key.

•plaintext text: Specify plain-text privacy key. The plain-text privacy key must be at least 8 characters.

Usage Guidelines

The no command option disables this option.

Examples

amnesiac (config) # snmp-server user testuser password plain-text testpass auth-protocol SHA

Related Commands

snmp-server view

Configures changes to the View-based Access Control Model (VACM) configuration.

Syntax

[no] snmp-server view name [excluded | included] oid

Parameters

name

Specify the user name.

excluded

View option. Excludes an oid sub-tree from this view.

included

View option. Includes an OID subtree into this view.

oid

Specify the object ID. For example: .1.3.6.1.2.1.1 or .iso.org.dod.internet.mgmt.mib-2.system

Usage Guidelines

The no command option disables this option.

Examples

amnesiac (config) # snmp-server view joedoe included .1.3.6.1.2.1.1

Related Commands

show ssc access-profile, ssc access-profile create access-profile-name, ssc access-profile list, ssc access-profile remove-perm-group, ssc access-profile update access-profile-name

ssc access-profile add-perm-group

Adds a permission group to a specified access profile.

Syntax

ssc access-profile add-perm-group access-profile-name access-profile-name perm-group-name permission-group-name

Parameters

access-profile-name

Specify the name of an existing access profile.

permission-group-name

Specify the name of a single permission group to add to the access profile.

Usage Guidelines

This command only enables you to add one permission group at a time. To add additional permission groups to the same access profile, repeat this command for each permission group.

Examples

*** add the "admin" permission group to access profile ***
amnesiac (config) # ssc access-profile add-perm-group access-profile-name "RADIUS All" perm-group-name admin
+-----------------------------------+
| Updated |
+-----------------------------------+
| Access profile RADIUS All updated |
+-----------------------------------+

*** add a second permission group to the same access profile ***
amnesiac (config) # ssc access-profile add-perm-group access-profile-name "RADIUS All" perm-group-name Guest
+-----------------------------------+
| Updated |
+-----------------------------------+
| Access profile RADIUS All updated |
+-----------------------------------+

Related Commands

ssc access-profile create access-profile-name

Creates an access profile and associates it with an authenticator.

Syntax

ssc access-profile create access-profile-name access-profile-name auth-name authenticator-name

Parameters

access-profile-name

Specify the name of the new access profile.

authenticator-name

Specify the name of an existing authenticator.

Usage Guidelines

This command does not support the addition of permission groups, see ssc access-profile create access-profile-name.

show ssc access-profile, ssc access-profile add-perm-group, ssc access-profile create access-profile-name, ssc access-profile list, ssc access-profile update access-profile-name

ssc access-profile update access-profile-name

Updates the details of an access profile, including the authenticator with which it is associated.

Syntax

ssc access-profile create access-profile-name access-profile-name auth-name authenticator-name

Parameters

access-profile-name

Specify the name of the new access profile.

authenticator-name

Specify the name of an existing authenticator.

Usage Guidelines

This command does not support:

•The addition of permission groups from the profile. See ssc access-profile create access-profile-name.

•The removal of permission groups from the profile. See ssc access-profile update access-profile-name.

Examples

*** update the name of the access profile ***
amnesiac (config) # ssc access-profile update access-profile-name "LDAP Monitoring" new-access-profile-name "LDAP Statistics"
+----------------------------------------+
| Updated |
+----------------------------------------+
| Access profile LDAP Monitoring updated |
+----------------------------------------+

Related Commands

show ssc access-profile, ssc access-profile add-perm-group, ssc access-profile create access-profile-name, ssc access-profile list, ssc access-profile remove-perm-group

ssc action list

Lists Services Director actions.

Syntax

ssc action list

Usage Guidelines

The Services Director can carry out the following actions on Traffic Manager instances:

•deploy an instance with specified parameters

•start and stop an instance

•uninstall an instance

•upgrade an instance

Examples

amnesiac (config) # ssc action list
+--------+
| Action |
+--------+
| 1 |
+--------+

Related Commands

ssc action update action-name

ssc action update template-name

Updates a Services Director action based on the specified template.

Syntax

Parameters

name

Specify the template name.

action-name name

Specify the action name.

action-args

Optionally, specify one or more action arguments to be modified in the new template.

status

Specify the status:

•Waiting: If the action fails and the underlying problems have been corrected change the status of the original action to Waiting to cause the action to be re-queued and re-tried.

•Pending: If an instance is associated with a failed or blocked action.

•Blocked: If an instance is associated with a blocked action.

Usage Guidelines

Updates an action with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc action update action-template test status Waiting

Related Commands

ssc action list

ssc action update action-name

Updates a Services Director action.

Syntax

Parameters

name

Specify the action name.

status

Specify the status:

•Waiting: If the action fails and the underlying problems have been corrected change the status of the original action to Waiting to cause the action to be re-queued and re-tried.

•Pending: If an instance is associated with a failed or blocked action.

•Blocked: If an instance is associated with a blocked action.

Usage Guidelines

When a life cycle action is unsuccessful, you might need to intervene to determine the cause of the problem. Each action is recorded in the inventory database. After any underlying problems have been rectified, the action can be re-tried in one of two ways:

•The original action can have its status changed to Waiting so that the action is re-queued and re-tried.

•The instance can have its status changed to a desired status and the system deletes the old action and queues an entirely new action based on the status.

Use the no ssc action action-name <name> command to delete an action.

Examples

amnesiac (config) # ssc action update action-name test status Waiting

Related Commands

ssc action list

ssc analytics-profile create

Creates a new analytics profile resource. This resource is used for vTM analytics.

Syntax

ssc analytics-profile create logs-to-export log-list [tag value] [txn-export Boolean]

Parameters

logs-to-export

A comma-separated list of identifiers for log-export resources. By default, this list can include the following log-export resources:

•Audit Log

•Application Firewall

•Process Monitor

•Admin Server Access

•System - syslog

•Event Log

•Routing Software

•Data Plane Acceleration

•System - authentication log

For example: "Audit Log","Event Log","System - authentication log"

For details of these logs, see the Virtual Traffic Manager documentation.

tag

(Optional) The customer-facing name for the analytics-profile resource. If this is not set, the tag is set to the UUID value for the resource.

txn-export

(Optional) If true, the analytics profile will record that transaction data is enabled. This ensures that any vTM configured using this profile will transmit transaction data (in addition to its assigned logs) to its assigned endpoint.

Examples

Related Commands

show ssc analytics-profile, ssc analytics-profile delete, ssc analytics-profile list, ssc analytics-profile update

ssc analytics-profile delete

Delete a specified analytics profile resource. This resource is used for vTM analytics.

Syntax

ssc analytics-profile delete id profile-id

Parameters

id profile-id

The identifier for the analytics profile resource, either its tag or its UUID.

Examples

Related Commands

show ssc analytics-profile, ssc analytics-profile create, ssc analytics-profile list, ssc analytics-profile update

ssc analytics-profile list

Lists all analytics profile resources. These resources are used for vTM analytics.

Syntax

ssc analytics-profile list

Examples

Related Commands

show ssc analytics-profile, ssc analytics-profile create, ssc analytics-profile delete, ssc analytics-profile update

ssc analytics-profile update

Updates an analytics profile resource. This resource is used for vTM analytics.

Syntax

ssc analytics-profile update id profile-id [logs-to-export log-list] [tag value] [txn-export Boolean]

Parameters

id profile-id

Specify a unique identifier for the analytics profile, either its tag or UUID.

logs-to-export

A comma-separated list of identifiers for log-export resources. By default, this list can include the following log-export resources:

•Audit Log

•Application Firewall

•Process Monitor

•Admin Server Access

•System - syslog

•Event Log

•Routing Software

•Data Plane Acceleration

•System - authentication log

For example: "Audit Log","Event Log","System - authentication log"

For details of these logs, see the Virtual Traffic Manager documentation.

tag

The customer-facing name for the analytics-profile resource. If this is not set, the tag is set to the UUID value for the resource.

txn-export

If true, the analytics profile will record that transaction data is enabled. This ensures that any vTM configured using this profile will transmit transaction data (in addition to its assigned logs) to its assigned endpoint.

Examples

Related Commands

show ssc analytics-profile, ssc analytics-profile create, ssc analytics-profile delete, ssc analytics-profile list

ssc app-template import

Import an application template (a .ZIP file) into Services Director.

Syntax

ssc app-template import template-url URL

Usage Guidelines

The no ssc app-template command deletes an imported application template.

Parameters

URL

URL of the application template.

Examples

*** view empty list of application templates ***

amnesiac (config) # ssc app-template list

+-----------------+

| Message |

+-----------------+

| No record found |

+-----------------+

*** import an application template ***

amnesiac (config) # ssc app-template import template-url http://example.com/example_filepath/example_filename.zip

+---------------------------------------+

| Imported |

+---------------------------------------+

| Imported "Http Service Template__1.0" |

+---------------------------------------+

*** confirm the addition of an application template ***

amnesiac (config) # ssc app-template list

+----------------------------+

| Templates |

+----------------------------+

| Http Service Template__1.0 |

+----------------------------+

*** delete specific application template ***

amnesiac (config) # no ssc app-template template-name "Http Service Template__1.0"

+---------------------------------------------+

| Deleted |

+---------------------------------------------+

| Template Http Service Template__1.0 deleted |

+---------------------------------------------+

Related Commands

show ssc app-template , show ssc app-template-instance, ssc app-template list, ssc app-template-instance create, ssc app-template-instance list, ssc app-template-instance update

ssc app-template list

Lists all application template resources.

Syntax

ssc app-template list

Usage Guidelines

The no ssc app-template command deletes an imported application template.

Examples

*** list application templates ***

amnesiac (config) # ssc app-template list

+----------------------------+

| Templates |

+----------------------------+

| Http Service Template__1.0 |

+----------------------------+

*** delete application template ***

amnesiac (config) # no ssc app-template template-name "Http Service Template__1.0"

+---------------------------------------------+

| Deleted |

+---------------------------------------------+

| Template Http Service Template__1.0 deleted |

+---------------------------------------------+

Related Commands

show ssc app-template , show ssc app-template-instance, ssc app-template import, ssc app-template-instance create, ssc app-template-instance list, ssc app-template-instance update

ssc app-template-instance create

Instantiate a named application template instance, performing both of the following actions:

•Creates a template instance on Services Director.

•Applies the configuration of the template instance to the specified vTM cluster.

Syntax

ssc app-template-instance create template-instance-name instance-name template-name template-id

cluster-id cluster-id parameters parameters

Usage Guidelines

The no ssc app-template-instance command deletes a template instance.

Parameters

instance-name

Specify a new name for the application template instance.

template-id

Specify a unique identifier for the application template, either its tag or UUID.

cluster-id

Specify a unique identifier for the vTM cluster, either its tag or UUID.

parameters

A list of all parameters for the selected application template.

To automatically populate the command line with parameters from the application template, press the Tab key after you have typed the parameters keyword. You can then update the command line as required before creating the template instance.

Examples

*** show empty instance parameter list ***

amnesiac (config) # ssc app-template-instance list

+-----------------+

| Message |

+-----------------+

| No record found |

+-----------------+

*** create a template instance ***

amnesiac (config) # ssc app-template-instance create

template-instance-name "TK-421"

template-name "Http Service Template__1.0"

cluster-id "Cluster-CRCF-9WDA-T1HE-Z5WS"

parameters '{"instance_name": "Service Name",

"pool_nodes": ["127.0.0.1:80",

"127.0.0.2:80"],

"public_port": 100}'

+----------------------------------------------------------------------------...

| Created

+----------------------------------------------------------------------------...

| data.vtm_pool_nodes_table_table.nodes[0]: Refreshing state...

| data.vtm_pool_nodes_table_table.nodes[1]: Refreshing state...

| vtm_pool.pool: Creating...

| auto_scaling_addnode_delaytime: "" => "0"

| auto_scaling_enabled: "" => "false"

| auto_scaling_external: "" => "true"

| auto_scaling_hysteresis: "" => "20"

. (system messages: vTM settings)

| web_cache_enabled: "" => "false"

| web_cache_error_page_time: "" => "30"

| web_cache_max_time: "" => "600"

| web_cache_refresh_time: "" => "2"

| vtm_virtual_server.virtual_server: Creation complete after 0s ...

| Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

+----------------------------------------------------------------------------...

*** show all template instances ***

amnesiac (config) # ssc app-template-instance list

+-------------------+

| Template Instance |

--------------------+

| TK-421 |

+-------------------+

*** delete a specific template instance ***

amnesiac (config) # no ssc app-template-instance template-instance-name Template-Instance-TJVG-671N-ZHOD-MUKP

+----------------+

| Deleted |

+----------------+

| TK-421 deleted |

+----------------+

Related Commands

show ssc app-template , show ssc app-template-instance, ssc app-template import, ssc app-template list, ssc app-template-instance list, ssc app-template-instance update

ssc app-template-instance list

Lists all application template instance resources. Each template instance is identified by a name. If there is no name defined for the instance, the unique template instance identifier is used instead.

Syntax

ssc app-template-instance list

Usage Guidelines

The no ssc app-template-instance command deletes a template instance.

Examples

amnesiac (config) # ssc app-template-instance list

+---------------------------------------+

| Template Instance |

+---------------------------------------+

| Template-Instance-LGBI-671N-ZHOD-T0TA |

+---------------------------------------+

amnesiac (config) # no ssc app-template-instance template-instance-name Template-Instance-LGBI-671N-ZHOD-T0TA

+-----------------------------------------------+

| Deleted |

+-----------------------------------------------+

| Template-Instance-LGBI-671N-ZHOD-T0TA deleted |

+-----------------------------------------------+

Related Commands

show ssc app-template , show ssc app-template-instance, ssc app-template import, ssc app-template list, ssc app-template-instance create, ssc app-template-instance update

ssc app-template-instance update

Update an application template instance, and re-apply it to the vTM cluster.

You cannot update the selected vTM cluster using this command. Instead, you should create a new template instance, see ssc app-template-instance create.

Syntax

ssc app-template-instance update template-instance-name instance-name template-name

template-name parameters parameters

Parameters

instance-name

Specify a new name for the application template instance.

template-name

Specify a unique identifier for the application template, either its tag or UUID.

parameters

A formatted list of all parameters for the selected application template.

Examples

*** view template instance list ***

amnesiac (config) # ssc app-template-instance list

+---------------------------------------+

| Template Instance |

----------------------------------------+

| Template-Instance-TJVG-L0K8-90AO-MUKP |

+---------------------------------------+

*** view details for a specific template instance ***

amnesiac (config) # show ssc app-template-instance template-instance-name

Template-Instance-TJVG-L0K8-90AO-MUKP

+----------------------+---------------------------------------+

| Field | Value |

+----------------------+---------------------------------------+

| template_instance_id | Template-Instance-TJVG-L0K8-90AO-MUKP |

| tag | |

| cluster_id | Cluster-CRCF-9WDA-T1HE-Z5WS |

| result | None |

| children | None |

| parameters | { |

| | "instance_name": "Service Name", |

| | "pool_nodes": [ |

| | "127.0.0.1:80", |

| | "127.0.0.2:80" ], |

| | "public_port": 80 |

| | } |

| pending_action | None |

| template_id | Http Service Template__1.0 |

+----------------------+---------------------------------------+

*** update the public port for the template instance ***

amnesiac (config) # ssc app-template-instance update

template-instance-name Template-Instance-TJVG-L0K8-90AO-MUKP

parameters '{

"instance_name": "Service Name",

"pool_nodes": ["127.0.0.1:80", "127.0.0.2:80"],

"public_port": 100}'

+----------------------------------------------------------------------------...

| Created

+----------------------------------------------------------------------------...

| data.vtm_pool_nodes_table_table.nodes[0]: Refreshing state...

| data.vtm_pool_nodes_table_table.nodes[1]: Refreshing state...

| vtm_pool.pool: Creating...

| auto_scaling_addnode_delaytime: "" => "0"

| auto_scaling_enabled: "" => "false"

. (system messages: vTM settings)

| web_cache_max_time: "" => "600"

| web_cache_refresh_time: "" => "2"

| vtm_virtual_server.virtual_server: Creation complete after 0s ...

| Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

+----------------------------------------------------------------------------...

*** confirm new public port setting ***

amnesiac (config) # show ssc app-template-instance template-instance-name

Template-Instance-TJVG-L0K8-90AO-MUKP

+----------------------+---------------------------------------+

| Field | Value |

+----------------------+---------------------------------------+

| template_instance_id | Template-Instance-TJVG-L0K8-90AO-MUKP |

| tag | |

| cluster_id | Cluster-CRCF-9WDA-T1HE-Z5WS |

| result | None |

| children | None |

| parameters | { |

| | "instance_name": "Service Name", |

| | "pool_nodes": [ |

| | "127.0.0.1:80", |

| | "127.0.0.2:80" ], |

| | "public_port": 100 |

| | } |

| pending_action | None |

| template_id | Http Service Template__1.0 |

+----------------------+---------------------------------------+

Related Commands

show ssc app-template , show ssc app-template-instance, ssc app-template import, ssc app-template list, ssc app-template-instance create, ssc app-template-instance list

ssc backup sd-va config clear

Clears the backup service configuration for the Services Director. The configuration of the remote system is unaffected.

Syntax

ssc backup sd-va config clear

Examples

amnesiac (config) # ssc backup sd-va config clear
amnesiac (config) # ssc backup sd-va service status
Backup service is not configured
+------------------------------+-------------------------+- ...
| Config | Status | ...
+------------------------------+-------------------------+ ...
| Backup Configuration | Configuration failed | ...
| Restore Remote Configuration | Successfully configured | ...
+------------------------------+-------------------------+ ...
... -----------------------------------------+
... Message |
... -----------------------------------------+
... Services Director is not configured yet |
... None |
... -----------------------------------------+

Related Commands

show ssc backup sd-va config, ssc backup sd-va config create, ssc backup sd-va config update, ssc backup sd-va restore local, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg clear, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va config create

Creates a backup service configuration for the Services Director. Files are backed up to a local location according to a defined backup frequency. These are then synchronized to a remote location using a separate frequency. After synchronizing, a specified number of local files are retained.

Syntax

ssc backup sd-va config create remote-sys IP-address remote-sys-path path remote-sys-user user remote-sys-pass password backup-data-trans protocol backup-freq frequency backup-retain number remote-sync-freq frequency

Parameters

remote-sys profile-id

IP address of the remote system.

remote-sys-path path

Remote directory for backup files. For example, "/var/home/root".

remote-sys-user user

Remote username.

remote-sys-pass password

Password for the remote user.

backup-data-trans protocol

The protocol to perform the remote transfer ("scp" or "ftp"). 2

backup-freq frequency

The backup frequency (to local), expressed as a number of units. Units are days (d), hours (h) and minutes (m). For example, "6h" represents six hours.

backup-retain number

The number of local backup files to be retained. For example, 3.

remote-sync-freq frequency

The synchronization frequency (local to remote), expressed as a number of units. Units are days (d), hours (h) and minutes (m). For example, "2d" represents two days.

Examples

amnesiac (config) # ssc backup sd-va config create remote-sys 10.62.166.206 remote-sys-path /space/sd-backup/sd-backup-test/gold-silver-backups remote-sys-user sd-backup remote-sys-pass password backup-data-trans scp backup-freq 1m backup-retain 10 remote-sync-freq 5m

Related Commands

show ssc backup sd-va config, ssc backup sd-va config clear, ssc backup sd-va config update, ssc backup sd-va restore local, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg clear, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va config update

Updates the backup service configuration for the Services Director.

Syntax

Parameters

remote-sys

IP address of the remote system.

remote-sys-path

Remote directory for backup files. For example, "/var/home/root".

remote-sys-user

Remote username.

remote-sys-pass

Password for the remote user.

backup-data-trans

The protocol to perform the transfer to the remote system ("scp" or "ftp"). 2

backup-freq

The backup frequency (to local), expressed as a number of units. Units are days (d), hours (h) and minutes (m). For example, "6h" represents six hours.

backup-retain

The number of local backup files to be retained. For example, 3.

remote-sync-freq

The synchronization frequency (local to remote), expressed as a number of units. Units are days (d), hours (h) and minutes (m). For example, "2d" represents two days.

Examples

Related Commands

show ssc backup sd-va config, ssc backup sd-va config clear, ssc backup sd-va config create, ssc backup sd-va restore local, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg clear, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va restore local

Restores the Services Director using a local backup file (created by the Services Director backup service).

Syntax

ssc backup sd-va restore local backup-name filename master-password password

Parameters

backup-name filename

Specify a backup file from the local backup configuration.

master-password password

Specify the master password that was current when the backup was made.

Usage Guidelines

The response from the restore process lists any vTM image files that were referenced in the backup file. These images are not stored with the backup, so you must ensure that they are reloaded if they are no longer present on your system.

Examples

amnesiac (config) # ssc backup sd-va restore local backup-name
backup_10.62.167.199_2015-09-08_18-42-01.zip master-password Bcd4531-22
Warning: Using a password on the command line interface can be insecure.

Services Director configuration successfully restored using backup file
backup_10.62.167.199_2015-09-08_18-42-01.zip

Please restore following vTM images existing in the previous backup file:
ZeusTM_101_Linux-x86_64.tgz

Related Commands

show ssc backup sd-va config, ssc backup sd-va config clear, ssc backup sd-va config create, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg clear, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va restore remote

Restores the Services Director from a remote backup file.

Syntax

ssc backup sd-va restore remote backup-name filename master-password password

Parameters

backup-name filename

A backup file from the remote backup configuration.

master-password password

Specify the master password that was current when the backup was made.

Usage Guidelines

Examples

amnesiac (config) # ssc backup sd-va restore remote backup-name
backup_10.62.167.199_2015-12-12_06-06-02.zip master-password Bcd4531-22
Warning: Using a password on the command line interface can be insecure.

Services Director configuration successfully restored using backup file
backup_10.62.167.199_2015-12-12_06-06-02.zip

Please restore following vTM images existing in the previous backup file:
ZeusTM_101_Linux-x86_64.tgz

Related Commands

show ssc backup sd-va config, ssc backup sd-va config clear, ssc backup sd-va config create, ssc backup sd-va restore local, ssc backup sd-va restore remotecfg clear, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va restore remotecfg clear

Clears the remote system definition that is used to restore a Services Director.

Syntax

ssc backup sd-va restore remotecfg clear

Examples

Related Commands

show ssc backup sd-va config, ssc backup sd-va config clear, ssc backup sd-va config create, ssc backup sd-va restore local, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va restore remotecfg create

Specifies the remote system from which a restore of the Services Director is performed.

Syntax

ssc backup sd-va restore remotecfg create remote-sys IP-address remote-sys-path path remote-sys-user user remote-sys-pass password backup-data-trans protocol

Parameters

remote-sys

IP address of the remote system.

remote-sys-path

Remote directory for backup files. For example, "/var/home/root".

remote-sys-user

Remote username.

remote-sys-pass

Password for the remote user.

backup-data-trans

The protocol to perform the transfer from the remote system ("scp" or "ftp").

Usage Guidelines

The restore process itself is performed using ssc backup sd-va restore remotecfg clear.

Examples

amnesiac (config) # ssc backup sd-va restore remotecfg create remote-sys 10.62.166.206 remote-sys-path /space/sd-backup/sd-backup-test/gold-silver-backups remote-sys-user sd-backup remote-sys-pass password backup-data-trans scp

Successfully created backup restore remote configuration for Services Director
+-------------------+-----------------------------------------------------+
| Field | Value |
+-------------------+-----------------------------------------------------+
| remote-sys-user | sd-backup |
| backup-data-trans | scp |
| remote-sys-path | /space/sd-backup/sd-backup-test/gold-silver-backups |
| remote-sys-pass | ****** |
| remote-sys | 10.62.166.206 |
+-------------------+-----------------------------------------------------+

Related Commands

show ssc backup sd-va config, ssc backup sd-va config clear, ssc backup sd-va config create, ssc backup sd-va restore local, ssc backup sd-va restore remote, ssc backup sd-va restore remotecfg create, ssc backup sd-va restore remotecfg update, ssc backup sd-va service status, ssc backup sd-va service enable

ssc backup sd-va restore remotecfg update

Updates the remote system configuration from which a restore of the Services Director is performed.

Syntax

ssc backup sd-va restore remotecfg create [remote-sys IP-address] | [remote-sys-path path] | [remote-sys-user user] | [remote-sys-pass password] | [backup-data-trans protocol]

Parameters

remote-sys

IP address of the remote system.

remote-sys-path

Remote directory for backup files. For example, "/var/home/root".

remote-sys-user

Remote username.

remote-sys-pass

Password for the remote user.

backup-data-trans

The protocol to perform the transfer from the remote system ("scp" or "ftp").

Usage Guidelines

The restore process itself is performed using ssc backup sd-va restore remotecfg clear.

Examples

Related Commands

ssc backup sd-va service enable

Enables the backup service for the Services Director.

Syntax

ssc backup sd-va service enable

Usage Guidelines

Use the no ssc backup sd-va service command to disable the backup service.

Examples

*** enable backup service ***
amnesiac (config) # ssc backup sd-va service enable
Backup service is enabled

*** disable backup service ***
amnesiac (config) # no ssc backup sd-va service
Backup service is disabled

Related Commands

ssc backup sd-va service status

Displays the status of the backup service for the Services Director.

Syntax

ssc backup sd-va service status

Examples

Related Commands

ssc backup vtm-cluster cluster-name backup now

Performs an immediate backup for the specified cluster.

Syntax

ssc backup vtm-cluster cluster-name cluster-id backup now

Parameters

cluster-id

Specify the name of the required cluster.

Usage Guidelines

The cluster must have a defined backup schedule for this command to succeed.

When this command is used, a task is created to perform the backup.

Use the show ssc backup vtm-cluster cluster-name <cluster-name> task <task-id> command to check the status of the backup task.

Examples

Related Commands

show ssc backup vtm-cluster cluster-name backups

ssc backup vtm-cluster cluster-name restore backup-name

For a specified cluster, restores an existing backup from that cluster.

Syntax

ssc backup vtm-cluster cluster-name source_cluster-id restore backup-name backup_id target-cluster target_cluster_id

Parameters

source_cluster-id

Specify the name of the cluster from which the backup was taken.

backup_id

Specify the name of the required backup.

target_cluster-id

Specify the name of the cluster upon which the backup will be used.

Usage Guidelines

When this command is used, a task is created to perform the restore.

Use the show ssc backup vtm-cluster cluster-name <cluster-name> task <task-id> command to check the status of the restore task.

Examples

Related Commands

show ssc backup vtm-cluster cluster-name backups

ssc backup vtm-cluster cluster-name task retry

Re-attempt a failed backup task.

Syntax

ssc backup vtm-cluster cluster-name cluster-id task task_id retry

Parameters

cluster-id

Specify the name of the cluster upon which the failed task was performed.

task_id

Specify the name of the failed task.

Usage Guidelines

Use the show ssc backup vtm-cluster cluster-name <cluster-name> task <task-id> command to check the progress of the task.

Use the no ssc backup vtm-cluster cluster-name <cluster_id> task <task_id> command to delete a failed task if required.

Examples

*** check task: failed ***

amnesiac (config) # show ssc backup vtm-cluster cluster-name

Cluster-AQJE-R4HV-QYR1-9F4O task BackupRestoreTask-PQ6B-H5PY-JHVM-ZTYI

+---------------+---------------------------------------------------------------

| Field | Value

+---------------+---------------------------------------------------------------

| status | failed

| backup_id |

| creation_date | 2016-06-29 16:48:46

| task_subtype | backup now

| manager | 10.62.169.160

| cluster_id | Cluster-AQJE-R4HV-QYR1-9F4O

| error_info | Could not select a vTM for backup for cluster Cluster-AQJE-...

| task_type | backup restore

| task_id | BackupRestoreTask-PQ6B-H5PY-JHVM-ZTYI

| instance_id |

| cluster_tag |

+---------------+---------------------------------------------------------------

*** retry after bringing REST API back up ***
amnesiac (config) # ssc backup vtm-cluster cluster-name Cluster-AQJE-R4HV-

Related Commands

show ssc backup vtm-cluster cluster-name tasks

ssc backup vtm-cluster cluster-name upload backup-name

Transfers a backup file (in TAR format) to a specified Traffic Manager instance. This file is not used in any way.

Syntax

ssc backup vtm-cluster cluster-name source_cluster-id upload backup-name backup_id target-cluster target_cluster_id target-vTM instance_id

Parameters

source_cluster-id

Specify the name of the cluster from which the backup was taken.

backup_id

Specify the name of the required backup.

target_cluster-id

Specify the name of the cluster upon which the backup will be used.

instance_id

Specify the name of the Traffic Manager instance to which the backup file (in TAR format) will be loaded.

Usage Guidelines

This command only transfers the TAR file to the specified Traffic Manager instance. note: No operations are performed on this backup file when it reaches the specified Traffic Manager instance.

When this command is used, a task is created to perform the restore.

Use the show ssc backup vtm-cluster cluster-name <cluster-name> task <task-id> command to check the status of the restore task.

Examples

amnesiac (config) # ssc backup vtm-cluster cluster-name Cluster-AQJE-R4HV-QYR1-9F4O upload backup-name Backup-STD3-X1Q4-GTJ3-WX4T target-cluster Cluster-P2WL-IV2B-V8S6-COIY target-instance cerise-01

Related Commands

show ssc backup vtm-cluster cluster-name backups

ssc backup vtm-cluster create schedule

Creates a backup schedule.

Syntax

ssc backup vtm-cluster create schedule schedule_id frequency frequency [offset offset] [backup_time time] [info description]

Parameters

schedule_id

Specify a unique name for the required backup schedule.

frequency frequency

Specify the basic frequency of the backup.

•daily: A daily frequency. This requires a backup_time but not an offset.

•hourly: An hourly frequency. This requires an offset but not a backup_time.

•monthly: A monthly frequency. This requires both an offset and a backup_time.

•weekly: A weekly frequency. This requires both an offset and a backup_time.

•user_defined: A customized frequency. This requires an offset but not a backup_time.

backup_time time

Specify the backup time (HH:MM) for the schedule. This is supported for daily, weekly and monthly schedules only.

offset

Specify an offset for the selected frequency type, which more closely specifies the point at which the backup will be taken:

•For daily schedules, no offset is supported.

•For an hourly schedule, the offsets represent every quarter of an hour, expressed as minutes. That is: 0, 15, 30 and 45.

•For monthly schedules, the offset is the day number on which the backup should be taken. This is limited to between 1 and 28.

•For weekly schedules, the offset is the day of the week on which the backup should be taken. That is: Monday, Tuesday, Wednesday, Thursday, Friday, Saturday, Sunday. These offset values are displayed as the numbers 0 to 6 when the details for a schedule are displayed.

•For user defined schedules, various offsets are available: 15min, hour, 12hour, week, month.

info description

Optionally, specify a description for the schedule.

Usage Guidelines

Use the no ssc backup vtm-cluster create schedule <schedule_id> command to delete a specified schedule. You cannot delete a schedule that is in use.

Once the schedule is created, you can associate it with one or more clusters using the ssc cluster create cluster-name <cluster_id> schedule <schedule_id> command.

Examples

Related Commands

show ssc backup vtm-cluster schedules, ssc backup vtm-cluster update schedule, ssc cluster update cluster-name

ssc backup vtm-cluster update schedule

Updates a backup schedule.

Syntax

ssc backup vtm-cluster update schedule schedule_id [new_name new_schedule_id] [frequency frequency] [offset offset] [backup_time time] [info description]

Parameters

schedule_id

Specify the required backup schedule.

new_name new_schedule_id

Optionally, specify a new name for the schedule. This is supported for all schedules.

frequency frequency

Optionally, specify a new frequency for the backup.

•daily: A daily frequency. This requires a backup_time but not an offset.

•hourly: An hourly frequency. This requires an offset but not a backup_time.

•monthly: A monthly frequency. This requires both an offset and a backup_time.

•weekly: A weekly frequency. This requires both an offset and a backup_time.

•user_defined: A customized frequency. This requires an offset but not a backup_time.

backup_time time

Optionally, specify a new backup time (HH:MM) for the schedule. This is supported for daily, weekly and monthly schedules only.

offset

Optionally, specify a new offset for the selected frequency type, which more closely specifies the point at which the backup will be taken:

•For daily schedules, no offset is supported.

•For an hourly schedule, the offsets represent every quarter of an hour, expressed as minutes. That is: 0, 15, 30 and 45.

•For monthly schedules, the offset is the day number on which the backup should be taken. This is limited to between 1 and 28.

•For user defined schedules, various offsets are available: 15min, hour, 12hour, week, month.

info description

Optionally, specify a new description for the schedule.

Usage Guidelines

Use the no ssc backup vtm-cluster create schedule <schedule_id> command to delete a specified schedule. You cannot delete a schedule that is in use.

You can associate a schedule with one or more clusters using the ssc cluster create cluster-name <cluster_id> schedule <schedule_id> command.

Examples

Related Commands

show ssc backup vtm-cluster schedules, ssc backup vtm-cluster update schedule, ssc cluster update cluster-name

ssh client generate identity user

Generates SSH client identity keys for the specified user. SSH provides secure log in for Windows and UNIX clients and servers.

Syntax

ssh client generate identity user user

Parameters

user

Specify the client user login.

Usage Guidelines

The no ssh client identity user <user> command disables SSH client identity keys for a specified user.

Examples

amnesiac (config) # ssh client generate identity user test

Related Commands

show ssh client

ssh client user authorized-key key sshv2

Sets the RSA encryption method by RSA Security and authorized-key for the SSH user.

Syntax

[no] ssh client user user authorized-key key sshv2 public-key

Parameters

user

Specify the user name. Must be an existing local user.

public-key

Specify the public key for SSH version 2 for the specified SSH user.

Usage Guidelines

The no command option disables the authorized-key encryption method.

Examples

amnesiac (config) # ssh client user admin authorized-key key sshv2 MyPublicKey

Related Commands

show ssh client

ssc cloud-reg create

Creates a cloud registration resource on the Services Director. This is required during automated self-registration of vTMs.

Syntax

ssc cloud-reg create reg-policy registration-policy [e-mail email-address] [owner owner] [[tag name]

Parameters

reg-policy registration-policy

Select a self-registration policy for the cloud registration resource. This is the self-registration policy that will be used during the evaluation of a cloud-based vTM's self-registration.

e-mail email-address

Optionally, specify a valid e-mail address that will be used to contact an administrator if required.

owner

Specify an owner for the cloud registration resource. This property is optional when the resource is created, but there is a mandatory validation of this property during the evaluation of a cloud-based vTM's self-registration.

tag

Optionally, enter a unique name for the cloud registration resource.

Usage Guidelines

Once you have created the cloud registration resource, you must use the show ssc cloud-reg user-data command to display the user data for the cloud registration resource. This text is required during the AWS instance creation wizard for the first cloud-based vTM in a cluster. See the Pulse Secure Services Director Getting Started Guide for full details of this process.

You cannot update a cloud registration resource once it is created.

Examples

*** list cloud registration resources ***
amnesiac (config) # ssc cloud-reg list
+-----------------+
| Message |
+-----------------+
| No record found |
+-----------------+

Related Commands

show ssc cloud-reg, show ssc cloud-reg user-data id, ssc cloud-reg delete, ssc cloud-reg list

ssc cloud-reg delete

Deletes a cloud registration resource on the Services Director.

Syntax

ssc cloud-reg delete id cloud-reg-id

Parameters

id cloud-reg-id

Select a cloud-registration resource that you want to delete.

Examples

*** list all cloud registration resources ***
amnesiac (config) # ssc cloud-reg list
+------------------------------+-------------------+
| ID | Tag |
+------------------------------+-------------------+
| UserData-ORI9-YXGU-37VY-3OPQ | jk-cloud-reg-01 |
| UserData-NVF1-TLGP-R7EY-RUUY | cloud-reg-demo-01 |
+------------------------------+-------------------+

*** delete a cloud registration resource ***
amnesiac (config) # ssc cloud-reg delete id jk-cloud-reg-01
+---------------------------------------------------------+
| Deleted |
+---------------------------------------------------------+
| Cloud Registration UserData-ORI9-YXGU-37VY-3OPQ deleted |
+---------------------------------------------------------+

*** list all cloud registration resources again ***
amnesiac (config) # ssc cloud-reg list
+------------------------------+-------------------+
| ID | Tag |
+------------------------------+-------------------+
| UserData-NVF1-TLGP-R7EY-RUUY | cloud-reg-demo-01 |
+------------------------------+-------------------+

Related Commands

show ssc cloud-reg, show ssc cloud-reg user-data id, ssc cloud-reg create, ssc cloud-reg list

ssc cloud-reg list

Displays a list of cloud registration resources on the Services Director.

Syntax

ssc cloud-reg list

Examples

amnesiac (config) # ssc cloud-reg list
+------------------------------+-------------------+
| ID | Tag |
+------------------------------+-------------------+
| UserData-ORI9-YXGU-37VY-3OPQ | jk-cloud-reg-01 |
| UserData-NVF1-TLGP-R7EY-RUUY | cloud-reg-demo-01 |
+------------------------------+-------------------+

Related Commands

show ssc cloud-reg, show ssc cloud-reg user-data id, ssc cloud-reg create, ssc cloud-reg delete

ssc cluster create cluster-name

Creates a User Created Services Director cluster.

Syntax

[no] ssc cluster create cluster-name name [schedule schedule_id] [owner cluster-owner] [analytics-profile profile-id]

Parameters

name

Specify a unique name for the cluster.

schedule schedule_id

Optionally, specify an existing backup schedule for the cluster.

owner owner

Optionally, specify an owner for the cluster.

analytics-profile profile-id

Optionally, specify an analytics profile for the cluster.

Usage Guidelines

This cluster is available for use by deployed vTMs only.

You cannot create a Discovered cluster using the CLI.

To delete an empty cluster, use the no ssc cluster cluster-name command.

Examples

Related Commands

show ssc cluster cluster-name, show ssc backup vtm-cluster schedules, ssc cluster list, ssc cluster update cluster-name

ssc cluster create template-name

Creates a User Created Services Director cluster based on a specified template.

Syntax

ssc cluster create template-name name [cluster-name cluster-id] [owner owner-id] [schedule schedule-id]

Parameters

template-name name

Identify the template you want to use.

cluster-name cluster-id

(Optional) Specify a cluster name. This will be used in preference to any template value.

owner owner-id

(Optional) Specify an owner for the cluster. This will be used in preference to any template value.

schedule schedule-id

(Optional) Specify a backup schedule for the cluster. This will be used in preference to any template value.

Usage Guidelines

Create clusters using parameters in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to create the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

This cluster is available for use by deployed vTMs only.

You cannot create a Discovered cluster using the CLI.

Examples

Related Commands

show ssc cluster cluster-name, show ssc backup vtm-cluster schedules, ssc cluster update template-name

ssc cluster list

Lists current clusters. This includes both Discovered and User Created clusters.

Syntax

ssc cluster list

Examples

amnesiac (config) # ssc cluster list
+-----------------------------+
| Cluster |
+-----------------------------+
| TK-327 |
| Violet-Cluster |
| TK-421 |
| Cluster-A1BQ-V577-V8NY-UIDZ |
+-----------------------------+

Related Commands

show ssc cluster cluster-name, show ssc backup vtm-cluster schedules, ssc cluster create cluster-name, ssc cluster update cluster-name

ssc cluster update cluster-name

Updates a Services Director cluster.

Syntax

ssc cluster update cluster-name name [schedule schedule_id] [new-cluster-name name] [status [Active | Inactive]]

Parameters

name

Specify the cluster name.

new-cluster-name

Specify a new tag for the cluster.

schedule

Specify a backup schedule for the cluster.

status [Active | Inactive]

Specify the status of the cluster:

•Active: Activates the cluster.

•Inactive: Deactivates the cluster. A cluster cannot be marked as Inactive if it is in use. A cluster cannot be reactivated after Inactive status has been specified.

analytics-profile

(Discovered clusters only) Specify an analytics profile for the cluster, using its tag or UUID. See also Usage Guidelines.

Usage Guidelines

Use the ssc cluster update cluster-name <cluster_id> schedule null command to detach delete the specified schedule.

Adding an analytics profile to a cluster will enable analytics on all vTMs in the cluster, providing that all required resources (analytics profiles, collection endpoints, search endpoints, and log-export resources) are defined. See the Pulse Secure Services Director Getting Started Guide for full details of this process.

Updating the selected analytics profile for a cluster will change the analytics configuration of all vTMs in the cluster.

Examples

Related Commands

show ssc cluster cluster-name, show ssc backup vtm-cluster schedules, ssc backup vtm-cluster create schedule

ssc cluster update template-name

Updates a Services Director cluster based on the specified template.

Syntax

ssc cluster update template-name template-name [new-cluster-name name] [schedule backup-schedule-id] [analytics-profile profile-id]

Parameters

template-name

Specify the template you want to use.

new-cluster-name

Specify a new tag for the cluster. This will be used in preference to any template value.

schedule

Specify a backup schedule for the cluster. This will be used in preference to any template value.

analytics-profile

(Discovered clusters only) Specify an analytics profile for the cluster, using its tag or UUID. This will be used in preference to any template value. See also Usage Guidelines.

Usage Guidelines

Update a cluster with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Updating the selected analytics profile for a cluster will change the analytics configuration of all vTMs in the cluster.

Examples

Related Commands

show ssc cluster cluster-name

ssc collection-endpoint create

Creates a new Collection Endpoint resource. This resource is used for vTM analytics.

Syntax

ssc collection-endpoint create txn-export-address address txn-tls Boolean log-export-address address auth-type value [auth-username username auth-password password] [auth-token HEC-token] [txn-tls-verify Boolean] [txn-export-cert Certificate] [log-export-cert Certificate] [name value]

Parameters

txn-export-address

The address that transaction data is exported to, in the form <server>:<port>.

For example: demo.com:7090

txn-tls

Indicates whether transaction data requires secure transmission. If true, you must also specify txn-export-cert, and you can optionally specify txn-tls-verify.

log-export-address

The address that log data is exported to, in the form <protocol><server>:<port><filepath>, where <protocol> can be either http:// or https://.

For example: http://demo.com:8080/logs/collector.

If protocol is set to https://, you must also specify log-export-cert.

auth-type value

The required authorization. This can be set to:

•"None": This indicates no authorization is required.

•"Basic": This indicates that basic HTTP authorization is required. You must also specify auth-username and auth-password.

•"Splunk": This indicates that authorization is performed on the Splunk®1 platform. You must also specify auth-token.

auth-username

The username for HTTP Basic authentication. This is required when auth-type is Basic.

auth-password

The password for HTTP Basic authentication. This is required when auth-type is Basic.

auth-token

The HEC authorization token required by the Splunk platform. This is required when auth-type is "Splunk".

txn-tls-verify

(Optional) If true, indicates that verification of the secure connection to the transaction collection endpoint is required.

log-tls-verify

(Optional) If true, indicates that verification of the secure connection to the log collection endpoint is required.

txn-export-cert

The certificate of the transaction export collection endpoint. This is required if txn-tls is true.

log-export-cert

The certificate of the log export collection endpoint. This is required if the <protocol> in log-export-address is https://.

name

(Optional) The customer-facing name for the collection endpoint resource. If this is not set, the tag is set to the UUID value for the resource.

Usage Guidelines

This command is only used for Collection Endpoint resources. Search Endpoint resources are handled separately, by an equivalent "search-endpoint" command.

Examples

Related Commands

show ssc collection-endpoint, ssc collection-endpoint delete, ssc collection-endpoint list, ssc collection-endpoint update

ssc collection-endpoint delete

Delete a Collection Endpoint resource. This resource is used for vTM analytics.

Syntax

ssc collection-endpoint delete name endpoint-id

Parameters

name endpoint-id

The identifier for the collection endpoint resource, either its tag or its UUID.

Usage Guidelines

This command is only used for Collection Endpoint resources. Search Endpoint resources are handled separately, by an equivalent "search-endpoint" command.

Examples

*** list all collection endpoints ***
amnesiac (config) # ssc collection-endpoint list
+-----------------------------------------+------------------+
| ID | Tag |
+-----------------------------------------+------------------+
| Collection-Endpoint-4N4H-0NL1-T02T-PZZ7 | JK-Collection-04 |
| Collection-Endpoint-9D37-B16X-75XG-3K8W | JK-Collection-01 |
| Collection-Endpoint-1EGK-KLKN-R6RB-JDLK | JK-Collection-02 |
| Collection-Endpoint-U3FX-MTKU-WSY6-WZ99 | JK-Collection-03 |
| Collection-Endpoint-YKKP-2S6C-VLMM-7L76 | JK-Collection-05 |
+-----------------------------------------+------------------+

*** delete an endpoint ***
amnesiac (config) # ssc collection-endpoint delete name JK-Collection-05
+--------------------------------------------------------------------+
| Deleted |
+--------------------------------------------------------------------+
| Analytics Endpoint Collection-Endpoint-YKKP-2S6C-VLMM-7L76 deleted |
+--------------------------------------------------------------------+

*** list all collection endpoints to confirm deletion ***
amnesiac (config) # ssc collection-endpoint list
+-----------------------------------------+------------------+
| ID | Tag |
+-----------------------------------------+------------------+
| Collection-Endpoint-4N4H-0NL1-T02T-PZZ7 | JK-Collection-04 |
| Collection-Endpoint-9D37-B16X-75XG-3K8W | JK-Collection-01 |
| Collection-Endpoint-1EGK-KLKN-R6RB-JDLK | JK-Collection-02 |
| Collection-Endpoint-U3FX-MTKU-WSY6-WZ99 | JK-Collection-03 |
+-----------------------------------------+------------------+

Related Commands

show ssc collection-endpoint, ssc collection-endpoint create, ssc collection-endpoint list, ssc collection-endpoint update

ssc collection-endpoint list

Lists all Collection Endpoint resources. These resources are used for vTM analytics.

Syntax

ssc collection-endpoint list

Usage Guidelines

This command is only used for Collection Endpoint resources. Search Endpoint resources are handled separately, by an equivalent "search-endpoint" command.

Examples

Related Commands

show ssc collection-endpoint, ssc collection-endpoint create, ssc collection-endpoint delete, ssc collection-endpoint update

ssc collection-endpoint update

Updates a Collection Endpoint resource. This resource is used for vTM analytics.

Syntax

ssc collection-endpoint update name endpoint-id [txn-export-address address] [txn-tls Boolean] [log-export-address address] [auth-type value] [auth-username username] [auth-password password] [auth-token HEC-token] [txn-tls-verify Boolean] [txn-export-cert Certificate] [log-export-cert Certificate] [new-name value]

Parameters

name

Specify a unique identifier for the collection endpoint, either its tag or UUID.

txn-export-address

The address that transaction data is exported to, in the form <server>:<port>.

For example: demo.com:7090

txn-tls

Indicates whether transaction data requires secure transmission. If true, txn-export-cert is required, and txn-tls-verify is optional.

log-export-address

The address that log data is exported to, in the form <protocol><server>:<port><filepath>, where <protocol> can be either http:// or https://.

For example: http://demo.com:8080/logs/collector.

If protocol is set to https://, log-export-cert is required.

auth-type

The required authorization. This can be set to:

•"None": This indicates no authorization is required.

•"Basic": This indicates that basic HTTP authorization is required. If used, auth-username and auth-password are required.

•"Splunk": This indicates that authorization is performed on the Splunk platform. You must also specify auth-token.

auth-username

The username for HTTP Basic authentication. This is required when auth-type is "Basic".

auth-password

The password for HTTP Basic authentication. This is required when auth-type is "Basic".

auth-token

The HEC token from your Splunk platform. This is required when auth-type is "Splunk".

txn-tls-verify

If true, indicates that verification of the secure connection to the transaction collection endpoint is required.

log-tls-verify

If true, indicates that verification of the secure connection to the log collection endpoint is required.

txn-export-cert

The certificate of the transaction export collection endpoint. This is required if txn-tls is true.

log-export-cert

The certificate of the log export collection endpoint. This is required if the <protocol> in log-export-address is https://.

new-name

(Optional) A replacement name for the collection endpoint resource.

Usage Guidelines

This command is only used for Collection Endpoint resources. Search Endpoint resources are handled separately, by an equivalent "search-endpoint" command.

Examples

Related Commands

show ssc collection-endpoint, ssc collection-endpoint create, ssc collection-endpoint delete, ssc collection-endpoint list

ssc database local bind-address

Sets the local MySQL database bind address.

Syntax

[no] ssc database local bind-address ip-addr

Parameters

ip-addr

Specify the IP address.

ssc database local username name password password

Parameters

name

Specify the username for the local database.

password

Specify the password for the local database.

Examples

amnesiac (config) # ssc database local username ssc password abcd1234
+-------------+-------------+
| DB Username | DB Password |
+-------------+-------------+
| ssc | abcd1234 |
+-------------+-------------+

Related Commands

show ssc database local credentials

ssc database remote address

Sets the hostname or IP address of the remote database.

Syntax

[no] ssc database remote address address

Parameters

address

Specify the hostname or IP address of the remote database.

Usage Guidelines

Use the no command option to delete the remote database address.

Examples

Usage Guidelines

Use the no command option to delete the remote port.

Examples

amnesiac (config) # ssc database remote port 1234

Related Commands

show ssc database remote

ssc database use-local

Sets the Services Director to use the local MySQL database.

Syntax

[no] ssc database use-local

Usage Guidelines

Use the no command option to stop using the local MySQL database.

Examples

amnesiac (config) # ssc database use-local

Related Commands

show ssc database remote

ssc feature-pack create fpname

Creates a Feature Pack resource for the Services Director.

Syntax

ssc feature-pack create fpname name [skus sku-list |[stm-sku sku-name [add-on-skus add-on-SKU-list]] [excluded feature-list] [info description]

Parameters

name

Specify a unique name for the Feature Pack.

skus

(For newer SKUs) Specify a base SKU and one or more additional SKUs. This is a comma-separated list enclosed in double quotes.

stm-sku

(Older base SKUs) Specify the base SKU on which the Feature Pack is based. This is limited to SKUs compatible with your Services Director license. If you specify this, you can also specify add-on-skus.

excluded list

(Optional) Specify a comma-separated list of features in double quote marks from the base SKU that are excluded. This includes:

•ts: Excludes TrafficScript

•comp: Excludes compression

•cache: Excludes caching

•glb: Excludes global load balancing

•bwm: Excludes bandwidth management classes

•rate: Excludes rate shaping classes

•slm: Excludes service level monitoring

•auto: Excludes autoscaling

•afm: Excludes use of SAF

•apt: Excludes use of Aptimizer.

This list is a comma-separated list enclosed in double quote marks. A complete list can be seen using the show ssc sku sku-name command for your SKU.

add-on-skus

(Older base SKUs) Optionally, specify a list of feature SKUs to be associated with the stm-sku base SKU. This includes:

•ADD-FIPS: Federal Information Processing Standards (FIPs)

•ADD-WAF: Virtual Web Application Firewall

•ADD-WEBACCEL: Web Content Accelerator.

This list is a comma-separated list enclosed in double quote marks.

info

Optionally, specify information about the feature pack.

Usage Guidelines

A Feature Pack is a subset (or total set) of the features in a Traffic Manager SKU. The Feature Pack can be applies to vTM instances.

You can view a list of available features for your SKU using the show ssc sku sku-name. You can then specify any of these for exclusion.

The properties that you specify will depend on your base SKU:

•For older SKUs (such as STM-400), you specify the stm-sku and add-on-skus properties.

•For newer SKUs (such as ENT-ADVANCED), you specify the skus property. This is a comma-separated list of SKUs enclosed in double quote marks.

Examples

*** list available Feature Packs ***
amnesiac (config) # ssc feature-pack list
+-------------------+
| FeaturePack |
+-------------------+
| ENT-ADVANCED_full |
+-------------------+

*** list available SKUs ***
amnesiac (config) # ssc sku list
+----------------+
| Sku |
+----------------+
| ENT-ADVANCED |
| ENT-ENTERPRISE |
| ENT-ENTM |
| ENT-WAFPROXY |
| STM-100 |
| STM-200 |
| STM-300 |
| STM-400 |
| STM-WAFPROXY |
+----------------+

*** show details for your SKU to see its list of available features ***

amnesiac (config) # show ssc sku sku-name ENT-ADVANCED

+---------------------+-----------------------------------------------------------

| Field | Value

+---------------------+-----------------------------------------------------------

| status | Active

| pricing_model | prepaid

| add_on_skus | []

| feature_tier | Advanced

| features | anlyt : Enable Realtime Analytics.

| | auto : Enable Autoscaling.

| | bwm : Enable Bandwidth Management classes.

| | cache : Enable Web Caching

| | comp : Enable Compression

| | cr : Do not limit the user to cut-down RuleBuilder ...

| | evnts : Enable Events and Actions

| | glb : Enable Global Load Balancing

| | java : Enable Java.

| | lbcel : Array of cells.

| | lbcon : Least connection based.

| | lbfail: Balance failure class (used only for testing & ...

| | lbone : Always choose first node in a pool (used only ...

| | lbrnd : Random.

| | lbrob : Round robin.

| | lbrsp : Fastest response times.

| | lbwcon: Weighted least connection based.

| | lbwrob: Weighted round robin.

| | loca : Enable Location support.

| | moni : Enable Active Monitors

| | rate : Enable Rate Shaping classes.

| | rb : Do not limit the user to RuleBuilder for ...

| | rhi : Route Health Injection.

| | slm : Enable Service Level Monitoring.

| | ssl : Enable SSL

| | svcprt: Enable Service Protection classes

| | ts : Enable TrafficScript

| | xml : Enable XML functions in TrafficScript.

| info | ENT Advanced

| stm_sku | ENT-ADVANCED

| fixed_resource_usage| None

| ent | True

| resource_unit | Mbps

| csp | False

+---------------------+-----------------------------------------------------------

Related Commands

show ssc feature-pack fpname, ssc feature-pack list, ssc feature-pack update fpname

ssc feature-pack create template-name

Creates a feature pack based on an existing template.

Syntax

Parameters

name

Specify a unique name for the feature pack template.

fpname name

Specify a unique name for the feature pack.

stm-sku sku-name

Specify the SKU Traffic Manager on which the feature pack is based. This is limited to SKUs compatible with your Services Director license.

excluded list]

Optionally, specify a list of features from the parent SKU that are excluded. These features include:

•afm: Excludes use of SAF.

•apt: Excludes use of Aptimizer

•auto: Excludes autoscaling

•bwm: Excludes bandwidth management classes

•comp: Excludes compression

•cache: Excludes caching

•glb: Excludes global load balancing

•rate: Excludes rate shaping classes

•slm: Excludes service level monitoring

•ts: Excludes TrafficScript

This list is a comma-separated list enclosed in double quote marks. A complete list can be seen using the show ssc sku sku-name command for your SKU.

info description

Optionally, specify information about the feature pack.

add-on-skus list

Optionally, specify a list of feature SKUs to be associated with the parent SKU:

•ADDFIPS: Federal Information Processing Standards (FIPs)

•ADDWAF: Virtual Web Application Firewall

•ADDWEBACCEL: Web Content Accelerator

This list is a comma-separated list enclosed in double quote marks.

Usage Guidelines

A feature pack is a subset of a Traffic Manager SKU. A SKU contains a defined feature set for the Traffic Manager that you can apply to instances.

You can view a list of available features for your SKU using the show ssc sku sku-name command. You can then specify any of these for exclusion.

Create feature-packs with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to create the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc feature-pack create template-name fptemp-1 fpname fp-1

Related Commands

show ssc feature-pack fpname, ssc template create template-name

ssc feature-pack list

Lists Services Director feature packs.

Syntax

ssc feature-pack list

Examples

Related Commands

show ssc feature-pack fpname, ssc feature-pack create fpname, ssc feature-pack update fpname

ssc feature-pack update fpname

Updates a Services Director feature pack.

Syntax

ssc feature-pack update fpname name [info description] [status [Active | Inactive]]

Parameters

name

Identify the Feature Pack using its tag or UUID.

info

Specify a description of the feature pack.

status

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated.

Usage Guidelines

You can update a limited number of Feature Pack properties.

You cannot update the majority of properties for a Feature Pack, such as the SKUs that it uses. You must instead create a new Feature Pack and apply it to affected vTMs. This may be required when enabling analytics on a cluster of vTMs. Refer to the Pulse Secure Services Director Getting Started Guide for full details.

You cannot delete a Feature Pack. However, you can permanently set its status to Inactive.

Examples

Related Commands

show ssc feature-pack fpname, ssc feature-pack create fpname, ssc feature-pack list

ssc feature-pack update template-name

Updates a Services Director feature pack based on the specified template.

Syntax

ssc feature-pack update template-name name | [fpname name] | [info description] | [status Active | Inactive]]

Parameters

name

Specify the template name.

name

Specify the feature pack name.

info description

Specify information about the feature pack.

status

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

Usage Guidelines

Update a feature-pack with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc feature-pack update template-name fptemp fpname fp1 status Inactive

Related Commands

show ssc feature-pack fpname, ssc template create template-name

ssc high-avail certificate

Displays the high availability certificate for a high availability node.

Syntax

ssc high-avail certificate host-or-ip-addr

Parameters

host-or-ip-addr

Specify the host name or IP address of a high availability node.

Usage Guidelines

This command is identical to the show ssc high-avail list command.

Examples

| PEM | -----BEGIN CERTIFICATE-----
| | MIIDXTCCAkUCCEs9poyyQcRZMA0GCSqGSIb3DQEBBQUAMHExSDFGFJ
| | .
| | . (certificate)
| | .
| | f6vS3P/U3/sIH3aJMQwD11+zNeQ/FXC+CCdFPx2qLvZ2Kpk3La153
| | 7cbGLjCk+QaRhA==
| | -----END CERTIFICATE-----
+---------------------+------------------------------------------------------

Related Commands

show ssc feature-pack fpname, ssc feature-pack create fpname

ssc high-avail file-replication reset

Resets the file replication service for the current HA pair.

Syntax

ssc high-avail file-replication reset

Examples

amnesiac (config) # ssc high-avail file-replication reset

Related Commands

ssc high-avail list

ssc high-avail create

Creates a Primary standalone Services Director from the current node. This command is useful to change the role of a Services Director after an ejection or other failure.

Syntax

ssc high-avail create traffic-ip IP-or-hostname

Parameters

traffic-ip

The IP address or host name of the required Service Endpoint Address.

Usage Guidelines

This command will be destructive to an HA pair if the current node is in an HA pair.

If you want to change the Standby node of an HA pair into an Active node, use the ssc high-avail force-failover command.

This command completes in the background. Use ssc high-avail reset to check its progress.

Examples

*** current HA status of current node (was a Standby) after ejection ***
amnesiac (config) # ssc high-avail list
+---+-----------------+-----+----------+------+----------- ...
| # | Cluster IP/Name | TIP | Database | Role | DB Health ...
+---+-----------------+-----+----------+------+----------- ...
+---+-----------------+-----+----------+------+----------- ...
... -+-------------------+----------------+--------+----------+--------+
... | Gluster FS Health | SSC Web Health | System | Serial # | Status |
... -+-------------------+----------------+--------+----------+--------+
... -+-------------------+----------------+--------+----------+--------+

*** initiate the change to a standalone Primary for the current node ***
amnesiac (config) # ssc high-avail create traffic-ip 10.62.167.203
+---+-----------------+-----+----------+------+----------- ...
| # | Cluster IP/Name | TIP | Database | Role | DB Health ...
+---+-----------------+-----+----------+------+----------- ...
| | 10.62.167.199 | | | | ...
+---+-----------------+-----+----------+------+----------- ...
... +-------------------+----------------+--------+----------+----------+
... | Gluster FS Health | SSC Web Health | System | Serial # | Status |
... +-------------------+----------------+--------+----------+----------+
... | | | | | Creating |
... +-------------------+----------------+--------+----------+----------+

Related Commands

ssc high-avail failover, ssc high-avail join, ssc high-avail list

ssc high-avail diagnose

Diagnoses causes for HA pair errors on the current node, and proposes available solutions.

Syntax

ssc high-avail diagnose

Usage Guidelines

This command can be run on either the Active or Standby nodes. The diagnostic inspects the states of the three modules:

•web service

•database

•filestore replication

Based on the health of each module, the diagnostic command returns an instruction set which the user can follow to troubleshoot the issues.

Examples

*** When there are errors (example) ***
amnesiac (config) # ssc high-avail diagnose

*** When there are no errors ***
amnesiac (config) # ssc high-avail diagnose

+-----------+------------+-------------------+
| DB Status | SSC Status | Traffic IP Status |
+-----------+------------+-------------------+
| ok | ok | ok |
+-----------+------------+-------------------+
+-----------+-------+
| Solutions | Steps |
+-----------+-------+
+-----------+-------+

Related Commands

ssc high-avail discover, ssc high-avail eject, ssc high-avail ejectall, ssc high-avail failover, ssc high-avail force-failover, ssc high-avail force-standby, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail discover

Displays Primary Services Director nodes in the current subnet that do not belong to an HA pair.

Syntax

ssc high-avail discover

Examples

amnesiac (config) # ssc high-avail disc
+------------------+---------------------+
| Primary Hostname | Primary Server's IP |
+------------------+---------------------+
| axon-08 | 10.62.98.88 |
| axon-0b | 10.62.98.91 |
| dvenkman-0f | 10.62.98.79 |
| jsorrentino-01 | 10.62.99.193 |
| jsorrentino-03 | 10.62.99.195 |
| tkumar-24 | 10.62.99.164 |
| jsorrentino-1f | 10.62.101.255 |
| jwhitehouse-1a | 10.62.101.42 |
+------------------+---------------------+

Related Commands

ssc high-avail diagnose, ssc high-avail eject, ssc high-avail ejectall, ssc high-avail failover, ssc high-avail force-failover, ssc high-avail force-standby, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail eject

Ejects a specified Standby node from the current HA pair.

Syntax

ssc high-avail eject IP-or-hostname

Parameters

IP-or-hostname

The IP address or host name of the Standby node to be ejected.

Usage Guidelines

This command must be used from the Active node.

Services Director supports a single Standby node.

Examples

*** check current HA configuration from Active node ***
amnesiac (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+-------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+-------- ...
| 1 | 10.62.167.201 | 10.62.167.202 | 10.62.167.201:3306 | Active ...
| 2 | 10.62.167.199 | | 10.62.167.199:3306 | Standby ...
+---+-----------------+---------------+--------------------+-------- ...

*** eject the Standby node ***
amnesiac (config) # ssc high-avail eject 10.62.167.199
+---+-----------------+---------------+--------------------+-------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+-------- ...
| 1 | 10.62.167.201 | 10.62.167.202 | 10.62.167.201:3306 | Active ...
+---+-----------------+---------------+--------------------+-------- ...

Related Commands

ssc high-avail diagnose, ssc high-avail discover, ssc high-avail ejectall, ssc high-avail failover, ssc high-avail force-failover, ssc high-avail force-standby, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail ejectall

Ejects all Standby nodes, and tidies all the Standby node metadata/configurations from the Active node. This command can be run even when there is no Standby node.

Syntax

ssc high-avail ejectall

Usage Guidelines

This command must be used from the Active node.

Services Director supports a single Standby node.

Examples

*** eject the Standby node ***
amnesiac (config) # ssc high-avail ejectall
+---+-----------------+---------------+--------------------+-------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+-------- ...
| 1 | 10.62.167.201 | 10.62.167.202 | 10.62.167.201:3306 | Active ...
+---+-----------------+---------------+--------------------+-------- ...

Related Commands

ssc high-avail diagnose, ssc high-avail discover, ssc high-avail eject, ssc high-avail failover, ssc high-avail force-failover, ssc high-avail force-standby, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail failover

This command performs a failover from the Standby node of an HA pair.

Syntax

ssc high-avail failover backup-node IP-or-hostname

Parameters

backup-node IP-or-hostname

The IP address or host name of the Standby node. You must issue this command from this Standby node.

Usage Guidelines

Both Active and Standby nodes must be healthy to perform a failover.

As a result of the failover:

•The current Active and Standby nodes will exchange roles.

•The new Active node takes control of the HA pair for all purposes.

•The SEA/TIP points to the now-Active node.

This command completes in the background. Use ssc high-avail reset to check its progress.

Examples

*** initiate failover from the Standby node ***
amnesiac (config) # ssc high-avail failover backup-node 10.62.167.199
Successfully initiated failover on Standby node(10.62.167.199).
Please check [ssc high-avail list] for status

*** Active and Standby have exchanged places, and SEA/TIP has moved ***

Related Commands

ssc high-avail diagnose, ssc high-avail discover, ssc high-avail eject, ssc high-avail ejectall, ssc high-avail force-failover, ssc high-avail force-standby, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail force-failover

This command enables you to perform a failover operation from a healthy Standby node after the Active node becomes unhealthy.

Syntax

ssc high-avail force-failover

Usage Guidelines

This command is different from a regular failover, because the Active node is unhealthy in this case. A regular failover is only supported when both the Active and Standby nodes are healthy.

As a result of the forced failover:

•The current Standby nodes becomes the Active node.

•The SEA/TIP points to the now-Active node.

•The outcome on the unhealthy Active node depends on whether it can be contacted. If the unhealthy Active node can be contacted, it will become the Standby node. The Standby node remains unhealthy until repaired. If the unhealthy Active node cannot be contacted, it will remain as an Active node. When this node is repaired and returned to a healthy state, a "split brain" scenario will result. That is, two healthy nodes in an HA pair both believe themselves to be the Active node, and that the other node is the Standby.

See ssc high-avail join for details of the "split brain" scenario, and for instructions on how to recover from it.

This command completes in the background. Use ssc high-avail reset to check its progress.

Examples

In this example:

•The unhealthy Active node is amnesiac-01 (10.62.167.193).

•The healthy Standby node is amnesiac-02 (10.62.167.194)

•The Service Endpoint Address (TIP) is 10.62.167.195.

*** View the status of the HA pair from the healthy Standby node ***
*** The Active node is unhealthy, the Standby node is healthy ***
amnesiac-02 (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+--------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+--------- ...
| 1 | 10.62.167.194 | | 10.62.167.194:3306 | Standby ...
| 2 | 10.62.167.193 | 10.62.167.195 | N/A | Active ...
+---+-----------------+---------------+--------------------+--------- ...

Related Commands

ssc high-avail diagnose, ssc high-avail discover, ssc high-avail eject, ssc high-avail ejectall, ssc high-avail failover, ssc high-avail force-standby, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail force-standby

Performs a forced standby of an Active node.

Syntax

ssc high-avail force-standby

Usage Guidelines

This command is intended as a way to recover from the "split brain" scenario. That is, two healthy nodes in an HA pair both believe themselves to be the Active node, and that the other node is the Standby.

This scenario is possible after a failed force-failover command (see ssc high-avail force-failover).

After this failure:

•The original Active node is unhealthy/uncontactable, and still configured as the Active node in an HA pair. Once repaired, it will show as healthy.

•The original Standby node is now the healthy current Active node.

To confirm this, log into both the Active and the Standby and check the list the high availability status of each. Each will show itself as Active and healthy. To resolve the "split brain", perform a force-standby on the original Active node. This performs the following actions:

•Switches the original Active node to be the new Standby.

•The HA pair reforms.

This command completes in the background. Use ssc high-avail reset to check its progress.

Examples

In this example:

•The original Active node (which failed by is now repaired) is amnesiac-01 (10.62.167.193).

•The new Active node (the original Standby) is amnesiac-02 (10.62.167.194)

•The Service Endpoint Address (TIP) is 10.62.167.195.

*** check the HA status of the original (repaired) Active node ***
amnesiac-01 (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+--------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+--------- ...
| 1 | 10.62.167.194 | | 10.62.167.194:3306 | Standby ...
| 2 | 10.62.167.193 | 10.62.167.195 | 10.62.167.193:3306 | Active ...
+---+-----------------+---------------+--------------------+--------- ...

*** check the high availability status of the new Active node ***
amnesiac-02 (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+--------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+--------- ...
| 1 | 10.62.167.194 | 10.62.167.195 | 10.62.167.194:3306 | Active ...
| 2 | 10.62.167.193 | | N/A | N/A ...
+---+-----------------+---------------+--------------------+--------- ...

*** initiate the force-standby from the original Active node ***
amnesiac-01 (config) # ssc high-avail force-standby

*** from the new Active node, check status - the HA pair dissolves ***
amnesiac-02 (config) # ssc high-avail list
+---+-----------------+----- ... -+-----------------------+
| # | Cluster IP/Name | TIP ... | Status |
+---+-----------------+----- ... -+-----------------------+
| 1 | 10.62.167.194 | 10. ... | Active |
| 1 | 10.62.167.193 | ... | File System detaching |
+---+-----------------+----- ... -+-----------------------+

*** The HA pair begins to reform ***
amnesiac-02 (config) # ssc high-avail list
+---+-----------------+----- ... -+----------+
| # | Cluster IP/Name | TIP ... | Status |
+---+-----------------+----- ... -+----------+
| 1 | 10.62.167.194 | ... | Creating |
| 1 | 10.62.167.193 | ... | Creating |
+---+-----------------+----- ... -+----------+

*** after a few minutes, the force-standby completes ***
amnesiac-02 (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+--------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+--------- ...
| 1 | 10.62.167.194 | 10.62.167.195 | 10.62.167.193:3306 | Active ...
| 2 | 10.62.167.193 | | 10.62.167.194:3306 | Standby ...
+---+-----------------+---------------+--------------------+--------- ...

*** confirm this result from the new Standby node ***
amnesiac-01 (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+--------- ...
| # | Cluster IP/Name | TIP | Database | Role ...
+---+-----------------+---------------+--------------------+--------- ...
| 1 | 10.62.167.194 | 10.62.167.195 | 10.62.167.193:3306 | Active ...
| 2 | 10.62.167.193 | | 10.62.167.194:3306 | Standby ...
+---+-----------------+---------------+--------------------+--------- ...

Related Commands

ssc high-avail diagnose, ssc high-avail discover, ssc high-avail eject, ssc high-avail ejectall, ssc high-avail failover, ssc high-avail force-failover, ssc high-avail join, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail join

Joins the current unpaired Services Director node to a specified Primary Services Director node.

Syntax

ssc high-avail join IP-or-hostname

Parameters

IP-or-hostname

The IP address or host name of the Primary node.

Usage Guidelines

This command initially reports that an attempt to join is in progress, but completes in the background. Use ssc high-avail reset to check the progress of the join process.

Examples

*** confirm node is not in an HA pair ***
amnesiac (config) # ssc high-avail list
+---+-----------------+-----+----------+------+- ...
| # | Cluster IP/Name | TIP | Database | Role |
+---+-----------------+-----+----------+------+- ...
+---+-----------------+-----+----------+------+- ...
amnesiac (config) # ssc high-avail discover
+------------------+---------------------+
| Primary Hostname | Primary Server's IP |
+------------------+---------------------+
| jsorrentino-08 | 10.62.166.200 |
| jkumar-24 | 10.62.167.164 |
| jkelly-09 | 10.62.167.201 |
| jsorrentino-14 | 10.62.168.244 |
| jwhitehouse-1a | 10.62.168.42 |
+------------------+---------------------+

amnesiac (config) # ssc high-avail join 10.62.167.201
+---+-----------------+-----+- ... -+--------------+
| # | Cluster IP/Name | TIP | ... | Status |
+---+-----------------+-----+- ... -+--------------+
| 1 | 10.62.167.199 | | ... | Node joining |
+---+-----------------+-----+- ... -+--------------+

amnesiac (config) # ssc high-avail list
+---+-----------------+-----+ ... -+---------------------+
| # | Cluster IP/Name | TIP | ... | Status |
+---+-----------------+-----+- ... -+---------------------+
| 1 | 10.62.167.199 | | ... | File System joining |
+---+-----------------+-----+- ... -+---------------------+

amnesiac (config) # ssc high-avail list
+---+-----------------+---------------+--------------------+- ...
| # | Cluster IP/Name | TIP | Database | ...
+---+-----------------+---------------+--------------------+- ...
| 1 | 10.62.167.201 | 10.62.167.202 | 10.62.167.201:3306 | ...
| 2 | 10.62.167.199 | | 10.62.167.199:3306 | ...
+---+-----------------+---------------+--------------------+- ...
... +---------+-----------+-------------------+---------------- ...
... | Role | DB Health | Gluster FS Health | SSC Web Health ...
... +---------+-----------+-------------------+---------------- ...
... | Active | Healthy | Healthy + Healthy ...
... | Standby | Healthy | Healthy + Healthy ...
... +---------+-----------+-------------------+---------------- ...
... -----------------------------+--------------+--------+
... System | Serial # | Status |
... -----------------------------+--------------+--------+
... rbt_ssc 2.3.0-mainline #134 | 005056A60F7D | Active |
... rbt_ssc 2.3.0-mainline #134 | 005056A677D3 | Active |
... -----------------------------+--------------+--------+

Related Commands

ssc high-avail diagnose, ssc high-avail discover, ssc high-avail eject, ssc high-avail ejectall, ssc high-avail failover, ssc high-avail force-failover, ssc high-avail force-standby, ssc high-avail list, ssc high-avail reset, ssc high-avail update

ssc high-avail list

Displays a list of nodes in the current HA pair.

Syntax

ssc high-avail list

Usage Guidelines

For a standalone Services Director, only one node is listed.

This command is identical to the show ssc host host-name command.

Examples

*** for a node that is not in an HA pair ***
+---+-----------------+---------------+-------------------- ...
| # | Cluster IP/Name | TIP | Database ...
+---+-----------------+---------------+-------------------- ...
+---+-----------------+---------------+-------------------- ...
... +---------+-----------+-------------------+---------------- ...
... | Role | DB Health | Gluster FS Health | SSC Web Health ...
... +---------+-----------+-------------------+---------------- ...
... +---------+-----------+-------------------+---------------- ...
... +------------------------------+--------------+--------+
... | System | Serial # | Status |
... +------------------------------+--------------+--------+
... +------------------------------+--------------+--------+

Related Commands

ssc high-avail reset

Performs a factory reset on the current high availability node. This erases the entire HA configuration.

Syntax

ssc high-avail reset

Usage Guidelines

After this command completes, the Services Director must be restarted.

After using this command, you can use:

•ssc high-avail diagnose to create a standalone node.

•ssc high-avail list to join an HA pair.

Examples

*** remove this node (Standby) from its HA pair ***
amnesiac (config) # ssc high-avail reset
+---+-----------------+---------------+-------------------- ...
| # | Cluster IP/Name | TIP | Database ...
+---+-----------------+---------------+-------------------- ...
+---+-----------------+---------------+-------------------- ...
... +---------+-----------+-------------------+---------------- ...
... | Role | DB Health | Gluster FS Health | SSC Web Health ...
... +---------+-----------+-------------------+---------------- ...
... +---------+-----------+-------------------+---------------- ...
... +------------------------------+--------------+--------+
... | System | Serial # | Status |
... +------------------------------+--------------+--------+
... +------------------------------+--------------+--------+

This command is identical to the ssc high-avail token add command.

ssc high-avail token remove

Removes the high availability access token from the current node. This can be either a node in an HA pair, and on standalone node.

Syntax

ssc high-avail token token-id

Parameters

token token-id

The token ID. Use ssc high-avail token add to display this for the current node.

Examples

*** list current token ***
amnesiac (config) # ssc high-avail token
+--------------------------------------+------------------------- ...
| Token ID | Access Token ...
+--------------------------------------+------------------------- ...
| 3f4a1f71-665c-46e7-aa30-11f2abd6a06d | eyJhdWQiOiAiaHgJaTgRdPcA ...
| | ZW4iLCAiaXNzIjHGwEFggTAf ...
| | ZG1pbiIsICJqdGKjHgkkjGhj ...
| | ZDZhMDZkIiwgImLjhFerwFGH ...
+--------------------------------------+------------------------- ...
... -----------------------+-------------+
... | Description |
... -----------------------+-------------+
... BpL2NvbW1vbi8xLjAvdG9r | cluster |
... AxIiwgInBybiI6ICJsai1h | |
... 00NmU3LWFhMzAtMTFmMmFi | |
... IxNDQxMjYyMTc2In0= | |
... -----------------------+-------------+

*** remove current HA access token ***
amnesiac (config) # ssc high-avail token remove 3f4a1f71-665c-46e7-aa30-11f2abd6a06d
Token ID '3f4a1f71-665c-46e7-aa30-11f2abd6a06d' removed successfully.

*** confirm removal ***
amnesiac (config) # ssc high-avail token
+----------+--------------+-------------+
| Token ID | Access Token | Description |
+----------+--------------+-------------+
+----------+--------------+-------------+

Related Commands

ssc high-avail token, ssc high-avail token add, ssc high-avail token generate, ssc high-avail token list

ssc high-avail update

Updates the Service Endpoint Address of an HA pair (or standalone Services Director).

Syntax

ssc high-avail update traffic-ip IP-or-hostname

Parameters

traffic-ip

The IP address or host name of the new Service Endpoint Address.

Usage Guidelines

This command can be issued from either the Active or the Standby node.

Do not use this command from the Service Endpoint Address node. The command will fail.

This command affects FLA licensing for vTMs:

•Any Legacy FLA licenses that were created to service the current Service Endpoint Address will fail when the Service Endpoint Address changes. To fix this, generate a new Legacy FLA based on the new Service Endpoint Address.

•Any Universal FLA licenses that are tied to the current Service Endpoint Address will need to be relicensed (see ssc instance relicense instance-name).

After this command completes, a restart of your Services Director service is required.

Examples

*** display the current Service Endpoint Address (TIP) ***
amnesiac (config) # ssc high-avail list
+---+-----------------+---------------+-------------------- ...
| # | Cluster IP/Name | TIP | Database ...
+---+-----------------+---------------+-------------------- ...
| 1 | 10.62.167.201 | 10.62.167.200 | 10.62.167.201:3306 ...
| 2 | 10.62.167.199 | | 10.62.167.199:3306 ...
+---+-----------------+---------------+-------------------- ...

*** change the Service Endpoint Address (TIP) ***
amnesiac (config) # ssc high-avail update traffic-ip 10.62.167.202
+---+-----------------+---------------+-------------------- ...
| # | Cluster IP/Name | TIP | Database ...
+---+-----------------+---------------+-------------------- ...
| 1 | 10.62.167.201 | 10.62.167.202 | 10.62.167.201:3306 ...
| 2 | 10.62.167.199 | | 10.62.167.199:3306 ...
+---+-----------------+---------------+-------------------- ...

*** restart the service ***
amnesiac (config) # ssc service restart

Related Commands

ssc host add host-name

Adds a Services Director instance host.

Syntax

Parameters

host-name name

Specify a unique name for this resource.

host-user name

(DEPRECATED) Specify the host administrator user name; you must specify sscadmin.

host-pass password

(DEPRECATED) Specify the host administrator password; the default value is password.

username user

Specify the user for SSH access; this user must be root.

usage-info description

(DEPRECATED) This property is not used.

retained-info-dir directory

(DEPRECATED) This property is not used.

max-instances number

The number of instances that you can create on this host.

cpu-cores string

(DEPRECATED) This property is not used.

info description

(Optional) Specify descriptive information.

Usage Guidelines

Use the no ssc host hostname <name> to delete the host.

Examples

amnesiac (config) # ssc host add host-name test-demo1 host-user sscadmin host-pass password username root

Related Commands

show ssc host host-name, ssc host update host-name

ssc host add template-name

Adds a Services Director host based on a template. Optionally, adds or changes the current values for the new host.

Syntax

Parameters

name

Specify the unique name for the template.

host-name name

Optionally, specify the host name.

host-user name

Optionally, specify the administrator user name. The default value is sscadmin.

host-pass admin-password

Optionally, specify the administrator password; the default value is password.

username user

Optionally, specify the user for SSH access; this user must be root.

retained-info-dir directory

This property is not used.

usage-info description

This property is not used.

max-instances number

The number of instances that you can create on this host.

cpu-cores string

This property is not used.

info description

Optionally, specify descriptive information about the new host.

Usage Guidelines

Before you can use this command, you must first create a host template using the ssc template create command. Optionally, you can add or modify the current values the specified for the new host.

Examples

amnesiac (config) # ssc host add template-name htemp1 host-name test-demo username root

Related Commands

show ssc host host-name, ssc template create template-name

ssc host host-migrate

Migrate vTM instances between hosts within the same subnet.

Syntax

ssc host host-migrate from name-or-ip-addr-from to ip-addr-to [force yes-or-no]

Parameters

name-or-ip-addr-from

Specify the name of the instance host where the Traffic Manager is migrating from.

ip-addr-to

Optionally, specify the IP address or the name of the instance host where the Traffic Manager is migrating to.

force yes-or-no

Forces migration of Traffic Managers regardless of the network topology.

Examples

amnesiac (config) # ssc host host-migrate from 10.0.0.1 to 10.0.05 force yes

Related Commands

ssc host host-name dns

Configures instance host DNS settings.

Syntax

ssc host host-name name dns dns-nameservers dns-name-servers | [dns-search dnsfixes]

Parameters

name

Specify a unique name for the host.

dns-nameservers dns-name-servers

Specify the DNS name server.

dns-search dns-suffixes

Optionally, specify a comma separated list of searched domain suffixes.

Examples

amnesiac (config) # ssc host host-name test dns dns-nameservers dnstest

Related Commands

ssc host host-name interface dhcp

Configures host instance DHCP on the specified interface.

Syntax

ssc host host host-name name interface interface-name dhcp | [dns-nameservers dns-name-servers] | [dns-search dns-suffixes] | [auto]

Parameters

name

Specify the host name.

interface interface-name

Specify the interface name

dhcp

Specify to enable DHCP on this interface.

dns-nameservers dns-name-servers

Optionally, specify the DNS name server.

dns-search dns-suffixes

Optionally, specify a comma separated list of searched domain suffixes.

auto

Optionally, specify this interface to automatically start up.

Examples

amnesiac (config) # ssc host host host-name host1 interface lxcbr0 dhcp

Related Commands

ssc host host-name interface ip

Configures the static IP address for the specified interface.

Syntax

ssc host host host-name name interface interface-name ip ip-addr netmask netmask | [gateway ip-addr] | [dns-nameservers dns-name-servers] | [dns-search dns-suffixes] | [auto]

Parameters

name

Specify a unique name for the host.

interface interface-name

Specify the interface name

ip ip-addr

Specify the IP address on this interface.

netmask netmask-addr

Specify the netmask address.

gateway ip-addr

Specify the IP address for the gateway.

dns-nameservers dns-name-servers

Specify the DNS name server.

dns-search dns-suffixes

Optionally, specify a comma separated list of searched domain suffixes.

auto

Optionally, specify this interface to automatically start up.

Examples

amnesiac (config) # ssc host host host-name host1 interface lxcbr0 ip 10.0.0.1 netmask 255.255.255.0 gateway 10.0.0.2

Related Commands

ssc host host-name user

Configures the log in username and password for the Services Director host.

Syntax

ssc host host-name name user user password password

Parameters

name

Specify the host name.

user

Specify the login username for the host.

password

Specify the login password for the host.

Examples

amnesiac (config) # ssc host host-name host1 user admin password test123

Related Commands

ssc host list

Lists the Services Director hosts.

Syntax

ssc host list

Examples

amnesiac (config) # ssc host list
+---------------+
| Host |
+---------------+
| tmainline68-h |
+---------------+

Related Commands

show ssc host host-name, ssc host list

ssc host ssh-clear-key

Clears known SSH host entries for a given host.

Syntax

ssc host ssh-clear-key host-name name

Parameters

name

Specify the host name.

Examples

amnesiac (config) # ssc host ssh-clear-key host-name host1

Related Commands

ssc host update host-name

Updates values for a Services Director host.

Syntax

Parameters

host

Specify the host name.

username user

Optionally, specify the user for SSH access; this user must be root.

status [Active | Inactive]

Specify the status:

Active

Activates a resource.

Inactive

Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

usage-info description

This property is not used.

max-instances number

The number of instances that you can create on this host.

cpu-cores string

This property is not used.

info description

Optionally, specify descriptive information about the new host.

Usage Guidelines

Update a host resources to add or change common parameters.

Examples

*** Parameter change ***
amnesiac (config) # ssc host update host-name host1 status Inactive

Related Commands

show ssc host host-name, ssc host list, ssc host add host-name

ssc host update template-name

Updates a Services Director host based on the specified template.

Syntax

Parameters

name

Specify the template name.

host-name name

Specify the host name.

username name

Optionally, specify the user for SSH access; this user must be root.

status Active | Inactive

Specify the status:

Active

Activates a resource.

Inactive

Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

info description

Optionally, specify descriptive information about the new host.

Usage Guidelines

Update an instance host with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc host update template-name hosttemp1 status Active

Related Commands

show ssc host host-name, ssc template create template-name

ssc import-cert

Imports an SSL certificate.

Syntax

ssc import-cert cert-data | [import-key key-data] | [password password]

Parameters

cert-data

Specify the certificate data in PEM format.

import-key key-data

Specify the key data in PEM format.

password password

Specify the private key password.

Usage Guidelines

You must import the SSL certificate and private key before you create instances.

Examples

amnesiac (config) # ssc import-cert "cert-data" import-key "<key-data>"

Related Commands

show ssc certificate

ssc import-cert-key

Imports an SSL certificate and private key.

Syntax

ssc import-cert-key cert-data password password

Parameters

cert-date

Specify the location of the SSL certificate and private key, for example, http, ftp, or scp URL (scp://username:password@host/path/filename).

password password

Optionally, specify the private key password.

Usage Guidelines

You must import the SSL certificate and private key before you create instances.

Examples

amnesiac (config) # ssc import-cert-key scp://username:[email protected]/ssc_archive/cert_key.pem
Certificate and Private Key imported successfully

Related Commands

show ssc certificate

ssc import-lic

Imports the Services Director license.

Syntax

ssc import-lic filename | file remote-file-path

Parameters

filename

Specify the Services Director license filename.

file remote-file-path

Optionally, specify the remote location of the license, for example <http, ftp, or scp URL (e.g. scp://username:password@host/path)>

Usage Guidelines

You must import the Services Director license before you create instances.

Examples

amnesiac (config) # ssc import-lic file scp://username:[email protected]/ssc_archive/taranis-license
License imported successfully

Related Commands

show ssc license enterprise

ssc instance add instance-name

Adds an externally-deployed vTM instance to the estate of the Services Director.

Syntax

ssc instance add instance-name name bandwidth bandwidth owner instance-owner-name

stm-fpname feature-pack-name mgmt-address host-or-ip-addr [config-options string]

[admin-username username] [admin-password password] [rest-address uri-and-port]

[snmp-address ip-address] [ui-address ip-addr] [access-profile access-profile]

[analytics-profile analytics-profile]

Parameters

instance-name name

The name of the externally-deployed Traffic Manager instance.

bandwidth bandwidth

The maximum allowed bandwidth for the Traffic Manager instance (in Mbps).

owner owner

Specify who owns the instance.

stm-fpname feature-pack-name

The name of the feature_pack resource associated with the Traffic Manager instance. This represents the set of features that are available for the instance.

mgmt-address host-or-ip-addr

Specify the host name or IP address to reach the instance.

config-options string

A single configuration option is supported:

•snmp!community: The SNMP v2 community setting for this externally-deployed Traffic Manager instance. This must be set to the same value as the equivalent snmp!community property on the instance resource (default: "public").

Unlike Services Director-deployed instances, externally-deployed instances do not restart when config_options are changed.

admin-username name

The user name for the admin account for the externally-deployed instance.

admin-password password

The password for the admin account for the externally-deployed instance.

rest-address host-or-ip-addr

The address (host or IP address plus port number) of the Traffic Manager instance configuration REST API. If left blank, it defaults to :9070. The rest-address must match the instance host name. If you use a hostname instead of an IP address, you must use a fully qualified domain name. You can modify this property only for a externally-deployed Traffic Manager instance (or in a database-only request).

snmp-address host-or-ip-addr

The address (host or IP address plus port number) of the Traffic Manager instance SNMP responder. This setting enables you to set the SNMP address used for metering. If you use a hostname instead of an IP address, you must use a fully qualified domain name. You can modify this property only for a externally-deployed Traffic Manager instance (or in a database-only request).

ui-address host-or-ip-addr

The address (host or IP address plus port number) of the Traffic Manager instance Administration UI. If you do not enter a value, the UI address defaults to :9090. If you use a hostname instead of an IP address, you must use a fully qualified domain name. You can modify this property only for a externally-deployed Traffic Manager instance (or in a database-only request).

access-profile

The access profile identifies the authenticator and permission groups required for the user authentication on this Traffic Manager instance.

Access profile is a cluster-level configuration property, and is typically set for the vTM cluster (see ssc cluster create cluster-name). The current cluster-level setting is displayed in this dialogue. If you provide a new value for this property, the analytics profile will be applied to the Traffic Manager, and all other traffic manager instances in its cluster.

analytics-profile

The analytics profile identifies the vTM analytics settings for this Traffic Manager instance.

Analytics profile is a cluster-level configuration property, and is typically set for the vTM cluster (see ssc cluster create cluster-name). If you provide a new value for this property, the analytics profile will be applied to the Traffic Manager, and all other traffic manager instances in its cluster.

Usage Guidelines

Before you create a externally-deployed Traffic Manager instance, ensure that you have created a feature pack for the Traffic Manager.

You cannot create a externally-deployed Traffic Manager instance using containers.

Use the no instance instance-name <name> to delete an instance.

Examples

amnesiac (config) # ssc instance add instance-name stm-i1 bandwidth 1200 owner janet stm-fpname default-fp mgmt-address test-demo

Related Commands

show ssc instance instance-name, ssc instance create instance-name, ssc instance list

ssc instance create instance-name

Creates a vTM instance.

Syntax

ssc instance create instance-name name license-name name bandwidth bandwidth cpu-usage cpu owner instance-owner-name stm-fpname feature-pack-name stm-version stm-version-name host-name host mgmt-address host-or-ip-addr [config-options string] [cluster-id name] [container-name name] [container-cfg config-data] [deploy none] [managed yes-or-none] [status [Active | Inactive]]

Parameters

instance-name name

Specify a unique name for the Traffic Manager instance.

license-name name

The name of the license resource you want to use for this instance. When you modify this property, the Services Director updates the license on the Traffic Manager instance.

bandwidth bandwidth

Specify the bandwidth allowed for this instance (in Mbps).

cpu-usage cpu

A string that describes which CPUs are used for this Traffic Manager instance. If used, you must either:

•Specify a value in a form that is used by the taskset command. For example, "0,3,57".

•Set this property to an empty string. This indicates that the host is not limited in its use of CPU cores (unless it is deployed within an LXC container). This is the default setting for the property if you do not specify a string.

Any change to the cpu_usage settings will cause a restart of the instance.

owner name

Specify a string that describes an owner of the instance.

stm-fpname feature-pack-name

Specify the Traffic Manager feature-pack name associated with the instance.

stm-version stm-version-name

The name of the Traffic Managerversion resource for the instance. If you modify this property, the Services Director upgrades the Traffic Manager instance to the new version. You can change this property only if the instance status is Idle.

host-name host

Specify the name of the Traffic Manager instance host on which the instance is running.

mgmt-address host-or-ip-addr

Specify the host name or IP address to reach the instance.

config-options string

A string containing configuration options for optional features. If specified, this is a space-delimited combination of one or more the following:

•default: This option has no effect and is used to avoid an empty string. If this is option is used, no other options can be specified in the config_options.

•admin_ui=yes/no: Start or bypass the Administration UI for the Traffic Manager instance (default: yes). You must set this to yes if you use the cluster_id property.

•maxfds=number: The maximum number of file descriptors (default: 4096). This setting must be consistent between all instances in a cluster. (See Notes, below).

•webcache!size=number: The size of RAM for the web cache (default: 0). This value can be specified in %, MB, GB by appending the corresponding unit symbol to the end of the value when not specifying a value in bytes. For example, 100%, 256MB, 1GB, and so on. This setting must be consistent between all instances in a cluster. (See Notes, below).

•java!enabled=yes/no: Start or bypass the Java server (default: no). This setting must be consistent between all instances in a cluster. (See Notes, below).

•statd!rsync_enabled=yes/no: Synchronize historical activity data within a cluster. If this data is unwanted, disable this setting to save CPU and bandwidth (default: yes). This setting must be consistent between all instances in a cluster. (See Notes, below).

•snmp!community: The SNMP v2 community setting for this instance resource. For metering of externally-deployed instances, this must be set to the same value as the equivalent snmp!community property on the instance itself (default: "public").

•num_children=number: The number of child processes (default: 1).

•start_flipper=yes/no: Start or bypass the flipper process (default: yes). You must set this to yes if you use the cluster_id property.

•afm_deciders=number: The number of application firewall decider processes. If 0 is specified, the application firewall is not installed (default: 0). Note: You cannot update this option after the instance has been deployed.

•flipper!frontend_check_addrs=host: Check instance front-end connectivity with a specific host. When the Services Director deploys an instance, it checks connectivity to the default gateway of the instance host by sending ICMP requests to it. If the default gateway is protected by a firewall or blocks ICMP requests, instance deployment can fail. To disable deployment connectivity checks, use flipper!frontend_check_addrs="". This setting must be consistent between all instances in a cluster. (See Notes, below).

•flipper!monitor_interval=number: The interval, in milliseconds, between flipper monitoring actions. (default: 500 ms). For higher density Traffic Manager instance deployments, use a larger value such as 2000ms. This setting must be consistent between all instances in a cluster. (See Notes, below).

Any change to the config_options settings will cause a restart of the instance.

Some configuration options, if specified here, must be consistent between all Traffic Manager instances in a cluster:

•maxfds

•webcache!size

•java!enabled

•statd!rsync_enabled

•flipper!monitor_interval

•flipper!frontend_check_addrs

If you set or update the value in one instance resource, the Services Director replicates this update automatically to the other instance resources. The instance will restart whenever these are changed, but other instances in the cluster must be restarted manually.

Whenever the config_options property is set, all currently modified options must be specified again in the REST call. Any options that are not specified will lose their current value and be reset to their default value.

cluster-id ID-or-name

Optionally, specify the name of a cluster resource to which the instance belongs.

If you do not specify a cluster name, a new cluster name is generated automatically and assigned to the instance.

container-name name

Specify the name of the LXC container in which the instance is running. If this is an empty string or none, the Traffic Manager is not run inside a container.

container-cfg config-data

Optionally, specify configuration data for the instance container. The string populates the container configuration file with the gateway IP, the management IP, the WAN IP, the LAN IP, the data plane gateway IP, and the flavor (also called size).

Use the following format:

"{'gateway': '10.5.27.1', 'mgmtip':'10.10.10.1/24', 'wanip':'10.10.10.2/24', 'lanip':'10.10.10.3/24', 'dataplanegw':'10.5.5.2', 'flavor':'small'}"

Possible flavor values are: small= 256, 1 CPU, medium= 512 2 CPU, or large= 1024 4 CPU.

deploy none

The default value is true. Specify none to apply changes to the database but not cause deployment changes. This setting supports testing and database reconciliation. No actions are carried out and no intermediate status is set. If a new instance resource is set to none then the status is set to Idle upon creation.

managed none

Specify yes.

active [Active | Inactive]

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

Usage Guidelines

Before you create a Traffic Manager instance, make sure you have:

•Imported the SSL certificate and key, the Services Director license, the enterprise bandwidth license key, and the Traffic Manager FLA license.

•Created a resource entry for the Traffic Manager FLA license.

•Imported the Traffic Manager image and created a resource entry for it.

•Imported the host OVA and created the host resource.

•Created a feature pack for the Traffic Manager.

•Provisioned the host OVA. When you execute the ssc host provision command, it un-tars the OVA, repackages the SSH public key created above and it is provisioned on ESXi. After the host is created in ESXi, the public key is assigned to the user defined in the ssc host provision command. After this command is executed you can SSH to the host without a password.

You can create instances without using containers, but you must ensure a degree of network isolation.

Before you create a container using the CLI, make sure that you have a host entry that includes the IP address and host name for the container you are going to create and that you can ping it.

Use the no instance instance-name <name> to delete an instance.

Examples

*** no container ***
amnesiac (config) # ssc instance create instance-name stm-i1 license name fla-ssl-ssc bandwidth 1200 cpu-usage 0 owner tim stm-fpname default-fp stm-version stm97 host-name test-demo mgmt-address test-demo

Stops a vTM instance.

Syntax

ssc instance stop instance-name instance

Parameters

instance

The instance name.

Examples

amnesiac (config) # ssc instance start instance-name DMaxhill-05
amnesiac (config) # ssc instance start instance-name Instance-345879389713

Related Commands

show ssc instance instance-name, ssc instance start instance-name, ssc instance list

ssc instance relicense instance-name

Relicenses a vTM instance that uses Universal FLA licensing. The instance must have its rest_enabled set to True .

Syntax

ssc instance relicense instance-name instance

Parameters

instance

The instance name.

Examples

amnesiac (config) # ssc instance relicense instance-name DMaxhill-05

Related Commands

show ssc instance instance-name, ssc instance create instance-name, ssc instance list

ssc instance update instance-name

Updates values in a vTM instance.

Syntax

ssc instance update instance-name instance [new-inst-name instance] [license-name name]

[bandwidth bandwidth] [cpu-usage cpu] [stm-fpname feature-pack-name] [stm-version stm-version-name] [config-options options] [container-cfg config-data] [managed yes-or-none] [deploy none]

[admin-username username] [admin-password password] [rest-address uri-and-port]

[snmp-address ip-address] [status [Active | Inactive]] [ui-address ip-addr] [access-profile access-profile] [analytics-profile analytics-profile]

Parameters

instance

Specify the name of the Traffic Manager instance.

new-inst-name instance

Specify the new name for the instance.

license-name name

Specify name of the FLA license resource for the instance

bandwidth bandwidth

Specify the bandwidth allowed for this instance.

cpu-usage cpu

Specify a string that describes which CPUs that can be used for the instance. The format can be used by the taskset command and typically is a single CPU number, such as 0. This command might be unnecessary depending on the container configuration.

stm-fpname feature-pack-name

Specify the Traffic Manager feature-pack name associated with the instance.

stm-version stm-version-name

Specify the name of the Traffic Manager version-resource for the instance. This is the Traffic Manager version name that is assigned when you imported the Traffic Manager into the Services Director.

host-name host

Specify the name of the Traffic Manager instance host on which the instance is running.

mgmt-address host-or-ip-addr

Specify the host name or IP address to reach the instance.

config-options string

Specify a string that defines the values for the instance container. The string populates the container configuration file with the gateway IP, the management IP, the WAN IP, the LAN IP, the data plane gateway IP, and the flavor or size: small= 256, 1 CPU, medium= 512 2 CPU, or large= 1024 4 CPU. Use the following format:

"{'gateway': '10.5.27.1', 'mgmtip':'10.10.10.1/24', 'wanip':'10.10.10.2/24', 'lanip':'10.10.10.3/24', 'dataplanegw':'10.5.5.2', 'flavor':'small'}"

container-cfg config-data

Optionally, specify configuration data for the instance container.

managed yes-or-none

Specify yes for Services Director-deployed instances or none for externally-deployed instances.

deploy none

admin-username username

Specify only for externally-deployed instances. Specify the user name of the Traffic Manager instance-administrator user.

admin-password password

Specify only for externally-deployed instances. Specify the password of the Traffic Manager instance-administrator user.

rest-address uri-and-port

Specify only for externally-deployed instances. Specify the IP address, including the port, for the instance REST API.

snmp-address ip-address

Specify only for externally-deployed instances. Specify the IP address, including the port, for the Traffic Manager instance SNMP server.

active [Active | Inactive]

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

ui-address ip-addr

Specify only for externally-deployed instances. Specify the IP address, including the port, for the Traffic Manager instance Admin UI.

access-profile

The access profile identifies the authenticator and permission groups required for the user authentication on this Traffic Manager instance.

analytics-profile

The analytics profile identifies the vTM analytics settings for this Traffic Manager instance.

Examples

amnesiac (config) # ssc instance update instance-name inst1 admin-user root admin-password 1234

Related Commands

show ssc instance instance-name, ssc instance list

ssc instance update template-name

Updates a vTM instance based on the specified template.

Syntax

ssc instance update template-name name instance-name instance [new-inst-name instance]

[license-name name] [bandwidth bandwidth] [cpu-usage cpu] [stm-fpname feature-pack-name]

[stm-version stm-version-name] [config-options options] [container-cfg configdata]

[managed yes-or-none] [deploy none] [admin-username username] [admin-password password]

[rest-address uri-and-port] [snmp-address ip-address] [status [Active | Inactive]] [ui-address ip-addr] [access-profile access-profile] [analytics-profile analytics-profile]

Parameters

template-name name

Specify the template name.

instance-name instance

Specify the current instance name.

new-inst-name instance

Specify the new name for the instance.

license-name name

Specify name of the FLA license resource for the instance

bandwidth bandwidth

Specify the bandwidth allowed for this instance.

cpu-usage cpu

stm-fpname feature-pack-name

Specify the Traffic Manager feature-pack name associated with the instance.

stm-version stm-version-name

Specify the name of the Traffic Manager version-resource for the instance. This is the Traffic Manager version name that is assigned when you imported the Traffic Manager into the Services Director.

host-name host

Specify the name of the Traffic Manager instance host on which the instance is running.

mgmt-address host-or-ip-addr

Specify the host name or IP address to reach the instance.

config-options string

"{'gateway': '10.5.27.1', 'mgmtip':'10.10.10.1/24', 'wanip':'10.10.10.2/24', 'lanip':'10.10.10.3/24', 'dataplanegw':'10.5.5.2', 'flavor':'small'}"

container-cfg config-data

Optionally, specify configuration data for the instance container.

managed yes-or-none

Specify yes for Services Director-deployed instances or none for externally-deployed instances.

deploy none

admin-username username

Specify only for externally-deployed instances. Specify the user name of the Traffic Manager instance-administrator user.

admin-password password

Specify only for externally-deployed instances. Specify the password of the Traffic Manager instance-administrator user.

rest-address uri-and-port

Specify only for externally-deployed instances. Specify the IP address, including the port, for the instance REST API.

snmp-address ip-address

Specify only for externally-deployed instances. Specify the IP address, including the port, for the Traffic Manager instance SNMP server.

active [Active | Inactive]

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

ui-address ip-addr

Specify only for externally-deployed instances. Specify the IP address, including the port, for the Traffic Manager instance Admin UI.

access-profile

The access profile identifies the authenticator and permission groups required for the user authentication on this Traffic Manager instance.

analytics-profile

The analytics profile identifies the vTM analytics settings for this Traffic Manager instance.

Usage Guidelines

Updates a Traffic Manager instance with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc instance update template-name tempinst1 instance-name inst1 admin-user root admin-password 1234

Related Commands

show ssc instance instance-name, ssc template create template-name

ssc kpti

Changes the reboot setting for the Kernel Page-Table Isolation (KPTI) feature.

Syntax

ssc kpti [ enable | disable ]

Examples

*** check current state ***

amnesiac (config) # show ssc kpti

KPTI is currently enabled and will remain enabled after reboot.

*** request a change of state ***

amnesiac (config) # ssc kpti disable

Disabled KPTI for next boot. Use "reload" to reboot.

Related Commands

show ssc kpti, reload

ssc license enterprise add-on

Activates the enterprise add-on license.

Syntax

[no] ssc license enterprise add-on add license-key

Parameters

add license-key

Specify the add-on license key.

Usage Guidelines

For detailed information about add-on licenses, see Pulse Services Director Advanced User Guide. Use the no ssc license enterprise add-on <license key> command option to deactivate the enterprise add-on license.

Examples

amnesiac (config) # ssc license enterprise add-on XXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Related Commands

show ssc license enterprise

ssc license enterprise add-on list

Displays a list of add-on licenses installed.

Syntax

ssc license enterprise add-on list license

Parameters

license

(Optional) Specify an Enterprise add-on license.

Examples

amnesiac (config) # ssc license enterprise add-on list
+-----------------------------------------+
| Enterprise Add-On Licenses |
+-----------------------------------------+
| 417928-23bbc2fb77767ac82db4df862658cabb |
+-----------------------------------------+

amnesia (config) # show ssc license enterprise add-on 417928-23bbc2fb77767ac82db4df862658cabb

+---------------------------+-----------------------------------------------------

| Field | Value

+---------------------------+-----------------------------------------------------

| valid_until | 2016-10-07

| timestamp | 2016-09-27T21:37:13.1475037433

| controller_license | ERSSC381243-0000-42B9

| bandwidth | 5000.0

| serial | 417928

| license_key | LK1-ERSSCAPADD_FIPS:5:417928:20160924237433-0000-...

| controller_license_serial | 381243

| valid_from | Perpetual

| add_on_sku | ADD-FIPS

| valid | True

+---------------------------+-----------------------------------------------------

Related Commands

show ssc license enterprise, ssc instance list

ssc license enterprise bandwidth activate

Activates an enterprise bandwidth license.

Syntax

ssc license enterprise bandwidth activate license-key

Parameters

license-key

Specify the enterprise bandwidth license key.

Usage Guidelines

You can have one or more bandwidth licenses depending on the needs of your enterprise. The bandwidth licenses are activated when you import the license key.

Use the no ssc license enterprise bandwidth <license key> command to delete an enterprise bandwidth license.

Examples

amnesiac (config) # ssc license enterprise bandwidth activate 116415-0e60bc0fe6b16d659b90d732

+---------------------------+-----------------------------------------------------

| Field | Value

+---------------------------+-----------------------------------------------------

| status | Active

| valid_until | 2016-10-07

| timestamp | 2016-09-27T21:37:13.1475037433

| controller_license | ERSSC381243-0000-42B9

| bandwidth | 5000.0

| valid_from | Perpetual

| serial | 115415

| license_key | LK1-ERSSCTPSTM_B_400:5:116415:20160927T213713147...

| controller_license_serial | 381243

| stm_sku | STM-400

| valid | True

+---------------------------+-----------------------------------------------------

Related Commands

show ssc license enterprise, ssc instance list

ssc license enterprise bandwidth add

Adds an enterprise bandwidth license.

Syntax

ssc license enterprise bandwidth add license-key

Parameters

license-key

Specify the enterprise bandwidth license key.

Usage Guidelines

You can have one or more bandwidth licenses depending on the needs of your enterprise. The bandwidth licenses are activated when you import the license key.

Use the no ssc license enterprise bandwidth <license key> command to delete an enterprise bandwidth license.

Examples

amnesiac (config) # ssc license enterprise bandwidth add LK1-ERSSCTPSTM_B_400:5:115415:20160927T27433-0000-43B9-5-5263-460B-1E66

+---------------------------+-----------------------------------------------------

| Field | Value

+---------------------------+-----------------------------------------------------

| status | Active

| valid_until | 2016-10-07

| timestamp | 2016-09-27T21:37:13.1475037433

| controller_license | ERSSC381243-0000-43B9

| bandwidth | 5000.0

| valid_from | Perpetual

| serial | 115415

| license_key | LK1-ERSSCTPSTM_B_400:5:115415:20160927T2265764750...

| controller_license_serial | 381243

Use no license enterprise resource-pack <key> to delete an enterprise resource pack license.

Examples

amnesiac (config) # ssc license enterprise resource-pack add LK1-

BR_ADC_RES_EMBAS5I_S_01:5:261755:2017081341503363094-0000-4401-5-6DC1-34C2-7045

+---------------------------+------------------------------------------------------

| Field | Value

+---------------------------+------------------------------------------------------

| valid_until | 2017-08-31

| timestamp | 2017-08-21T17:51:34.1503363094

| controller_license |

| valid_from | Perpetual

| license_key | LK1-BR_ADC_RES_EMBAS5I_S_01:5:261755:2017081341503...

| serial | 261755

| controller_license_serial |

| stm_sku | ENT-ENTM

| resource_amount | 5

| valid | False

+---------------------------+------------------------------------------------------

Related Commands

show ssc license enterprise, ssc license enterprise resource-pack list

ssc license enterprise resource-pack list

Lists resource pack license keys.

Syntax

ssc license enterprise resource-pack list

Usage Guidelines

Use no license enterprise resource-pack <key> to delete an enterprise resource pack license.

Examples

*** list resource pack licenses ***

amnesiac (config) # ssc license enterprise resource-pack list

+---------------------------------------------------------------------------------+

| Enterprise Resource-Pack Licenses |

+---------------------------------------------------------------------------------+

| LK1-BR_ADC_RES_EMBAS5I_S_01:5:261755:2017341363094-0000-4401-5-6DC1-34C2-7045 |

+---------------------------------------------------------------------------------+

*** delete a resource pack license ***

amnesiac (config) # no ssc license enterprise resource-pack

LK1-BR_ADC_RES_EMBAS5I_S_01:5:261755:2017341363094-0000-4401-5-6DC1-34C2-7045

Successfully deleted resource-pack key

(LK1-BR_ADC_RES_EMBAS5I_S_01:5:261755:2017341363094-0000-4401-5-6DC1-34C2-7045)

Related Commands

show ssc license enterprise, ssc license enterprise resource-pack add

ssc license list

Displays a list of FLA licenses that are present. Where no FLA license is present, this is indicated.

Syntax

ssc license list

Examples

Related Commands

show ssc license enterprise

ssc log metering clear

Deletes backup Services Director metering logs.

Syntax

ssc log metering clear

Examples

amnesiac (config) # ssc log metering clear

Related Commands

ssc log metering phone-home enable, ssc log metering generate

ssc log metering generate

Extracts metering logs.

Syntax

ssc log metering generate [backup [yes | no]]

Parameters

backup yes/no

Optional. Specify to indicate whether previously-generated logs are to be included. New logs are always included.

Examples

amnesiac (config) # ssc log metering generate backup no

In this example, the backup switch indicates that no previously-generated logs are required; only new log data (since the most recent log generation) is included. A maximum of ten metering logs can be generated by this process.

Related Commands

ssc log metering phone-home enable, ssc log metering clear

ssc log metering phone-home enable

Enables/disables the phone home service for Services Director metering logs.

Syntax

[no] ssc log metering phone-home enable

Usage Guidelines

The no command option disables the phone home feature.

Examples

amnesiac (config) # ssc log metering phone-home enable

Related Commands

ssc log metering clear, ssc log metering generate

ssc log-export create

Creates a new log-export resource. This resource is used for vTM analytics.

Syntax

ssc log-export create tag value files file-list [history {None | All}] [appliance-only Boolean]

Parameters

tag value

The customer-facing name for the log-export resource. If this is not set, the tag is set to the UUID value for the resource.

files file-list

A comma-separated list of log files. The files identified by this list will be sent by the vTM to its assigned collection endpoint.

You can include wildcards if required. You can also include the %ZEUSHOME% variable if required, which represents the Services Director's home directory.

For example: %ZEUSHOME%/zxtm/log/stingrayafm/log-master/*,%ZEUSHOME%/zxtm/log/stingrayafm/log/*

history

(Optional) Identifies how much historic activity should be exported for this log. Use one of the following settings:

•None. This indicates that only current activity logs will be exported. All historic activity logs will not be included. This is the default setting.

•All. This indicates that all current and historic activity logs will be exported.

appliance_only

(Optional) a Boolean setting that indicates log-export usage:

•true: the log-export is only supported on virtual appliance installations of the Virtual Traffic Manager, and not on software installations.

•false: the log-export is supported on all installations. This is the default setting.

Examples

Related Commands

show ssc log-export, ssc log-export delete, ssc log-export list, ssc log-export update

ssc log-export delete

Deletes a log-export resource. This resource is used for vTM analytics.

Syntax

ssc log-export delete id log-export-id

Parameters

id log-export-id

The identifier for the log-export resource, either its tag or its UUID.

Usage Guidelines

You can only delete a log-export resource that has an ID of the form Log-Export-xxxx-xxxx-xxxx-xxxx. This indicates that the log-export resource was created by a user.

You cannot delete a log-export resource that has an ID that uses English words, and which matches its tag. For example: Audit Logs. This indicates that the log-export resource was created automatically when the Services Director was installed.

Examples

amnesiac (config) # ssc log-export delete id "Audit Log"

+-------+-------------------------------------------------------------------------

| Field | Value

+-------+-------------------------------------------------------------------------

| error | Access to resource is forbidden (Deleting a built-in log export entry...

+-------+-------------------------------------------------------------------------

*** delete a specific log-export resource ***
amnesiac (config) # ssc log-export delete id "Request Logs"
+--------------------------------------------------------+
| Deleted |
+--------------------------------------------------------+
| Log Export type Log-Export-1YRJ-LIPR-ZWY7-3J1Q deleted |
+--------------------------------------------------------+

Related Commands

show ssc log-export, ssc log-export create, ssc log-export list, ssc log-export update

ssc log-export list

Lists all log-export resources. These resources are used for vTM analytics.

Syntax

ssc log-export list

Examples

Related Commands

show ssc log-export, ssc log-export create, ssc log-export delete, ssc log-export update

ssc log-export update

Updates a log-export resource. This resource is used for vTM analytics.

Syntax

ssc log-export update id log-export-id [tag value [files file-list] [history {None | All}] [appliance-only Boolean]

Parameters

id log-export-id

The identifier for the log-export resource, either its tag or its UUID.

tag value

The customer-facing name for the log-export resource. If this is not set, the tag is set to the UUID value for the resource.

files files-list

A comma-separated list of log files. The files identified by this list will be sent by the vTM to its assigned collection endpoint.

You can include wildcards if required. You can also include the %ZEUSHOME% variable if required, which represents the Services Director's home directory.

For example: %ZEUSHOME%/zxtm/log/stingrayafm/log-master/*,%ZEUSHOME%/zxtm/log/stingrayafm/log/*

history

Identifies how much historic activity should be exported for this log. Use one of the following settings:

•None. This indicates that only current activity logs will be exported. All historic activity logs will not be included. This is the default setting.

•All. This indicates that all current and historic activity logs will be exported.

appliance_only

A Boolean setting that indicates log-export usage:

•true: the log-export is only supported on virtual appliance installations of the Virtual Traffic Manager, and not on software installations.

•false: the log-export is supported on all installations. This is the default setting.

Usage Guidelines

You can only update a log-export resource that has an ID of the form Log-Export-xxxx-xxxx-xxxx-xxxx. This indicates that the log-export resource was created by a user.

You cannot update a log-export resource that has an ID that uses English words, and which matches its tag. For example: Audit Logs. This indicates that the log-export resource was created automatically when the Services Director was installed.

Examples

Related Commands

show ssc log-export, ssc log-export create, ssc log-export delete, ssc log-export list

ssc manager list

Lists Services Director managers.

Syntax

ssc manager list

Examples

amnesiac (config) # ssc manager list
+----------+
| Manager |
+----------+
| amnesiac |
+----------+

Related Commands

show ssc manager manager-name, ssc manager update manager-name

ssc manager update manager-name

Updates Services Director manager settings.

Syntax

ssc manager update manager-name name mgmt-mode [enabled | disabled] metering-mode [all | none] licensing-mode [enabled |disabled |enabled-with-alerts]

Parameters

name

Specify a unique name for the manager.

mgmt-mode

Specify the management mode for the manager: enabled, disabled.

metering-mode

Specify the metering mode for the manager: all, none.

licensing-mode

Specify the licensing mode for the manager: enabled, disabled, enabled-with-alerts.

Usage Guidelines

Use the no ssc manager manager-name <name> command to delete a manager that is flagged as failed.

Use the no ssc manager manager-name <name> force-delete command to delete a manager that is not flagged as failed.

Examples

amnesiac (config) # ssc manager update manager-name amnesiac mgmt-mode enabled metering-mode all licensing-mode enabled

Related Commands

show ssc manager manager-name, ssc manager list

ssc manager update template-name

Updates the Services Director manager based on the specified template.

Syntax

Parameters

name

Specify the template name.

manager-name name

Specify the manager name.

mgmt-mode

Specify the management mode for the manager: enabled, disabled.

metering-mode

Specify the metering mode for the manager: all, none.

licensing-mode

Specify the licensing mode for the manager: enabled, disabled, enabled-with-alerts.

Usage Guidelines

Updates a manager with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc manager update template-name mantemp1 manager-name amnesiac mgmt-mode disabled

Related Commands

ssc manager update manager-name, ssc template create template-name

ssc metering warning list

Displays a list of all Traffic Manager instances that have a metering warning raised against them.

Syntax

ssc metering warning list

Usage Guidelines

To display information for failed Traffic Manager instances, see show ssc owner.

Examples

Related Commands

show ssc dashboard, show ssc metering warning instance-name, show ssc settings metering, ssc settings metering update

ssc owner create

Creates an owner on the Services Director. This is used to indicate ownership of registered vTMs and vTM clusters, and is required during automated self-registration of vTMs.

Syntax

ssc owner create [e-mail email-address] [secret password] [timezone timezone] [[tag name]

Parameters

e-mail email-address

Optionally, specify a valid e-mail address that will be used to contact an administrator if required.

secret password

Optionally, specify a password for this owner. This is required for automatic self-registration.

timezone timezone

Optionally, specify a timezone for this owner. For example: "Europe/London", "America/Detroit", "GMT".

tag

Optionally, specify a unique name for this owner.

Usage Guidelines

No parameters are mandatory. If none are provided, an owner is created with only the UUID set.

Examples

*** list owners to confirm which are available ***
amnesiac (config) # ssc owner list
+---------------------------+------+
| Owner ID | Tag |
+---------------------------+------+
| Owner-HSC1-T4QV-BXPB-Z4CZ | HC |
| Owner-NS3F-FHQ4-RO11-5Y0A | JK |
| Owner-JJM6-0UII-JUAH-R979 | JRRT |
+---------------------------+------+

*** list owners again ***
amnesiac (config) # ssc owner list
+---------------------------+------+
| Owner ID | Tag |
+---------------------------+------+
| Owner-HSC1-T4QV-BXPB-Z4CZ | HC |
| Owner-NS3F-FHQ4-RO11-5Y0A | JK |
| Owner-58I2-2N4F-IXG0-8084 | TK |
| Owner-JJM6-0UII-JUAH-R979 | JRRT |
+---------------------------+------+

Related Commands

show ssc owner, ssc owner delete, ssc owner list, ssc owner update

ssc owner delete

Deletes an owner on the Services Director.

Syntax

ssc owner delete owner-id owner

Parameters

owner-id owner

Specify the owner you want to delete, using either its tag or UUID.

Examples

*** list owners ***
amnesiac (config) # ssc owner list
+---------------------------+------+
| Owner ID | Tag |
+---------------------------+------+
| Owner-HSC1-T4QV-BXPB-Z4CZ | HC |
| Owner-NS3F-FHQ4-RO11-5Y0A | JK |
| Owner-58I2-2N4F-IXG0-8084 | TK |
| Owner-JJM6-0UII-JUAH-R979 | JRRT |
+---------------------------+------+

*** delete owner ***
amnesiac (config) # ssc owner delete owner-id JK
+-----------------------------------------+
| Deleted |
+-----------------------------------------+
| Owner Owner-NS3F-FHQ4-RO11-5Y0A deleted |
+-----------------------------------------+

*** list owners to confirm deletion ***
amnesiac (config) # ssc owner list
+---------------------------+------+
| Owner ID | Tag |
+---------------------------+------+
| Owner-HSC1-T4QV-BXPB-Z4CZ | HC |
| Owner-58I2-2N4F-IXG0-8084 | TK |
| Owner-JJM6-0UII-JUAH-R979 | JRRT |
+---------------------------+------+

Related Commands

show ssc owner, ssc owner create, ssc owner list, ssc owner update

ssc owner list

Displays a list of all owners on the Services Director.

Syntax

ssc owner list

Examples

amnesiac (config) # ssc owner list
+---------------------------+------+
| Owner ID | Tag |
+---------------------------+------+
| Owner-HSC1-T4QV-BXPB-Z4CZ | HC |
| Owner-NS3F-FHQ4-RO11-5Y0A | JK |
| Owner-58I2-2N4F-IXG0-8084 | TK |
| Owner-JJM6-0UII-JUAH-R979 | JRRT |
+---------------------------+------+

Related Commands

show ssc owner, ssc owner create, ssc owner delete, ssc owner update

ssc owner update

Updates an owner on the Services Director.

Syntax

ssc owner update owner-id owner [e-mail email-address] [secret password] [timezone timezone] [[tag name]

Parameters

owner-id owner

Identify the owner that you want to update, using either its tag or UUID.

e-mail email-address

Optionally, specify a valid e-mail address that will be used to contact an administrator if required.

secret password

Optionally, specify a password for this owner. This is required for automatic self-registration.

timezone

Optionally, specify a timezone for this owner. For example: "Europe/London", "America/Detroit", "GMT".

tag

registration-id

Specify the ID for the self-registration request.

state

Specify a new state for the self-registration request. Supported transitions are:

•Pending --> Accepted

•Pending --> Declined

•Pending --> Blacklisted

•Declined --> Pending

•Blacklisted --> Pending

declined-reason

Optionally, specify a reason (as a string) for the transition from Pending to Declined. This is not used for any other state transition.

instance-name

The name for the instance.

owner

The owner of the instance.

feature_pack

The feature pack for the instance.

bandwidth

The bandwidth for the instance.

access_profile

(Optional) The access_profile for the instance.

analytics_profile

(Optional) The analytics profile for the instance.

Usage Guidelines

The following commands represent the four supported state transitions:

•Pending to Declined:

ssc registration update registration-id <reg-id> state decline reason <reason>

•Pending to Blacklisted:

ssc registration update registration-id <reg-id> state blacklist

•Declined/Blacklisted back to Pending:

ssc registration update registration-id <reg-id> state pending

•Pending to Accepted:

ssc registration update registration-id <reg-id> state accept instance-name <name> owner <owner> feature-pack <feature_pack> bandwidth <bandwidth> access_profile <access_profile> analytics_profile <analytics_profile>

When the Pending to Accepted transition is performed, the authenticator and permission groups in the access profile are applied to the vTM. Existing authenticators and permission groups may be overwritten, but none will be deleted. All members of a cluster are affected.

Examples

Related Commands

show ssc registration, ssc registration delete, ssc registration list

ssc reg-policy create

Creates a registration policy on the Services Director. This is used during the automatic self-registration of externally-deployed vTMs and cloud-based vTMs.

Syntax

ssc reg-policy create feature-pack feature-pack bandwidth bandwidth mgmt-ip-subnet subnet [tag name] [inst-version-low version] [inst-version-high version] [access-profile access-profile] [analytics-profile analytics-profile]

Parameters

feature-pack

Specify the name of a feature pack.

This is the feature pack that will be assigned to a vTM that is successfully evaluated using this policy.

This is not an acceptance condition, but the evaluation of the bandwidth property refers to this property.

bandwidth

This is the required bandwidth (in Mbps) for a vTM that is evaluated using this policy.

If there is insufficient bandwidth in the specified Feature Pack for a vTM, the auto-acceptance of the vTM is rejected by the self-registration policy.

mgmt-ip-subnet

Specify the IP address and netmask of a subnetwork in CIDR format. For example, 10.122.12.13/18.

This identifies the subnet to which a vTM must belong to be accepted by this policy.

If a vTM that is evaluated by this policy is from outside the specified subnetwork, the auto-acceptance of the vTM is rejected by the self-registration policy.

tag

(Optional) A unique name for the self-registration policy.

inst-version-low

(Optional) The minimum version for the vTM software. This takes the form X.Y. Examples: 10.0, 10.3.

R1 releases are included automatically for any base version. For example, 10.0 includes 10.0r1.

If a vTM that is evaluated by this policy does not meet this condition, the auto-acceptance of the vTM is rejected by the self-registration policy.

inst-version-high

(Optional) The maximum version for the vTM software. This takes the form X.Y. Examples: 10.4, 11.0.

R1 releases are included automatically for any base version. For example, 10.3 includes 10.3r1.

If a vTM that is evaluated by this policy does not meet this condition, the auto-acceptance of the vTM is rejected by the self-registration policy.

access-profile

(Optional) The Access Profile for the policy. This profile identifies the authenticator and permission groups required for the user authentication on this vTM.

If selected, these will be applied to the vTM once it is accepted. All cluster members are affected by this change.

analytics-profile

(Optional) The Analytics Profile for the policy. This profile identifies the resources required for analytics on this vTM.

If selected, these will be applied to the vTM once it is accepted. All cluster members are affected by this change.

Examples

| analytics_profile | None |

Related Commands

show ssc reg-policy, ssc reg-policy delete, ssc reg-policy list, ssc reg-policy update

ssc reg-policy delete

Deletes a registration policy from the Services Director.

Syntax

ssc reg-policy delete policy-id registration-policy

Parameters

registration-policy

Specify the name of the registration policy that you want to delete.

Examples

*** list self-reg policies ***
amnesiac (config) # ssc reg-policy list
+----------------------------+----------------+
| Policy ID | Tag |
+----------------------------+----------------+
| Policy-MHM8-AB62-SI2J-DNUX | jk-self-reg-01 |
| Policy-I7A7-3DN2-6IEB-QF96 | jk-self-reg-02 |
| Policy-8QU3-ZERY-8IW6-3W6J | self-reg-01 |
+----------------------------+----------------+

*** delete self-reg policy 'jk-self-reg-02' ***
amnesiac (config) # ssc reg-policy delete policy-id jk-self-reg-02
+--------------------------------------------------------+
| Deleted |
+--------------------------------------------------------+
| Registration policy Policy-I7A7-3DN2-6IEB-QF96 deleted |
+--------------------------------------------------------+

*** list self-reg policies to confirm deletion ***
amnesiac (config) # ssc reg-policy list
+----------------------------+----------------+
| Policy ID | Tag |
+----------------------------+----------------+
| Policy-MHM8-AB62-SI2J-DNUX | jk-self-reg-01 |
| Policy-8QU3-ZERY-8IW6-3W6J | self-reg-01 |
+----------------------------+----------------+

Related Commands

show ssc reg-policy, ssc reg-policy create, ssc reg-policy list, ssc reg-policy update

ssc reg-policy list

Displays a list of all a registration policies on the Services Director.

Syntax

ssc reg-policy list

Examples

Related Commands

show ssc reg-policy, ssc reg-policy create, ssc reg-policy delete, ssc reg-policy update

ssc reg-policy update

Updates a registration policy on the Services Director.

Syntax

ssc reg-policy update policy-id id [tag name] [feature-pack feature-pack] [bandwidth bandwidth]

[mgmt-ip-subnet subnet] [inst-version-low version] [inst-version-high version] [access-profile access-profile] [analytics-profile analytics-profile]

Parameters

policy-id id

Specify the name of the registration policy that you want to update.

tag

(Optional) A unique name for the self-registration policy.

feature-pack

(Optional) The name of a feature pack.

This is the feature pack that will be assigned to a vTM that is successfully evaluated using this policy.

This is not an acceptance condition, but the evaluation of the bandwidth property refers to this property.

bandwidth

(Optional) The required bandwidth (in Mbps) for a vTM that is evaluated using this policy.

If there is insufficient bandwidth in the specified Feature Pack for a vTM, the auto-acceptance of the vTM is rejected by the self-registration policy.

mgmt-ip-subnet

(Optional) The IP address and netmask of a subnetwork in CIDR format. For example, 10.122.12.13/18.

This identifies the subnet to which a vTM must belong to be accepted by this policy.

If a vTM that is evaluated by this policy is from outside the specified subnetwork, the auto-acceptance of the vTM is rejected by the self-registration policy.

inst-version-low

(Optional) The minimum version for the vTM software. This takes the form X.Y. Examples: 10.0, 10.3.

R1 releases are included automatically for any base version. For example, 10.0 includes 10.0r1.

If a vTM that is evaluated by this policy does not meet this condition, the auto-acceptance of the vTM is rejected by the self-registration policy.

inst-version-high

(Optional) The maximum version for the vTM software. This takes the form X.Y. Examples: 10.4, 11.0.

R1 releases are included automatically for any base version. For example, 10.3 includes 10.3r1.

If a vTM that is evaluated by this policy does not meet this condition, the auto-acceptance of the vTM is rejected by the self-registration policy.

access-profile

(Optional) An access profile. This profile identifies the authenticator and permission groups required for the user authentication on this vTM.

If selected, these will be applied to the vTM once it is accepted. All cluster members are affected by this change.

analytics-profile

(Optional) An analytics profile. This profile identifies the resources required to implement analytics on this vTM.

If selected, these will be applied to the vTM once it is accepted. All cluster members are affected by this change.

Examples

Related Commands

show ssc reg-policy, ssc reg-policy create, ssc reg-policy delete, ssc reg-policy list

ssc sd-admin-ca create

Creates a Services Director CA certificate that is for use with a secure LDAP server authenticator.

Syntax

ssc sd-admin-ca create admin-ca-name tag certificate-authority certificate-text

Parameters

tag

A unique name for the CA certificate.

certificate-text

The text of the CA certificate.

Examples

*** list certificates ***

amnesiac (config) # ssc sd-admin-ca list

+------+------------------------------+

| Name | Unique ID |

+------+------------------------------+

| CA-1 | Admin-CA-5XJ0-HP0Y-YQAX-69O2 |

+------+------------------------------+

*** add a new certificate ***

amnesiac (config) # ssc sd-admin-ca create admin-ca-name CA-2 certificate-authority "-----BEGIN CERTIFICATE----- ...<certificate body>... -----END CERTIFICATE----- >"

+------------------------------------------+

| Created |

+------------------------------------------+

| admin certificate authority CA-2 created |

+------------------------------------------+

*** confirm creation ***

amnesiac (config) # ssc sd-admin-ca list

+------+------------------------------+

| Name | Unique ID |

+------+------------------------------+

| CA-1 | Admin-CA-5XJ0-HP0Y-YQAX-69O2 |

| CA-2 | Admin-CA-6J21-KKH3-VSAJ-3209 |

+------+------------------------------+

Related Commands

ssc sd-admin-ca list, ssc sd-admin-ca update, show ssc sd-admin-ca, show ssc sd-admin-ca, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name

ssc sd-admin-ca list

Lists all Services Director CA certificates that are for use with a secure LDAP server authenticator.

Syntax

ssc sd-admin-ca list

Examples

amnesiac (config) # ssc sd-admin-ca list

+------+------------------------------+

| Name | Unique ID |

+------+------------------------------+

| CA-1 | Admin-CA-5XJ0-HP0Y-YQAX-69O2 |

| CA-2 | Admin-CA-6J21-KKH3-VSAJ-3209 |

+------+------------------------------+

Related Commands

ssc sd-admin-ca create, ssc sd-admin-ca update, show ssc sd-admin-ca, show ssc sd-admin-ca, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name

ssc sd-admin-ca update

Updates a Services Director CA certificate that is for use with a secure LDAP server authenticator.

Syntax

ssc sd-admin-ca create admin-ca-name tag certificate-authority certificate-text new-admin-ca-name new-tag

Parameters

tag

A unique name for the CA certificate.

certificate

The text of the CA certificate.

new-tag

A new unique name for the CA certificate.

Examples

*** list certificates ***

amnesiac (config) # ssc sd-admin-ca list

+------+------------------------------+

| Name | Unique ID |

+------+------------------------------+

| CA-1 | Admin-CA-5XJ0-HP0Y-YQAX-69O2 |

| CA-2 | Admin-CA-6J21-KKH3-VSAJ-3209 |

+------+------------------------------+

*** rename the CA-2 certificate ***

amnesiac (config) # ssc sd-admin-ca update admin-ca-name CA-2 new-admin-ca-name LDP2

+------------------------------------------+

| Updated |

+------------------------------------------+

| admin certificate authority CA-2 updated |

+------------------------------------------+

*** confirm update ***

amnesiac (config) # ssc sd-admin-ca list

+------+------------------------------+

| Name | Unique ID |

+------+------------------------------+

| CA-1 | Admin-CA-5XJ0-HP0Y-YQAX-69O2 |

| LDP2 | Admin-CA-6J21-KKH3-VSAJ-3209 |

+------+------------------------------+

Related Commands

ssc sd-admin-ca create, ssc sd-admin-ca list, show ssc sd-admin-ca, show ssc sd-admin-ca, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name

ssc sd-authenticator add ldap auth-name

Adds an LDAP-based Services Director authenticator. This can be either secure or non-secure.

Syntax

ssc sd-authenticator add ldap auth-name authenticator-name auth-status [enabled | disabled] server server server dn-method method filter filter base-dn base-DN fallback-group fallback-group port port timeout timeout-period group-attribute group-attribute group-field group-field bind-dn bind-DN group-filter group-filter ssl ssl [search-dn search-DN search-password password]

Parameters

authenticator-name

Specify a name for the LDAP Services Director authenticator.

auth-status

Specify whether the authenticator is either enabled or disabled.

server

Specify the IP address or hostname of the LDAP server.

method

Specify how the bind DN for a user will be derived. Either:

•construct: the bind DN for a user can be constructed from a known string, (see <bind-DN>) or

•search: the bind DN for a user can be searched for in the directory. This is necessary if you have users under different directory paths.

filter

Specify a filter that uniquely identifies a user located under the Base DN.

The string "%u" will be substituted with the username. For example:

•Active Directory: "sAMAccountName=%u"

•Unix LDAP: "uid=%u"

base-DN

Specify the base DN (Distinguished Name) for directory searches.

fallback-group

Specify a permission group. For example, "admin". If <group-attribute> is not defined, or is not set for the user, this permission group will be used. If not specified, users with no attribute matching group-attribute will be denied access.

port

Specify the port used to connect to the LDAP server.

timeout-period

Specify the timeout period (in seconds) for a connection to the LDAP server.

group-attribute

Specify the LDAP attribute that gives a user's group. For example: "memberOf". If multiple values are returned by the LDAP server, the first valid one will be used.

group-field

Specify the sub-field of the group-attribute that gives a user's group. For example: if <group-attribute> is "memberOf" which delivers "CN=mygroup, OU=groups, OU=users, DC=mycompany, DC=local", set group-field to "CN". The first matching field will be used.

bind-DN

Specify a template to construct the bind DN from the username. This is only used when <method> is "construct". The string "%u" is replaced by the username. For example:

show ssc sd-admin-ca, ssc sd-authenticator list, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name, show ssc sd-admin-ca, ssc sd-admin-ca create, ssc sd-admin-ca list, ssc sd-admin-ca update

•"cn=%u,dn=mycompany,dn=local"

group-filter

Specify an alternative group search filter. This is only used when the user record returned by the LDAP filter does not contain the required group information.

This will typically be required if you have Unix/POSIX-style user records. If multiple records are returned the list of group names will be extracted from all of them.

The string "%u" will be replaced by the username. For example:

•"(&(memberUid=%u)(objectClass=posixGroup))"

ssl

(Optional) Select the required LDAP security type:

•none. Select this if your LDAP server does not support secure connections.

•starttls. Select this if your LDAP server supports STARTTLS secure connections. You must ensure that a matching CA certificate is present to use this option.

•ldaps. Select this if your LDAP server supports LDAPS secure connections. You must ensure that a matching CA certificate is present to use this option.

search-DN

Specify a DN to use when searching the directory for a user's bind DN. These are only used when the DN Method is Search. You can leave these blank if it is possible to perform the bind DN search using an anonymous bind.

search-password

Specify the password for the search-DN.

Usage Guidelines

Use the no ssc sd-authenticator auth-name command to delete an authenticator.

You cannot delete a Services Director authenticator that is associated with an access profile.

Examples

*** create an LDAP Services Director authenticator ***
amnesiac (config) # ssc sd-authenticator add ldap auth-name "LDAP Server" auth-status enabled server 10.62.169.170 dn-method "construct" filter "sAMAccountName=%u" base-dn "OU=users, DC=tekton, DC=local" fallback-group admin port 389 timeout 30 group-attribute "memberOf" group-field "CN" bind-dn "%[email protected]" group-filter ssl starttls "(&(memberUid=%u)(objectClass=posixGroup))"
+--------------------------------------+
| Created |
+--------------------------------------+
| SD Authenticator LDAP Server created |
+--------------------------------------+

*** delete an LDAP Services Director ***
amnesiac (config) # no ssc sd-authenticator auth-name "LDAP Server"
+-----------------------------------+
| Deleted |
+-----------------------------------+
| Authenticator LDAP Server deleted |
+-----------------------------------+

Related Commands

ssc sd-authenticator add radius auth-name

Adds a RADIUS-based Services Director authenticator.

Syntax

ssc sd-authenticator add radius auth-name authenticator-name auth-status [enable | disable] server server fallback-group fallback-group port port timeout timeout-period group-attribute group-attribute group-vendor group-vendor secret secret nas-identifier NAS-identifier nas-ip-address NAS-ip-address

Parameters

authenticator-name

Specify a name for the RADIUS Services Director authenticator.

auth-status

Specify whether the authenticator is either enabled or disabled.

server

Specify the IP address or hostname of the RADIUS server.

fallback-group

Specify a permission group. For example, "admin". If no group is found using the vendor and group identifiers, or the group found is not valid, the permission group specified here will be used.

port

Specify the port used to connect to the RADIUS server.

timeout-period

Specify the timeout period (in seconds) for a connection to the RADIUS server.

group-attribute

Specify the RADIUS identifier for the attribute that specifies an account's group. May be left blank if <fallback-group> is specified.

group-vendor

Specify the RADIUS identifier for the vendor of the RADIUS attribute that specifies an account's group. Leave blank if using a standard attribute such as Filter-Id.

secret

Specify the secret key shared with the RADIUS server.

NAS-identifier

Specify a string identifying the Network Access Server (NAS) which is requesting authentication of the user. This value is sent to the RADIUS server. If left blank the address of the interface used to connect to the server will be used.

NAS-ip-address

Specify the identifying IP Address of the NAS which is requesting authentication of the user. This value is sent to the RADIUS server.

Usage Guidelines

Use the no ssc sd-authenticator auth-name command to delete an authenticator.

You cannot delete a Services Director authenticator that is associated with an access profile.

Examples

*** create a RADIUS authenticator ***
amnesiac (config) # ssc sd-authenticator add radius auth-name "RADIUS Server" server 10.62.167.193 fallback-group admin port 1812 timeout 30 group-attribute 1 group-vendor 1476 secret * nas-identifier "Internal RADIUS" nas-ip-address 127.0.0.1
+-------------------------------------+
| Created |
+-------------------------------------+
| Authenticator RADIUS Server created |
+-------------------------------------+

*** delete an authenticator ***
amnesiac (config) # no ssc sd-authenticator auth-name "RADIUS Server"
+-------------------------------------+
| Deleted |
+-------------------------------------+
| Authenticator RADIUS Server deleted |
+-------------------------------------+

Related Commands

show ssc sd-admin-ca, ssc sd-authenticator list, ssc sd-authenticator test auth-name, ssc sd-authenticator update radius auth-name

ssc sd-authenticator add tacacs_plus auth-name

Adds a TACACS+-based Services Director authenticator.

Syntax

ssc sd-authenticator add tacacs-plus auth-name authenticator-name auth-status [enable | disable] server server auth-type [pap | ascii] fallback-group fallback-group port port timeout timeout-period group-field group-field group-service group-service secret secret

Parameters

authenticator-name

Specify a name for the TACACS+ Services Director authenticator.

auth-status

Specify whether the authenticator is either enabled or disabled.

server

Specify the IP address or hostname of the TACACS+ server.

auth-type

Specify the TACACS+ authentication type, either PAP or ACSII.

fallback-group

Specify a permission group. If <group-service> is not defined, or no group value is provided for the user by the TACACS+ server, the group specified here will be used. If this is not specified, users with no TACACS+ defined group will be denied access.

port

Specify the port used to connect to the TACACS+ server.

timeout-period

Specify the timeout period (in seconds) for a connection to the TACACS+ server.

group-field

Specify the TACACS+ "service" field that provides each user's group.

group-service

Specify the TACACS+ "service" that identifies a user's group field.

secret

Specify the secret key shared with the TACACS+ server.

Usage Guidelines

Use the no ssc sd-authenticator auth-name command to delete an authenticator.

You cannot delete a Services Director authenticator that is associated with an access profile.

Examples

*** create a TACACS+ authenticator ***
amnesiac (config) # ssc sd-authenticator add tacacs-plus auth-name "TACACS+ Server" auth-status enabled server 10.62.167.198 auth-type pap fallback-group admin port 49 timeout 30 group-field permission-group group-service "Hoobland" secret "tacacs_plus_secret"
+-----------------------------------------+
| Created |
+-----------------------------------------+
| SD Authenticator TACACS+ Server created |
+-----------------------------------------+

*** delete an authenticator ***
amnesiac (config) # no ssc sd-authenticator auth-name "TACACS+ Server"
+-----------------------------------------+
| Deleted |
+-----------------------------------------+
| SD Authenticator TACACS+ Server deleted |
+-----------------------------------------+

Related Commands

show ssc sd-admin-ca, ssc sd-authenticator list, ssc sd-authenticator test auth-name, ssc sd-authenticator update tacacs_plus auth-name

ssc sd-authenticator list

Lists all defined Services Director authenticators.

Syntax

ssc sd-authenticator list

Examples

Related Commands

show ssc sd-admin-ca, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator add radius auth-name, ssc sd-authenticator add tacacs_plus auth-name, ssc sd-authenticator test auth-name, ssc sd-authenticator update ldap auth-name, ssc sd-authenticator update radius auth-name, ssc sd-authenticator update tacacs_plus auth-name

ssc sd-authenticator test auth-name

Tests a Services Director authenticator using a remote user name and password.

For secure LDAP server, a matching CA certificate must be present on Services Director to enable the operation.

Syntax

ssc sd-authenticator test auth-name authenticator-name username user-name password password

Parameters

authenticator-name

Specify a name for the Services Director authenticator.

user-name

Specify the required user.

password

Specify the password for the required user.

Examples

Related Commands

show ssc sd-admin-ca, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator add radius auth-name, ssc sd-authenticator add tacacs_plus auth-name, ssc sd-authenticator list, ssc sd-authenticator update ldap auth-name, ssc sd-authenticator update radius auth-name, ssc sd-authenticator update tacacs_plus auth-name, show ssc sd-admin-ca, ssc sd-admin-ca create, ssc sd-admin-ca list, ssc sd-admin-ca update

ssc sd-authenticator update ldap auth-name

Updates an LDAP-based Services Director authenticator.

Syntax

Parameters

authenticator-name

Specify the name of the LDAP Services Director authenticator.

auth-status

Specify whether the authenticator is either enabled or disabled.

server

Specify the IP address or hostname of the LDAP server.

method

Specify how the bind DN for a user will be derived. Either:

•construct: the bind DN for a user can be constructed from a known string, (see <bind-DN>) or

•search: the bind DN for a user can be searched for in the directory. This is necessary if you have users under different directory paths.

filter

Specify a filter that uniquely identifies a user located under the Base DN.

The string "%u" will be substituted with the username. For example:

•Active Directory: "sAMAccountName=%u"

•Unix LDAP@: "uid=%u"

base-DN

Specify the base DN (Distinguished Name) for directory searches.

fallback-group

port

Specify the port used to connect to the LDAP server.

timeout-period

Specify the timeout period (in seconds) for a connection to the LDAP server.

group-attribute

Specify the LDAP attribute that gives a user's group. For example: "memberOf". If multiple values are returned by the LDAP server, the first valid one will be used.

group-field

bind-DN

Specify a template to construct the bind DN from the username. This is only used when <method> is "construct". The string "%u" is replaced by the username. For example:

show ssc sd-admin-ca, ssc sd-authenticator add ldap auth-name, ssc sd-authenticator list, ssc sd-authenticator test auth-name, show ssc sd-admin-ca, ssc sd-admin-ca create, ssc sd-admin-ca list, ssc sd-admin-ca update

•"cn=%u,dn=mycompany,dn=local"

group-filter

Specify an alternative group search filter. This is only used when the user record returned by the LDAP filter does not contain the required group information.

This will typically be required if you have Unix/POSIX-style user records. If multiple records are returned the list of group names will be extracted from all of them.

The string "%u" will be replaced by the username. For example:

•"(&(memberUid=%u)(objectClass=posixGroup))"

ssl

(Optional) Select the required LDAP security type:

•none. Select this if your LDAP server does not support secure connections.

•starttls. Select this if your LDAP server supports STARTTLS secure connections. You must ensure that a matching CA certificate is present to use this option.

•ldaps. Select this if your LDAP server supports LDAPS secure connections. You must ensure that a matching CA certificate is present to use this option.

search-DN

search-password

Specify the password for the search-DN.

Examples

amnesiac (config) # ssc sd-authenticator update ldap auth-name "LDAP Server" server 10.62.169.170 dn-method construct filter "sAMAccountName=%u" base-dn "OU=users, DC=tekton, DC=local" fallback-group admin port 389 timeout 20 group-attribute "memberOf" group-field "CN" bind-dn "%[email protected]" group-filter "(&(memberUid=%u)(objectClass=posixGroup))"
+---------------------------------------+
| Modified |
+---------------------------------------+
| SD Authenticator LDAP Server modified |
+---------------------------------------+

Related Commands

ssc sd-authenticator update radius auth-name

Updates a RADIUS-based Services Director authenticator.

Syntax

Parameters

authenticator-name

Specify the name of the RADIUS Services Director authenticator.

auth-status

Specify whether the authenticator is either enabled or disabled.

server

Specify the IP address or hostname of the RADIUS server.

fallback-group

Specify a permission group. For example, "admin". If no group is found using the vendor and group identifiers, or the group found is not valid, the permission group specified here will be used.

port

Specify the port used to connect to the RADIUS server.

timeout-period

Specify the timeout period (in seconds) for a connection to the RADIUS server.

group-attribute

Specify the RADIUS identifier for the attribute that specifies an account's group. May be left blank if <fallback-group> is specified.

group-vendor

Specify the RADIUS identifier for the vendor of the RADIUS attribute that specifies an account's group. Leave blank if using a standard attribute such as Filter-Id.

secret

Specify the secret key shared with the RADIUS server.

NAS-identifier

NAS-ip-address

Specify the identifying IP Address of the NAS which is requesting authentication of the user. This value is sent to the RADIUS server.

Examples

amnesiac (config) # ssc sd-authenticator update radius auth-name "RADIUS Server" server 10.62.167.193 fallback-group admin port 1812 timeout 30 group-attribute 1 group-vendor 1476 secret "radius_secret" nas-identifier "Internal RADIUS" nas-ip-address 127.0.0.1
+-----------------------------------------+
| Modified |
+-----------------------------------------+
| SD Authenticator RADIUS Server modified |
+-----------------------------------------+

Related Commands

show ssc sd-admin-ca, ssc sd-authenticator add radius auth-name, ssc sd-authenticator list, ssc sd-authenticator test auth-name

ssc sd-authenticator update tacacs_plus auth-name

Updates a TACACS+-based Services Director authenticator.

Syntax

Parameters

authenticator-name

Specify the name of the TACACS+ Services Director authenticator.

auth-status

Specify whether the authenticator is either enabled or disabled.

server

Specify the IP address or hostname of the TACACS+ server.

auth-type

Specify the TACACS+ authentication type, either PAP or ACSII.

fallback-group

port

Specify the port used to connect to the TACACS+ server.

timeout-period

Specify the timeout period (in seconds) for a connection to the TACACS+ server.

group-field

Specify the TACACS+ "service" field that provides each user's group.

group-service

Specify the TACACS+ "service" that identifies a user's group field.

secret

Specify the secret key shared with the TACACS+ server.

Examples

amnesiac (config) # ssc sd-authenticator update tacacs-plus auth-name "TACACS+ Server" server 10.62.167.198 auth-type pap fallback-group admin port 49 timeout 30 group-field permission-group group-service "Hoobland" secret "tacacs_plus_secret"
+------------------------------------------+
| Modified |
+------------------------------------------+
| SD Authenticator TACACS+ Server modified |
+------------------------------------------+

Related Commands

show ssc sd-admin-ca, ssc sd-authenticator add tacacs_plus auth-name, ssc sd-authenticator list, ssc sd-authenticator test auth-name

ssc sd-permission-group create pg-name

Creates a Services Director permission group for user authentication.

Syntax

ssc sd-permission-group create pg-name pg-name [description description]

Parameters

pg-name

Specify a name for the Services Director permission group.

description

Optionally, specify a description of the permission group.

Usage Guidelines

Typically, there is a single Services Director permission group, with full access. The name of this permission group must match the group returned by the authenticator.

Use the no ssc sd-permission-group pg-name command to delete a permission group.

Examples

amnesiac (config) # ssc sd-permission-group create pg-name admin2 description "administration group"
+--------------------------------+
| Created |
+--------------------------------+
| permission group admin created |
+--------------------------------+

*** delete the admin permission group ***
amnesiac (config) # no ssc sd-permission-group pg-name admin
+--------------------------------+
| Deleted |
+--------------------------------+
| permission group admin deleted |
+--------------------------------+

Related Commands

show ssc sd-permission-group, ssc sd-permission-group list, ssc sd-permission-group update pg-name

ssc sd-permission-group list

Lists all defined Services Director permission groups.

Syntax

ssc sd-permission-group list

Examples

Typically, there is a single Services Director permission group, with full access. The name of this permission group matches the group returned by the authenticator.

Related Commands

show ssc sd-permission-group, ssc sd-permission-group create pg-name, ssc sd-permission-group update pg-name

ssc sd-permission-group update pg-name

Updates a Services Director permission group.

Syntax

ssc sd-permission-group update permission-group-name pg-name [new-pg-name new-pg-name] [description description]

Parameters

permission-group-name pg-name

Specify a name for the Services Director permission group.

new-pg-name

Optionally, specify a new name for the Services Director permission group.

description

Optionally, specify a description of the permission group.

Usage Guidelines

Typically, there is a single Services Director permission group, with full access. The name of this permission group matches the group returned by the authenticator.

Only the description and name can be changed.

Examples

*** list the Services Director permission groups (there is only one) ***
amnesiac (config) # ssc sd-permission-group list
+-------+--------------------------------------+
| Name | Unique ID |
+-------+--------------------------------------+
| admin | Permission-Group-IPI9-J91T-B5J7-D63F |
+-------+--------------------------------------+

*** show details of the only permission group ***
amnesiac (config) # show ssc sd-permission-group pg-name admin
+---------------------+-----------------------------------------------------+
| Field | Value |
+---------------------+-----------------------------------------------------+
| description | Single permission group for SD user authentication. |
| permission_group_id | Permission-Group-IPI9-J91T-B5J7-D63F |
| tag | admin |
| children | None |
+---------------------+-----------------------------------------------------+

*** update the permission group ***
amnesiac (config) # ssc sd-permission-group update pg-name admin new-pg-name charcoal
+--------------------------------+
| Updated |
+--------------------------------+
| permission group admin updated |
+--------------------------------+

*** display changes ***
amnesiac (config) # show ssc sd-permission-group pg-name charcoal
+---------------------+-----------------------------------------------------+
| Field | Value |
+---------------------+-----------------------------------------------------+
| description | Single permission group for SD user authentication. |
| permission_group_id | Permission-Group-IPI9-J91T-B5J7-D63F |
| tag | charcoal |
| children | None |
+---------------------+-----------------------------------------------------+

Related Commands

show ssc sd-permission-group, ssc sd-permission-group create pg-name, ssc sd-permission-group list

ssc search-endpoint create

Creates a new Search Endpoint resource. This resource is used for vTM analytics.

Syntax

ssc search-endpoint create search-endpoint-address address transactions-index index logs-index index use-tls Boolean tls-verify Boolean [name value] auth-username username auth-password password endpoint-cert certificate

Parameters

search-endpoint-address

The address of the search endpoint in your analytics system, in the form <server>:<port>.

For example: demo.com:2020

transactions-index

This is the index used for transactions on the Splunk platform.

For example, zxtm_transactions.

logs-index

This is the index used for logs on the Splunk platform.

For example, zxtm_logs.

use-tls

Indicates whether queries require secure transmission. If true, you must also specify endpoint-cert.

tls-verify

Indicates whether queries require verification.

name

(Optional) The customer-facing name for the search endpoint resource. If this is not set, the tag is set to the UUID value for the resource.

auth-username

The authorization username for the search endpoint.

auth-password

The authorization password for the search endpoint.

endpoint-cert

The certificate for the search endpoint. This is required if use-tls is true.

Usage Guidelines

This command is only used for Search Endpoint resources. Collection Endpoint resources are handled separately, by an equivalent "collection-endpoint" command.

Examples

*** list all search endpoints (empty) ***

amnesiac (config) # ssc search-endpoint list

+-----------------+

| Message |

+-----------------+

| No record found |

+-----------------+

*** add a search endpoint resource ***

amnesiac (config) # ssc search-endpoint create search-endpoint-address demo.com:2020 transactions-index zxtm_transactions logs-index zxtm_logs use-tls true tls-verify true name JK-EP-Search-01 auth-username admin auth-password password endpoint-cert "LS0tLS1CRUdJTiBDRVJUSAUG5T...SVElGSUNBVEUtLS0tLQo="

+-----------------------------+----------------------------------------------------

| Field | Value

+-----------------------------+----------------------------------------------------

| verify_tls | True

| tag | JK-EP-Search-01

| search_endpoint_id | Search-Endpoint-P5Y0-8JS4-X0BS-2P9M

| auth_password | password

| auth_username | admin

| search_endpoint_address | demo.com:2020

| use_tls | True

| search_endpoint_certificate | LS0tLS1CRUdJTiBDRVJUSAUG5T...SVElGSUNBVEUtLS0tLQo=

| transactions_index | zxtm_transactions

| logs_index | zxtm_logs

+-----------------------------+----------------------------------------------------

*** list all search endpoints to confirm the addition ***

amnesiac (config) # ssc search-endpoint list

+-------------------------------------+-----------------+

| ID | Tag |

+-------------------------------------+-----------------+

| Search-Endpoint-OFFO-I80A-RVLP-4C49 | JK-EP-Search-01 |

+-------------------------------------+-----------------+

Related Commands

show ssc search-endpoint, ssc search-endpoint delete, ssc search-endpoint list, ssc search-endpoint update

ssc search-endpoint delete

Delete a Search Endpoint resource. This resource is used for vTM analytics.

Syntax

ssc search-endpoint delete name endpoint-id

Parameters

name endpoint-id

The identifier for the search endpoint resource, either its tag or its UUID.

Usage Guidelines

This command is only used for Search Endpoint resources. Collection Endpoint resources are handled separately, by an equivalent "collection-endpoint" command.

Examples

*** display a list of all (typically one) search endpoint ***

amnesiac (config) # ssc search-endpoint list

+-------------------------------------+-----------------+

| ID | Tag |

+-------------------------------------+-----------------+

| Search-Endpoint-P5Y0-8JS4-X0BS-2P9M | JK-EP-Search-01 |

+-------------------------------------+-----------------+

*** Delete a search endpoint ***
amnesiac (config) # ssc search-endpoint delete name JK-EP-Search-01

+-------------------------------------------------------------+

| Deleted |

+-------------------------------------------------------------+

| Search Endpoint Search-Endpoint-P5Y0-8JS4-X0BS-2P9M deleted |

+-------------------------------------------------------------+

Related Commands

show ssc search-endpoint, ssc search-endpoint create, ssc search-endpoint list, ssc search-endpoint update

ssc search-endpoint list

Lists all Search Endpoint resources. These resources are used for vTM analytics.

Syntax

ssc search-endpoint list

Usage Guidelines

Typically, there is a single search endpoint.

This command is only used for Search Endpoint resources. Collection Endpoint resources are handled separately, by an equivalent "collection-endpoint" command.

Examples

amnesiac (config) # ssc search-endpoint list

+-------------------------------------+-----------------+

| ID | Tag |

+-------------------------------------+-----------------+

| Search-Endpoint-P5Y0-8JS4-X0BS-2P9M | JK-EP-Search-01 |

+-------------------------------------+-----------------+

Related Commands

show ssc search-endpoint, ssc search-endpoint create, ssc search-endpoint delete, ssc search-endpoint update

ssc search-endpoint update

Updates a Search Endpoint resource. This resource is used for vTM analytics.

Syntax

ssc search-endpoint update name endpoint-id [search-endpoint-address address]

[use-tls Boolean] [tls-verify Boolean] [endpoint-cert certificate] [auth-username username] [auth-password password] [new-name value]

Parameters

name endpoint-id

Specify a unique identifier for the search-endpoint resource, either its tag or UUID.

search-endpoint-address

The address of the search endpoint on the Splunk platform, in the form <server>:<port>.

For example: demo.com:2020

transactions-index

This is the index used for transactions on the Splunk platform.

For example, zxtm_transactions.

logs-index

This is the index used for logs on the Splunk platform.

For example, zxtm_logs.

use-tls

Indicates whether queries require secure transmission. If true, you must also specify endpoint-cert.

tls-verify

Indicates whether queries require verification.

endpoint-cert

The certificate for the search endpoint. This is required if use-tls is true.

auth-username

The authorization username for the search endpoint.

auth-password

The authorization password for the search endpoint.

new-name

(Optional) A replacement name for the search endpoint resource.

Usage Guidelines

This command is only used for Search Endpoint resources. Collection Endpoint resources are handled separately, by an equivalent "collection-endpoint" command.

Examples

*** list all search endpoints ***

amnesiac (config) # ssc search-endpoint list

+-------------------------------------+-----------------+

| ID | Tag |

+-------------------------------------+-----------------+

| Search-Endpoint-P5Y0-8JS4-X0BS-2P9M | JK-EP-Search-01 |

+-------------------------------------+-----------------+

*** display details for a specific search endpoint ***

amnesiac (config) # show ssc search-endpoint name JK-EP-Search-01

+-----------------------------+----------------------------------------------------

| Field | Value

+-----------------------------+----------------------------------------------------

| verify_tls | True

| tag | JK-EP-Search-01

| search_endpoint_id | Search-Endpoint-P5Y0-8JS4-X0BS-2P9M

| auth_password | password

| auth_username | admin

| search_endpoint_address | demo.com:2020

| use_tls | True

| search_endpoint_certificate | LS0tLS1CRUdJTiBDRVJUSAUG5T...SVElGSUNBVEUtLS0tLQo=

| transactions_index | zxtm_transactions

| logs_index | zxtm_logs

+-----------------------------+----------------------------------------------------

*** update a search endpoint to disable verification ***

amnesiac (config) # ssc search-endpoint update name JK-EP-Search-01 tls-verify false

+-----------------------------+----------------------------------------------------

| Field | Value

+-----------------------------+----------------------------------------------------

| verify_tls | False

| tag | JK-EP-Search-01

| search_endpoint_id | Search-Endpoint-P5Y0-8JS4-X0BS-2P9M

| auth_password | password

| auth_username | admin

| search_endpoint_address | demo.com:2020

| use_tls | True

| search_endpoint_certificate | LS0tLS1CRUdJTiBDRVJUSAUG5T...SVElGSUNBVEUtLS0tLQo=

| transactions_index | zxtm_transactions

| logs_index | zxtm_logs

+-----------------------------+----------------------------------------------------

Related Commands

show ssc search-endpoint, ssc search-endpoint create, ssc search-endpoint delete, ssc search-endpoint list

ssc server rest-port-num

Configures the Services Director REST API port number.

Syntax

[no] ssc server rest-port-num port-number

Parameters

Parameters

transaction-source-type source-type

Specify the text of the transaction type on your Analytics System.

Examples

*** view current setting ***

amnesiac (config) # show ssc settings analytics

+-------------------------+-------------------+

| Field | Value |

+-------------------------+-------------------+

| transaction_source_type | zxtm_transactions |

+-------------------------+-------------------+

*** change the default setting to match a tailored analytics system ***

amnesiac (config) # ssc settings analytics update transaction-source-type xxx_transactions

+-------------------------+------------------+

Sets the maximum number of deployable instances.

Syntax

ssc settings deployment update max-instances integer

Parameters

integer

Specify maximum number of deployable instances, 0 equals no limit.

Usage Guidelines

Typically, zero is the correct value for most deployments. Instances that have been deleted do not count towards the limit. Instances that have been deployed but are not active (that is, have not been started) do count towards the limit. If you create a new instance in excess of this number, the instance is rejected with an error message. If this property is set to a lower number than the number of currently deployed instances then there is no immediate effect but subsequent deployment requests are rejected.

Examples

amnesiac (config) # ssc settings deployment update max-instances 0

Related Commands

ssc settings list

ssc settings deployment update template-name

Updates a Services Director deployment based on the specified template.

Syntax

ssc settings deployment update template-name name | max-instances integer

Parameters

name

Specify the template name.

integer

Specify the maximum number of Traffic Manager instances that can be deployed. The default value zero (0) equals no limit. The value must be a positive integer.

Usage Guidelines

Updates a deployment settings with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

ssc settings licensing update template-name

Updates Services Director licensing settings based on the specified template.

Syntax

ssc settings licensing update template-name name alert-threshold integer alert-thld-itvl seconds

Parameters

name

Specify the template name.

alert-threshold integer

Specify the number of alerts that can be sent. The range is 1-3600, inclusive; the value must be a positive integer.

alert-thld-itvl seconds

Specify the period of time, in seconds, between alerts. The default value is 3600 seconds (1 hour). The range is 1-3600, inclusive; the value must be a positive integer.

ssc settings logging update | [license-log integer] | [metering-log integer] | [inventory-log integer]

Parameters

license-log integer

Specify the license value. The range is 0-10. The default value is 0, which equals no logging. A log level of 3+ causes responses to license server requests to be logged in full, including the feature values set by the feature pack and bandwidth associated with the instance making the request. The value must be a positive integer; there is no upper limit.

metering-log integer

Specify the metering logging value. The range is 0-10. The default value is 0 which equals no logging. A log level of 5+ gives a summary of the activities of the metering thread (that is, starting metering, stopping metering, and so forth), while a log level of 9+ provides a detailed logging of each instance being metered. The value must be a positive integer; there is no upper limit.

inventory-log integer

Specify the metering logging value. The range is 0-10. The default value is 0, which equals no logging. A log level of 1+ causes inventory changes to be logged (the equivalent of the audit records). A log level of 3+ causes logging of all deployment and action commands. A log level of 8+ causes logging of the output from all deployment and actions. The value must be a positive integer; there is no upper limit.

Examples

amnesiac (config) # ssc settings logging update license-log 5

Related Commands

ssc settings list

ssc settings logging update template-name

Updates Services Director logging settings based on the specified template.

Syntax

ssc settings logging update template-name name | [license-log integer] | [metering-log integer] | [inventory-log integer]

Parameters

name

Specify the template name.

license-log integer

metering-log integer

inventory-log integer

Usage Guidelines

Updates logging with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc settings logging update template-name tempset1 settemp1 license-log 7

Related Commands

ssc settings list, ssc template create template-name

ssc settings master-password reset

This command resets the master password for a Services Director if it in unknown or lost. This command should only be used as a final resort to re-establish a master password.

Syntax

ssc settings master-password reset password new-password [force [true | false]]

Parameters

new-password

Specify the new master password. This must be at least 8 characters long, and must have at least:

•One lower case character.

•One upper case character.

•One digit.

•One non-alphanumeric symbol.

force [true | false]

Specify true or false. If set to true, you can reset the password when there are Traffic Manager instances on the Services Director.

Usage Guidelines

This command is invisible from the command line, but is available.

If you wish to change the master password (that is, you know what the current master password is), use the "ssc settings master-password update" on page 227.

If you have just upgraded from Services Director v2.2r1 or earlier, a default master password has been assigned automatically to the Services Director. The default master password is master1M@. See the Pulse Services Director Advanced User Guide for details.

The master password is used to encrypt the passwords of all connected Traffic Manager instances. If you reset the master password, these Traffic Manager passwords are lost, and you must be re-enter the passwords manually. See ssc instance update template-name.

Where Traffic Manager instances are present on the Services Director, you must include the optional force true parameter in the command. This enables the reset to complete. An information message about updating passwords for registered instances is also displayed.

After resetting the master password on the Active Services Director, you must repeat the process for the Standby Services Director.

Examples

*** attempt to reset ***
amnesiac (config) # ssc settings master-password reset password Banj-axed27
Not resetting master password
Ensure that "force true" is passed, to confirm that you wish to reset the master password

*** attempt to reset, including the force true parameter ***
amnesiac (config) # ssc settings master-password reset password Banj-axed27 force true
Successfully reset master password
You must manually update all passwords for registered instances

After resetting the master password on the Active Services Director, you must repeat the process for the Standby Services Director.

Related Commands

show ssc settings master-password, ssc settings list, ssc settings master-password update

ssc settings master-password update

Updates the Services Director master password on a Services Director.

Syntax

ssc settings master-password update current-password current-password new-password new-password

Parameters

current-password current-password

Specify the current password.

new-password new-password

Specify the new password. This must be at least 8 characters long, and must have at least:

•One lower case character.

•One upper case character.

•One digit.

•One non-alphanumeric symbol.

Usage Guidelines

This command should be used on the Active node in an HA pair.

While the password change completes, the status displayed by the show ssc settings metering command is Changing. Once complete, it becomes Active.

After you have updated the password on the ActiveServices Director node, repeat the command on the Standby node.

If you wish to reset the master password (that is, you do not know what the current master password is), use the "ssc settings master-password reset" on page 226.

Examples

Related Commands

show ssc settings master-password, ssc settings list

ssc settings metering update

Updates Services Director metering settings.

Syntax

Parameters

meter-interval integer

Specify the period of time, in seconds, between metering actions. The default value is 3600 seconds (1 hour). It cannot be set to more than 3600. The range is 1-3600, inclusive; the value must be a positive integer.

log-check-itvl seconds

Specify the period of time, in seconds, between checks for log-space. The default value is 3600 seconds (1 hour). The range is 1-3600, inclusive; the value must be a positive integer.

snmp-enabled [true | false]

Specify true or false to enable SNMP. By default, this is enabled.

alerts-and-notifications [true | false]

Specify true or false to enable alerts and notifications. By default, this is enabled.

Examples

Related Commands

show ssc dashboard, show ssc metering warning instance-name, show ssc settings metering, ssc metering warning list

ssc settings metering update template-name

Updates Services Director metering settings based on the specified template.

Syntax

ssc settings metering update template-name name | [meter-interval integer] | [log-check-itvl seconds]

Parameters

name

Specify the template name.

meter-interval integer

log-check-itvl seconds

Specify the period of time, in seconds, between checks for log-space. The default value is 3600 seconds (1 hour). The range is 1-3600, inclusive; the value must be a positive integer.

Usage Guidelines

Updates metering with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc settings metering update template-name mettemp1 meter-interval 3600

Related Commands

ssc settings list

ssc settings monitoring update

Updates Services Director monitoring settings.

Syntax

Parameters

cont-fail-perid seconds

Specify the number of seconds after which a Services Director is considered failed. The default value is 180.

ins-fail-perid seconds

Specify the number of seconds after which an instance is considered failed. The default value is 180.

host-fail-perid seconds

Specify the number of seconds after which a host is considered failed. The default value is 180.

cont-mon-itvl seconds

Specify the number of seconds between monitoring Services Directors. The default value is 60.

ins-mon-itvl seconds

Specify the number of seconds between monitoring instances. The default value is 60.

host-mon-itvl seconds

Specify the number of seconds between monitoring hosts. The default value is 60.

ovd-mon-warn-pd seconds

Specify the number of seconds to consider monitoring overdue. The default value is 300.

mon-email-itvl seconds

Specify the number of seconds between monitoring alert emails. The default value is 60.

auto-cleanup-vtms setting

Select the required setting for auto cleanup of failed vTMs: off, self_registered_vtms, all_vtms.

Examples

amnesiac (config) # ssc settings monitoring update host-mon-itvl 360 mon-email-itvl 3600

Related Commands

show ssc settings monitoring

ssc settings monitoring update template-name

Updates Services Director monitoring settings based on a specified template.

Syntax

Parameters

name

Specify the template name.

cont-fail-period seconds

Specify the umber of seconds after which a Services Director is considered failed. The default value is 180 seconds.

ins-fail-period seconds

Specify the number of seconds after which an instance is considered failed. The default value is 180 seconds.

host-fail-period seconds

Specify the number of seconds after which a host is considered failed. The default value is 180 seconds.

ovd-mon-warn-pd seconds

Specify the number of seconds to consider monitoring overdue. The default value is 300 seconds.

ins-mon-itvl seconds

Specify the number of seconds between monitoring instances. The default value is 60 seconds.

cont-mon-itvl seconds

Specify the number of seconds between monitoring Services Directors. The default value is 60 seconds.

mon-email-itvl seconds

Specify the number of seconds between monitoring alert emails. The default value is 60 seconds.

host-mon-itvl seconds

Specify the number of seconds between monitoring hosts. The default value is 60 seconds.

Usage Guidelines

Examples

amnesiac (config) # ssc settings monitoring update template-name monitortemp1 host-mon-itvl 360 mon-email-itvl 360

Related Commands

show ssc settings monitoring

ssc settings security update

Updates Services Director security settings.

Syntax

ssc settings monitoring update [user_lockout_duration_minutes minutes] | [max_login_attempts max_login_attempts]

Parameters

user_lockout_duration_minutes minutes

Specify a suspension lockout duration (in minutes). If the max_login_attempts threshold limit is reached, the suspension duration lockout is applied. This has a default of 1 minute, and a maximum of 1440 minutes (equal to one day).

max_login_attempts max_login_attempts

Specify the maximum number of failed Services Director login attempts for a user. This has a default of zero, which indicates that there is no maximum.

Examples

amnesiac (config) # ssc settings security update max-login-attempts 3 user-lockout-duration 15
+-------------------------------+-------+
| Field | Value |
+-------------------------------+-------+
| user_lockout_duration_minutes | 15 |
| max_login_attempts | 3 |
+-------------------------------+-------+

Related Commands

show ssc settings security

ssc settings telemetry update enabled

Enables/Disables Services Director’s phone home telemetry feature.

When enabled, Services Director collects and exports phone home telemetry data to Pulse Secure.

Syntax

ssc settings telemetry update enabled [true | false]

Parameters

true

Enables the phone home telemetry feature.

false

Disables the phone home telemetry feature.

Examples

*** show phone home telemetry status ***

enable amnesiac (config) # show ssc settings telemetry

+--------------------+-----------------------------------------------------+

| Field | Value |

+--------------------+-----------------------------------------------------+

| destination | https://telemetry.cam.demo.com/product-feedback/1.0 |

| phone_home_enabled | False |

+--------------------+-----------------------------------------------------+

*** Enable phone home telemetry ***

enable amnesiac (config) # ssc settings telemetry update enabled true

+--------------------+-----------------------------------------------------+

| Field | Value |

+--------------------+-----------------------------------------------------+

| destination | https://telemetry.cam.demo.com/product-feedback/1.0 |

| phone_home_enabled | True |

+--------------------+-----------------------------------------------------+

*** Enable phone home telemetry ***

enable amnesiac (config) # ssc settings telemetry update enabled false

+--------------------+-----------------------------------------------------+

| Field | Value |

Lists Services Director SKUs.

Syntax

ssc sku list [show-all [true | false]

Usage Guidelines

By default, the list only includes SKUs that are compatible with your license.

If show-all is set to true, the list includes all SKUS, and not just those that are compatible with your license.

Examples

*** show SKUs compatible with your license (default) ***
amnesiac (config) # ssc sku list
+-------------+
| Sku |
+-------------+
| STM-200 |
| STM-SAF-400 |
| STM-100 |
| STM-400 |
| STM-SAF-300 |
| STM-300 |
+-------------+

*** show all SKUs, not just those that are compatible with your license ***
amnesiac (config) # ssc sku list show-all true
+----------------------------+
| Sku |
+----------------------------+
| BR-ADC-UTILM-WAFP1G-U-01 |
| BR-ADC-UTILM-WAFP3G-U-01 |
| BR-ADC-UTILM-WAFP400M-U-01 |
| BR-ADC-UTILM-WAFP50M-U-01 |
| BR-ADC-UTILM-WAFP5G-U-01 |
.
. (truncated list)
.
| ENT-ADVANCED |
| ENT-ENTERPRISE |
| ENT-WAFPROXY |
+----------------------------+

Related Commands

show ssc stm images, ssc feature-pack create fpname

ssc stm import-image file

Imports a vTM image.

Syntax

ssc stm import-image file filename-or-remote-location

Parameters

filename-or-remote-location

Specify the filename or the remote location of the Traffic Manager image, for example, http, ftp, or scp URL (scp://username:password@host/path/filename).

Examples

amnesiac (config) # ssc stm import-image file scp://[email protected]/ssc_archive/ZeusTM_97_Linux-x86_64.tgz

Related Commands

show ssc stm images

ssc stm import-lic

Imports the vTM Flexible Licensing Architecture (FLA) license.

Syntax

ssc stm import-lic local-license | [file remote-location license-name remote-license]

Parameters

local-license

Specify the filename of a locally-accessible license.

remote-location

Specify the remote location of the license, for example for example, http, ftp, or scp URL (scp://username:password@host/path/filename).

remote-license

Specify the filename of a remotely-accessible license.

Usage Guidelines

This command can be used to import a license either from a locally-accessible license file, or a remotely-accessible license file.

You must import the following files into the Services Director before you can create instances: SSL certificate and key, Services Director license, enterprise bandwidth license key, FLA license, and Traffic Manager image. If you have not received your license files, contact Ivanti Licensing for assistance.

Examples

*** local file import ***
amnesiac (config) # ssc stm import-lic license.txt

*** remote file import ***
amnesiac (config) # ssc stm import-lic file http://remote.example.com
license-name license.txt

Related Commands

show ssc stm images

ssc template copy source

Creates a copy of a template.

Syntax

ssc template copy source template-name destination new-name

Parameters

template-name

Specify the template source name.

destination new-name

Specify the new template name.

Examples

amnesiac (config) # ssc template copy source hosttemp1 destination hosttemp2

Related Commands

ssc template list

ssc template create template-name

Creates a template for Services Director resources. You use templates to save resource values for reuse later.

Syntax

ssc template create template-name name [arguments]

Usage Guidelines

This command must be used in conjunction with a Services Director CLI command (see below).

Create templates for resources with the predefined parameters for use later. The predefined parameters in the template are passed to the resource. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments) using the resource create and update commands.

To create a feature pack fp-1 without using the template:

ssc feature-pack create fpname fp-1 stm-sku STM-200 excluded 'ts comp'

To create a feature-pack template fptemp-1 :

ssc template create template-name fptemp-1 stm-sku STM-200 excluded 'ts comp'

To create a feature pack fp-2 by using template fptemp-1 :

ssc feature-pack create template-name fptemp-1 fpname fp-2 info test

Update the template fptemp-1 with new values:

ssc template update template-name fptemp-1 stm-sku STM-300

To show the updated template fptemp-1 :

Use the no template template-name <name> command option to disable the template.

Examples

amnesiac (config) # ssc template create template-name fptemp-1 stm-sku STM-200 excluded 'ts comp'

Related Commands

ssc template list

Lists Services Director templates.

Syntax

ssc template list

ssc user create template-name name user-name name password password

Parameters

name

Specify a unique name for the template.

name

Specify the user name. The default name is sscadmin.

password

Specify the password for the user.

Usage Guidelines

Creates users with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to create the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc user create template-name usertemp1 user-name test password test123

Related Commands

ssc user create user-name

Creates a Services Director user account.

Syntax

ssc user create user-name name password password

Parameters

name

Specify the user name. The default name is sscadmin.

password

Specify the password for the user.

Examples

amnesiac (config) # ssc user create user-name test password test123

Related Commands

ssc user update template-name

Updates user settings based on the specified template.

Syntax

ssc user update template-name name | [user-name name] | [active [Active | Inactive]] | [password password]

Parameters

name

Specify the template name.

name

Specify the user name. The default name is sscadmin.

active

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

password password

Specify the password for the user.

Usage Guidelines

Updates user settings with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc user update template-name usertemp1 user-name admin1

Related Commands

ssc user update user-name

Updates user template.

Syntax

ssc user update user-name name | [active [Active | Inactive] ] [password password]
[aws-access-key aws-key] [aws-secret-access-key aws-secret-key]

Parameters

name

Specify the user name. The default name is sscadmin.

active

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated once Inactive status has been specified.

password password

Specify the password for the user.

aws-key

Specify the access key for your AWS credentials.

aws-secret-key

Specify the secret access key for your AWS credentials.

Examples

amnesiac (config) # ssc user update user-name admin1 status Inactive

Related Commands

ssc version create template-name

Creates a vTM version based on a template.

Syntax

ssc version create template-name name vfilename name-of-version-tarball-file vdirectory name-of-directory-to-which-tarball-extracts | [info description]

Parameters

name

Specify a unique name for the template.

name-of-version-tarball-file

Specify the name of the Traffic Manager image.

name-of-directory-to-which-tarball-extracts

Specify the name of directory to which Traffic Manager image extracts; if none, specify the tarball name.

info description

Optionally, specify information about the template.

Usage Guidelines

Creates versions with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to create the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc version create template-name vtemp1 vfilename stm97 vdirectory ZeusTM_97_Linux-x86_64.tgz

Related Commands

ssc version create

Creates an version name for the vTM image or tarball.

Syntax

ssc version create version-name name vfilename name-of-version-tarball-file vdirectory directory-or-tarball-name | [info description]

Parameters

unique-name

Specify a unique name for the Traffic Manager image.

name-of-version-tarball-file

Specify the name of the Traffic Manager image.

directory-or-tarball-name

Specify the name of directory to which tarball extracts; if none, specify the tarball name.

info description

Optionally, specify a description of the image.

Usage Guidelines

Creates a version name for the Traffic Manager image or tarball.

Examples

amnesiac (config) # ssc version create version-name stm97 vfilename ZeusTM_97_Linux-x86_64.tgz

Related Commands

ssc version create, ssc version update template-name

ssc version list

Lists the vTM images.

Syntax

ssc version list

Examples

amnesiac (config) # ssc version list
+---------+
| Version |
+---------+
| stm97 |
+---------+

Related Commands

ssc version update template-name

Updates the version settings based on the specified template.

Syntax

Parameters

name

Specify the template name.

name-of-version-tarball-file

Specify the name of the Traffic Manager image.

vdirectory name-of-directory-to-which-tarball-extracts

Specify the name of directory to which Traffic Manager image extracts; if none, specify the tarball name.

status

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

info description

Optionally, specify a description of the template.

Usage Guidelines

Updates version settings with the parameters predefined in an existing template. The existing template is created by the ssc template create command. The predefined parameters in the existing template are passed to the resource to update the command. You have the option to replace or add extra parameters that exist in the specified template (that is, add extra arguments).

Examples

amnesiac (config) # ssc version update template-name vtemp1 status Inactive

Related Commands

ssc version update version-name

Updates the version.

Syntax

Parameters

name

Specify the version name.

name-of-version-tarball-file

Specify the name of the Traffic Manager image.

status [Active | Inactive]

Specify the status:

•Active: Activates a resource.

•Inactive: Deactivates a resource. A resource cannot be marked as Inactive if it is in use. The resource cannot be reactivated Inactive status has been specified.

info description

Optionally, specify a description of the template.

Examples

amnesiac (config) # ssc version update version-name stm97 status Inactive

Related Commands

ssc vtm-admin-ca list, ssc vtm-admin-ca update, show ssc vtm-admin-ca, ssc vtm-authenticator add ldap auth-name, ssc vtm-authenticator list, ssc vtm-authenticator update ldap auth-name

ssc vtm-admin-ca create

Creates a vTM CA certificate that is for use with a secure LDAP server authenticator.

Syntax

ssc vtm-admin-ca create admin-ca-name tag certificate-authority certificate-text

Parameters

tag

A unique name for the CA certificate.

certificate-text

The text of the CA certificate.

Examples

*** List all vTM CA certificates on Services Director ***
amnesiac (config) # ssc vtm-admin-ca list

+----------+----------------------------------+

| Name | Unique ID |

+----------+----------------------------------+

| VTM-CA-1 | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4 |

+----------+----------------------------------+

*** add a new certificate ***

amnesiac (config) # ssc vtm-admin-ca create admin-ca-name VTM-CA-2 certificate-authority "-----BEGIN CERTIFICATE----- ...<certificate body>... -----END CERTIFICATE----- >"

+----------------------------------------------+

| Created |

+----------------------------------------------+

| admin certificate authority VTM-CA-2 created |

+----------------------------------------------+

*** confirm creation ***

amnesiac (config) # ssc vtm-admin-ca list

+----------+----------------------------------+

| Name | Unique ID |

+----------+----------------------------------+

| VTM-CA-1 | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4 |

| VTM-CA-2 | VTM-Admin-CA-6J21-KKH3-VSAJ-3209 |

+----------+----------------------------------+

Related Commands

ssc vtm-admin-ca list

Lists all vTM CA certificate that are for use with a secure LDAP server authenticator.

Syntax

ssc vtm-admin-ca list

Examples

amnesiac (config) # ssc vtm-admin-ca list

+----------+----------------------------------+

| Name | Unique ID |

+----------+----------------------------------+

| VTM-CA-1 | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4 |

| VTM-CA-2 | VTM-Admin-CA-6J21-KKH3-VSAJ-3209 |

+----------+----------------------------------+

Related Commands

ssc vtm-admin-ca create, ssc vtm-admin-ca update, show ssc vtm-admin-ca, ssc vtm-authenticator add ldap auth-name, ssc vtm-authenticator list, ssc vtm-authenticator update ldap auth-name

ssc vtm-admin-ca update

Updates a vTM CA certificate that is for use with a secure LDAP server authenticator.

Syntax

ssc vtm-admin-ca create admin-ca-name tag certificate-authority certificate-text new-admin-ca-name new-tag

Parameters

tag

A unique name for the CA certificate.

certificate

The text of the CA certificate.

new-tag

A new unique name for the CA certificate.

Examples

*** list certificates ***

amnesiac (config) # ssc vtm-admin-ca list

+----------+----------------------------------+

| Name | Unique ID |

+----------+----------------------------------+

| VTM-CA-1 | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4 |

| VTM-CA-2 | VTM-Admin-CA-6J21-KKH3-VSAJ-3209 |

+----------+----------------------------------+

*** rename the CA-2 certificate ***

amnesiac (config) # ssc vtm-admin-ca update admin-ca-name VTM-CA-2 new-admin-ca-name V-LDP2

+------------------------------------------+

| Updated |

+------------------------------------------+

| admin certificate authority CA-2 updated |

+------------------------------------------+

*** confirm update ***

amnesiac (config) # ssc vtm-admin-ca list

+----------+----------------------------------+

| Name | Unique ID |

+----------+----------------------------------+

| VTM-CA-1 | VTM-Admin-CA-KBBH-G7LT-K6SK-B6N4 |

| V-LDP2 | VTM-Admin-CA-6J21-KKH3-VSAJ-3209 |

+----------+----------------------------------+

Related Commands

ssc vtm-admin-ca create, ssc vtm-admin-ca list, show ssc vtm-admin-ca, ssc vtm-authenticator add ldap auth-name, ssc vtm-authenticator list, ssc vtm-authenticator update ldap auth-name

ssc vtm-authenticator add ldap auth-name

Adds an LDAP-based vTM authenticator. This can be either secure on non-secure.

Syntax

ssc vtm-authenticator add ldap auth-name authenticator-name server server dn-method method filter filter base-dn base-DN fallback-group fallback-group port port timeout timeout-period group-attribute group-attribute group-field group-field bind-dn bind-DN group-filter group-filter ssl ssl [search-dn search-DN search-password password]

Parameters

authenticator-name

Specify a name for the LDAP vTM authenticator.

server

Specify the IP address or hostname of the LDAP server.

method

Specify how the bind DN for a user will be derived. Either:

•construct: the bind DN for a user can be constructed from a known string, (see <bind-DN>)

•search: the bind DN for a user can be searched for in the directory. This is necessary if you have users under different directory paths.

filter

Specify a filter that uniquely identifies a user located under the Base DN.

The string "%u" will be substituted with the username. For example:

•Active Directory: "sAMAccountName=%u"

•Unix LDAP: "uid=%u"

base-DN

Specify the base DN (Distinguished Name) for directory searches.

fallback-group

port

Specify the port used to connect to the LDAP server.

timeout-period

Specify the timeout period (in seconds) for a connection to the LDAP server.

group-attribute

Specify the LDAP attribute that gives a user's group. For example: "memberOf". If multiple values are returned by the LDAP server, the first valid one will be used.

group-field

bind-DN

Specify a template to construct the bind DN from the username. This is only used when <method> is "construct". The string "%u" is replaced by the username. For example:

show ssc vtm-authenticator, ssc vtm-authenticator list, ssc vtm-authenticator update ldap auth-name

•"cn=%u,dn=mycompany,dn=local"

group-filter

Specify an alternative group search filter. This is only used when the user record returned by the LDAP filter does not contain the required group information.

This will typically be required if you have Unix/POSIX-style user records. If multiple records are returned the list of group names will be extracted from all of them.

The string "%u" will be replaced by the username. For example:

•"(&(memberUid=%u)(objectClass=posixGroup))"

ssl

(Optional) Select the required LDAP security type:

•none. Select this if your LDAP server does not support secure connections.

•starttls. Select this if your LDAP server supports STARTTLS secure connections. You must ensure that a matching CA certificate is present to use this option.

•ldaps. Select this if your LDAP server supports LDAPS secure connections. You must ensure that a matching CA certificate is present to use this option.

search-DN

search-password

Specify the password for the search-DN.

Usage Guidelines

Use the no ssc vtm-authenticator auth-name command to delete an authenticator.

You cannot delete a vTM authenticator that is associated with an access profile.

Examples

*** create an LDAP authenticator ***
amnesiac (config) # ssc vtm-authenticator add ldap auth-name "LDAP Server 2" server 10.62.169.170 dn-method "construct" filter "sAMAccountName=%u" base-dn "OU=users, DC=tekton, DC=local" fallback-group admin port 389 timeout 30 group-attribute "memberOf" group-field "CN" bind-dn "%[email protected]" group-filter "(&(memberUid=%u)(objectClass=posixGroup)) ssl starttls"
+-----------------------------------------+
| Created |
+-----------------------------------------+
| vTM Authenticator LDAP Server 2 created |
+-----------------------------------------+

*** delete an authenticator ***
amnesiac (config) # no ssc vtm-authenticator auth-name "LDAP Server 2"
+-----------------------------------------+
| Deleted |
+-----------------------------------------+
| vTM Authenticator LDAP Server 2 deleted |
+-----------------------------------------+

Related Commands

ssc vtm-authenticator add radius auth-name

Adds a RADIUS-based vTM authenticator.

Syntax

ssc vtm-authenticator add radius auth-name authenticator-name server server fallback-group fallback-group port port timeout timeout-period group-attribute group-attribute group-vendor group-vendor secret secret nas-identifier NAS-identifier nas-ip-address NAS-ip-address

Parameters

authenticator-name

Specify a name for the RADIUS vTM authenticator.

server

Specify the IP address or hostname of the RADIUS server.

fallback-group

Specify a permission group. For example, "admin". If no group is found using the vendor and group identifiers, or the group found is not valid, the permission group specified here will be used.

port

Specify the port used to connect to the RADIUS server.

timeout-period

Specify the timeout period (in seconds) for a connection to the RADIUS server.

group-attribute

Specify the RADIUS identifier for the attribute that specifies an account's group. May be left blank if <fallback-group> is specified.

group-vendor

Specify the RADIUS identifier for the vendor of the RADIUS attribute that specifies an account's group. Leave blank if using a standard attribute such as Filter-Id.

secret

Specify the secret key shared with the RADIUS server.

NAS-identifier

NAS-ip-address

Specify the identifying IP Address of the NAS which is requesting authentication of the user. This value is sent to the RADIUS server.

Usage Guidelines

Use the no ssc vtm-authenticator auth-name command to delete an authenticator.

You cannot delete a vTM authenticator that is associated with an access profile.

Examples

*** create a RADIUS authenticator ***
amnesiac (config) # ssc vtm-authenticator add radius auth-name "RADIUS Server 2" server 10.62.167.193 fallback-group admin port 1812 timeout 30 group-attribute 1 group-vendor 1476 secret * nas-identifier "Internal RADIUS" nas-ip-address 127.0.0.1
+-------------------------------------------+
| Created |
+-------------------------------------------+
| vTM Authenticator RADIUS Server 2 created |
+-------------------------------------------+

*** delete an authenticator ***
amnesiac (config) # no ssc vtm-authenticator auth-name "RADIUS Server 2"
+-------------------------------------------+
| Deleted |
+-------------------------------------------+
| vTM Authenticator RADIUS Server 2 deleted |
+-------------------------------------------+

Related Commands

show ssc vtm-authenticator, ssc vtm-authenticator list, ssc vtm-authenticator update radius auth-name

ssc vtm-authenticator add tacacs_plus auth-name

Adds a TACACS+-based vTM authenticator.

Syntax

ssc vtm-authenticator add tacacs-plus auth-name authenticator-name server server auth-type [pap | ascii] fallback-group fallback-group port port timeout timeout-period group-field group-field group-service group-service secret secret

Parameters

authenticator-name

Specify a name for the TACACS+ vTM authenticator on the Services Director.

server

Specify the IP address or hostname of the TACACS+ server.

auth-type

Specify the TACACS+ authentication type, either PAP or ACSII.

fallback-group

port

Specify the port used to connect to the TACACS+ server.

timeout-period

Specify the timeout period (in seconds) for a connection to the TACACS+ server.

group-field

Specify the TACACS+ "service" field that provides each user's group.

group-service

Specify the TACACS+ "service" that identifies a user's group field.

secret

Specify the secret key shared with the TACACS+ server.

Usage Guidelines

Use the no ssc vtm-authenticator auth-name command to delete an authenticator.

You cannot delete a vTM authenticator that is associated with an access profile.

Examples

*** create a TACACS+ authenticator ***
amnesiac (config) # ssc vtm-authenticator add tacacs-plus auth-name "TACACS+ Server 2" server 10.62.167.198 auth-type pap fallback-group admin port 49 timeout 30 group-field permission-group group-service "Hoobland" secret "tacacs_plus_secret"
+--------------------------------------------+
| Created |
+--------------------------------------------+
| vTM Authenticator TACACS+ Server 2 created |
+--------------------------------------------+

*** delete an authenticator ***
amnesiac (config) # no ssc vtm-authenticator auth-name "TACACS+ Server 2"
+--------------------------------------------+
| Deleted |
+--------------------------------------------+
| vTM Authenticator TACACS+ Server 2 deleted |
+--------------------------------------------+

Related Commands

show ssc vtm-authenticator, ssc vtm-authenticator list, ssc vtm-authenticator update tacacs_plus auth-name

ssc vtm-authenticator list

Lists all defined vTM authenticators.

Syntax

ssc vtm-authenticator list

Examples

| Secure LDAP | Authenticator-J82I-2237-GR9R-ADCB |

Related Commands

show ssc vtm-authenticator, ssc vtm-admin-ca create, ssc vtm-authenticator add radius auth-name, ssc vtm-authenticator add tacacs_plus auth-name, ssc vtm-authenticator update ldap auth-name, ssc vtm-authenticator update radius auth-name, ssc vtm-authenticator update tacacs_plus auth-name

ssc vtm-authenticator update ldap auth-name

Updates an LDAP-based vTM authenticator.

Syntax

Parameters

authenticator-name

Specify the name of the LDAP vTM authenticator.

server

Specify the IP address or hostname of the LDAP server.

method

Specify how the bind DN for a user will be derived. Either:

•construct: the bind DN for a user can be constructed from a known string, (see <bind-DN>) or

•search: the bind DN for a user can be searched for in the directory. This is necessary if you have users under different directory paths.

filter

Specify a filter that uniquely identifies a user located under the Base DN.

The string "%u" will be substituted with the username. For example:

•Active Directory: "sAMAccountName=%u"

•Unix LDAP: "uid=%u"

base-DN

Specify the base DN (Distinguished Name) for directory searches.

fallback-group

port

Specify the port used to connect to the LDAP server.

timeout-period

Specify the timeout period (in seconds) for a connection to the LDAP server.

group-attribute

Specify the LDAP attribute that gives a user's group. For example: "memberOf". If multiple values are returned by the LDAP server, the first valid one will be used.

group-field

bind-DN

Specify a template to construct the bind DN from the username. This is only used when <method> is "construct". The string "%u" is replaced by the username. For example:

show ssc vtm-authenticator, ssc vtm-admin-ca create, ssc vtm-authenticator list

•"cn=%u,dn=mycompany,dn=local"

group-filter

Specify an alternative group search filter. This is only used when the user record returned by the LDAP filter does not contain the required group information.

This will typically be required if you have Unix/POSIX-style user records. If multiple records are returned the list of group names will be extracted from all of them.

The string "%u" will be replaced by the username. For example:

•"(&(memberUid=%u)(objectClass=posixGroup))"

ssl

(Optional) Select the required LDAP security type:

•none. Select this if your LDAP server does not support secure connections.

•starttls. Select this if your LDAP server supports STARTTLS secure connections. You must ensure that a matching CA certificate is present to use this option.

•ldaps. Select this if your LDAP server supports LDAPS secure connections. You must ensure that a matching CA certificate is present to use this option.

search-DN

search-password

Specify the password for the search-DN.

Examples

amnesiac (config) # ssc vtm-authenticator update ldap auth-name "LDAP Server" server 10.62.169.170 dn-method construct filter "sAMAccountName=%u" base-dn "OU=users, DC=tekton, DC=local" fallback-group admin port 389 timeout 20 group-attribute "memberOf" group-field "CN" bind-dn "%[email protected]" group-filter "(&(memberUid=%u)(objectClass=posixGroup))"
+------------------------------------------+
| Modified |
+------------------------------------------+
| vTM Authenticator LDAP Server modified |
+------------------------------------------+

Related Commands

ssc vtm-authenticator update radius auth-name

Updates a RADIUS-based vTM authenticator.

Syntax

Parameters

authenticator-name

Specify the name of the RADIUS vTM authenticator.

server

Specify the IP address or hostname of the RADIUS server.

fallback-group

Specify a permission group. For example, "admin". If no group is found using the vendor and group identifiers, or the group found is not valid, the permission group specified here will be used.

port

Specify the port used to connect to the RADIUS server.

timeout-period

Specify the timeout period (in seconds) for a connection to the RADIUS server.

group-attribute

Specify the RADIUS identifier for the attribute that specifies an account's group. May be left blank if <fallback-group> is specified.

group-vendor

Specify the RADIUS identifier for the vendor of the RADIUS attribute that specifies an account's group. Leave blank if using a standard attribute such as Filter-Id.

secret

Specify the secret key shared with the RADIUS server.

NAS-identifier

NAS-ip-address

Specify the identifying IP Address of the NAS which is requesting authentication of the user. This value is sent to the RADIUS server.

Examples

amnesiac (config) # ssc vtm-authenticator update radius auth-name "RADIUS Server" server 10.62.167.193 fallback-group admin port 1812 timeout 30 group-attribute 1 group-vendor 1476 secret "radius_secret" nas-identifier "Internal RADIUS" nas-ip-address 127.0.0.1
+--------------------------------------------+
| Modified |
+--------------------------------------------+
| vTM Authenticator RADIUS Server modified |
+--------------------------------------------+

Related Commands

show ssc vtm-authenticator, ssc vtm-authenticator add radius auth-name, ssc vtm-authenticator list

ssc vtm-authenticator update tacacs_plus auth-name

Updates a TACACS+-based vTM authenticator.

Syntax

Parameters

authenticator-name

Specify the name of the TACACS+ vTM authenticator.

server

Specify the IP address or hostname of the TACACS+ server.

auth-type

Specify the TACACS+ authentication type, either PAP or ACSII.

fallback-group

port

Specify the port used to connect to the TACACS+ server.

timeout-period

Specify the timeout period (in seconds) for a connection to the TACACS+ server.

group-field

Specify the TACACS+ "service" field that provides each user's group.

group-service

Specify the TACACS+ "service" that identifies a user's group field.

secret

Specify the secret key shared with the TACACS+ server.

Examples

amnesiac (config) # ssc vtm-authenticator update tacacs-plus auth-name "TACACS+ Server" server 10.62.167.198 auth-type pap fallback-group admin port 49 timeout 30 group-field permission-group group-service "Hoobland" secret "tacacs_plus_secret"
+---------------------------------------------+
| Modified |
+---------------------------------------------+
| vTM Authenticator TACACS+ Server 2 modified |
+---------------------------------------------+

Related Commands

show ssc vtm-authenticator, ssc vtm-authenticator add tacacs_plus auth-name, ssc vtm-authenticator list

ssc vtm-permission-group create pg-name

Creates a vTM permission group for user authentication.

Syntax

ssc vtm-permission-group create pg-name pg-name [description description] [timeout timeout-period]

Parameters

pg-name

Specify a name for the vTM permission group.

description

Optionally, specify a description of the permission group.

timeout-period

Optionally, specify a timeout period (in minutes).

If this is not specified, it defaults to 30.

Usage Guidelines

This command creates the group, but does not support the setting of permissions. To set access levels for activities, see ssh server allowed-ciphers.

Use the no ssc vtm-permission-group pg-name command to delete a permission group.

You cannot delete a permission group that is associated with an access profile.

Examples

amnesiac (config) # ssc vtm-permission-group create pg-name Statistics description "RO subset of monitoring" timeout 30
+-------------------------------------+
| Created |
+-------------------------------------+
| permission group Statistics created |
+-------------------------------------+

*** delete the Statistics permission group ***
amnesiac (config) # no ssc vtm-permission-group pg-name Statistics
+-------------------------------------+
| Deleted |
+-------------------------------------+
| permission group Statistics deleted |
+-------------------------------------+

Related Commands

show ssc vtm-permission-group, ssc vtm-permission-group list, ssc vtm-permission-group update pg-name

ssc vtm-permission-group list

Lists all defined vTM permission groups.

Syntax

ssc vtm-permission-group list

Examples

Related Commands

show ssc vtm-permission-group, ssc vtm-permission-group create pg-name, ssc vtm-permission-group update pg-name

ssc vtm-permission-group update pg-name

Updates a vTM permission group for user authentication.

Syntax

ssc vtm-permission-group update permission-group-name pg-name [new-pg-name new-gp-name] [description description] [timeout timeout-period] [[remove] permission permission access access]

Parameters

pg-name

Specify a name for the vTM permission group.

new-pg-name

Optionally, specify a new name for the permission group.

description

Optionally, specify a description of the permission group.

timeout-period

Optionally, specify a timeout period (in minutes).

If this is not specified, it defaults to 30.

remove

Include this to remove the specified permission instead of adding it.

permission

The permission for which the access is to be set.

access

The required access (none, ro, full) for the permission.

Usage Guidelines

This command includes support for setting access levels for specific activities.

There are four default permission groups (admin, Demo, Monitoring and Guest), and you can create additional permission groups, see ssc vtm-permission-group list.

Each permission supports the following access levels: none, ro (read-only), full.

Where a permission branch node is specified as the permission, all of its leaf nodes will share the specified access level.

Where all permissions require the same access level, the permission "all" can be used. The admin permission group has this setting by default.

Examples

*** update the permission group ***
amnesiac (config) # ssc vtm-permission-group update pg-name my_pg permission Pools access full
+--------------------------------+
| Updated |
+--------------------------------+
| permission group my_pg updated |
+--------------------------------+

*** display changes ***
amnesiac (config) # show ssc vtm-permission-group pg-name my_pg
+--------------+---------------------------------------------------+--------+
| Parameter | Value | |
+--------------+---------------------------------------------------+--------+
| Name | my_pg | |
| Unique Name | Permission-Group-XIG4-FUQT-YAWN-H2JF | |
| Description | | |
| Timeout | 30 | |
| Permissions: | ------------------------------------------------- | ------ |
| | Permission String | Access |
| | ------------------------------------------------- | ------ |
| | Connections | full |
| | Connections!Details | full |
| | Draining | none |
| | Log_Viewer | none |
| | Log_Viewer!View | none |
| | Map | none |
| | Monitoring | none |
| | Monitoring!Edit | none |
| | Pools | full |
| | Pools!Edit | full |
| | Pools!Edit!Autoscaling | full |
| | Pools!Edit!Bandwidth | full |
| | Pools!Edit!Connection_Management | full |
| | Pools!Edit!DNSAutoscaling | full |
| | Pools!Edit!Kerberos_Protocol_Transition | full |
| | Pools!Edit!Load_Balancing | full |
| | Pools!Edit!Monitors | full |
| | Pools!Edit!Persistence | full |
| | Pools!Edit!SSL | full |
| | Request_Logs | none |
| | Statd | none |
| | Web_Cache | none |
| | Web_Cache!Clear | none |
+--------------+---------------------------------------------------+--------+

Related Commands

show ssc vtm-permission-group, ssc vtm-permission-group create pg-name, ssc vtm-permission-group list

ssh server allowed-ciphers

Sets the list of allowed ciphers for ssh server.

Syntax

[no] ssh server allowed-ciphers ciphers

Parameters

ciphers

Specify cipher or comma separated list of ciphers, in quotation marks. Default ciphers configured are aes128-ctr, aes192-ctr, and aes256-ctr.

Supported ciphers are:

•aes128cbc

•3descbc

•blowfishcbc

•cast128cbc

•arcfour

•aes192cbc

•aes256cbc

•aes128ctr

•aes192ctr

Adds one or more interfaces to the SSH server access restriction list (thus, it unblocks requests on the specified interface).

Syntax

[no] ssh server listen interface interface

Parameters

interface

Specify the interface: primary, aux, inpath0_0, inpath0_1, rios_lan0_0, rios_wan0_0

Usage Guidelines

If the list of interfaces is empty, none of the interfaces respond to the queries. If the list of interfaces has at least one entry, then the server listens on that subset of interfaces.

Examples

amnesiac (config) # ssh server listen interface primary

Related Commands

show ssc server

ssh server port

Sets a port for SSH access.

Syntax

[no] ssh server port port

Parameters

port

Specify a port for SSH access.

[no] tcpdump stop-trigger enable

Usage Guidelines

There is a limit to the amount of TCP dump data the system can collect. After a problem has occurred, the TCP dump buffer could have rotated, overwriting the information about the problem. This command enables a trigger that stops a continuous TCP dump after a specific log event occurs. This enables you to troubleshoot issues and isolate the TCP dump data specific to a problem.

The no version of the command disables the TCP dump stop-trigger process.

Examples

amnesiac (config) # tcpdump stop-trigger regex ntp
amnesiac (config) # tcpdump stop-trigger delay 20
amnesiac (config) # tcpdump stop-trigger enable

Related Commands

tcpdump stop-trigger delay, tcpdump stop-trigger regex, tcpdump stop-trigger restart

tcpdump stop-trigger regex

Sets the regular expression that triggers the stopping of TCP dumps.

Syntax

tcpdump stop-trigger regex regex

Parameters

regex

Specify a PERL regular expression to match. RiOS compares the PERL regular expression against each entry made to the system logs. The system matches on a per-line basis.

Usage Guidelines

Use the tcpdump stop-trigger regex command to configure a regular expression that represents a condition that, when matched, stops all running TCP dumps. After this match is found, all TCP dump sessions are stopped after the delay configured by the tcpdump stop-trigger delay command.

Examples

In the following example, RiOS searches for the pattern ntp in the system logs. The system waits 20 seconds after there is a match and then stops all TCP dumps that are still running.

amnesiac (config) # tcpdump stop-trigger regex ntp
amnesiac (config) # tcpdump stop-trigger delay 20
amnesiac (config) # tcpdump stop-trigger enable

Related Commands

tcpdump stop-trigger delay, tcpdump stop-trigger enable, tcpdump stop-trigger restart

tcpdump stop-trigger restart

Restarts the TCP dump stop-trigger process.

Syntax

tcpdump stop-trigger restart

Usage Guidelines

If you change the regular expression or delay, use the tcpdump stop-trigger restart command to restart the stop-trigger process.

Examples

amnesiac (config) # tcpdump stop-trigger regex ntp
amnesiac (config) # tcpdump stop-trigger delay 50
amnesiac (config) # tcpdump stop-trigger enable
amnesiac (config) # tcpdump stop-trigger restart

Related Commands

tcpdump stop-trigger delay, tcpdump stop-trigger enable, tcpdump stop-trigger regex

tcpdump-x all-interfaces

Configures a list of all interfaces for a TCP dump capture.

Syntax

[no] tcpdump-x all-interfaces [capture-name capture-name] continuous | | buffer-size size-in-KB | duration seconds [schedule-time HH:MM:SS [schedule-date YYYY/MM/DD]] | [rotate-count num-files] | [snaplength snaplength] | [sip src-addr] | [dip dst-addr] | [sport src-port] | [dport dst-port] | [dot1q {tagged | untagged | both}] | [ip6] | [custom custom-param] | [file-size megabytes]

Parameters

capture-name capture-name

Specify a capture name to help you identify the TCP Dump. The default filename uses the following format:

<hostname>_<interface>_<timestamp>.cap

Where hostname is the hostname of the appliance, interface is the name of the interface selected for the trace (for example, lan0_0, wan0_0), and timestamp is in the YYYY-MM-DD-HH-MM-SS format.

The cap file extension is not included with the filename when it appears in the capture queue.

continuous

Start a continuous capture.

buffer-size size-in-KB

Specify the size in KB for all packets.

duration seconds

Specify the run time for the capture in seconds. The default is 30 seconds.

schedule-time HH:MM:SS

Specify a time to initiate the trace dump in the following format: HH:MM:SS.

schedule-date YYYY/MM/DD

Specify a date to initiate the trace dump in the following format: YYYY/MM/DD

rotate-count num-files

Specify the number of files to rotate.

snaplength snaplength

Specify the snap length value for the trace dump. The default value is 1518. Specify 0 for a full packet capture (recommended for CIFS, MAPI, and SSL traces).

sip src-addr

Specify a comma-separated list of source IP addresses. The default setting is all IP addresses.

dip dst-addr

Specify a comma-separated list of destination IP addresses. The default setting is all IP addresses.

sport src-port

Specify a comma-separated list of source ports. The default setting is all ports.

dport dst-port

Specify a comma-separated list of destination ports. The default setting is all ports.

dot1q

Specify one of the following to filter dot1q packets:

•tagged: Capture only tagged traffic.

•untagged: Capture only untagged traffic.

•both: Capture all traffic.

Do not use the sip, dip, sport, dport and custom parameters together when using the dot1q both option. Use the tcpdump command instead to capture this information.

For detailed information about dot1q VLAN tunneling, see your networking equipment documentation.

ip6

Specify IPv6 packets for packet capture.

custom custom-param

Specify custom parameters (flags) for packet capture. You need to enclose the customer parameter in quotes if it contains more than one word.

file-size megabytes

Specify the file size of the capture in megabytes.

Usage Guidelines

You can capture and retrieve multiple TCP trace dumps. You can generate trace dumps from multiple interfaces at the same time and you can schedule a specific date and time to generate a trace dump.

Examples

The following example starts a continuous capture for a file named tcpdumpexample with a duration of 120 seconds:

amnesiac (config) # tcpdump-x all-interfaces capture-name tcpdumpexample continuous duration 120

The following example captures untagged traffic on destination port 7850 and ARP packets:

amnesiac (config) # tcpdump-x all-interfaces dot1q untagged dport 7850 custom "and arp"

The following example captures VLAN tagged traffic for host 10.11.0.6 and ARP packets:

amnesiac (config) # tcpdump-x all-interfaces dot1q tagged sip 10.11.0.6 custom "or arp"

The following example captures tagged ARP packets only:

amnesiac (config) # tcpdump-x all-interfaces dot1q tagged custom "and arp"

The following example captures untagged ARP packets only:

amnesiac (config) # tcpdump-x all-interfaces dot1q untagged custom "and arp"

Related Commands

show tcpdump-x, tcpdump

tcpdump-x capture-name stop

Stops the specified TCP dump capture.

Syntax

[no] tcpdump-x capture-name capture-name stop

Parameters

capture-name

Specify the capture name to stop.

Examples

amnesiac (config) # tcpdump-x capture-name example stop

Related Commands

show tcpdump-x, tcpdump

tcpdump-x interfaces

Configures a comma-separated list of interfaces to capture in the background.

Syntax

[no] tcpdump-x interfaces interface-name continuous | duration seconds [schedule-time HH:MM:SS [schedule-date YYYY/MM/DD]] | [rotate-count num-files] | [snaplength snaplength] | [sip src-addr] | [dip dst-addr] | [sport src-port] [dport dst-port] | [dot1q {tagged | untagged | both}] [ip6] | [custom custom-param] | [file-size megabytes]

Parameters

interface-name

Specify a comma-separated list of interfaces: primary, aux, lan0_0, wan0_0

continuous

Start a continuous capture.

duration seconds

Specify the run time for the capture in seconds.

schedule-time HH:MM:SS

Specify a time to initiate the trace dump in the following format: HH:MM:SS

schedule-date YYYY/MM/DD

Specify a date to initiate the trace dump in the following format: YYYY/MM/DD

rotate-count num-files

Specify the number of files to rotate.

snaplength snaplength

Specify the snap length value for the trace dump. The default value is 1518. Specify 0 for a full packet capture (recommended for CIFS, MAPI, and SSL traces).

sip src-addr

Specify the source IP addresses. The default setting is all IP addresses.

dip dst-addr

Specify a comma-separated list of destination IP addresses. The default setting is all IP addresses.

sport src-port

Specify a comma-separated list of source ports. The default setting is all ports.

dport dst-port

Specify a comma-separated list of destination ports. The default setting is all ports.

dot1q

Specify one of the following to filter dot1q packets:

•tagged: Capture only tagged traffic.

•untagged: Capture only untagged traffic.

•both: Capture all traffic.

Do not use the sip, dip, sport, dport and custom parameters together when using the dot1q both option. Use the tcpdump command to capture this information.

For detailed information about dot1q VLAN tunneling, see your networking equipment documentation.

ip6

Specify IPv6 packets for packet capture.

custom custom-param

Specify custom parameters (flags) for packet capture.

file-size megabytes

Specify the file size of the capture in megabytes.

Examples

amnesiac (config) # tcpdump-x interfaces inpath0_0 continuous
amnesiac (config) # tcpdump-x interfaces aux ip6 sip 2003::5

Related Commands

show tcpdump-x, tcpdump

telnet-server enable

Enables you to access the CLI using telnet. This feature is disabled by default.

Syntax

Specify the new password. The password must be at least 6 characters.

old-password cleartext

Specify the old password.

Usage Guidelines

The password is entered in cleartext format on the command line.

The old-password option allows you to check the minimum character difference between the old and new passwords under account control management.

Examples

amnesiac (config) # username admin password xyzzzZ

Related Commands

ssh client generate identity user

username password 0

Sets the password for the specified user.

Syntax

username userid password 0 cleartext-password

Parameters

userid

Specify the user login: admin or monitor.

cleartext-password

Specify the password. The password must be at least 6 characters.

Usage Guidelines

The password is entered in cleartext format on the command line.

Examples

amnesiac (config) # username admin password 0 xyzzzZ

Related Commands

ssh client generate identity user

username password 7

Sets the password for the specified user using the encrypted format of the password. Use this command if it becomes necessary to restore your appliance configuration, including the password.

Syntax

username userid password 7 encrypted-password

Parameters

userid

Specify the user login: admin or monitor.

encrypted-password

Specify the encrypted password. The password must be at least 6 characters.

Usage Guidelines

Use this command to restore your password using an encrypted version of the password. You can display the encrypted version of the password using the show running configuration command.

For example, executing username monitor password awesomepass results in the following line being added to the running configuration file:

username monitor password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/

If you need to restore your password in the future, you would paste:

username monitor password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/

in the CLI, to restore your monitor password to awesomepass.

Examples

amnesiac (config) # username admin password 7 $1$f2Azp8N8$n0oy6Y1KhCfuMo93f24ku/

Related Commands

ssh client generate identity user

web auto-logout

Sets the number of minutes before the Management Console automatically logs out the user.

Syntax

[no] web auto-logout minutes

Parameters

minutes

Specify the number of minutes before the system automatically logs out the user. The default value is 15 minutes.

[no] web httpd listen enable

Usage Guidelines

Usage Guidelines

The no command option disables Web log-format.

Examples

amnesiac (config) # web httpd log-format "%h %l %u %t \"%r\" %>s %b"

Related Commands

web https enable

Enables HTTPS access to the Web-based management console.

ip-addr

Specify the IP address for the host.

port port

Specify the port for the host.

user-cred

Optionally, specify the user credentials for the autolicensing feature:

•username username: Specify the user name.

•password password: Specify the password, in cleartext format.

authtype authentication-type

Optionally, specify the authentication type:

•basic: Authenticates user credentials by requesting a valid user name and password. This is the default setting.

•digest: Provides the same functionality as basic authentication; however, digest authentication improves security because the system sends the user credentials across the network as a Message Digest 5 (MD5) hash.

•ntlm: Authenticates user credentials based on an authentication challenge and response.

Usage Guidelines

Use this command to enable the appliance to use a Web proxy to contact the Ivanti licensing portal and fetch licenses in a secure environment. You can optionally require user credentials to communicate with the Web proxy for use with the autolicensing feature. You can specify the method used to authenticate and negotiate these user credentials.

The no command option resets the Web proxy settings to the default behavior. Web proxy access is disabled by default.

RiOS supports the following proxies: Squid, Blue Coat Proxy SG, Microsoft WebSense, and McAfee Web Gateway.

Examples

amnesiac (config) # web proxy host 10.1.2.1 port 1220

Related Commands

web rest-server enable

Enables the REST (REpresentational State Transfer) server.

Syntax

[no] web rest-server enable

Usage Guidelines

The no command disables the REST server.

Examples

amnesiac (config) # web rest-server enable

Related Commands

web session renewal

Sets the session renewal time. This is the time before the Web session time-out. If a Web request comes in, it automatically renews the session.

Syntax

[no] web session renewal minutes

Parameters

minutes

Specify the number of minutes. The default value is 10 minutes.

Usage Guidelines

The no command option resets the session renewal time to the default value.

Examples

amnesiac (config) # web session renewal 5

Related Commands

web session timeout

Sets the session time-out value. This is the amount of time the cookie is active.

Syntax

[no] web session timeout minutes

Parameters

Syntax

[no] web soap-server port port

Parameters

port

Specify the port.

Usage Guidelines

The no command option disables this setting.

Examples

amnesiac (config) # web soap-server port 1234

Related Commands

web ssl cert generate

Generates a new SSL key and self-signed certificate.

Syntax

Parameters

key-size

Specify the key size.

country string

Specify the certificate two-letter country code. The country code can be any two-letter code, such as the ISO 3166 Country Codes, as long as the appropriate Certificate Authority can verify the code.

email email-address

Specify the email address of the contact person.

locality string

Specify the city.

org string

Specify the organization.

org-unit string

Specify the organization unit (for example, the company).

state string

Specify the state. You cannot use abbreviations.

valid-days integer

Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years.

Examples

amnesiac (config) # web ssl cert generate

Related Commands

show web ssl cert

web ssl cert generate-csr

Generates a certificate signing request with current private key.

Syntax

web ssl cert generate-csr [common-name name] [country string] [email email-address] [locality string] [org string] [org-unit string] [state string]

Parameters

common-name name

Specify the common name of the certificate authority.

country string

Specify the certificate two-letter country code. The country code can be any two-letter code, such as the ISO 3166 Country Codes, as long as the appropriate Certificate Authority can verify the code.

email email-address

Specify the email address of the contact person.

locality string

Specify the city.

org string

Specify the organization.

org-unit string

Specify the organization unit (for example, the company).

state string

Specify the state. You cannot use abbreviations.

valid-days int

Specify how many days the certificate is valid. If you omit valid-days, the default is 2 years.

Usage Guidelines

This command is available on the Interceptor appliance starting in version 4.0.

Examples

amnesiac (config) # web ssl cert generate-csr

Related Commands

show web ssl cert

web ssl cert import-cert

Imports a certificate, optionally with current private key, in PEM format, and optionally a password.

Syntax

web ssl cert import-cert cert-data import-key key [password password]

Parameters

import-cert cert-data

Specify the text of the certificate file in PEM format.

import-key key

Specify the text of the private key in PEM format.

password password

Optionally, specify a password.

Usage Guidelines

If no key is specified the incoming certificate is matched with the existing private key, and accepted if the two match. A password is required if imported certificate data is encrypted.

Examples

amnesiac (config) # web ssl cert import-cert <cert-text> import-key <key-text>

Related Commands

show web ssl cert

web ssl cert import-cert-key

Imports a certificate with current private key in PEM format.

Syntax

web ssl cert import-cert-key cert-key-data [password password]

Parameters

import-cert-key cert-key-data