Installation Guide Session Monitor Suite Release 3.3.0
Installation Guide Session Monitor Suite Release 3.3.0 Session Monitor Suite 3.3.0 / Installation Guide 1 Notices Copyright © 2006, 2013, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are “commercial computer software” pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third- party content, products, or services. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 2 / 61 Session Monitor Suite 3.3.0 / Installation Guide 2 Preface The manual is addressed mainly to the person or the team that installs and maintains the Session Monitoring Suite product, formerly known as Palladion. It covers the installation and the initial configuration of the Palladion system. It walks you through selecting the hardware needed, using the Palladion Installer images to do the software installation, and using the Platform Setup Application for the initial configuration. 2.1 Palladion architecture The Palladion solution works by capturing the traffic from your network, correlating it in real time, and storing it in indexed formats so that they are available for the various reports offered by the web interface. A multi-layered architecture ensures the scalability, the reliability and the cost-effectiveness of the solution. Figure: Palladion architecture The architecture has three layers: © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 3 / 61 • The Probe layer is responsible for capturing the traffic from the network and performing the Media Quality analysis. The Probes send meta-data for each of the signaling messages to the upper layer and analyze the RTP streams locally, sending the results of this analysis to the upper layer. • The Mediation Engine (ME) layer is responsible for understanding in real-time the traffic received, correlating it, and storing it for future reference. This layer is also responsible for measuring, managing and storing the KPIs. In the common case, there is one ME per geographical site. It is possible, however, to have the probes from multiple geographical sites sending the traffic to a single ME. It is also possible to have multiple ME installations in the same geographical site. • The Aggregation Engine (AE) layer is responsible for aggregating the global KPIs, for on-demand correlation of calls passing multiple geographical sites, and for the global search features. In a typical setup, there is only one AE for the whole network. Each of the three layers supports High-Availability by deploying two identical servers in Active-Passive or Active-Active modes of operation. For small setups, it is possible to run the Probe layer and the ME layer on the same physical hardware. The AE layer always requires its own hardware. From the Palladion products perspective, the Communications Operations Monitor (COM) and the Control Plane Monitor (CPM) products are running on the Mediation Engine (ME) while the Mediation Engine Connector (MEC) and the Fraud Detection and Prevention (FDP) products are running on the Aggregation Engine (AE). 2.2 Minimum hardware requirements The following minimum requirements must be met to install any of the Palladion machine types: • 2.6 GHz Intel Xeon processor, 64-bit with 8 processing threads • 8 GB RAM • 70 GB storage on a hardware RAID controller • 2 Ethernet ports Note: For production use, Acme Packet recommends a more thorough sizing exercise completed with your Acme Packet sales engineer. Higher performance hardware may be required, for example, in cases with: • High levels of monitored traffic • High numbers of concurrent users • High volumes of historical information On the Mediation Engine machines, Acme Packet recommends using a RAID-10 array for the operating system and the database. A separate RAID-5 array is recommended for storing long-term data. Palladion was tested using the following hardware: Servers • HP DL380p G8, Embedded Smart Array P420i Controller • HP DL580 G7, Embedded Smart Array P410i Controller Network Adapters • HP NC364T PCIe Quad Port Gigabit Server Adapter • HP NC375T PCIe Quad Port Gigabit Server Adapter • HP Ethernet 1Gb 4-port 331FLR Adapter Capture cards • Napatech NT4E (4x 1Gbe ports) • Napatech NT20E2 (2x 10Gbe ports) Note: Only one Napatech capture card per server is supported. 2.3 Important notes Please be aware that shell access on Palladion 3 servers is NOT available for customers and SHOULD ONLY be used by Oracle support. As a result of this, in order to benefit from support, all customers must be able to provide direct shell access via SSH to the Palladion server for the Oracle support team. Please note that shared desktop is not considered to be direct shell access. Oracle Support can connect via a VPN tunnel to the Customer Premise as long as sufficient privileges are provided. It is recommended that this VPN connectivity be created and tested prior to the need to use this in an urgent situation. Session Monitor Suite 3.3.0 / Installation Guide 3 Installation Palladion may be installed using a DVD or USB flash drive. If you are going to use a USB flash drive, make sure that its size is at least 1GB. Acme Packet also recommends using brand drives, as issues have been reported when using low-quality thumb drives. Note: See the section Preparing installation media in the appendix for instructions on how to prepare a USB flash drive. Warning: When updating from a Palladion 2 installation, please be aware that no data will be carried over. If you want to keep the settings, you should create a configuration savepoint using the web interface and export it into a file. After completing the installation, you can upload the savepoint file and restore the settings. 3.1 Booting from the installation medium To install Palladion, insert the DVD or attach the USB flash drive and power on the system. Make sure that the machine boots from the installation media. This is usually done using a one-time boot option. Note: Booting from EFI without BIOS emulation is not supported. If booting from the installation media succeeds you should see the Palladion installer welcome screen. Press ENTER to continue the installation. The installer will subsequently be loaded; this can take a few minutes. 3.2 Installation procedure The installer will first check whether the hardware passes the minimum hardware requirements for Palladion. If minimum system requirements are not met, installation will not continue. Please refer to the minimum system requirements above or contact your Acme Packet sales engineer. The installer will ask for the network adapter that is to be used for the management web interface. A list of supported network interfaces together with their hardware addresses (MAC) is shown. Please choose the interface you want to use for accessing Palladion. Access via this interface will be required to finish the installation. In doubt, refer to the documentation of the machine for further information about the location of network interfaces. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 6 / 61 Figure: Welcome screen You can choose whether you want to manually configure the IP settings for the management network adapter or whether it should be configured via DHCP. Please choose the appropriate settings for your network. Warning: No error checking is performed at this point regarding the network configuration; please check your inputs before proceeding. If you chose the manual configuration method, the installer will subsequently ask for the IP address, netmask and default gateway of your network. After finishing the network configuration, the installer will ask for the primary disk or disk array. The primary disk will hold the Palladion operating system and the database. In the second step you can choose to use another disk for long-term stored data or to keep all data on one disk. Warning: The primary disk can have a size between 70GB and 2TB. If you wish to use a larger disk array for data storage, configure it as a secondary disk. After selecting the disks the installer will prepare them and setup the system. This installation process usually takes about 10 minutes. If the machine contains hardware components that require special firmware, the installer will update the firmware. This process can take several minutes to complete. Please do not power off the machine during that process, as this may leave components in an unusable state. 3.3 Rebooting the system Finally the installer will reboot the system. When instructed, remove the USB flash drive or DVD used for the installation. Please make sure that the machine boots first from the primary hard disk you selected. After rebooting, the machine will show the IP address it uses. Open the URL http://<ip-address>/ in your web browser to continue with the configuration of the Palladion system. You should see the login dialog to the Palladion Setup Application (PSA). Session Monitor Suite 3.3.0 / Installation Guide 4 Configuration The Platform Setup Application guides you through the configuration steps you need to take in order to get the Palladion system running, including configuring the machine type, the network settings, the DNS settings and the SMTP settings. You can review and change these settings at any time by visiting the Platform Setup Application at the http://<ip-address>/setup/ URL. This URL is valid for any Palladion server. 4.1 First steps The Platform Setup Application guides you through the configuration process step by step. The menu on the right shows your progress in the overall configuration. The Machine Type page lets you choose the applications you want to install. In the License page you can upload a license file that also configures the applications. The subsequent sections help you in configuring the machine for your network and time zone. These steps are optional and can be skipped by clicking on Continue. These pages can be revisited any time later on to reconfigure the machine settings. In the final step the applications that were selected are going to be installed. After the successful installation, you are taken to the applications. But before you can get started, you have to log in. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 11 / 61 4.1.1 Login The login page allows you to access the Platform Setup Application. Enter your username and password into the indicated fields then proceed to the application by clicking Sign in. In the case your username or password were incorrect, a warning will appear below the login button and you’ll have the opportunity to retry. You can log into the Platform Setup Application using the default username sysadmin and password acme . 4.1.2 Changing the password The Change Password window allows you to change your own password. To access the window, click on your username in the top right-hand corner and select Change Password from the drop down menu. Fill out the fields and click the button Change to complete the action. Note: The password can only contain digits, letters and whitespaces. 4.1.3 Power/Reboot The power off / reboot buttons are accessible through the Power button in the top right-hand corner of the screen. Select which course of action you would like to proceed with from the drop down menu. After selecting an option, you will be prompted a final time to ensure you wish to proceed. 4.2 Machine type The machine type page allows you to select which products you would like to install. This page will only appear the first time you configure Palladion prior to installation. Note: The products are machine type specific and cannot be interchanged between machine types. Select your machine type by clicking on one of the large buttons. This will enable the corresponding product selection below. Note: You can select only one machine type per installation. Select your products by clicking the adjoining checkboxes. Only checked items will be included in the installation. Note: Some machine types require certain product. For example, the Probe machine type requires a Probe product, and the Mediation Engine machine type requires the COM product. After completing your selections, proceed with the installation setup by clicking the continue button. Note: After clicking the continue button, your machine type and product selections should appear in the status panel located on the right under the navigation menu. 4.3 Configuration This step in the configuration process allows you to configure Palladion settings for this machine in accordance with the terms of your license. Note: If, at this point, you do not have a valid Palladion license, please contact Acme Packet. On the left side of the page you must enter the number of concurrent calls printed on your license. On the right side you must check the product extensions you have a license to use. Use the continue button to navigate to the Network Settings page. 4.4 Network settings The Network Settings page is used for configuring network interfaces. You can also add or remove interfaces. (Usually you just want to add interfaces you didn’t add during the installation procedure.) 4.4.1 Overview The Network Settings page contains a list of configured network interfaces, with a toolbar for adding, deleting and editing interfaces, as well as a restore button to reset the last applied settings. There’s also a checkbox below the network list that can be checked if you wish to apply network settings that won’t allow you to reconnect to the setup application again. 4.4.2 Editing an interface To edit the settings of an interface, select the entry in the list and press Edit in the tool bar (or double-click the entry). To change the IP method, select the radio button. If you select Static IP configuration, you will get additional options. The following fields are compulsory for static IP configuration: • IP Address • Netmask • Default Gateway Static routes are optional; the left column contains the target IP/netmask in CIDR format and the right one the target IP. Link modes can be changed by clicking the button with the label Link modes and the text Select.... This will open a pane with checkboxes. There’s usually no reason to touch this setting. Monitoring can be enabled by checking the corresponding checkbox. Please note that this is only available if your machine is a probe. To save the network interface setting, press Save. Please note that the settings are not used until you press Apply/Continue. Note: You can save yourself filling out the netmask by typing in CIDR format in the IP address field, e.g. 192.168.0.1/24, and the netmask field will get 255.255.255.0 filled in automatically 4.4.3 Applying settings To use and keep any changes done in the Edit Interface dialog you have to press Apply/Continue in the lower-right corner. The settings will be applied, and the browser will try to connect to the machine. If the browser fails to connect to the machine within a given amount of time, the settings will be reverted. This is to prevent locking yourself out. If you want to change the interface settings so that you won’t be able to connect, because you might want to deploy the server on another network, check the checkbox Skip connectivity check when applying new settings before pressing Apply/Continue. If you are configuring Palladion for the first time you will be guided to SMTP configuration. 4.4.4 Adding an interface To add a new interface, its physical port has to be already configured on the machine. Press Add on the toolbar. Then select an interface from the drop down menu. You can also create a VLAN interface by filling in a vlan id in the vlan port. 4.4.5 Deleting an interface To delete an interface, select the interface in the list and press “Delete” on the toolbar. 4.4.6 Resetting Settings To reset your network settings to the last state before you pressed Apply/Continue, press the Reset button in the toolbar. Note: • Monitoring is only enabled for machines that are configured as probes. On other machines the monitoring checkbox will be grayed out. • It’s a bad idea to configure dummy interfaces with DHCP, since there’s no DHCP server to give them an IP and you will have to wait for the DHCP client to time out (usually one minute) if you apply settings with a dummy interface using the DHCP method. 4.5 SMTP configuration Palladion is able to send notifications and alerts directly to users’ email addresses. Which notification to send to which address is configured in the relevant products. However, you first need to configure this page properly for this feature to be available. 4.5.1 Setting up the mail server To use this feature, check the box Enable SMTP. The system will need an SMTP server to send emails. Please contact your network administrator to find out the address of the server your organization uses. The default port is the standard port 25. If the server requires a valid email account, you will need to create one for Palladion. Then, check the box Enable authentication, and enter the credentials. 4.5.2 Setting up the notifications You can choose how the emails from Palladion will look like in the users’ mailboxes. The field Mail sender is the email address Palladion will use; users will see this address in the Sender: or From: field of the emails. You can optionally specify a Subject prefix; this will appear at the beginning of the subject of the emails and make it easy to identify Palladion’s emails in one’s inbox. If you are configuring Palladion for the first time you will be guided to Date and time settings. 4.6 Date and time settings Here you can choose how the system will synchronize its time. Please make sure that the correct method will be used, as it is important to have a correct and stable time: • For correctness of the data recorded by Palladion • To have automatic maintenance running during the night • To have correct journals to diagnose potential problems It is recommended to use automatic time synchronization by choosing the NTP method (default). This will set the time automatically and keep it in sync with the global internet time. Note: In setups with multiple Palladion machines it is strongly recommended to use the exact same time source for all machines. Some features might not work as expected if the machines clocks differ from each other. 4.6.1 Using the internet time The system needs a time server to synchronize with. Palladion is configured to use a public server pool by default (0.pool.ntp.org). This requires that the Palladion machine has access to the internet. More specifically, make sure that the system is able to resolve network names with DNS (see Network Settings) and to communicate over the UDP port 123 through your internet gateway and firewall. You can specify up to three servers, in case one of them is unreachable or gives erroneous times. 4.6.2 Using your local network time If your organization runs an NTP server (ask your network administrator about this), use that instead of a public one. To do so, select Set via NTP, and enter the network name or the IP address of this relay. 4.6.3 No time synchronization If the system does not have access to any time server, you need to set the current time manually. It will then use the server’s internal clock, but this will slowly drift away from the real time the rest of the world is on (for instance, 1 second more difference per day). Therefore, you should come back to this page and adjust it every week or so. To do so, get a reliable time yourself (such as a computer using network synchronization), select Set manually, and enter the correct date (YYYY-MM-DD) and time (HH:MM:SS). Make sure to apply the settings with the Apply/Continue button, and wait for the synchronization to complete. If you are configuring Palladion for the first time you will be guided to Installation. 4.7 Installation The final Install page will summarize which components to install. Please check that you selected the correct components; once the installation completed, the selection of components cannot be changed. Click on Install to start with the installation. The Platform Setup Application will initiate the installation process and report back the progress. The installation process might take a few minutes to complete. You can click on the Palladion button when the installation is complete. This will bring you to the installed product’s interface. Session Monitor Suite 3.3.0 / Installation Guide 5 First steps The Platform Setup Application guides you through the configuration process step by step. The menu on the right shows your progress in the overall configuration. The Machine Type page lets you choose the applications you want to install. In the License page you can upload a license file that also configures the applications. The subsequent sections help you in configuring the machine for your network and time zone. These steps are optional and can be skipped by clicking on Continue. These pages can be revisited any time later on to reconfigure the machine settings. In the final step the applications that were selected are going to be installed. After the successful installation, you are taken to the applications. But before you can get started, you have to log in. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 26 / 61 5.1 Login The login page allows you to access the Platform Setup Application. Enter your username and password into the indicated fields then proceed to the application by clicking Sign in. In the case your username or password were incorrect, a warning will appear below the login button and you’ll have the opportunity to retry. You can log into the Platform Setup Application using the default username sysadmin and password acme . 5.2 Changing the password The Change Password window allows you to change your own password. To access the window, click on your username in the top right-hand corner and select Change Password from the drop down menu. Fill out the fields and click the button Change to complete the action. Note: The password can only contain digits, letters and whitespaces. 5.3 Power/Reboot The power off / reboot buttons are accessible through the Power button in the top right-hand corner of the screen. Select which course of action you would like to proceed with from the drop down menu. After selecting an option, you will be prompted a final time to ensure you wish to proceed. Session Monitor Suite 3.3.0 / Installation Guide 6 Machine type The machine type page allows you to select which products you would like to install. This page will only appear the first time you configure Palladion prior to installation. Note: The products are machine type specific and cannot be interchanged between machine types. Select your machine type by clicking on one of the large buttons. This will enable the corresponding product selection below. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 31 / 61 Note: You can select only one machine type per installation. Select your products by clicking the adjoining checkboxes. Only checked items will be included in the installation. Note: Some machine types require certain product. For example, the Probe machine type requires a Probe product, and the Mediation Engine machine type requires the COM product. After completing your selections, proceed with the installation setup by clicking the continue button. Note: After clicking the continue button, your machine type and product selections should appear in the status panel located on the right under the navigation menu. Session Monitor Suite 3.3.0 / Installation Guide 7 Configuration This step in the configuration process allows you to configure Palladion settings for this machine in accordance with the terms of your license. Note: If, at this point, you do not have a valid Palladion license, please contact Acme Packet. On the left side of the page you must enter the number of concurrent calls printed on your license. On the right side you must check the product extensions you have a license to use. Use the continue button to navigate to the Network Settings page. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 33 / 61 Session Monitor Suite 3.3.0 / Installation Guide 8 Network settings The Network Settings page is used for configuring network interfaces. You can also add or remove interfaces. (Usually you just want to add interfaces you didn’t add during the installation procedure.) 8.1 Overview The Network Settings page contains a list of configured network interfaces, with a toolbar for adding, deleting and editing interfaces, as well as a restore button to reset the last applied settings. There’s also a checkbox below the network list that can be checked if you wish to apply network settings that won’t allow you to reconnect to the setup application again. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 34 / 61 8.2 Editing an interface To edit the settings of an interface, select the entry in the list and press Edit in the tool bar (or double-click the entry). To change the IP method, select the radio button. If you select Static IP configuration, you will get additional options. The following fields are compulsory for static IP configuration: • IP Address • Netmask • Default Gateway Static routes are optional; the left column contains the target IP/netmask in CIDR format and the right one the target IP. Link modes can be changed by clicking the button with the label Link modes and the text Select.... This will open a pane with checkboxes. There’s usually no reason to touch this setting. Monitoring can be enabled by checking the corresponding checkbox. Please note that this is only available if your machine is a probe. To save the network interface setting, press Save. Please note that the settings are not used until you press Apply/Continue. Note: You can save yourself filling out the netmask by typing in CIDR format in the IP address field, e.g. 192.168.0.1/24, and the netmask field will get 255.255.255.0 filled in automatically 8.3 Applying settings To use and keep any changes done in the Edit Interface dialog you have to press Apply/Continue in the lower-right corner. The settings will be applied, and the browser will try to connect to the machine. If the browser fails to connect to the machine within a given amount of time, the settings will be reverted. This is to prevent locking yourself out. If you want to change the interface settings so that you won’t be able to connect, because you might want to deploy the server on another network, check the checkbox Skip connectivity check when applying new settings before pressing Apply/Continue. If you are configuring Palladion for the first time you will be guided to SMTP configuration. 8.4 Adding an interface To add a new interface, its physical port has to be already configured on the machine. Press Add on the toolbar. Then select an interface from the drop down menu. You can also create a VLAN interface by filling in a vlan id in the vlan port. 8.5 Deleting an interface To delete an interface, select the interface in the list and press “Delete” on the toolbar. 8.6 Resetting Settings To reset your network settings to the last state before you pressed Apply/Continue, press the Reset button in the toolbar. Note: • Monitoring is only enabled for machines that are configured as probes. On other machines the monitoring checkbox will be grayed out. • It’s a bad idea to configure dummy interfaces with DHCP, since there’s no DHCP server to give them an IP and you will have to wait for the DHCP client to time out (usually one minute) if you apply settings with a dummy interface using the DHCP method. Session Monitor Suite 3.3.0 / Installation Guide 9 SMTP configuration Palladion is able to send notifications and alerts directly to users’ email addresses. Which notification to send to which address is configured in the relevant products. However, you first need to configure this page properly for this feature to be available. 9.1 Setting up the mail server To use this feature, check the box Enable SMTP. The system will need an SMTP server to send emails. Please contact your network administrator to find out the address of the server your organization uses. The default port is the standard port 25. If the server requires a valid email account, you will need to create one for Palladion. Then, check the box Enable authentication, and enter the credentials. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 39 / 61 9.2 Setting up the notifications You can choose how the emails from Palladion will look like in the users’ mailboxes. The field Mail sender is the email address Palladion will use; users will see this address in the Sender: or From: field of the emails. You can optionally specify a Subject prefix; this will appear at the beginning of the subject of the emails and make it easy to identify Palladion’s emails in one’s inbox. If you are configuring Palladion for the first time you will be guided to Date and time settings. Session Monitor Suite 3.3.0 / Installation Guide 10 Date and time settings Here you can choose how the system will synchronize its time. Please make sure that the correct method will be used, as it is important to have a correct and stable time: • For correctness of the data recorded by Palladion • To have automatic maintenance running during the night • To have correct journals to diagnose potential problems It is recommended to use automatic time synchronization by choosing the NTP method (default). This will set the time automatically and keep it in sync with the global internet time. Note: In setups with multiple Palladion machines it is strongly recommended to use the exact same time source for all machines. Some features might not work as expected if the machines clocks differ from each other. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 41 / 61 10.1 Using the internet time The system needs a time server to synchronize with. Palladion is configured to use a public server pool by default (0.pool.ntp.org). This requires that the Palladion machine has access to the internet. More specifically, make sure that the system is able to resolve network names with DNS (see Network Settings) and to communicate over the UDP port 123 through your internet gateway and firewall. You can specify up to three servers, in case one of them is unreachable or gives erroneous times. 10.2 Using your local network time If your organization runs an NTP server (ask your network administrator about this), use that instead of a public one. To do so, select Set via NTP, and enter the network name or the IP address of this relay. 10.3 No time synchronization If the system does not have access to any time server, you need to set the current time manually. It will then use the server’s internal clock, but this will slowly drift away from the real time the rest of the world is on (for instance, 1 second more difference per day). Therefore, you should come back to this page and adjust it every week or so. To do so, get a reliable time yourself (such as a computer using network synchronization), select Set manually, and enter the correct date (YYYY-MM-DD) and time (HH:MM:SS). Make sure to apply the settings with the Apply/Continue button, and wait for the synchronization to complete. If you are configuring Palladion for the first time you will be guided to Installation. Session Monitor Suite 3.3.0 / Installation Guide 11 Installation The final Install page will summarize which components to install. Please check that you selected the correct components; once the installation completed, the selection of components cannot be changed. Click on Install to start with the installation. The Platform Setup Application will initiate the installation process and report back the progress. The installation process might take a few minutes to complete. You can click on the Palladion button when the installation is complete. This will bring you to the installed product’s interface. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 43 / 61 Session Monitor Suite 3.3.0 / Installation Guide 12 Post-install configuration When the system is fully installed more sections become available. After logging in, you can see the status of the system or update the system. A system update will update all applications as well as the Platform Setup Application itself. 12.1 Status/Update The Software Version page shows the currently installed components and the software version. 12.1.1 Software Update To install a software update, go to the Software Version page and select the update file that was provided by Acme Packet or your service provider. Click on Apply to initiate the upload. When the upload has finished, the page will show the version number and issue the date of the update. Click on Install to proceed with upgrading the system. You can also abort the upgrade by clicking on Clear. Warning: Palladion or parts of it may not be available during the update process. Platform Setup Application will show the progress during the upgrade. You may click on the Close button to hide the progress window. 12.2 Media The Media page is only available after the installation process has finished and only for machines which have the probe type (that includes the machine type ‘mediation engine with probe’). 12.2.1 Filters Only traffic which doesn’t match this will be passed on to the signaling protocols! port range set the port ranges to match the RTP traffic. Valid syntax examples: • 1000-2000 • 1000-2000, 5000-6000 © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 44 / 61 • 1000-2000, 6000, 10000• -2000 max packet size is the maximum length a packet can have to be considered RTP. Both must match. 12.2.2 Status Active streams Number of RTP streams found. counted. Only traffic matching the (applied) filters are Packets processed Packets matched by the filter and successfully processed. Packets dropped Packets matched by the filter but not processed due to insufficient resources. 12.2.3 Implementation If the machine has a Napatech card installed, this card will perform the filtering. Detection of this card is automatic and does not need to be configured. 12.3 Signaling The Signaling menu is only enabled after the installation process has finished and only for machines which have the probe type. The Signaling page is used to configure the characteristics of the types of traffic the various probes (which sniff traffic) look for. Only the traffic matched by the given rule will be considered. Reasons to configure tight rules: • All matching traffic will be processed by the probes. For most installations, the high volumne of traffic makes inspecting every packet infeasible. Ignoring unnecessary packets, therefore, puts less stress on your system and makes subsequent analysis easier. For example, you may want to make sure the signaling probe, which monitors SIP, doesn’t also get all the RTP traffic as well. • We might not be interested in certain sources of traffic, even though the machine would pick it up. • Weird VLAN configurations. The default filters given should make sense and should at the very least be a sane starting point. After applying the filters it takes a few seconds to reconfigure the probe(s). After that, the statistics on this page should count the new situation. Keeping an eye on the ‘Packets processed’ gives an idea of how the filters are performing. 12.3.1 Filters syntax The syntax used is the same as tcpdump or libpcap. See http://wiki.wireshark.org/CaptureFilters . These filters are also known as BPF filters: • (tcp port 5060) for example • ((udp or tcp) and port 5060) • (vlan (udp or tcp) and port 5060) • (tcp portrange 5060-5070) • (not port 5060) • (host 10.10.0.5 and port 5060) • (not host 10.10.0.5 and port 5060) • (not ether dst 12:34:56:78:90:ab) Entries with a ‘vlan’ keyword must be included for networks using vlans. It is harmless to include them on networks which don’t use vlans, but do make sure there is a separate identical filter without the vlan. For example: (tcp port 5060) or (vlan and tcp port 5060) 12.3.2 Deduplication Turn on packet deduplication for the associated traffic type. A time value in milliseconds must be provided if deduplication is turned on. The value should be greater than 0. Packet peduplication is done at L3 and above and it’s best effort. Some types of traffic might not get de-duplicated (duplicates on different vlans, ipv6, etc). 12.3.3 Statistics Rate is the full amount of traffic this probe gets after the filtering. Packets processed is the amount of packets in the last seconds. Only packets which match the filter can be processed. Packets dropped is packets which should have been processed. They passed the filter, but there were no resources available. If possible, tighten the filter so the probe has less unnecessary work to do or, if that’s not possible, upgrade the machine. 12.3.4 Caveats • Be sure to use ‘vlan’ keywords in the filters when that’s used on the network. • Filter syntax is not checked for syntactic validity. • Be sure to change the default filters if you use non-standard ports or other options. • Traffic will first be filtered by the Media Protocols setting. Only traffic not matching there will be passed on to the signaling probes. Session Monitor Suite 3.3.0 / Installation Guide 13 Status/Update The Software Version page shows the currently installed components and the software version. 13.1 Software Update To install a software update, go to the Software Version page and select the update file that was provided by Acme Packet or your service provider. Click on Apply to initiate the upload. When the upload has finished, the page will show the version number and issue the date of the update. Click on Install to proceed with upgrading the system. You can also abort the upgrade by clicking on Clear. Warning: Palladion or parts of it may not be available during the update process. Platform Setup Application will show the progress during the upgrade. You may click on the Close button to hide the progress window. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 47 / 61 Session Monitor Suite 3.3.0 / Installation Guide 14 Media The Media page is only available after the installation process has finished and only for machines which have the probe type (that includes the machine type ‘mediation engine with probe’). 14.1 Filters Only traffic which doesn’t match this will be passed on to the signaling protocols! port range set the port ranges to match the RTP traffic. Valid syntax examples: • 1000-2000 • 1000-2000, 5000-6000 • 1000-2000, 6000, 10000• -2000 max packet size is the maximum length a packet can have to be considered RTP. Both must match. 14.2 Status Active streams Number of RTP streams found. counted. Only traffic matching the (applied) filters are Packets processed Packets matched by the filter and successfully processed. Packets dropped Packets matched by the filter but not processed due to insufficient resources. 14.3 Implementation If the machine has a Napatech card installed, this card will perform the filtering. Detection of this card is automatic and does not need to be configured. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 48 / 61 Session Monitor Suite 3.3.0 / Installation Guide 15 Signaling The Signaling menu is only enabled after the installation process has finished and only for machines which have the probe type. The Signaling page is used to configure the characteristics of the types of traffic the various probes (which sniff traffic) look for. Only the traffic matched by the given rule will be considered. Reasons to configure tight rules: • All matching traffic will be processed by the probes. For most installations, the high volumne of traffic makes inspecting every packet infeasible. Ignoring unnecessary packets, therefore, puts less stress on your system and makes subsequent analysis easier. For example, you may want to make sure the signaling probe, which monitors SIP, doesn’t also get all the RTP traffic as well. • We might not be interested in certain sources of traffic, even though the machine would pick it up. • Weird VLAN configurations. The default filters given should make sense and should at the very least be a sane starting point. After applying the filters it takes a few seconds to reconfigure the probe(s). After that, the statistics on this page should count the new situation. Keeping an eye on the ‘Packets processed’ gives an idea of how the filters are performing. 15.1 Filters syntax The syntax used is the same as tcpdump or libpcap. See http://wiki.wireshark.org/CaptureFilters . These filters are also known as BPF filters: for example • (tcp port 5060) • ((udp or tcp) and port 5060) • (vlan (udp or tcp) and port 5060) • (tcp portrange 5060-5070) • (not port 5060) • (host 10.10.0.5 and port 5060) • (not host 10.10.0.5 and port 5060) • (not ether dst 12:34:56:78:90:ab) © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 49 / 61 Entries with a ‘vlan’ keyword must be included for networks using vlans. It is harmless to include them on networks which don’t use vlans, but do make sure there is a separate identical filter without the vlan. For example: (tcp port 5060) or (vlan and tcp port 5060) 15.2 Deduplication Turn on packet deduplication for the associated traffic type. A time value in milliseconds must be provided if deduplication is turned on. The value should be greater than 0. Packet peduplication is done at L3 and above and it’s best effort. Some types of traffic might not get de-duplicated (duplicates on different vlans, ipv6, etc). 15.3 Statistics Rate is the full amount of traffic this probe gets after the filtering. Packets processed is the amount of packets in the last seconds. Only packets which match the filter can be processed. Packets dropped is packets which should have been processed. They passed the filter, but there were no resources available. If possible, tighten the filter so the probe has less unnecessary work to do or, if that’s not possible, upgrade the machine. 15.4 Caveats • Be sure to use ‘vlan’ keywords in the filters when that’s used on the network. • Filter syntax is not checked for syntactic validity. • Be sure to change the default filters if you use non-standard ports or other options. • Traffic will first be filtered by the Media Protocols setting. Only traffic not matching there will be passed on to the signaling probes. Session Monitor Suite 3.3.0 / Installation Guide 16 Secure Configuration This section covers the necessary configuration of the Palladion system and of its environment to ensure secure operations. To follow these recommendation, you will need access to Platform Setup Application and to all installed products, their manual, and the administration tools for your networks. 16.1 Administrative passwords Platform Setup Application should be protected by a password of your choice on all Palladion machines. Moreover all products come with an admin account to access their respective interface. To restrict access to these products, connect to their interface, and change the admin account password on each. 16.2 User accounts Palladion features fine-grained multi-user capabilities which allows the administrator to create restricted accounts for day-to-day usage. Refering to each product manual, create one account for each person who will use the product, and set their permissions to allow their necessary tasks. You will need to set a temporary password and communicate it with the end users, who should then change it. It is possible to force a user to do so by expiring its password. It is recommended to enforce a strict passwords policy by enabling the features Require complex passwords and Regularly expire passwords. 16.3 Encrypted access All Palladion interfaces support encrypted connections via HTTPS and it is strongly advised to use it exclusively. 16.4 Connection between ME and AE The AE machines can access the ME machines using HTTPS. Make sure that the urls entered in the AE to reach the ME machines start with https://. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 51 / 61 16.5 Email notifications Palladion products can send notification emails. To do so they need access to an SMTP server, configurable with Platform Setup Application. If the server requires authentication, an account needs to be created for Palladion. This account should not grant any other privileges that the product does not need. Palladion also supports TLS connections. 16.6 Network configuration Following the principle of defense-in-depth, the access to the Palladion machines should be restricted as much as possible. Moreover, the machines are typically connected to several networks, and the restrictions may be different for each of them. Palladion makes use of the protocols listed here. Optional items are disabled by default, see the COM User Manual to learn more. All machines, common network functions: • udp 68: DHCP client • udp 123: NTP client • udp 161: SNMP agent (optional) • udp 162 outbound: SNMP traps (optional) All machines, usage and administration: • tcp 21: FTP server (optional) • tcp 80: HTTP. Can be replaced by HTTPS. • tcp 443: HTTPS Probes, from the monitored network: • Passively receives all telephony-related traffic ME to Probes: • The tcp range 1024-65536 AE to ME: • tcp 80: HTTP. Can be replaced by HTTPS. • tcp 443: HTTPS • The tcp range 1024-65536 ME, additional features: • udp 5090: Voice Quality from SIP phones (optional) • tcp 4739: IPFix from Acme Packet SBC (optional) Note: Palladion machines are internal appliances and should not be accessible from, nor have access to the Internet. Session Monitor Suite 3.3.0 / Installation Guide 17 Appendix 17.1 Preparing installation media Palladion may be installed using a DVD or USB flash drive. If you are going to use a USB flash drive, make sure that its size is at least 1GB. Acme Packet also recommends using brand drives, as issues have been reported when using low-quality thumb drives. Download the Palladion Installer ISO image from the repository indicated to you by Acme Packet or your service provider. If you want to use the DVD installation method, create a new DVD from the image. Otherwise follow the instructions below to create a bootable USB flash drive. Warning: Following the instructions writes the image directly to the device, which can be very dangerous when done without care, if you give the wrong device name, e.g. the one representing your internal hard drive instead of the one representing the USB flash drive, all data from the running system can be deleted. 17.1.1 Preparing a USB flash drive using UNetBootin Note: This is the recommended way of preparing a USB flash drive with Palladion Using UNetBootin is the recommended way to prepare a USB flash drive for the installation. However, if this approach fails, an alternative preparation method for Linux and Mac OS X is described below. 1. Download the UNetBootin tool matching your operating system from http://unetbootin.sourceforge.net/. This site also contains more information on using and troubleshooting the tool. 2. Plug the USB flash drive into the computer. 3. Start UNetBootin. Select Diskimage and ISO as the source. Click on the ... button next to the empty text entry and select the Palladion ISO image. 4. Select the type USB Drive and the USB flash drive you just plugged in. 5. Double check the selections you’ve made. If they are all correct, click no OK to start the writing process. UNetBootin will inform you about the progress. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 53 / 61 Figure: Using UNetBootin to prepare a USB flash drive for the installation 17.1.2 Preparing a USB flash drive (alternative, Linux/Mac OS X) Warning: Please try the recommended way of preparing a USB flash drive. The method described here only applies to Linux and Mac OS X and should only be used if the preferred method using UNetBootin does not work. 1. Plug the USB flash drive into the computer. 2. Find out which device name has been given to the USB flash drive: Linux Execute lsblk on the command line. A tree of devices with their names, sizes and other information is shown. If lsblk is not available on your system, you can use dmesg . Example output: scsi 8:0:0:0: Direct-Access USB Flash Disk PMAP PQ: 0 ANSI: 0 CCS sd 8:0:0:0: Attached scsi generic sg2 type 0 sd 8:0:0:0: [sdb] 7827456 512-byte hardware sectors (4008 MB) sd 8:0:0:0: [sdb] Write Protect is off sd 8:0:0:0: [sdb] Mode Sense: 23 00 00 00 sd 8:0:0:0: [sdb] Assuming drive cache: write through sdb: sdb1 In this example sdb is the device name to use. A tree of devices with their names, sizes and other information is shown. Mac OS X Execute diskutil list on the command line. A list of devices with their names, sizes and other information is shown. 3. Unmount the partitions of the USB flash drive in case any have been mounted automatically. Linux Execute umount <USB device name> , e.g. umount /dev/sdb1 Mac OS X Execute diskutil unmountdisk <USB device name> , e.g. diskutil unmountdisk /dev/disk1 4. Write the image to the USB flash drive: dd if=/path/to/palladion-x.x.x-xxx.iso of=<USB device name> bs=1m where /path/to/palladion-x.x.x-xxx.iso is the path to the image file. Warning: All data from the USB flash drive will be deleted. 5. Synchronize the disk caches and wait until disk activity stops to assure that all data has been completely written to the USB flash drive: Linux Execute sync on the command line Mac OS X Execute disktutil eject <USB device name> , e.g. disktutil eject /dev/disk1 17.1.3 Creating a Bootable USB on Windows 1. If running Windows 7, use the Windows 7 USB/DVD Download Tool. (a) Download the Windows 7 USB/DVD Download Tool here: http://images2.store.microsoft.com/prod/clustera/framework/w7udt/1.0/en-us/Windows7USB-DVD-tool.exe (b) In the Setup Wizard, click Next > Install. (c) After installing, click Finish and open the program. (d) Click Browse and locate the ISO file. (e) Click USB device. (f) Locate your USB device and click Begin copying. (g) If prompted, click Erase USB Device and then Yes. 2. If running Windows XP, use UNetbootin. (a) Download UNetbootin here: http://unetbootin.sourceforge.net/ (b) Open the downloaded file and click Run. (c) When the program opens, click the Diskimage radio button and set to ISO. (d) Press . . . and locate the ISO file. (e) Set the Type to USB Drive, and set the Drive to the drive where the USB is mounted. (f) Press OK. 17.2 Glossary Napatech card A specialized network card which does part of the packet filtering and processing in dedicated hardware, as opposed to doing filtering and processing on the CPU. VLAN (Virtual LAN) is a technique to separate a network into distinct, isolated, broadcast domains. See https://en.wikipedia.org/wiki/Virtual_LAN Probe Machine which filters and processes network traffic. Probes do not calculate the statistics. RTP The voice part of the network traffic, as opposed to the signaling (meta) part. COM Communications Operations Monitor, a Palladion product which allows you to monitor and troubleshoot your network in real-time. It runs on a mediation engine. Session Monitor Suite 3.3.0 / Installation Guide 18 Preparing installation media Palladion may be installed using a DVD or USB flash drive. If you are going to use a USB flash drive, make sure that its size is at least 1GB. Acme Packet also recommends using brand drives, as issues have been reported when using low-quality thumb drives. Download the Palladion Installer ISO image from the repository indicated to you by Acme Packet or your service provider. If you want to use the DVD installation method, create a new DVD from the image. Otherwise follow the instructions below to create a bootable USB flash drive. Warning: Following the instructions writes the image directly to the device, which can be very dangerous when done without care, if you give the wrong device name, e.g. the one representing your internal hard drive instead of the one representing the USB flash drive, all data from the running system can be deleted. 18.1 Preparing a USB flash drive using UNetBootin Note: This is the recommended way of preparing a USB flash drive with Palladion Using UNetBootin is the recommended way to prepare a USB flash drive for the installation. However, if this approach fails, an alternative preparation method for Linux and Mac OS X is described below. 1. Download the UNetBootin tool matching your operating system from http://unetbootin.sourceforge.net/. This site also contains more information on using and troubleshooting the tool. 2. Plug the USB flash drive into the computer. 3. Start UNetBootin. Select Diskimage and ISO as the source. Click on the ... button next to the empty text entry and select the Palladion ISO image. 4. Select the type USB Drive and the USB flash drive you just plugged in. 5. Double check the selections you’ve made. If they are all correct, click no OK to start the writing process. UNetBootin will inform you about the progress. 18.2 Preparing a USB flash drive (alternative, Linux/Mac OS X) Warning: Please try the recommended way of preparing a USB flash drive. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 57 / 61 Figure: Using UNetBootin to prepare a USB flash drive for the installation The method described here only applies to Linux and Mac OS X and should only be used if the preferred method using UNetBootin does not work. 1. Plug the USB flash drive into the computer. 2. Find out which device name has been given to the USB flash drive: Linux Execute lsblk on the command line. A tree of devices with their names, sizes and other information is shown. If lsblk is not available on your system, you can use dmesg . Example output: scsi 8:0:0:0: Direct-Access USB Flash Disk PMAP PQ: 0 ANSI: 0 CCS sd 8:0:0:0: Attached scsi generic sg2 type 0 sd 8:0:0:0: [sdb] 7827456 512-byte hardware sectors (4008 MB) sd 8:0:0:0: [sdb] Write Protect is off sd 8:0:0:0: [sdb] Mode Sense: 23 00 00 00 sd 8:0:0:0: [sdb] Assuming drive cache: write through sdb: sdb1 In this example sdb is the device name to use. A tree of devices with their names, sizes and other information is shown. Mac OS X Execute diskutil list on the command line. A list of devices with their names, sizes and other information is shown. 3. Unmount the partitions of the USB flash drive in case any have been mounted automatically. Linux Execute umount <USB device name> , e.g. umount /dev/sdb1 Mac OS X Execute diskutil unmountdisk <USB device name> , e.g. diskutil unmountdisk /dev/disk1 4. Write the image to the USB flash drive: dd if=/path/to/palladion-x.x.x-xxx.iso of=<USB device name> bs=1m where /path/to/palladion-x.x.x-xxx.iso is the path to the image file. Warning: All data from the USB flash drive will be deleted. 5. Synchronize the disk caches and wait until disk activity stops to assure that all data has been completely written to the USB flash drive: Linux Execute sync on the command line Mac OS X Execute disktutil eject <USB device name> , e.g. disktutil eject /dev/disk1 18.3 Creating a Bootable USB on Windows 1. If running Windows 7, use the Windows 7 USB/DVD Download Tool. (a) Download the Windows 7 USB/DVD Download Tool here: http://images2.store.microsoft.com/prod/clustera/framework/w7udt/1.0/en-us/Windows7USB-DVD-tool.exe (b) In the Setup Wizard, click Next > Install. (c) After installing, click Finish and open the program. (d) Click Browse and locate the ISO file. (e) Click USB device. (f) Locate your USB device and click Begin copying. (g) If prompted, click Erase USB Device and then Yes. 2. If running Windows XP, use UNetbootin. (a) Download UNetbootin here: http://unetbootin.sourceforge.net/ (b) Open the downloaded file and click Run. (c) When the program opens, click the Diskimage radio button and set to ISO. (d) Press . . . and locate the ISO file. (e) Set the Type to USB Drive, and set the Drive to the drive where the USB is mounted. (f) Press OK. Session Monitor Suite 3.3.0 / Installation Guide 19 Glossary Napatech card A specialized network card which does part of the packet filtering and processing in dedicated hardware, as opposed to doing filtering and processing on the CPU. VLAN (Virtual LAN) is a technique to separate a network into distinct, isolated, broadcast domains. See https://en.wikipedia.org/wiki/Virtual_LAN Probe Machine which filters and processes network traffic. Probes do not calculate the statistics. RTP The voice part of the network traffic, as opposed to the signaling (meta) part. COM Communications Operations Monitor, a Palladion product which allows you to monitor and troubleshoot your network in real-time. It runs on a mediation engine. © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 60 / 61 Session Monitor Suite 3.3.0 / Installation Guide Index C COM, 56, 60 N Napatech card, 56, 60 P Probe, 56, 60 R RTP, 56, 60 V VLAN, 56, 60 © 2006, 2013, Oracle and/or its affiliates. All rights reserved. 61 / 61
© Copyright 2025