harmony controller adc app v3.4 user guide

Harmony Controller ADC App v3.4 User Guidefor A10 Thunder® Series and AX™ Series

17 July 2020

© 2020 A10 NETWORKS, INC. CONFIDENTIAL AND PROPRIETARY- ALL RIGHTS RESERVED

Information in this document is subject to change without notice.

PATENT PROTECTION

A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking pro-visions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:

https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking

TRADEMARKS

A10 Networks trademarks are listed at:

https://www.a10networks.com/company/legal-notices/a10-trademarks

CONFIDENTIALITY

This document provides confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may not be dis-closed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of A10 Networks, Inc.

A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT

Software for all A10 Networks products provides trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confi-dential information.

Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in this docu-ment or available separately. Customer shall not:

1.Reverse engineer, reverse compile, reverse de-assemble, or otherwise translate the Software by any means.2.Sub-license, rent, or lease the Software.

DISCLAIMER

This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fit-ness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and conditions.

ENVIRONMENTAL CONSIDERATIONS

Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufac-turer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.

FURTHER INFORMATION

For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be found by visiting www.a10networks.com.

https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking

https://www.a10networks.com/company/legal-notices/a10-trademarks

http://www.a10networks.com

3

Table of Contents

INTRODUCTION ................................................................................................................. 7Overview ..........................................................................................................................................7Supported Platforms.................................................................................................................... 8

ACOS ............................................................................................................................................................... 8Harmony Controller ..................................................................................................................................... 8

Video Tutorial ................................................................................................................................. 8

INSTALLATION AND UPGRADE .......................................................................................... 9Management of ADC App/ Prerequisites .............................................................................................. 9

User Roles: Super/Provider Admin, Tenant/App Admin ............................................................ 9Thunder Devices and Clusters .........................................................................................................10

App Catalog ..................................................................................................................................................10Upload an App .............................................................................................................................................10Update an App ............................................................................................................................................12Installed Apps ..............................................................................................................................................13Enabling or Disabling ADC App ...............................................................................................................13Delete/Uninstall ADC App ........................................................................................................................15

ADC APP GETTING STARTED .........................................................................................17Getting Started .............................................................................................................................17Launch ADC App from Tenant User........................................................................................ 18

Launch ADC App from Apps Manager ...........................................................................................18Help Center for ADC App...........................................................................................................20Overview of ADC App Tabs and Log View Panel ...................................................................21

ADC APP DASHBOARD .................................................................................................23ADC App Service Selector .........................................................................................................23ADC App Key Performance Indicator Bar ..............................................................................23Time Window Selector................................................................................................................24ADC App Dashboard ...................................................................................................................25

Inventory ......................................................................................................................................................26Alerts and Events ......................................................................................................................................26WAF Events ................................................................................................................................................. 27Deployment Locations .............................................................................................................................28Requests ......................................................................................................................................................28TOP 10 APP SERVICE BY THROUGHPUT .............................................................................................30

ADC App v3.4 User Guide

Contents

4

ADC APP ANALYTICS ................................................................................................... 31ADC Analytics Tab........................................................................................................................31

Service Selection List ............................................................................................................................... 32Layer-4 Analytics........................................................................................................................32

Layer-4: KPI Bar for ADC Analytics Tab ............................................................................................... 32Layer-4 ADC App Selector Diagram .....................................................................................................33Layer-4 Analytics: Client .........................................................................................................................33Layer-4 Analytics: Thunder ADC (TCP) ...............................................................................................36Layer-4 Analytics: Thunder Cluster (TCP) ..........................................................................................38Layer-4 Analytics: App Servers .............................................................................................................38

Layer-7 Analytics ........................................................................................................................39Layer-7: KPI Bar for ADC Analytics Tab ...............................................................................................39Latency Drilldown ......................................................................................................................................40Layer-7 Analytics: ADC App Selector Diagram ..................................................................................42Layer-7 Analytics: Client ..........................................................................................................................42Layer-7 Analytics: Internet .....................................................................................................................46Layer-7 Analytics: WAF Security ........................................................................................................... 47Layer-7 Analytics: ADC Service .............................................................................................................50

Metrics Widgets ...................................................................................................................................50ADC Widgets ..........................................................................................................................................51HTTP2 Widgets .................................................................................................................................... 52SSLi Widgets ........................................................................................................................................53Caching Widgets .................................................................................................................................53

Layer-7 Analytics: Thunder Cluster (TCP) ...........................................................................................54Partition Service Latency .................................................................................................................55

Layer-7 Analytics: Applications .............................................................................................................56Layer-7 Analytics: App Servers ............................................................................................................. 57

ADC APP SERVICE OBJECTS ........................................................................................59How to Deploy an ADC Application Service ..........................................................................60Configuring Servers.....................................................................................................................61

Add/Edit a Server .......................................................................................................................................61Basic ........................................................................................................................................................61Advanced Server Options ..................................................................................................................61Template ...............................................................................................................................................62Port .........................................................................................................................................................62

Delete Server ..............................................................................................................................................64Configuring Server Ports: Add/Edit Port .............................................................................................64

Basic .......................................................................................................................................................64Advanced ..............................................................................................................................................65

Delete Server Port .....................................................................................................................................65Configuring Service Groups...................................................................................................... 67

Basic ....................................................................................................................................................... 67Advanced: Service Groups Options ...............................................................................................68

Delete Service Groups ..............................................................................................................................69

5


Contents

Configuring VIPs.......................................................................................................................... 70Configuring VPorts (Virtual Ports) ...........................................................................................71

Configuring Virtual Ports: Add VPort ..................................................................................................... 71Basic ........................................................................................................................................................ 71Advanced .............................................................................................................................................. 73

Delete VPort ................................................................................................................................................ 73

ADC APP SHARED OBJECTS ........................................................................................ 75Logical Partition ......................................................................................................................................... 76Configure Versions of Partition ...............................................................................................................77

Save .........................................................................................................................................................77Compare .................................................................................................................................................77Deploy .................................................................................................................................................... 78

Templates .................................................................................................................................................... 78Adding a Template ............................................................................................................................. 78

WAF Templates ..........................................................................................................................................80aFleX ..............................................................................................................................................................81Certificates ..................................................................................................................................................82CRLs ..............................................................................................................................................................83IP NAT Pool ..................................................................................................................................................84Health Monitor ............................................................................................................................................85How to Configure a Health Monitor for Service Objects ................................................................. 87

ADC APP LOG VIEW AND TROUBLESHOOTING ...............................................................89Log View Panel ............................................................................................................................89

Log View: HTTP ..........................................................................................................................................90Log View: Alerts ..........................................................................................................................................91Log View: License Audit ........................................................................................................................... 92Log View: WAF ............................................................................................................................................93

TroubleShooting..........................................................................................................................94HTTP Monitoring ........................................................................................................................................94WAF Security Policy Violations ...............................................................................................................95

SUPPORT INFORMATION FOR HARMONY CONTROLLER: ADC APP V3.4 ........................ 97Technical and Customer Support............................................................................................ 97


Contents

6

7

ADC App v3.4 User GuideFeedback

INTRODUCTION

The A10 Networks® Harmony Controller - ADC App v3.4 provides configuration management, visibility and analytics for your A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services.

The following topics are covered in this chapter:

• Overview

• Supported Platforms

OverviewThe A10 Networks® Harmony Controller - ADC App v3.4 provides the following functional capabilities for the users:

• Configuration of shared service objects and service objects and ability to deploy service configurations.

• Configuration versioning, compare and deployment to target devices.

• Real-time visibility and actionable insights on into service operation and performance.

• Transactional level visibility for analytics and troubleshooting of ADC services.

• ADC and WAF services for Harmony Controller.

• Supports L4 and L7 application services and WAF functionality.

• Service Configuration, Management and Analytics capabilities.

• Access to information at “Tenant” level, information can be segmented for logical partitions and App partitions.


Supported Platforms

8

eeeFF Feedback

Supported PlatformsADC App v3.4 is compatible with the following ACOS and Harmony Controller versions:

ACOS

The supported ACOS versions and compatibility matrix is as follows:

Harmony Controller

The supported Harmony Controller versions for ADC App v3.4 are as follows:

• 5.2.0

• 5.1.0-P1

• 5.1.0

• 5.0.0

• 4.2.1-P3

Video TutorialTo know more about the Harmony Controller - ADC App v3.4, see the following video and refer the procedures for installation.

NOTE: On Harmony Controller - ADC App Documentation Site: http://docs.hc.a10networks.com/ADCapp/3.4/ADC_App_Intro-ductory_Video.mp4

Harmony Controller ACOS Version

Configuration Management Analytics

HC 5.2.0 5.2.0, 5.1.0-P2, 5.0.0, 5.0-P1, 5.1.0

Yes Yes

HC 5.1.0-P1 5.1.0-P2, 5.0.0, 5.0-P1, 5.1.0

Yes Yes

HC 5.1.0-P1 4.1.4-GR1-P1 & P2 No Yes

HC 5.1.0-P1 4.1.1-P8-P12 No Yes

http://docs.hc.a10networks.com/ADCapp/5.2.0-v3.3/ADC_App_introductory_video.mp4

http://docs.hc.a10networks.com/ADCapp/3.4/ADC_App_Introductory_Video.mp4

http://docs.hc.a10networks.com/ADCapp/3.4/ADC_App_Introductory_Video.mp4

https://www.surveymonkey.com/r/WHZK9CH

http://docs.hc.a10networks.com/slbapp/5.1.0-v3.2/SLB_App_introductory_video.mp4

9


INSTALLATION AND UPGRADE

The A10 Networks® Harmony Controller - ADC App v3.4 software is packaged within Harmony Controller 5.2.0. There is no installation needed.

ADC App v3.4 is also available as a package file in .zip format. You can install on a Harmony Controller platform running 5.2.0 or higher.


• Management of ADC App/ Prerequisites

• App Catalog

• Upload an App

• Update an App

• Installed Apps

• Enabling or Disabling ADC App

• Delete/Uninstall ADC App

Management of ADC App/ Prerequisites

ADC App collects data from ACOS instances or standard hardware based ACOS devices like Thunder ADC. The ADC App can be installed and managed according to the Provider-Tenant architecture to manage tenants, and users.

User Roles: Super/Provider Admin, Tenant/App Admin

To know more about this provider-tenant model, refer to Harmony Controller documentation here:

http://docs.hc.a10networks.com/5.1.0p2/a10-providertenant-model.html




10

eeeFF Feedback

Thunder Devices and Clusters

The Thunder device connecting to the A10 HarmonyTM Controller may be single, part of a HA pair, or part of a VCS cluster. On connecting, a Device Cluster is created within the Provider account. This configuration can be loaded and accessed through ADC Apps. For more information, see:

http://docs.hc.a10networks.com/ThunderADC/a10-thunder-adc.html

App Catalog

When Harmony ADC App is successfully added, the ADC app is visible under App Catalog. The App Catalog on Harmony Controller displays the list of uploaded Harmony Apps.

NOTE: The Root or Provider Administrator can enable the ADC App andmake it available for its tenants .

Only Root Administrator can update or delete the ADC App fromapp catalog.

Upload an App

Follow the steps to upload a new app from the App Catalog section:

1. Select Harmony Controller > root or Provider account.

2. Click Apps > App Catalog from the app store.

3. Click on + Upload an App to add the new version of ADC App to Harmony Controller.


http://docs.hc.a10networks.com/ThunderADC/a10-thunder-adc.html

11


FIGURE 1 : Harmony Controller > root > + Upload an App

4. Browse the ADC App package file to upload from the local repository.

5. Add the app description and click Next.



12

eeeFF Feedback

FIGURE 2 : Upload App and provide details

Update an App

This option is available only for root or Provider account. Follow the steps to update an app from the App Catalog section:

1. Click Apps > App Catalog and select the provider from the drop-down.

2. Click : and select Update, to update an app.

3. Browse the ADC App package file to upload from the local repository.

4. Add the app description and click Update.


13


FIGURE 3 : root > Apps Manager > Apps Catalog > ADC App > Update

Installed Apps

All of the available apps for the root or Provider are displayed under Installed Apps.

Enabling or Disabling ADC App

This option is available for Tenant account . To enable or disable ADC app, follow the below steps:

1. Click Apps > My Apps and select the Tenant from the drop-down.

2. Click ADC App and select : > Enable/Disable to enable or disable the app.



14

eeeFF Feedback

FIGURE 4 : Enable ADC App


15


Delete/Uninstall ADC App

This option is available only for root or Provider account .Follow the steps to delete an app from the App Catalog section:

1. To uninstall the ADC App, select : > Uninstall.

2. To search for ADC App, type the app name in the search tab.

FIGURE 5 : root > Apps Manager > Apps Catalog > ADC App > Uninstall



16

eeeFF Feedback


17


ADC APP GETTING STARTED

The Harmony Controller ADC App v3.4 provides configuration management, visibility and analytics for A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services.


• Getting Started

• Launch ADC App from Tenant User

• Help Center for ADC App

• Overview of ADC App Tabs and Log View Panel

Getting StartedTo get started with the ADC App, view the Video Tutorial or Getting Started section in Harmony Controller Help Center.

FIGURE 6 : Getting Started with App from Harmony Controller


Launch ADC App from Tenant User

18

eeeFF Feedback

Launch ADC App from Tenant UserTo launch App from Harmony Controller Tenant user account:

1. Login to Harmony Controller.

2. Select the related Tenant user account in the top panel.

3. There are three ways the ADC App can be launched.

• From the Harmony Controller > Services > App Services page

FIGURE 7 : Launch ADC App from Harmony Controller > Services > App Services

• From the Harmony Controller > Services > Logical Partition page. This option is available only if logical partitions are enabled.

• From the Apps Manager > My Apps page

Launch ADC App from Apps Manager

To launch ADC App from Apps Manager:

1. Click Apps Manager drop-down on left hand panel of Harmony Controller.

2. The following two tabs are available in Harmony Controller Apps Manager ;

Tab Description

My Apps Provides a list of all enabled Apps

Installed Apps Provides a list of Apps loaded to the Controller Tenant Repository


19


Launch ADC App from Tenant User

Feedback

3. Click Installed Apps. Select the required App and click Enable.

FIGURE 8 : Harmony Controller (Tenant) > Apps Manager > Installed Apps

4. Click My Apps on left hand panel.

5. To launch ADC App, click menu “:” > Launch App on app in My Apps page as shown in the following image.

FIGURE 9 : .Harmony Controller > Apps Manager > My Apps

6. Select Tenant and click Proceed to launch app.



Help Center for ADC App

20

eeeFF Feedback

FIGURE 10 : Launch App > Select Tenant

NOTE: Disable pop-up blocker to ensure that the Select Tenant window pop-up functions correctly.

Help Center for ADC AppThe Help Center the following quick access links

• Product documentation

• Product Demos

• Technical Articles

• Video Tutorials

• White Papers

• Create Ticket

• Privacy Policy

• End of Sale

Click on the “?” icon on the top-right corner of the application navigation bar to access and explore the feature.


21


Overview of ADC App Tabs and Log View Panel

Feedback

FIGURE 11 : Select Help Menu

FIGURE 12 : ADC App Help Center Pop-up Menu Widget

Overview of ADC App Tabs and Log View PanelThe ADC App v3.4 has the following tabs/expandable windows:

Tabs / Expand Window Description

Dashboard Displays information about the logical partitions mapped to the tenant, configured App services, service monitoring, and key statistics about the service operations.

Analytics Displays visibility and analytics information for deployed App services, key performance indicators, and service operation metrics.

Service Objects Displays configured service objects and provides an ability to edit, save, compare, and deploy service configurations.

Shared Objects Displays configured shared service objects and an ability to manage shared objects.

Log panel A expandable panel at the bottom of App window. This panel provides access to detailed service logs and an ability to filter logs for detailed analysis and troubleshooting.



Overview of ADC App Tabs and Log View Panel

22

eeeFF Feedback

FIGURE 13 : ADC App > Top Panel with Tabs

FIGURE 14 : ADC App > Expandable Bottom Log Panel

For details, see the following sections:

• ADC App Dashboard

• ADC App Analytics

• ADC App Service Objects

• ADC App Shared Objects

• ADC App Log View and Troubleshooting


23


ADC APP DASHBOARD

The Harmony Controller ADC App v3.4 dashboard provides visibility and analytics for A10 Networks® ADC services and WAF services at a Provider-level or Tenant-level.

The Dashboard displays different widgets and this page gives the overall picture on alerts and events, users, apps, deployment locations, clusters, tenants and license usage.


• ADC App Service Selector

• ADC App Key Performance Indicator Bar

• Time Window Selector

• ADC App Dashboard

ADC App Service SelectorThe ADC App Service Selector is a selection list. Select the pre-defined application services to view the related data and statistics.

The App Service Selector is available for all ADC App tab selections.

FIGURE 15 : App Service Selector -ADC App Header

ADC App Key Performance Indicator BarThe KPI Bar Widget for ADC App displays the following information. This data is refreshed every time as per the selection in the Time Window Selector widget.


Time Window Selector

24

eeeFF Feedback

The KPI Bar widget for ADC Dashboard and Analytics page displays the following information:

FIGURE 16 : KPI Bar on ADC App Header

Time Window SelectorThe Time Window Selector displayed for ADC Dashboard and Analytics page, has the following components:

FIGURE 17 : Time Window Selector:

Widget / Field Description

Throughput (BPS) Total traffic for all the app services for the tenant.

Current Connections Number of active connections.

Connection Rate (CPS)

Number of closed connections.

Errors Number of errors.


Calendar Widget - Date Selector Select date timeline using the calendar.

Time Selection Scroll Bar Select the timeline for data analysis.

Auto Refresh Timer Specify a time to refresh the page automatically.


25


ADC App Dashboard

Feedback

ADC App Dashboard The ADC App Dashboard displays the following main components:

• ADC App Service Selector

• ADC App Key Performance Indicator Bar

• Time Window Selector

• Alerts and Events

• WAF Events

• Deployment Locations

• Requests

• TOP 10 APP SERVICE BY THROUGHPUT

The ADC App Dashboard displays the following common components:

Widgets/ Fields Description

App Service Selector See ADC App Service Selector.

Key Performance Indicators (Averaged per minute). See The KPI Bar widget for ADC Dashboard and Analytics page displays the following information:

Time Range Slider Time range selector control. Applies to all the widgets in the app. See Time Window Selector



ADC App Dashboard

26

eeeFF Feedback

Inventory

Displays a list of logical partitions of type ADC with a list of the app services deployed in the logical partition for the selected tenant.

FIGURE 18 : ADC App > Dashboard > Inventory

Alerts and Events

Alerts and events displays information for a particular tenant or all tenants. You can filter the alerts and events according to following criteria:

• Severity,

• Warning,

• Notification

• Information.

You can toggle to check the log collection statistics for the timestamp, tenant ID, cluster ID, system module and message.


27


ADC App Dashboard

Feedback

FIGURE 19 : ADC App > Dashboard > Alerts, Events

WAF Events

The following WAF events widget displays distribution of number of WAF events or requests that triggered WAF policy violation(s) reported on time scale.

FIGURE 20: ADC App > Dashboard > WAF Events



ADC App Dashboard

28

eeeFF Feedback

Deployment Locations

This world map displays distribution of service devices by geographical location. The deployment locations are highlighted displaying the number of clusters or devices associated with the particular location in a color-coded map format with statistics.

FIGURE 21 : ADC App > Dashboard > Deployment Locations

Requests

The Requests widget displays the summation of all response codes for requests processed for a time range plotted on a time series chart.

The ADC App Dashboard provides the following “Request” locations and Latency information:.

Widgets Description

Request Locations Displays distribution of client location(s) for received requests.

Request Methods Displays distribution of HTTP method of requests received..

Response Codes Displays distribution of HTTP response codes.

Average End-to-end Latency

Displays the average end-to-end latency for a full request-response cycle (the time taken by the one request-response cycle averaged for the selected time range) plotted as a time series chart.

REQUESTS Displays number of requests received plotted on a time series chart.


29


ADC App Dashboard

Feedback

FIGURE 22 : ADC App > Dashboard > Requests



ADC App Dashboard

30

eeeFF Feedback

TOP 10 APP SERVICE BY THROUGHPUT

This widget displays the “Top 10 App Services by throughput” for the selected time range with the following fields:

FIGURE 23: ADC App > Dashboard > Top 10 App Services by throughput

Fields Description

App Services App service name

Throughput Displays the throughput data in pps or packets per second.


31


ADC APP ANALYTICS

The Harmony Controller ADC App v3.4 provides configuration management, visibility and analytics for your A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services.


• ADC Analytics Tab

• Layer-4 Analytics

• Layer-7 Analytics

ADC Analytics TabThe analytics tab displays the following information for monitoring and analysis of service operations.

The ADC App Analytics tab displays the following information. The information displayed is for all deployed app services for the tenant as follows:

Widgets/ Fields Description

App service Selector A drop down control to select and filter the information for a given app service

Key Performance Indicators Time range selector control. Applies to all the charts on the page below.

Time Range Slider Time range selector control. Applies to all the widgets in the app. See Time Window Selector

ADC Selector Diagram Graphic menu to load analytics information for the following entities involved in the service operations.


Layer-4 Analytics

32

eeeFF Feedback

Service Selection List

KPI Bar has a Service selection drop-down list where you can select pre-configured Services. The Services are of two types:

• Layer-4 Services

• Layer-7 Services

Layer-4 AnalyticsThe Analytics page displays different statistics related to Layer-4 when L4 Service is selected on the KPI bar Service Selection list.

Layer-4: KPI Bar for ADC Analytics Tab

The KPI Bar widget for ADC Analytics tab displays the following information for Layer-7 Key Performance Indicators (averaged per minute):


Throughput (BPS) Total traffic for all the app services for the tenant. Average throughput in bits per second over default value minutes of data. Refreshed every min-ute. Default value is 3.

Current Connections Number of active connections. Number of active connections averaged over default value minutes. Default value is 3.

Packet Rate Number of packets received and sent per second measured over the last minute. Default value is 3.

Errors Number of errors. Number of 4xx plus 5xx responses in the last minute.


33


Layer-4 Analytics

Feedback

Layer-4 ADC App Selector Diagram

The Harmony ADC App Selector Diagram is a graphic menu to load analytics information for the following entities involved in the service operations:

• Layer-4 Analytics: Client

• Layer-4 Analytics: Thunder ADC (TCP)

• Layer-4 Analytics: Thunder Cluster (TCP)

• Layer-4 Analytics: App Servers

FIGURE 24: ADC App > Analytics > Selector Diagram (graphic menu)

Layer-4 Analytics: Client

The ADC App > Analytics > Client section displays the following widgets for Layer-7 selection:

Widget/Field Description

BYTES RECEIVED AND SENT Distribution graphs of number of bytes for the selected time range, for:

• Total bytes• Sent• Received

PACKETS RECEIVED AND SENT Distribution graphs of number of packets for the selected time range, for:

• Total bytes• Sent• Received



Layer-4 Analytics

34

eeeFF Feedback

FIGURE 25 : Layer-7 Analytics > Client

Clients widgets Continued...

CONNECTIONS Distribution graphs of number of connections per second for the selected time range, for:

• Total Connections• Peak• Rate (/sec)

CLIENT RELATED ERRORS AND FAILURES

Number of TCP and policy errors plotted on a time series chart, filtered by:

• Client Connections Failure• Other Failures Total• Connection Drops


Widget Description

TOP CLIENTS BY Distribution statistics graph of Top Usage Clients, filtered by:

• BANDWIDTH: Distribution of clients utilizing the most bandwidth.• CONNECTIONS: Distribution of clients establishing the most

connections.• THROUGHPUT: Distribution of clients with the most throughput.

CONNECTIONS Distribution graph of total number of connections for the selected time range plotted on a time series.

CONNECTION RATE Distribution graph of number of connections closed per second for the selected time range plotted on a time series chart.


35


Layer-4 Analytics

Feedback

FIGURE 26: Layer-7 Analytics > Client > Top Clients By ...

THROUGHPUT Average throughput (bits per second) plotted on a time series chart.

PACKET RATE Average number of packets received and sent per second plotted on a time series chart.

Widget Description



Layer-4 Analytics

36

eeeFF Feedback

Layer-4 Analytics: Thunder ADC (TCP)

The ADC App > Analytics > Thunder ADC (TCP) > Overview section displays the following widgets for Layer-7 selection:

Widget Description

DROPPED TRAFFIC Distribution of number of packets dropped from TCP and Policy Errors for the selected time period.

ERRORS AND FAILURES Distribution of Errors and Failures from TCP errors, for the selected time period.

ANOMALIES Distribution of anomalies because of TCP errors, for the selected time period.

LOAD DISTRIBUTION Distribution of connections filtered by application servers.

TCP SYN RECEIVED Number of TCP SYN requests received and plotted on a time series chart.

TCP SYN RATE Number of TCP SYN requests received per second plotted on a time series chart.

DSR RECEIVED Number of DSRs received for the selected time range, filtered by con-figured DSRs:

• L2 DSR Received• L3 DSR Received

DROPPED TRAFFIC Dropped traffic plotted on a time series chart, filtered by reason:

• BW limit exceeded.• BW watermark• Connection Limit• Connection Rate Limit• NAT CPS Exceeded.• TCP SYN Cookie Buffer• NAT No-Session• Aflex• Vport Mismatch

ERRORS AND FAILURES TCP errors and failures plotted on a time series chart, filtered by:

• Client Connection Fail• Server Connection Fail• SYN-Cookie Fail• L4 SYN attack• Source NAT failures• ADC Reset count to Client• L4 Handshake fail


37


Layer-4 Analytics

Feedback

FIGURE 27 : Layer-7 Analytics > Thunder ADC Widgets



Layer-4 Analytics

38

eeeFF Feedback

Layer-4 Analytics: Thunder Cluster (TCP)

The ADC App > Analytics > Thunder Cluster (TCP) > Overview section displays the following widgets for Layer-4 selection:

Layer-4 Analytics: App Servers

The ADC App > Analytics > App Servers section for Layer-7 selection, displays the following filterable distribution of application server operational metrics on time scale:

Widget Description

CLUSTER CPU Maximum utilization of data and management CPUs across all devices in the cluster.

CLUSTER MEMORY Maximum utilization of memory across all devices in the cluster.

CLUSTER THROUGHPUT Peak and average throughput for all devices in the cluster in bits per second (bps).

DEVICES IN CLUSTER List of devices in the cluster, along with the averaged out CPU and memory utilization for each device across the selected time range.

DEPLOYMENT LOCATIONS World map with location of all devices in the cluster marked in blue gradients according to number of deployments.

CLUSTER TRAFFIC Volume of traffic across all devices in the cluster plotted as a time series chart for:

• THROUGHPUT: Throughput across all devices in the cluster plotted as a time series chart, filtered by data: • Ingress• Egress

• ACTIVE SESSIONS: Number of active connections across all devices in the cluster plotted on a time series chart.

Widget Description

TOTAL CONNECTIONS Displays number of connections for each application server plotted on a time series chart, filtered by individual connections.

CURRENT CONNECTIONS Displays number of current connections for each application server plotted on a time series chart filtered by current individual connections.

THROUGHPUT Displays throughput for each application server plotted on a time series chart, filtered by individual connections.


39


Layer-7 Analytics

Feedback

Layer-7 AnalyticsThe Analytics page displays different statistics related to Layer 7 when L7 Service is selected on the KPI bar Service Selection list.

Layer-7: KPI Bar for ADC Analytics Tab

The KPI Bar widget for ADC Analytics tab displays the following information for Layer-4 Key Performance Indicators (averaged per minute)

L4 CONNECTION RATE Displays number of connections closed per second for the selected time range plotted on a time series chart, filtered by individual connections.

PACKETS Displays number of packets received and sent by each application server, filtered by individual connections.

Widget Description


Throughput (BPS) Total traffic for all the app services for the tenant. Average throughput in bits per second over default value minutes of data. Refreshed every min-ute.

Current Connections Number of active connections. Number of active connections averaged over default value minutes.

Requests Number of requests received per minute over last 3 minutes of data. Refreshed every minute.

Request Rate Request rate. Number of requests received per second.

Errors Number of errors. Number of 4xx plus 5xx responses in the last minute.

Client TTFB Application latency (Time to First Byte). Average time to first byte for requests received in the last minute. Click on >| to view the details of Layer-7 Analytics: ADC App Selector Diagram.



Layer-7 Analytics

40

eeeFF Feedback

Latency Drilldown

Latency Drilldown Analytics page is available on the Layer-4 Analytics KPI bar.

Navigate to Latency Drilldown page as follows:

Analytics > Layer-4 selection in Service Selection > KPI Bar > Client TTFB >|

This page has the following components:

FIGURE > Latency Analysis Illustration


Latency Analysis Displays Network Illustration with latency information in milliseconds:

• In Latency • Out Latency • App Latency

AVG. END-TO-END LATENCY Average end-to-end latency for a full request-response cycle plotted on a time series chart, filtered by:

• In Latency• Out Latency• Client RTT• Response Transfer Time• Server RTT• Request Transfer time• App Latency

AVG. APP SERVER LATENCY Displays response latency for each app server averaged over the selected time range plotted on a time series chart, can be filtered by indi-vidual app server.

CLIENT PERFORMANCE Displays distribution of top clients having the highest response time, can be filtered by individual client IPs.

URL PERFORMANCE Displays distribution of top URLs having the highest response time, can be filtered by individual URL data.

ACCESS LATENCY Displays distribution of latency for client locations plotted on a geoloca-tion map.


41


Layer-7 Analytics

Feedback

FIGURE 28: Latency Drilldown



Layer-7 Analytics

42

eeeFF Feedback

Layer-7 Analytics: ADC App Selector Diagram

The Harmony ADC App Selector Diagram is a graphic menu to load analytics information for the Layer-4 and Layer-7 entities involved in the service operations. The App Selector Diagram for Layer-4 selection displays the following entities:

• Layer-7 Analytics: Client

• Layer-7 Analytics: Internet

• Layer-7 Analytics: WAF Security

• Layer-7 Analytics: ADC Service

• Layer-7 Analytics: Thunder Cluster (TCP)

• Layer-7 Analytics: Applications

• Layer-7 Analytics: App Servers

FIGURE 29 : ADC App > Analytics > Selector Diagram (graphic menu)

Layer-7 Analytics: Client

The ADC App > Analytics > Client section displays the following widgets:


Request Location Distribution graph of request origins / locations.

Request Methods Distribution graph of request methods.

Response Codes Distribution graph of request response codes.

Average End-to-End Latency

Average of “request latency”, the time taken by one request-response cycle for a selected time range.

Requests Distribution graph of number of requests on time scale.


43


Layer-7 Analytics

Feedback

FIGURE 30: ADC App > Analytics > Client

FIGURE 31 : ADC App > Analytics > Client > Average End-to-End Latency, Requests

Client section continued...


Location Distribution graph of client locations.

OS Distribution graph of client machine operating systems.

Response Codes Distribution graph of request response codes.

Device Distribution graph of client device types.

Browser Distribution graph of client browsers.



Layer-7 Analytics

44

eeeFF Feedback

FIGURE 32: ADC App > Analytics > Client > Location, OS, Response Codes...

The ADC App > Analytics > Client >Top Clients By widget has the following tabs:


Requests Distribution graph of top clients sending requests.

Throughput Distribution graph of top clients by total traffic throughput.


45


Layer-7 Analytics

Feedback

FIGURE 33: ADC App > Analytics > Client > Top Clients By

The ADC App > Analytics > Client > Security widget has the following options:

FIGURE 34: ADC App > Analytics > Client > Security


Requests Denied Distribution graph of requests handled by Security WAF on time scale. The distribution can be filtered for top clients by number of “requests denied” due to a WAF policy.

Requests Allowed Distribution graph of requests handled by Security WAF on time scale. The distribution can be filtered for top clients by number of “requests allowed” due to a WAF policy.



Layer-7 Analytics

46

eeeFF Feedback

Layer-7 Analytics: Internet

The ADC App > Analytics > Internet section displays the following information for requests distributed geographically.

• Access Latency

• HTTP

• HTTPS

• Requests

• Average Throughput

FIGURE 35: ADC App > Analytics > Internet


47


Layer-7 Analytics

Feedback

Layer-7 Analytics: WAF Security

The ADC App > Analytics > WAF SECURITY section displays the following information:


Violations Distribution graph of WAF policy violations with following tabs and view options:

• Overall distribution• HTTP Limit Violations• HTTP Protocol Violations• filterable distribution of violations on a time scale.

VIOLATIONS TIME SERIES

Triggered WAF violations plotted on a time series chart.

WAF Request Handling Widget that displays filterable distribution graph of WAF policy events or the number of requests allowed, and requests denied plotted on a time series chart.

Cookie Security Widget that displays filterable distribution graph of cookie policy events:

• Cookies• Set-Cookies• Violations

Events Widget that displays distribution of WAF policy events on time scale for requests that were denied; “Requests Denied”.

Top Sources Widget that displays graph of top request sources that generated the WAF policy events.



Layer-7 Analytics

48

eeeFF Feedback

FIGURE 36: ADC App > Analytics > WAF Security


49


Layer-7 Analytics

Feedback

FIGURE 37 : ADC App > Analytics > WAF Security > Events, Top Sources



Layer-7 Analytics

50

eeeFF Feedback

Layer-7 Analytics: ADC Service

The ADC App > Analytics > ADC Service section displays the following widgets.

Metrics Widgets

The ADC App > Analytics > ADC Service section displays the following metrics and information about service operations:

FIGURE 38: ADC App > Analytics > ADC Service > (Metrics Widgets)


Cache Rate Displays percentage of cache utilization.

Cache Utilization Displays number of cache hits per second.

Throughput Displays average throughput in (bps).

Throughout Peak Displays peak of the throughput averages.

Client Connections Displays average connections, closed connections per second, and maximum current connections.

Load Distribution Displays distribution of load on the servers.


51


Layer-7 Analytics

Feedback

ADC Widgets

The ADC App > Analytics > ADC Service section displays the following ADC related information:


Load Distribution Displays filterable server load distribution on time scale.

Throughput Displays distribution of throughput on time scale filterable for:

• incoming• outgoing.

ADC Service Latency Displays time taken by request in and out of service device) filterable for:

• REV - outgoing• FWD - incoming.

Error Traffic Displays the filterable distribution of response codes on time scale.



Layer-7 Analytics

52

eeeFF Feedback

FIGURE 39: ADC App > Analytics > ADC Service > (ADC Widgets)

HTTP2 Widgets

The ADC App > Analytics > ADC Service section displays the following HTTP2 related filterable distributions on time scale:


PROXY CONNECTIONS Number of total, current and peak connections plotted on a time series chart.

Total Bytes Number of Control, Header and Data Bytes expressed as a percentage of the Total Bytes and plotted on a time series chart.

Streams Closed Number of streams closed plotted on a time series chart.

Frame Types Sent to Client Number of types of frames sent to remote client plotted on a time series chart.


53


Layer-7 Analytics

Feedback

SSLi Widgets

The ADC App > Analytics > ADC Service section displays the following SSLi related filterable distributions of current and total client and server SSL connections on time scale:

FIGURE 40: ADC App > Analytics > ADC Service > (SSLi Widgets)

Caching Widgets

The ADC App > Analytics > ADC Service section displays the following Caching related filterable distributions of operational metrics on time scale:


Client SSL Connections Number of total and current client SSL connections plotted on a time series chart.

Server SSL Connections Number of total and current server SSL connections plotted on a time series chart.


Averaged Cached Entries

Displays average number of response entries that are cached.

Cached Utilization Displays percentage of response entries in the cache that are served.

Compress / Uncompressed

Displays distribution of compressed / uncompressed content on time scale.



Layer-7 Analytics

54

eeeFF Feedback

FIGURE 41 : ADC App > Analytics > ADC Service > (Caching Widgets)

Layer-7 Analytics: Thunder Cluster (TCP)

The ADC App > Analytics > Thunder Cluster (TCP) has the following widget groups:

Device Cluster Widgets

Displays filterable distribution of device metrics on time scale (irrespective of the number of device services mapped to the tenant):

• CPU Utilization

• Memory Utilization

• Bandwidth

• Total Connections


55


Layer-7 Analytics

Feedback

FIGURE 42: ADC App > Analytics > ADC Service > (Device Cluster Widgets)

Partition Service Latency

Displays Partition Service Latency; distribution of service latency, filterable for:

• FWD - forward traffic

• REV - reverse traffic

• TTFB - Total Time to First Byte

• TTLB - Total Time to Last Byte



Layer-7 Analytics

56

eeeFF Feedback

FIGURE 43: ADC App > Analytics > ADC Service > Partition Service Latency

Layer-7 Analytics: Applications

The ADC App > Analytics > Applications section displays the following distributions of application performance metrics:


Response Time Displays average response time from server.

App Latency Displays average server / application latency.

Top URL Displays distribution statistics of top URLs.

Top Domain Displays distribution statistics of top domains.

Response Time by Port Displays average response time per minute per port.

Slowest Transactions Displays distribution statistics of slowest transactions.


57


Layer-7 Analytics

Feedback

FIGURE 44: ADC App > Analytics > Applications

Layer-7 Analytics: App Servers

The ADC App > Analytics > App Servers section displays the following filterable distribution of application server operational metrics on time scale:


Server Health Displays numbers of servers up or down.

Server Response Time Displays server response time to first byte.

New Connections Displays number of new connections.

Current Connections Displays number of active connections.



Layer-7 Analytics

58

eeeFF Feedback

FIGURE 45: ADC App > Analytics > App Servers

•


59


ADC APP SERVICE OBJECTS

The Service Object tab provides configuration management options to deploy an ADC service, configure or model an ADC service and WAF service. It displays service objects that can be configured in the logical partition and allow users to perform service configuration changes.

The following service objects can be fully managed with the app:

• Servers

• Service Groups

• vPorts

• VIPs


• How to Deploy an ADC Application Service

• Configuring Servers

• Add/Edit a Server

• Delete Server

• Configuring Server Ports: Add/Edit Port

• Delete Server Port

• Configuring Service Groups

• Delete Service Groups

• Configuring VPorts (Virtual Ports)

• Delete VPort

• Configuring VIPs


How to Deploy an ADC Application Service

60

eeeFF Feedback

How to Deploy an ADC Application ServiceTo deploy and ADC App Service using the ADC App > Service Objects tab:

1. Configure the list of Servers

2. Configure the list of Service Groups

3. Configure Virtual Ports

4. Configure VIPs.

FIGURE 46: ADC App > Service Objects


61


Configuring Servers

Feedback

Configuring ServersThe ADC App > Service Objects > Servers tab provides options to Add, Edit to Configure Servers. and also Delete a server.

Add/Edit a Server

Configure Servers and health checks on servers by manually specifying values or loading predefined server templates using the ADC App > Service Objects > Servers > +Add a Server or Edit Server option.

Basic

The + Add a Server > Basic configuration contains has the following fields:

Advanced Server Options

The + Add a Server/ Edit a Server > Advanced configuration contains the following fields:

Field DescriptionName Specify the server name

Type Select the server type as: Host, IPv6, or FQDN

Resolve As Resolve server IP address as: IPv4 or IPv6

Action Configure server action as: Enable, Disable or Disable with Health Check

Health Check Select templates with Health Check options

Health Check Disable Enable or Disable Health Check. Disabled by default

Connection Limit Configure active connection limit. The valid range is 1-64000000

No Logging Disable or Enable logging connection over limit event. Disabled by default.

Field DescriptionExternal IP Configure external IP address for GSLB network address translation.

IPv6 Configure IPv6 address Mapping for GSLB.

Connection Resume Configure the minimum number of active connections before resuming to take on new connections). The valid range is 1-1000000.

Weight The Connection weight for the real server. The valid range is 1 to 1000.

Slow Start Slowly ramp up the connection number after server is up (start from 128, then double every 10 sec till 4096).

Spoofing Cache This DNS server is a spoofing cache.

Stats Data Action Enable or disable Statistics data. Enabled by default.



Configuring Servers

62

eeeFF Feedback

Template

This section provides the option to load a pre-defined server template configuration to create or edit the Server.

Port

The +Add a Server/ Edit a Server > Port configuration contains the following fields:

Extended Stats Enable or disable extended statistics on real server. Disabled by default.

Alternate Server Specify alternate server IP:

• Alternate: Priority or weight of alternate server. • Name: Name of alternate server. • +Add another item: Add another alternate server.

Field Description

Field DescriptionTemplate Server Select predefined server configuration template from drop-down

list.

Field DescriptionPort Displays Port ID.

Port Number Displays port number.

Protocol Specifies protocol (TCP, UDP, or HTTP) running on port.

Range Displays range of port values.

Health Check Displays if health check enabled or disabled on port.


63


Configuring Servers

Feedback

FIGURE 47 : ADC App > Service Objects > Servers > Add a Server



Configuring Servers

64

eeeFF Feedback

Delete Server

To delete a Server:

• Select Service Objects > Servers > : > Delete

• Click OK on the pop-up confirmation

Configuring Server Ports: Add/Edit Port

The ADC App > Service Objects > Servers provides options to Add, Edit to Configure Servers.

Configure Servers port and health checks on ports by manually specifying values or loading predefined server templates using the ADC App > Service Objects > Servers > Ports > +Add Server Port or Edit Port option.

Basic

The + Add ServerPort > Basic configuration contains has the following fields:

Field DescriptionPort Number Specify port number. Valid range is 0 to 65534.

Protocol Configure protocol for port. Options are TCP or UDP

Range Define port range value used for vip-to-rport-mapping, VIP-to-Remote Port-mapping and Virtual Port-Remote Port range mapping. Valid range is 0 to 254.

Health Check Select from pre-defined health check monitor options; for example: “ping”, “http”, or “Hm_WebApps_80_Http”

Health Check Follow Port

Specify which port to follow for health status. Valid range is 1 to 65534.

Follow Port Protocol Specify which port to follow to configure port protocol.

Health Check Disable Enable or Disable Health Check. Disabled by default.

Connection Limit Configure active connection limit. The valid range is 1 to 64000000.

No Logging Disable or Enable logging connection over limit event. Disabled by default.


65


Configuring Servers

Feedback

Advanced

The + Add Server Port / Edit Server Port > Advanced configuration contains the following fields:

Delete Server Port

To delete a port:

• Select Service Objects > Servers > Ports > : > Delete

• Click OK on the pop-up confirmation.

Field DescriptionWeight The Connection weight for the real server port. The valid range is 1 to 1000.

Connection Resume Configure the minimum number of active connections before resuming to take on new connections). The valid range is 1-1000000.

Stats Data Action Enable or disable Statistics data. Enabled by default.

Extended Stats Enable or disable extended statistics on real server. Disabled by default.

Alternate Port Specify alternate server port:

• Alternate: Priority or weight of alternate server port. • Alternate Name: Name of alternate server port. • Alternate Server Port: Priority or weight of alternate server port. • +Add another item: Add another alternate server port.

Service Principal Name

Kerberos principal port name



Configuring Servers

66

eeeFF Feedback

FIGURE 48: ADC App > Service Objects > Servers > Ports > Add Server Port


67


Configuring Service Groups

Feedback

Configuring Service GroupsThe ADC App > Service Objects > Service Groups tab provides options to Add, Edit to Configure Servers. and also Delete a service group

Basic

The + Add a Service Group > Basic configuration contains has the following fields:

Field DescriptionName Specify the ADC Service name

Protocol Select the service protocol

LB Method Load Balancing method: Various methods selection list with description

LC Method Least connection method

Stateless LB Method Stateless LB method

Pseudo Round Robin PRR, select the oldest node for sub-select

Stateless Auto Switch Enable auto stateless method

Stateless LB Method2 Stateless LB method

Connection Rate (conn/sec)

Dynamically enable stateless method by conn-rate. Rate to trigger state-less method(conn/sec). Valid range: 1-1000000

Rate Duration (seconds)

Enable auto stateless method. Valid range: 1-600

Revert Rate (conn/sec)

PRR, select the oldest node for sub-select. Valid range: 1-1000000

Revert Rate Duration (seconds)

Period that revert condition consistently happens(seconds).Valid range: 1-600

Grace Period (seconds)

Define the grace period during transition(seconds).Valid range: 1-600.

Connection Rate Log Send log if transition happens

L4 Session Usage Dynamically enable stateless method by connection rate. Rate to trigger stateless method(conn/sec). The valid range is 1-100.

L4 Session Usage Duration (seconds)

Period that trigger condition consistently happens(seconds). The valid range is 1-600

L4 Session Usage Revert Rate

Usage to revert to statelful method. The valid range is 1-100

L4 Session Revert Duration (seconds)

Period that trigger condition consistently happens(seconds). The valid range is 1-600

L4 Session Usage Grace Period (seconds)

Define the grace period during transition. Define the grace period during transition(seconds). The valid range is 1-600

L4 Session Usage Log Send log if transition happens

Strict Select Strict selection for service group




68

eeeFF Feedback

Advanced: Service Groups Options

The + Add a Service Group/ Edit a Service Group > Advanced configuration contains the

Health Check Select templates with Health Check options

Health Check Disable Enable or Disable Health Check. Disabled by default

Field Description

Fields Description

Template Port Port template name

Template Server Server template name

Template Policy Policy template name

Min Active Member Minimum Active Member Per Priority.Minimum Active Member before Action. Valid range is 1-1024.

Min Active Member Action Select the action on Minimum active member event.

Reset On Server Selection Fail

Enable or disable send reset to client if server selection fails

Priority Affinity Enable or Disable priority affinity. Persist to the same priority if possi-ble.

Reset Priority Affinity Reset the priority affinity

Backup Server Event Log Send log information on back up server events

Stats Data Action Statistical data collection

Extended Stats Enable extended statistics on service group

Traffic Replication Mirror Mirror the bi-directional packets

Traffic Replication Mirror DA Repl

Replace Destination MAC

Traffic Replication Mirror IP Repl

Replace IP with server-IP

Traffic Replication Mirror SA DA Repl

Replace Source MAC and Destination MAC address

Traffic Replication Mirror SA Repl

Replace Source MAC address

Priorities Configure values for sub-fields:

• Priority option: Valid range is 1-16. Define different action for each priority node.

• Priority Action: Select options from drop-down list.For example: Proceed: Move to next priority when all priority nodes fail.

• +Add another item: Add new priority

Sample Rsp Time Enable or disable sample server response time


69



Feedback

fields:

Delete Service Groups

To delete a service group:

• Select Service Objects > Servers > Ports > : > Delete


Rpt Ext Server Enable or disable reporting of top 10 fastest/slowest servers

Report Delay Reporting frequency (in minutes). Reporting frequency (in minutes). Valid range is 1-7200

Top Slowest Enable or disable to report top 10 slowest servers

Top Fastest Enable or disable to report top 10 fastest servers

Fields Description



Configuring VIPs

70

eeeFF Feedback

Configuring VIPsThe ADC App > Service Objects > VIPs provides options to Add and configure VIPs, and also Delete a VIP. Configure Servers VIPS by manually specifying values or loading predefined VIP templates. The Add VIP page contains various advanced configuration parameters from ACOS GUI. Please refer Application Delivery Controller Guide or ACOS GUI Online Help. for details.

Figure 10: ADC App > Service Objects > VIPs > Add VIP


71


Configuring VPorts (Virtual Ports)

Feedback

Configuring VPorts (Virtual Ports) The ADC App > Service Objects > VPorts provides options to Add, Edit to Configure virtual ports, and also Delete a virtual port.

Configuring Virtual Ports: Add VPort

The ADC App > Service Objects > VPorts provides options to Add, Edit to Configure Servers.

Configure virtual ports and health checks, run aFlex scripts, on virtual ports by manually specifying values or loading predefined virtual port templates using the ADC App > Service Objects > VPorts > +Add VPort option.

Basic

The + Add ServerPort > Basic configuration contains has the following fields:

Field DescriptionPort Number Specify port number. Valid range is 0 to 65534.

Protocol Configure protocol for port. Options are TCP or UDP

Range Define port range value used for vip-to-rport-mapping, VIP-to-Remote Port-mapping and Virtual Port-Remote Port range mapping. Valid range is 0 to 254.

Alternate Port Enable or disable alternate Virtual Port

Connection Limit Configure active connection limit. The valid range is 1 to 64000000.

Def Selection If Pref Failed

Enable or disable virtual port selection If Preference Failed is defined.

Service Group Bind a Service Group to this Virtual Server.

No Destination NAT Disable destination NAT, this option only supports in wildcard VIP or when a connection is operated in SSLi + EP mode

Port Translation Enable port translation under no-dest-nat.




72

eeeFF Feedback

FIGURE 49: Service Objects > VPorts > Add vPorts > Basic


73



Feedback

Advanced

The + Add vPort > Advanced configuration contains various advanced configuration parameters similar to ACOS GUI. Please refer Application Delivery Controller Guide or ACOS GUI Online Help

Delete VPort

To delete a virtual port:

• Select Service Objects > vPorts > : > Delete


FIGURE 50: ADC App > Service Object Tab




74

eeeFF Feedback


75


ADC APP SHARED OBJECTS

The Harmony Controller ADC App v3.4 provides configuration management, visibility and analytics for your A10 Networks® ADC services and WAF services and Shared Objects.

Shared objects are used to extend the configuration of the primary ADC application object, such as a virtual server or server and can be referenced by multiple application objects.


• Logical Partition

• Configure Versions of Partition

• Templates

• WAF Templates

• aFleX

• Certificates

• CRLs

• IP NAT Pool

• Health Monitor

• How to Configure a Health Monitor for Service Objects

In the app shared objects are defined at the logical partition level and can be re-used for all app services deployed with-in the partition. Logical Partition level shared objects can reference provider level shared objects which are defined at the provider level by a provider user.


76

eeeFF Feedback

FIGURE 51 : ADC App > Shared Objects

Logical Partition

Logical partition is a logical entity predefined at Harmony Controller, based on the type of application run on the device.

Cluster partition is a physical device entity that deals with Shared and Layer 3 Virtualization (L3V) partitions inside a device.

Shared objects can be configured in a logical partition and during deployment, they are pushed to the corresponding Thunder partition. Shared objects can also be configured in the provider space andreferenced from one or more logical partitions belonging to one or more tenants within the provider.

For instance, provider admin can define a TCP template in a provider space. An application or tenant admin defining application related configuration in a logical partition can refer to the TCP template in the provider scope. This can achieved by creating a TCP template local to the logical partition and having it refer to the one in provider scope.

This ADC App > Shared Objects > Logical Partition drop-down lists the various predefined Logical Partitions available.


77


Configure Versions of Partition

Versions of Logical Partition for “[Name of Thunder Instance]”

Three options are available for this selection:

• Save

• Compare

• Deploy

Save

Click Save to save the shared objects configuration to load ADC App and Thunder ADC functionalities.

Compare

Select Compare to compare the different pre-configured versions of Logical Partition Configurations.

For deployment to work correctly, please ensure that “config-replace” is enabled on Thunder ADC.

Save or Hide unsaved configuration.

• Make Candidate - Select the logical partition and make it the “Candidate”

• Validate - Validates the loaded logical partition.

• Deploy - Deploys the loaded logical partition.



78

eeeFF Feedback

FIGURE 52 : Deploy Shared Objects Configuration.

Deploy

Click Deploy, to deploy or implement the configuration template or code.

Templates

You can add various templates, using Shared objects page .

Adding a Template

To add a new template, follow the below steps:

1. Click Shared Objects > Templates.

2. Click on Add Template.


79


3. Select the any one Template in Select Template Type page and select the “sub-type” as shown in image. Click Next:

• ADC

• Apps

• SSL

• SSLi

• System

• Protocol

• Policy

FIGURE 53: Shared Objects > Template > + Add a Template > Select ADC Template > Virtual

Server

4. For example, select ADC > Virtual Server “sub-type”. The Add Virtual Server Template pop-up is displayed, with various related configuration parameters. Fill in the configurations required.

5. Click Create to add the new template.



80

eeeFF Feedback

WAF Templates

You can add various WAF templates, using Shared objects page .


1. Click Shared Objects > WAF Templates.

2. Click on +Add WAF Template.

3. Enter the Template Information , deployment mode , logging template, and select the various WAF configuration parameters. For details, refer Web Application Firewall Guide

4. Click Save to save and load the WAF template.


81


FIGURE 54: Shared Objects > WAF Template > + Add WAF Template

aFleX

You can add aflex scripts, using Shared objects page .


1. Click Shared Objects > aFlex.

2. Click on +Add AFlex.

3. Enter the aFlex Name, Description and aFlex Script. For details, refer ACOS aFlex Refer-ence Guide.

4. Click Save to save and load the aFlex script.



82

eeeFF Feedback

FIGURE 55: Shared Objects > aFlex > + Add aFlex

Certificates

To import a certificate, follow the steps:

1. Select Shared Objects > Certificates.

2. Click + Import a Certificate.

3. Create or update certificate information and type. Click ot upload Certificate.

4. Click Save.


83


FIGURE 56: Shared Objects > Certificate > + Import Certificate

CRLs

To import a CRL, follow the steps:

1. Select Shared Objects > CRL .

2. Click + Import a CRL.

3. Enter the file name, description, and click to Upload the CRL file.

4. Click Save.



84

eeeFF Feedback

FIGURE 57 : Shared Objects > CRL > + Import CRL

IP NAT Pool

To add an IP or IPv6 NAT Pool Group, follow the steps:

1. Click Shared Objects > IPNAT Pool .

2. Click on +Add > IP NAT Pool Groups or IPv6 NAT Pool Groups.

FIGURE 58: Shared Objects > IPNAT Pool > +Add


85


3. Enter the Pool Name and Member List.

4. Click Create to create new IP NAT Pool.

FIGURE 59: Figure 9 > Shared Objects > IPNAT Pool > +Add > Add IP NAT Pool Group

Health Monitor

To create or add a new Health Monitor, follow the steps:

1. Click Shared Objects > Health Monitor .

2. Click on +Add Health Monitor.



86

eeeFF Feedback

3. Enter the Health Monitor Name. Configure the various health monitor parameters and select Method.

4. Click Create to create new Health Monitor.

The various Health monitor parameters are as follows:

Field DescriptionName Specify Monitor Name

Dsr L2 Strict Enable strict Layer 2 DSR health-check

Retry Specify the Healthcheck Retries. Valid range for retry Count is 1-10. Default is 3.

Up Retry Specify the Healthcheck Retries before declaring target up.Up-retry count. Default is 1

Override IPv4 Override implicitly inherited IPv4 address from target.

Override IPv6 Override implicitly inherited IPv6 address from target.

Override Port Override implicitly inherited port from target. Valid Port number (1-65534)

Strict Retry On Server Err Resp

Enable or disable require strictly retry.

Disable After Down Disable the target if health check failed. Default is disable

Interval Specify the Healthcheck Interval.Default value, in seconds is 5

Timeout Specify the Healthcheck Timeout. Timeout Value, in seconds(default 5), Timeout should be less than or equal to interval

SSL Ciphers Specify OpenSSL Cipher Suite name(s) for Health check..Default value is DEFAULT

For example: AES128-SHA256), if the cipher is invalid, would give informa-tion reason for Health monitor down

Method Specify pre-defined HM method.


87


FIGURE 60: Shared Objects > Health Monitor > +Add Health Monitor

How to Configure a Health Monitor for Service Objects

We can configure Health Monitor and associate it only to a Server or Service Group:

To configure health monitor for Servers or Service Groups:

• Configure Health Monitor as mentioned.

• Goto ADC App > Service Objects > Servers / Service Groups > + Add a Server / Edit a Server > Basic

• Select predefined health monitor in Health Check drop-down.

• Enable Health Check button.



88

eeeFF Feedback


89


ADC APP LOG VIEW AND TROUBLESHOOTING

ADC App provides quicker troubleshooting with visibility and analytics for the application traffic and infrastructure through the Log View Panel, Dashboard, and Analytics. The Log view panel is an expandable panel at the bottom of App window. This panel provides access to detailed service logs and an ability to filter logs for troubleshooting.

The sections in this chapter are as follows:

• Log View Panel

• TroubleShooting

Log View PanelIt is an expandable panel at the bottom of the ADC App page. It displays service operation and system logs for detailed analysis and troubleshooting. It displays the following types of logs:

• Log View: HTTP

• Log View: Alerts

• Log View: Alerts

• Log View: License Audit

• Log View: WAF

The logs can be filtered on an extensive set of parameters, using the filter controls available on the left hand side of the panel.

FIGURE 61 : ADC App > Log View Panel


Log View Panel

90

eeeFF Feedback

Log View: HTTP

The HTTP Log View tab provides various statistics and logs for the following options:

• Reset

• Browser

• Client OS

• Devices

• Client IP

• Server IP

• URL

• Request Type

• Server Port

• Service Name

• Response Code

• Request Size

• Response Size

The following statistics are provided for each HTTP Log View option:

• Timestamp

• Client IP

• URI

• Request

• Response

• Response Size

• End-To-End

• Cached


91


Log View Panel

Feedback

FIGURE 62: Log View > HTTP

Log View: Alerts

Displays Log Collection Statistics that can be reset or filtered by:

• Cluster

• Device

• App Svc Type

• App Svc Name

• Tenant Name

• Trigger Name

• Alert Name

• Severity



Log View Panel

92

eeeFF Feedback

FIGURE 63: Log View > Alerts

Log View: License Audit

Displays license audit logs for the following options:

• License State

• Entitlement Key

• Device

• Log Source


93


Log View Panel

Feedback

FIGURE 64: Log View > License Audit

Log View: WAF

Displays WAF logs filtered by:

• URL

• Status

• Violations

• Source IP



TroubleShooting

94

eeeFF Feedback

FIGURE 65: Log View > WAF

TroubleShooting This section specifies some trouble shooting scenarios where user can monitor and troubleshoot specific issues using the ADC App.

• HTTP Monitoring

• WAF Security Policy Violations

HTTP Monitoring

To monitor HTTP2 response issues and broken app services link issues, follow the steps:

• Check CGN App > Dashboard >Response Codes and CGN App > Analytics (Client) > Response Codes widget. This widget displays the distribution of HTTP response codes. To monitor app accessibility issues, check request response codes.

• Check for 400 series response codes.

• Now in Log View > HTTP filter for 400 Response Codes.

• Check which client IP and URI are showing 400 response code.

• View the URI, browser, IP Server in the Log View Panel > HTTP Logs > Client IP drill down.


95


TroubleShooting

Feedback

WAF Security Policy Violations

To monitor WAF Security Policy Violations, follow the steps:

• Drilldown to Log View > WAF tab

• Check which URLs are logged for WAF security policy violations



TroubleShooting

96

eeeFF Feedback


97


SUPPORT INFORMATION FOR HARMONY CONTROLLER: ADC APP V3.4

The A10 Networks® technical and customer support team is available at your service on phone, email and web channels:

Technical and Customer SupportTo know more about A10 Networks® Harmony Controller and ADC App v3.4, refer the following:

• Contact: https://www.a10networks.com/company/contact-us

• Support: https://www.a10networks.com/support

• Call (International): 1-408-325-8676

• Call (Toll-Free USA & Canada): 1-888-TACS-A10


Technical and Customer Support

98

eeeFF Feedback


99


Contents

harmony controller adc app v3.4 user guide

Documents