Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
Harmony Controller ADC App v3.7 User Guidefor A10 Thunder® Series and AX™ Series
20 August 2021
© 2021 A10 NETWORKS, INC. CONFIDENTIAL AND PROPRIETARY- ALL RIGHTS RESERVED
Information in this document is subject to change without notice.
PATENT PROTECTION
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual patent marking pro-visions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Networks' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:
https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking
TRADEMARKS
A10 Networks trademarks are listed at:
https://www.a10networks.com/company/legal-notices/a10-trademarks
CONFIDENTIALITY
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may not be dis-closed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of A10 Networks, Inc.
A10 NETWORKS INC. SOFTWARE LICENSE AND END USER AGREEMENT
Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confi-dential information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in this docu-ment or available separately. Customer shall not:
1. Reverse engineer, reverse compile, reverse de-assemble, or otherwise translate the Software by any means.
2. Sub-license, rent, or lease the Software.
DISCLAIMER
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fit-ness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and conditions.
ENVIRONMENTAL CONSIDERATIONS
Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufac-turer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.
FURTHER INFORMATION
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks location, which can be found by visiting www.a10networks.com.
3
Table of Contents
INTRODUCTION ..................................................................................................7
INSTALLATION AND UPGRADE .............................................................................9Management of ADC App/ Prerequisites ................................................................................. 9
User Roles: Super/Provider Admin, Tenant/App Admin .............................................................. 9Thunder Devices and Clusters ........................................................................................................ 10
App Catalog .................................................................................................................................. 10Upload an App.............................................................................................................................. 10Update an App ............................................................................................................................. 10Installed Apps................................................................................................................................ 11Enabling or Disabling ADC App.................................................................................................. 11Delete/Uninstall ADC App ......................................................................................................... 12
ADC APP GETTING STARTED ...........................................................................13Getting Started ............................................................................................................................ 13Launch ADC App from Tenant User......................................................................................... 15Launch ADC App from Harmony Apps.................................................................................... 15Help Center for ADC App ............................................................................................................17Overview of ADC App Tabs and Log View Panel ................................................................... 19
Chart Overlay Alerts and Events ........................................................................................................... 19
ADC APP DASHBOARD ....................................................................................21Session Settings.......................................................................................................................... 21ADC App Service Selector .........................................................................................................22ADC App Key Performance Indicator Bar...............................................................................23Time Window Selector ................................................................................................................23Sync Tooltip ..................................................................................................................................24
Linked Cursor ..............................................................................................................................................24Unlinked Charts ..........................................................................................................................................24
ADC App Dashboard ...................................................................................................................26Inventory ...................................................................................................................................................... 27Alerts and Events ....................................................................................................................................... 27Alerts and Events in Overlay ................................................................................................................... 27WAF Events ..................................................................................................................................................28Deployment Locations .............................................................................................................................29Requests ......................................................................................................................................................29
ADC App v3.6 User Guide
Contents
4
TOP 20 APP SERVICE ...............................................................................................................................30APP Servers .................................................................................................................................................31
ADC APP ANALYTICS .................................................................................... 33ADC Analytics Tab .......................................................................................................................33
Service Selections .....................................................................................................................................34DNS Analytics...............................................................................................................................34
DNS Analytics: KPI .....................................................................................................................................36DNS Analytics: QPS ................................................................................................................................... 37DNS Analytics: Other Metrics .................................................................................................................. 37
Layer 4 Analytics ........................................................................................................................ 40Layer-4: KPI Bar for ADC Analytics Tab ............................................................................................... 40Layer-4 Analytics: ADC App Selector Diagram .................................................................................. 41Layer-4 Analytics: Client .......................................................................................................................... 41Layer-4 Analytics: Thunder ADC (TCP) ................................................................................................44Layer-4 Analytics: Thunder Cluster (TCP) ...........................................................................................46Layer-4 Analytics: App Servers ..............................................................................................................46
Layer-7 Analytics......................................................................................................................... 47Layer-7: KPI Bar for ADC Analytics Tab ................................................................................................. 47Layer-7 Analytics: Latency Drilldown .................................................................................................. 48Layer-7 Analytics: ADC App Selector Diagram ...................................................................................50Layer-7 Analytics: Client ..........................................................................................................................50Layer-7 Analytics: Internet ......................................................................................................................54Layer-7 Analytics: WAF Security ............................................................................................................55Layer-7 Analytics: ADC Service ..............................................................................................................58
Metrics Widgets ...................................................................................................................................58ADC Widgets .........................................................................................................................................59HTTP2 Widgets ................................................................................................................................... 60ADC Widgets ..........................................................................................................................................61Caching Widgets ..................................................................................................................................61
Layer-7 Analytics: Thunder Cluster (TCP) ............................................................................................62Partition Service Latency .................................................................................................................63
Layer-7 Analytics: Applications ..............................................................................................................64Layer-7: Server Drill Down ................................................................................................................64
Layer-7 Analytics: App Servers ..............................................................................................................66
ADC APP SERVICE OBJECTS ...........................................................................67Configuration Options ................................................................................................................ 67How to Deploy an ADC Application Service...........................................................................69Configuring Servers....................................................................................................................70
Server Page Usage ....................................................................................................................................70Add/Edit a Server ......................................................................................................................................70
Basic ........................................................................................................................................................71Advanced Server Options ..................................................................................................................71Template ................................................................................................................................................ 72
5
ADC App v3.6 User Guide
Contents
Port ......................................................................................................................................................... 72Delete Server .............................................................................................................................................. 73Configuring Server Ports: Add/Edit Port ............................................................................................. 73
Basic ....................................................................................................................................................... 73Advanced .............................................................................................................................................. 74
Delete Server Port ..................................................................................................................................... 74Configuring Service Groups...................................................................................................... 76
Creating a new service group ................................................................................................................. 76Basic Settings ...................................................................................................................................... 77Advanced Settings : ...........................................................................................................................78
Adding a member ...................................................................................................................................... 79Delete Service Groups .............................................................................................................................. 79
Configuring VIPs......................................................................................................................... 80VIP Page Usage ......................................................................................................................................... 80Add/Edit VIP ................................................................................................................................................82
Basic .......................................................................................................................................................82Advanced VIP Options ...................................................................................................................... 83Template ............................................................................................................................................... 83Port ........................................................................................................................................................ 83
Configuring VPorts (Virtual Ports)...........................................................................................86vPort Page Usage ..................................................................................................................................... 86Configuring Virtual Ports: Add VPort ....................................................................................................87
Basic .......................................................................................................................................................87Advanced ..............................................................................................................................................90
Delete VPort ................................................................................................................................................90
ADC APP SHARED OBJECTS ...........................................................................91Logical Partition .........................................................................................................................................92Configure Versions of Partition ..............................................................................................................93
Save ........................................................................................................................................................93Compare ................................................................................................................................................93Deploy ....................................................................................................................................................94
Templates ....................................................................................................................................................94To add a new template ......................................................................................................................94
WAF Templates ...........................................................................................................................................95aFleX .............................................................................................................................................................96Certificates .................................................................................................................................................. 97CRLs ..............................................................................................................................................................98IP NAT Pool ..................................................................................................................................................99Health Monitor ..........................................................................................................................................100How to Configure a Health Monitor for Service Objects ................................................................ 102
ADC APP LOG VIEW AND TROUBLESHOOTING ................................................. 103Log View Panel...........................................................................................................................103
Log View: HTTP ........................................................................................................................................104
ADC App v3.6 User Guide
Contents
6
Related Topics ....................................................................................................................................105Log View: Alerts ........................................................................................................................................105
Related Topics ....................................................................................................................................106Log View: Events ...................................................................................................................................... 107
Related Topics ....................................................................................................................................108Log View: WAF ..........................................................................................................................................108
New WAF Work flow ..........................................................................................................................108Related Topics .....................................................................................................................................110
Troubleshooting..........................................................................................................................110HTTP Monitoring .......................................................................................................................................110WAF Security Policy Violations ..............................................................................................................110Chart Overlay Drill Down to Event Logs .............................................................................................. 111Alerts Analysis ........................................................................................................................................... 111
SUPPORT INFORMATION FOR HARMONY CONTROLLER: ADC APP V3.6 ............... 113Technical and Customer Support ...........................................................................................113
7
ADC App v3.7 User GuideFeedback
INTRODUCTION
The A10 Networks® ADC Harmony App provides centralized ADC service configuration, monitoring, and analytics to all managed ADC deployments.
The ADC App provides the following features:
• Access to a centralized management platform, so that the user can manage multi-site deployments.
• Insights into network traffic, TLS decryption statistics, traffic categorization, and applica-tion visibility.
• Detailed application visibility, coupled with enriched logs and analytics for faster and eas-ier troubleshooting with accuracy.
For more information, watch the video Introduction to ADC app.
9
ADC App v3.7 User Guide
Management of ADC App/ Prerequisites
Feedback
INSTALLATION AND UPGRADE
The A10 Networks® Harmony Controller - ADC App v3.7 software is packaged with Harmony Controller 5.3.0-P1. ADC App can be installed as a package on Harmony Controller 5.3.0 or higher.
The following topics are covered in this chapter:
• Management of ADC App/ Prerequisites
• App Catalog
• Upload an App
• Update an App
• Installed Apps
• Enabling or Disabling ADC App
• Delete/Uninstall ADC App
Management of ADC App/ PrerequisitesADC App collects data from ACOS virtual instances or standard hardware based ACOS devices like Thunder ADC.
User Roles: Super/Provider Admin, Tenant/App Admin
The ADC App is managed by the Provider Admin and accessed by the Tenant Admin. For more information, see
Role-based Access Control.
ADC App v3.7 User Guide
App Catalog
10
eeeFF Feedback
Thunder Devices and Clusters
The Thunder device connecting to the A10 HarmonyTM Controller may be single, part of a HA pair, or part of a VCS cluster. On connecting, a Device Cluster is created within the Provider account. This configuration can be loaded and accessed through ADC Apps. For more information, see
Thunder ADC guide. l
App CatalogThe App Catalog in Harmony Controller displays the list of uploaded Harmony Apps. When the Harmony ADC App is successfully loaded, it gets added under the App Catalog. Controller or Super-Admin and Provider admin can access the App Catalog.
NOTE: The Controller can Upload, Update, or Delete the app and Provider admincan Install the app.
Upload an AppFollow the steps to upload a new ADC app:
1. Log in to Harmony Controller as a root provider admin.
2. Switch to Controller scope.
3. Click Harmony Apps > App Catalog in the navigation pane. The All Available Harmony Apps page opens.
4. Click Upload an App. The Upload an App page opens.
5. Click in the App Package File box and select an package file from the local repository.
6. Add notes in the Upload / Update Notes box and click Next.
Update an AppThis option is available only for Controller scope. Follow the steps to update an app from the App Catalog section:
1. Log in to Harmony Controller as a provider admin.
2. Switch to Controller account.
11
ADC App v3.7 User Guide
Installed Apps
Feedback
3. Click Harmony Apps > App Catalog in the navigation pane. The All Available Harmony Apps page opens.
4. On the slb app tile and click the vertical ellipsis .
5. Select Update.
6. Click in the App Package File box and select an package file from the local repository.
7. Add notes in the Upload / Update Notes box and click Next.
FIGURE 1 : Apps Catalog > slb > Update
Installed AppsAll installed apps are listed on the Installed Apps page. Provider admins can Uninstall the app and Tenant admins can Enable or Disable the apps.
Enabling or Disabling ADC AppThis option is available for Tenant admins. To enable or disable ADC App, follow the below steps:
1. Click Harmony Apps > App Catalog.
2. Click Enable on the ADC app tile. Alternatively, you can click the vertical ellipsis and select Enable/Disable.
ADC App v3.7 User Guide
Delete/Uninstall ADC App
12
eeeFF Feedback
Delete/Uninstall ADC AppThis option is available only for Provider account. Follow the steps to delete an app from the App Catalog section:
1. Log in to Harmony Controller as a provider admin.
2. Click Harmony Apps > Installed Apps in the navigation pane. The All of Your Installed Apps page opens.
3. On the slb app tile and click the vertical ellipsis .
4. Click Uninstall.
FIGURE 2 : root > Installed Apps > slb App > Uninstall
13
ADC App v3.7 User Guide
Getting Started
Feedback
ADC APP GETTING STARTED
The Harmony Controller ADC App v3.7 provides configuration management, visibility and analytics for A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services.
The following topics are covered in this chapter:
• Getting Started
• Launch ADC App from Tenant User
• Launch ADC App from Harmony Apps
• Help Center for ADC App
• Overview of ADC App Tabs and Log View Panel
Getting StartedTo get started with the ADC App, watch the Video Tutorial or Getting Started section in Harmony Controller Help Center.
ADC App v3.7 User Guide
Getting Started
14
eeeFF Feedback
FIGURE 3 : Getting Started with App from Harmony Controller
15
ADC App v3.7 User Guide
Launch ADC App from Tenant User
Feedback
Launch ADC App from Tenant UserTo launch App from Harmony Controller Tenant user account:
1. Login to Harmony Controller.
2. Switch to the Tenant user account.
3. There are three ways the ADC App can be launched.
• From the Harmony Controller > Services > App Services page
FIGURE 4 : Launch ADC App from Harmony Controller > Services > App Services
• From the Harmony Controller > Services > Logical Partition page. This option is available only if logical partitions are enabled.
• From the Apps Manager > My Apps page
Launch ADC App from Harmony AppsTo launch ADC App from Harmony Apps:
1. Click Harmony Apps > Installed Apps.
2. Click Installed Apps.
ADC App v3.7 User Guide
Launch ADC App from Harmony Apps
16
eeeFF Feedback
3. Click Enable on the slb app tile.
FIGURE 5 : Harmony Controller (Tenant) > Apps Manager > Installed Apps
4. Click My Apps on left hand panel.
5. Click the vertical ellipsis and select Launch App on app in My Apps page as shown in the following image.
FIGURE 6 : Harmony Controller > Harmony Apps > My Apps
6. Select Tenant and click Proceed to launch app.
17
ADC App v3.7 User Guide
Help Center for ADC App
Feedback
FIGURE 7 : Launch App > Select Tenant
NOTE: Disable pop-up blocker to ensure that the Select Tenant win-dow pop-up functions correctly.
Help Center for ADC AppThe Help Center the following quick access links
• Product documentation
• Product Demos
• Technical Articles
• Video Tutorials
• White Papers
• Create Ticket
• Privacy Policy
ADC App v3.7 User Guide
Help Center for ADC App
18
eeeFF Feedback
• End of Sale
Click on the “?” icon on the top-right corner of the application navigation bar to access and explore the feature.
FIGURE 8 : Select Help Menu
FIGURE 9 : ADC App Help Center Pop-up Menu Widget
19
ADC App v3.7 User Guide
Overview of ADC App Tabs and Log View Panel
Feedback
Overview of ADC App Tabs and Log View PanelThe ADC App v3.6 has the following tabs/expandable windows:
FIGURE 10 : ADC App > Top Panel with Tabs
FIGURE 11 : ADC App > Expandable Bottom Log Panel
Chart Overlay Alerts and Events
Overlay events and alerts are displayed for all Dashboard and Analytics charts on ADC app. Overlays consist of all levels of alerts and events from ADC app services, for tenants, clusters and devices, where these app services are deployed.
• metrics time series chart from session rate to overlay with events.
• red dots indicate that there are one or multiple alerts and events.
• by default all alerts and events are enabled.
User can enable or disable Alerts, by selecting “:” menu next to the ADC App > Sync Tooltip button.
Tabs / Expand Window Description
Dashboard Displays information about the logical partitions mapped to the tenant, configured App services, service monitoring, and key statistics about the service operations.
Analytics Displays visibility and analytics information for deployed App services, key performance indicators, and service operation metrics.
Service Objects Displays configured service objects and provides an ability to edit, save, compare, and deploy service configurations.
Shared Objects Displays configured shared service objects and an ability to manage shared objects.
Log panel A expandable panel at the bottom of App window. This panel provides access to detailed service logs and an ability to filter logs for detailed analysis and troubleshooting.
ADC App v3.7 User Guide
Overview of ADC App Tabs and Log View Panel
20
eeeFF Feedback
The overlay displays only the number of alerts and events, but does not provide further details about the events.
21
ADC App v3.7 User Guide
Session Settings
Feedback
ADC APP DASHBOARD
The Harmony Controller ADC App dashboard provides visibility and analytics for A10 Networks® ADC services and WAF services at a Provider-level or Tenant-level.
The Dashboard displays different widgets and this page gives the overall picture on alerts and events, users, apps, deployment locations, clusters, tenants and license usage.
The following topics are covered in this chapter:
• Session Settings
• ADC App Service Selector
• ADC App Key Performance Indicator Bar
• Time Window Selector
• Sync Tooltip
• ADC App Dashboard
Session SettingsBy default, your session ends in one hour. You are prompted five minutes before the session is about to end. By extending the session, you can keep monitoring the real-time analytics and data without having to log in frequently.
To extend a session:
ADC App v3.7 User Guide
ADC App Service Selector
22
eeeFF Feedback
1. In the Session Expiring dialog, click Continue session. Alternatively, click the User profile icon on the top-right of the Dashboard, and then select Session Settings from the list. The Session Settings page opens.
2. In Session Duration, click 1 Hour, 24 Hours, or 72 Hours.
3. Click Extend Session.
ADC App Service SelectorThe ADC App Service Selector is a selection list. Select the pre-defined application services to view the related data and statistics.
The App Service Selector is available for all ADC App tab selections.
FIGURE 12 : App Service Selector -ADC App Header
23
ADC App v3.7 User Guide
ADC App Key Performance Indicator Bar
Feedback
ADC App Key Performance Indicator BarThe KPI Bar Widget for ADC App displays the following information. This data is refreshed every time as per the selection in the Time Window Selector widget.
The KPI Bar widget for ADC Dashboard and Analytics page displays the following information:
FIGURE 13 : KPI Bar on ADC App Header
Time Window SelectorThe Time Window Selector displayed for ADC Dashboard and Analytics page, has the following components:
FIGURE 14 : Time Window Selector:
Widget / Field Description
Throughput (BPS) Total traffic for all the app services for the tenant.
Current Connec-tions
Number of active connections.
Connection Rate (cps)
Number of closed connections.
Errors Number of errors.
Widget / Field Description
Calendar Widget - Date Selec-tor
Select date timeline using the calendar.
Time Selection Scroll Bar Select the timeline for data analysis.
Auto Refresh Timer Specify a time to refresh the page automatically.
ADC App v3.7 User Guide
Sync Tooltip
24
eeeFF Feedback
NOTE: Dashboard charts are displayed based on the aggregated datausing the following mechanism. Harmony Controller efficientlyrolls up stored metric and log data based on the age of the data.For metrics older than 30 days, Harmony Controller aggregates to10-minute level. For logs older than 12 hours, data is aggregated to1 minute level. For logs older than 30 days, Harmony aggregates to10-minute level, up to a year.
Sync TooltipAll charts in ADC App Dashboard and Analytics tab widgets have Linked Cursor for the charts. Sync Tooltip is disabled by default. The linked chart option is enabled when you enable Sync Tooltip button.
Linked Cursor
The tool tips of the charts are linked together. Once user moves the cursor into one of the charts, it displays the tool tip and line at the cursor point. All related charts display tool tips and lines at the points with the same time stamp.
A new switch button Sync Tool tip is available on the right of Time Bar. It is used to enable or disable the Linked Cursor.The cursor links the charts together to easily contrast data among the different charts.
Unlinked Charts
Tool sync tip functionality provides option for user to turn ON/OFF the sync of cursors in multiple charts. When "Sync Tool tip" is turned off and the cursor is moved into a chart, only the current chart will show tool tip and line where the cursor is displayed.
25
ADC App v3.7 User Guide
Sync Tooltip
Feedback
FIGURE 15 : ADC App > Sync Tooltip > Enable Link Cursor
FIGURE 16 : ADC App > Sync Tooltip > Disable Link Cursor
ADC App v3.7 User Guide
ADC App Dashboard
26
eeeFF Feedback
ADC App Dashboard The ADC App Dashboard displays the following main components:
• Inventory
• Alerts and Events
• WAF Events
• Deployment Locations
• Requests
• TOP 20 APP SERVICE
The ADC App Dashboard displays the following common components:
Widgets/ Fields Description
App Service Selector See ADC App Service Selector.
Key Performance Indicators (Averaged per minute). See ADC App Dashboard
Time Range Slider Time range selector control. Applies to all the widgets in the app. See Time Window Selector
27
ADC App v3.7 User Guide
ADC App Dashboard
Feedback
Inventory
Displays a list of logical partitions of type ADC with a list of the app services deployed in the logical partition for the selected tenant.
FIGURE 17 : ADC App > Dashboard > Inventory
Alerts and Events
Alerts and events displays information for a particular tenant or all tenants. You can filter the alerts and events according to following criteria:
• Severity,
• Warning,
• Notification
• Information.
You can toggle to check the log collection statistics for the time stamp, tenant ID, cluster ID, system module and message.
Alerts and Events in Overlay
Overlay alerts and events are displayed on the time series graphs in ADC App Analytics and Dashboard pages. New alerts and events generated are plotted on the time series graph in real time. Using this information, users can:
• Correlate the events and alerts data with live traffic for troubleshooting.
• Easily map any significant modification in incoming traffic to corresponding events or alerts that triggered the change in traffic.
These alerts & events can be configured from Harmony Controller.
ADC App v3.7 User Guide
ADC App Dashboard
28
eeeFF Feedback
Users can select the type of overlay alerts and events on the charts from the drop down menu next to the Auto Refresh duration selection button.
The overlay data is displayed on the charts as red dots. On hover on any of the overlay point, a tool tip displays what category of event/alert occurred at that time stamp.
FIGURE 18 : ADC App > Dashboard > Alerts, Events
WAF Events
The following WAF events widget displays distribution of number of WAF events or requests that triggered WAF policy violation(s) reported on time scale.
FIGURE 19 : ADC App > Dashboard > WAF Events
29
ADC App v3.7 User Guide
ADC App Dashboard
Feedback
Deployment Locations
This world map displays distribution of service devices by geographical location. The deployment locations are highlighted displaying the number of clusters or devices associated with the particular location in a color-coded map format with statistics.
FIGURE 20: ADC App > Dashboard > Deployment Locations
Requests
The Requests widget displays the summation of all response codes for requests processed for a time range plotted on a time series chart.
The ADC App Dashboard provides the following “Request” locations and Latency information:.
Widgets Description
Request Locations Displays distribution of client location(s) for received requests.
Request Methods Displays distribution of HTTP method of requests received..
Response Codes Displays distribution of HTTP response codes.
Average End-to-end Latency
Displays the average end-to-end latency for a full request-response cycle (the time taken by the one request-response cycle averaged for the selected time range) plotted as a time series chart.
REQUESTS Displays number of requests received plotted on a time series chart.
ADC App v3.7 User Guide
ADC App Dashboard
30
eeeFF Feedback
FIGURE 21 : ADC App > Dashboard > Requests
TOP 20 APP SERVICE
This widget displays top 20 apps by Current Connections, Throughput, CPS, or SSL CPS for the selected time period. Click the vertical ellipsis icon at the top-right corner to change the chart from Table to Bar chart or Tree Map chart.
Fields Description
App Services Name of the app service.
Current Connections Displays app services by total number of current connections.
Throughput Displays app services by throughput in pps or packets per sec-ond.
CPS Displays app services by connection per second.
SSL CPS Displays app services by SSL connections per second.
31
ADC App v3.7 User Guide
ADC App Dashboard
Feedback
FIGURE 22 : Top 20 App Services
APP Servers
The APP Servers treemap chart displays distribution of connections, requests, or packets on servers in a tenant. Point to a server to view the details. The details show the following details.
Options Description
Avg Current Conn Shows number of average current connections and percentage of average current connections by servers.
Connection Rate Shows connection rate on a server and server-specific percentage of total connection rates on all servers.
Peak Connections Shows number of peak connections on a server and server-specific percentage of total peak connections on all servers.
Request Rate Shows request rate on a server and server-specific percentage of total request rates on all servers.
Avg SSL Current Conn
Shows average SSL current connections on a server and server-spe-cific percentage of total SSL current connections on all servers.
ADC App v3.7 User Guide
ADC App Dashboard
32
eeeFF Feedback
SSL Connection Rate
Shows SSL connection rate on a server and server-specific percent-age of total SSL connection rates on all servers.
Receive Through-put
Shows throughput received on a server and server-specific percent-age of total throughput received on all servers.
Transmit Throughput
Shows throughput transmitted on a server and server-specific per-centage of total throughput transmitted on all servers.
Receive Pkt Rate Shows packets received on a server and server-specific percentage of total packets received on all servers.
Transmit Pkt Rate Shows packets transmitted on a server and server-specific percent-age of total packets transmitted on all servers.
Options Description
33
ADC App v3.7 User Guide
ADC Analytics Tab
Feedback
ADC APP ANALYTICS
The Harmony Controller ADC App v3.7 provides configuration management, visibility and analytics for your A10 Networks® ADC services and visibility and analytics for A10 Networks® WAF services and analytics related to the following network layer traffic:
• Layer 4 – The Transport Layer for transmission of data between points on a network. Example protocols: TCP/UDP.
• Layer 7- The Application Layer for end user analytics where the user and the applications are directly communicating and interacting. Example protocols: HTTP/SIP.
The following topics are covered in this chapter:
• ADC Analytics Tab
• DNS Analytics
• Layer 4 Analytics
• Layer-7 Analytics
ADC Analytics TabThe analytics tab displays the following information for monitoring and analysis of service operations.
The ADC App Analytics tab displays the following information. The information displayed is for all deployed app services for the tenant as follows:
Widgets/ Fields Description
App service Selector A drop-down list of app services. Select a service to view ana-lytics.
Key Performance Indica-tors
Performance indicators at the top of the page. Applies to all the charts on the page.
ADC App v3.7 User Guide
DNS Analytics
34
eeeFF Feedback
Service Selections
KPI Bar has a Service Selection drop-down list where you can select pre-configured services.
• DNS Services Tenant: DNS TCP and DNS UDP services for devices, clusters, partitions.
• Layer-4 Services Tenant: Device Clusters, TCP Cluster, UDP Cluster.
• HTTP Services Tenant: HTTP services for devices, clusters, and partitions.
DNS AnalyticsThe Analytics page displays different statistics related to DNS service and provides insights into DNS service health, clients behavior, top queries, ongoing attacks, and so on, thus enabling quick overview of DNS operations.
DNS is an important component of the Internet that translates domain names into IP addresses.
Organizations utilize rules and filters based on blacklists to block known malicious domain names. Comprehensive monitoring of DNS traffic is required as a component of cyber security.
The four types of Advanced DNS Analytics are as follows:
• Threat intelligence - Identification of malicious domains (for example, command-and-control, compromised name). This method uses DNS analytics to generate new threat intelligence that can be used to block domain names, preventing future access to malicious domains.
Time Range Slider Time range selector control. Applies to all the widgets in the app. See Time Window Selector
ADC Selector Diagram Graphic menu to load analytics information for the following entities involved in the service operations.
Widgets/ Fields Description
35
ADC App v3.7 User Guide
DNS Analytics
Feedback
• Threat detection - Detection of affected endpoints (for example, suspicious behavior patterns) is about finding compromised systems quickly based on suspicious DNS behavior.
• Domain categorization - Automatic categorization of domain names (for example, most queried domains vs most queried NXDOMAIN domains).
• Forensic markers - Providing actionable information for forensics (for example, top DNS clients, malformed DNS query trends).
ADC App content and information analysis is based on the fast stream of DNS queries. ADC App now provides advanced analytics of the context, rate of queries, including the history of lookups, contents of the response and correlation with additional data sources.
ADC App v3.7 User Guide
DNS Analytics
36
eeeFF Feedback
The Analytics tab for DNS Services selection displays the following components:
• DNS Analytics: KPI
• DNS Analytics: QPS
• DNS Analytics: Other Metrics
DNS Analytics: KPI
The KPI Bar for ADC Analytics tab displays the following information:
Widget / Field Description
QPS Number of DNS queries received per second.Refreshed every minute.
DNS Query Health Percentage of processed DNS queries among all incoming requests. Average over last 3 minutes of data. Refreshed every minute. Dropped packets could be due to malformed query, non DNS packets or configured deny policies.
DNS Response Health Percentage of good DNS Response (NOERROR) among all DNS responses. Average percentage over last 3 minutes of data. Refreshed every minute.
Avg. Latency Latency between DNS Query and Response. Average over last 3 minutes of data in ms. Refreshed every minute.
Avg. Query Size Query Size in Bytes. Average over last 3 minutes of data. Refreshed every minute.
Avg. Response Size Response Size in Bytes. Average over last 3 minutes of data. Refreshed every minute.
37
ADC App v3.7 User Guide
DNS Analytics
Feedback
DNS Analytics: QPS
The ADC App > Analytics section displays the following QPS widgets for DNS service selection:
FIGURE 23: DNS QPS Analytics
DNS Analytics: Other Metrics
The ADC App > Analytics section displays the following DNS query health monitoring and Top sources widgets for DNS service selection:
Widget/Field Description
QPS with Query Types Number of DNS queries received per second grouped by query types such as A, AAAA, NS, and so on.
QPS with Response Codes Number of DNS responses per second grouped by response codes.
Widget/Field Description
DNS Health Time series of DNS Query and Response health.
Avg. Latency Average values of historical latency in a time series graph.
Avg. Size Average size of Query packets and Response in bytes in a series graph.
ADC App v3.7 User Guide
DNS Analytics
38
eeeFF Feedback
Malformed DNS Query Rate
Rate of malformed queries received per second.
Request By Source Port Query distribution by source port. in Tree map, donut or table format.
Top DNS Queries Query distribution by.
• Top DNS QUERIES• Top DNS Queries (NXDOMIAN)
Top Source IPs (v4 and v6)
2 widgets for IPv4 and IPv6 display chart based on dynami-cally sampled logs in the last 12 hours:
• Client IP: Top clients that sends the most DNS Queries. • Client IP (NXDOMAIN): Top clients that send the most
DNS query results in NXDOMAIN response.
• Query Size: Top clients that sends the highest DNS Query sizes.
• Response Size: Top clients that result in the highest DNS response payload size.
Response Sources Percentage of response from backend servers/A10 Cache/A10 GSLB, and so on.
Widget/Field Description
39
ADC App v3.7 User Guide
DNS Analytics
Feedback
FIGURE 24: DNS: Other Metrics
ADC App v3.7 User Guide
Layer 4 Analytics
40
eeeFF Feedback
Layer 4 AnalyticsThe Layer 4 Analytics is displayed for Service Selections like devices, clusters, partitions. For example, TCP Cluster. The following components are displayed for this Layer-4 selection as displayed in the Layer-4 Analytics: ADC App Selector Diagram.
Layer-4: KPI Bar for ADC Analytics Tab
The KPI Bar widget for ADC Analytics tab displays the following information for Layer-7 Key Performance Indicators (averaged per minute)
FIGURE 25: Layer-4 KPI Bar for ADC Analytics Tab
Widget / Field Description
Throughput (BPS) Total traffic for all the app services for the tenant. Average throughput in bits per second over default value minutes of data. Refreshed every minute.
Connections Number of total active connections in last 3 minutes by default or as set by Time Interval for Auto Refresh.
Current Connections Number of active connections. Number of active connections averaged over last 3 minutes by default or as set by Time Inter-val for Auto Refresh.
Packet Rate Number of packets received and sent per second measured over the last minute.
Request Rate Request rate. Number of requests received per second.
Errors Number of TCP/UDP and policy errors generated in the last min-ute.
TIME INTERVAL
41
ADC App v3.7 User Guide
Layer 4 Analytics
Feedback
Layer-4 Analytics: ADC App Selector Diagram
The Harmony ADC App Selector Diagram is a graphic menu to load analytics information for the following entities involved in the service operations:
• Layer-4 Analytics: Client
• Layer-4 Analytics: Thunder ADC (TCP)
• Layer-4 Analytics: Thunder Cluster (TCP)
• Layer-4 Analytics: App Servers
FIGURE 26: ADC App > Analytics > Selector Diagram (graphic menu)
Layer-4 Analytics: Client
The ADC App > Analytics > Client section displays the following widgets for Layer-4 selection:
Widget/Field Description
BYTES RECEIVED AND SENT Distribution graphs of number of bytes for the selected time range, for:
• Total bytes• Sent• Received
PACKETS RECEIVED AND SENT Distribution graphs of number of packets for the selected time range, for:
• Total bytes• Sent• Received
ADC App v3.7 User Guide
Layer 4 Analytics
42
eeeFF Feedback
FIGURE 27 : Layer-4 Analytics > Client
Clients widgets Continued...
CONNECTIONS Distribution graphs of number of connections per sec-ond for the selected time range, for:
• Total Connections• Peak• Rate (/sec)
CLIENT RELATED ERRORS AND FAILURES
Number of TCP and policy errors plotted on a time series chart, filtered by:
• Client Connections Failure• Other Failures Total• Connection Drops
Widget Description
TOP CLIENTS BY Distribution statistics graph of Top Usage Clients, filtered by:
• BANDWIDTH: Distribution of clients utilizing the most bandwidth.• CONNECTIONS: Distribution of clients establishing the most
connections.• THROUGHPUT: Distribution of clients with the most throughput.
CONNECTIONS Distribution graph of total number of connections for the selected time range plotted on a time series.
CONNECTION RATE Distribution graph of number of connections closed per second for the selected time range plotted on a time series chart.
Widget/Field Description
43
ADC App v3.7 User Guide
Layer 4 Analytics
Feedback
FIGURE 28: Layer-4 Analytics > Client > Top Clients By ...
THROUGHPUT Average throughput (bits per second) plotted on a time series chart.
PACKET RATE Average number of packets received and sent per second plotted on a time series chart.
Widget Description
ADC App v3.7 User Guide
Layer 4 Analytics
44
eeeFF Feedback
Layer-4 Analytics: Thunder ADC (TCP)
The ADC App > Analytics > Thunder ADC (TCP) > Overview section displays the following widgets for Layer-4 selection:
Widget Description
DROPPED TRAFFIC Distribution of number of packets dropped from TCP and Policy Errors for the selected time period.
ERRORS AND FAILURES Distribution of Errors and Failures from TCP errors, for the selected time period.
ANOMALIES Distribution of anomalies because of TCP errors, for the selected time period.
LOAD DISTRIBUTION Distribution of connections filtered by application servers.
TCP SYN RECEIVED Number of TCP SYN requests received and plotted on a time series chart.
TCP SYN RATE Number of TCP SYN requests received per second plotted on a time series chart.
DSR RECEIVED Number of DSRs received for the selected time range, filtered by configured DSRs:
• L2 DSR Received• L3 DSR Received
DROPPED TRAFFIC Dropped traffic plotted on a time series chart, filtered by reason:
• BW limit exceeded.• BW watermark• Connection Limit• Connection Rate Limit• NAT CPS Exceeded.• TCP SYN Cookie Buffer• NAT No-Session• Aflex• Vport Mismatch
ERRORS AND FAILURES TCP errors and failures plotted on a time series chart, filtered by:
• Client Connection Fail• Server Connection Fail• SYN-Cookie Fail• L4 SYN attack• Source NAT failures• ADC Reset count to Client• L4 Handshake fail
45
ADC App v3.7 User Guide
Layer 4 Analytics
Feedback
FIGURE 29: Layer-4 Analytics > Thunder ADC Widgets
ADC App v3.7 User Guide
Layer 4 Analytics
46
eeeFF Feedback
Layer-4 Analytics: Thunder Cluster (TCP)
The ADC App > Analytics > Thunder Cluster (TCP) > Overview section displays the following widgets for Layer-4 selection:
Layer-4 Analytics: App Servers
The ADC App > Analytics > App Servers section for Layer-7 selection, displays the following filterable distribution of application server operational metrics on time scale:
Widget Description
CLUSTER CPU Maximum utilization of data and management CPUs across all devices in the cluster.
CLUSTER MEMORY Maximum utilization of memory across all devices in the cluster.
CLUSTER THROUGHPUT Peak and average throughput for all devices in the cluster in bits per second (bps).
DEVICES IN CLUSTER List of devices in the cluster, along with the averaged out CPU and memory utilization for each device across the selected time range.
DEPLOYMENT LOCA-TIONS
World map with location of all devices in the cluster marked in blue gradients according to number of deployments.
CLUSTER TRAFFIC Volume of traffic across all devices in the cluster plotted as a time series chart for:
• THROUGHPUT: Throughput across all devices in the cluster plotted as a time series chart, filtered by data: • Ingress• Egress
• ACTIVE SESSIONS: Number of active connections across all devices in the cluster plotted on a time series chart.
Widget Description
TOTAL CONNECTIONS Displays number of connections for each application server plot-ted on a time series chart, filtered by individual connections.
CURRENT CONNEC-TIONS
Displays number of current connections for each application server plotted on a time series chart filtered by current individual con-nections.
THROUGHPUT Displays throughput for each application server plotted on a time series chart, filtered by individual connections.
47
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
Layer-7 AnalyticsThe Analytics page displays different statistics related to Layer 7 when L7 Service is selected on the KPI bar Service Selection list.
Layer-7: KPI Bar for ADC Analytics Tab
The KPI Bar widget for ADC Analytics tab displays the following information for Layer-7 Key Performance Indicators (averaged per minute)
L4 CONNECTION RATE Displays number of connections closed per second for the selected time range plotted on a time series chart, filtered by indi-vidual connections.
PACKETS Displays number of packets received and sent by each application server, filtered by individual connections.
Widget Description
Widget / Field Description
Throughput (BPS) Total traffic for all the app services for the tenant. Average throughput in bits per second over default value minutes of data. Refreshed every minute.
Current Connections Number of active connections. Number of active connections averaged over default value minutes.
Requests Number of requests received per minute over last 3 minutes of data. Refreshed every minute.
Request Rate Request rate. Number of requests received per second.
Errors Number of errors. Number of 4xx plus 5xx responses in the last minute.
Client TTFB Application latency (Time to First Byte). Average time to first byte for requests received in the last minute. Click on >| to view the details of Layer-7 Analytics: ADC App Selector Diagram.
ADC App v3.7 User Guide
Layer-7 Analytics
48
eeeFF Feedback
Layer-7 Analytics: Latency Drilldown
Latency Drilldown Analytics page is available on the Layer-7 Analytics KPI bar.
Navigate to Latency Drilldown page as follows:
Analytics > Layer-7 selection in Service Selection > KPI Bar > Client TTFB >|
This page has the following components:
FIGURE > Latency Analysis Illustration
Widget / Field Description
Latency Analysis Displays Network Illustration with latency information in milliseconds:
• In Latency • Out Latency • App Latency
AVG. END-TO-END LATENCY Average end-to-end latency for a full request-response cycle plotted on a time series chart, filtered by:
• In Latency• Out Latency• Client RTT• Response Transfer Time• Server RTT• Request Transfer time• App Latency
AVG. APP SERVER LATENCY Displays response latency for each app server aver-aged over the selected time range plotted on a time series chart, can be filtered by individual app server.
CLIENT PERFORMANCE Displays distribution of top clients having the highest response time, can be filtered by individual client IPs.
URL PERFORMANCE Displays distribution of top URLs having the highest response time, can be filtered by individual URL data.
ACCESS LATENCY Displays distribution of latency for client locations plot-ted on a geolocation map.
49
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 30: Latency Drilldown
ADC App v3.7 User Guide
Layer-7 Analytics
50
eeeFF Feedback
Layer-7 Analytics: ADC App Selector Diagram
The Harmony ADC App Selector Diagram is a graphic menu to load analytics information for the Layer-4 and Layer-7 entities involved in the service operations. The App Selector Diagram for Layer-4 selection displays the following entities:
• Layer-7 Analytics: Client
• Layer-7 Analytics: Internet
• Layer-7 Analytics: WAF Security
• Layer-7 Analytics: ADC Service
• Layer-7 Analytics: Thunder Cluster (TCP)
• Layer-7 Analytics: Applications
• Layer-7 Analytics: App Servers
FIGURE 31 : ADC App > Analytics > Selector Diagram (graphic menu)
Layer-7 Analytics: Client
The ADC App > Analytics > Client section displays the following widgets:
Widget/Field Description
Request Location Distribution graph of request origins / locations.
Request Methods Distribution graph of request methods.
Response Codes Distribution graph of request response codes.
Average End-to-End Latency
Average of “request latency”, the time taken by one request-response cycle for a selected time range.
Requests Distribution graph of number of requests on time scale.
51
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 32: ADC App > Analytics > Client
FIGURE 33: ADC App > Analytics > Client > Average End-to-End Latency, Requests
Client section continued...
Widget/Field Description
Location Distribution graph of client locations.
OS Distribution graph of client machine operating systems.
Response Codes Distribution graph of request response codes.
Device Distribution graph of client device types.
Browser Distribution graph of client browsers.
ADC App v3.7 User Guide
Layer-7 Analytics
52
eeeFF Feedback
FIGURE 34: ADC App > Analytics > Client > Location, OS, Response Codes...
The ADC App > Analytics > Client >Top Clients By widget has the following tabs:
FIGURE 35: ADC App > Analytics > Client > Top Clients By
The ADC App > Analytics > Client > Security widget has the following options:
Widget/Field Description
Requests Distribution graph of top clients sending requests.
Throughput Distribution graph of top clients by total traffic throughput.
Widget/Field Description
Requests Denied Distribution graph of requests handled by Security WAF on time scale. The distribution can be filtered for top clients by number of “requests denied” due to a WAF policy.
Requests Allowed Distribution graph of requests handled by Security WAF on time scale. The distribution can be filtered for top clients by number of “requests allowed” due to a WAF policy.
53
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 36: ADC App > Analytics > Client > Security
ADC App v3.7 User Guide
Layer-7 Analytics
54
eeeFF Feedback
Layer-7 Analytics: Internet
The ADC App > Analytics > Internet section displays the following information for requests distributed geographically.
• Access Latency
• HTTP
• HTTPS
• Requests
• Average Throughput
FIGURE 37 : ADC App > Analytics > Internet
55
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
Layer-7 Analytics: WAF Security
The ADC App > Analytics > WAF SECURITY section displays the following information:
Widget/Field Description
Violations Distribution graph of WAF policy violations with following tabs and view options:
• Overall distribution• HTTP Limit Violations• HTTP Protocol Violations• filterable distribution of violations on a time scale.
VIOLATIONS TIME SERIES
Triggered WAF violations plotted on a time series chart.
WAF Request Handling Widget that displays filterable distribution graph of WAF policy events or the number of requests allowed, and requests denied plotted on a time series chart.
Cookie Security Widget that displays filterable distribution graph of cookie policy events:
• Cookies• Set-Cookies• Violations
Events Widget that displays distribution of WAF policy events on time scale for requests that were denied; “Requests Denied”.
Top Sources Widget that displays graph of top request sources that generated the WAF policy events.
ADC App v3.7 User Guide
Layer-7 Analytics
56
eeeFF Feedback
FIGURE 38: ADC App > Analytics > WAF Security
57
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 39: ADC App > Analytics > WAF Security > Events, Top Sources
ADC App v3.7 User Guide
Layer-7 Analytics
58
eeeFF Feedback
Layer-7 Analytics: ADC Service
The ADC App > Analytics > ADC Service section displays the following widgets.
Metrics Widgets
The ADC App > Analytics > ADC Service section displays the following metrics and information about service operations:
FIGURE 40: ADC App > Analytics > ADC Service > (Metrics Widgets)
Widget/Field Description
Cache Rate Displays percentage of cache utilization.
Cache Utilization Displays number of cache hits per second.
Throughput Displays average throughput in (bps).
Throughout Peak Displays peak of the throughput averages.
Client Connections Displays average connections, closed connections per second, and maximum current connections.
Load Distribution Displays distribution of load on the servers.
59
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
ADC Widgets
The ADC App > Analytics > ADC Service section displays the following ADC related information:
Widget/Field Description
Load Distribution Displays filterable server load distribution on time scale.
Throughput Displays distribution of throughput on time scale filterable for:
• incoming• outgoing.
ADC Service Latency Displays time taken by request in and out of service device) fil-terable for:
• REV - outgoing• FWD - incoming.
Error Traffic Displays the filterable distribution of response codes on time scale.
ADC App v3.7 User Guide
Layer-7 Analytics
60
eeeFF Feedback
FIGURE 41 : ADC App > Analytics > ADC Service > (ADC Widgets)
HTTP2 Widgets
The ADC App > Analytics > ADC Service section displays the following HTTP2 related filterable distributions on time scale:
Widget/Field Description
PROXY CONNECTIONS Number of total, current and peak connections plotted on a time series chart.
Total Bytes Number of Control, Header and Data Bytes expressed as a percentage of the Total Bytes and plotted on a time series chart.
Streams Closed Number of streams closed plotted on a time series chart.
Frame Types Sent to Client Number of types of frames sent to remote client plotted on a time series chart.
Frame Types Received From Client
Number of types of frames received from remote client plot-ted on a time series chart.
61
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 42: ADC App > Analytics > HTTP2 Analytics > Frame Types Received From Client
ADC Widgets
The ADC App > Analytics > ADC Service section displays the following ADC related filterable distributions of current and total client and server SSL connections on time scale:
FIGURE 43: ADC App > Analytics > ADC Service > (ADC Widgets)
Caching Widgets
The ADC App > Analytics > ADC Service section displays the following Caching related filterable distributions of operational metrics on time scale:
Widget/Field Description
Client SSL Connec-tions
Number of total and current client SSL connections plotted on a time series chart.
Server SSL Connec-tions
Number of total and current server SSL connections plotted on a time series chart.
Widget/Field Description
Averaged Cached Entries
Displays average number of response entries that are cached.
ADC App v3.7 User Guide
Layer-7 Analytics
62
eeeFF Feedback
FIGURE 44: ADC App > Analytics > ADC Service > (Caching Widgets)
Layer-7 Analytics: Thunder Cluster (TCP)
The ADC App > Analytics > Thunder Cluster (TCP) has the following widget groups:
Device Cluster Widgets
Displays filterable distribution of device metrics on time scale (irrespective of the number of device services mapped to the tenant):
• CPU Utilization
• Memory Utilization
• Bandwidth
• Total Connections
Cached Utilization Displays percentage of response entries in the cache that are served.
Compress / Uncompressed
Displays distribution of compressed / uncompressed content on time scale.
Widget/Field Description
63
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 45: ADC App > Analytics > ADC Service > (Device Cluster Widgets)
Partition Service Latency
Displays Partition Service Latency; distribution of service latency, filterable for:
• FWD - forward traffic
• REV - reverse traffic
• TTFB - Total Time to First Byte
• TTLB - Total Time to Last Byte
ADC App v3.7 User Guide
Layer-7 Analytics
64
eeeFF Feedback
FIGURE 46: ADC App > Analytics > ADC Service > Partition Service Latency
Layer-7 Analytics: Applications
The ADC App > Analytics > Applications section displays the following distributions of application performance metrics:
Layer-7: Server Drill Down
New charts and enhancements are provided to drill down and analyse Server issues. The applications and Thunders servers are key resources that can be monitored.
The following widgets provide drill down to analyse Server issues in Analytics > Applications tab for Layer-7 Analytics service selection:
• TOP URL
• Top Domain
• Slowest Transactions
Widget/Field Description
Response Time Displays average response time from server.
App Latency Displays average server / application latency.
Top URL Displays distribution statistics of top URLs. This widget has drill down option per Server level,
Top Domain Displays distribution statistics of top domains. This widget has drill down option per Server level,
Response Time by Port Displays average response time per minute per port.
Slowest Transactions Displays distribution statistics of slowest transactions. This wid-get has drill down option per Server level, for example, the latest URL and most visited URL.
65
ADC App v3.7 User Guide
Layer-7 Analytics
Feedback
FIGURE 47 :
FIGURE 48: ADC App > Analytics > Applications
ADC App v3.7 User Guide
Layer-7 Analytics
66
eeeFF Feedback
Layer-7 Analytics: App Servers
The ADC App > Analytics > App Servers section displays the following filterable distribution of application server operational metrics on time scale:
FIGURE 49: ADC App > Analytics > App Servers
•
Widget/Field Description
Server Health Displays numbers of servers up or down.
Server Response Time Displays server response time to first byte.
New Connections Displays number of new connections.
Current Connections Displays number of active connections.
67
ADC App v3.7 User Guide
Configuration Options
Feedback
ADC APP SERVICE OBJECTS
The Service Object tab provides configuration management options to deploy an ADC service, configure or model an ADC service and WAF service. It displays service objects that can be configured in the logical partition and allow users to perform service configuration changes.
The following service objects can be fully managed with the app:
• Servers
• Service Groups
• vPorts
• VIPs
The ADC App > Service Object page has been enhanced for simplified usage and reduced granularity including text and space reduction. The additional levels of details have been consolidated to provide important options for quicker configuration setup. User can drill-down to get further details.
The service objects have individual configuration pages with same look and feel as ACOS on Box GUI for intuitive user experience. The configuration options are grouped according to functionality.
NOTE: For Virtual Server, vPorts or Virtual Port, Real Server, Server Port,TCP, TCP Proxy, UDP, a default template is used unless user configured template is added. Option to add a Scaleout Template isalso available.
Configuration OptionsThe following topics are covered in this chapter:
• How to Deploy an ADC Application Service
• Configuring Servers
• Add/Edit a Server
• Delete Server
• Configuring Server Ports: Add/Edit Port
ADC App v3.7 User Guide
Configuration Options
68
eeeFF Feedback
• Delete Server Port
• Configuring Service Groups
• Delete Service Groups
• Configuring VPorts (Virtual Ports)
• Delete VPort
• Configuring VIPs
69
ADC App v3.7 User Guide
How to Deploy an ADC Application Service
Feedback
How to Deploy an ADC Application ServiceTo deploy and ADC App Service using the ADC App > Service Objects tab:
1. Configure the list of Servers
2. Configure the list of Service Groups
3. Configure Virtual Ports
4. Configure VIPs.
FIGURE 50: ADC App > Service Objects
ADC App v3.7 User Guide
Configuring Servers
70
eeeFF Feedback
Configuring ServersThe ADC App > Service Objects > Servers tab provides options to Add, Edit to Configure Servers. and also Delete a server.
Server Page Usage
The following expanded view is provided in Service Objects > Servers tab:
• Click an arrow icon in the Servers table. The expander displays the Port table and title details of Server.
FIGURE 51 : Enhanced Service Objects > Servers GUI interface
Add/Edit a Server
Configure Servers and health checks on servers by manually specifying values or loading predefined server templates using the ADC App > Service Objects > Servers > +Add a Server or Edit Server option.
71
ADC App v3.7 User Guide
Configuring Servers
Feedback
Basic
The + Add a Server > Basic configuration contains has the following fields:
Advanced Server Options
The + Add a Server/ Edit a Server > Advanced configuration contains the following fields:
Field Description
Name Specify the server name
Type Select the server type as: Host, IPv6, or FQDN
Resolve As Resolve server IP address as: IPv4 or IPv6
Action Configure server action as: Enable, Disable or Disable with Health Check
Health Check Select templates with Health Check options
Health Check Dis-able
Enable or Disable Health Check. Disabled by default
Connection Limit Configure active connection limit. The valid range is 1-64000000
No Logging Disable or Enable logging connection over limit event. Disabled by default.
Field Description
External IP Configure external IP address for GSLB network address translation.
IPv6 Configure IPv6 address Mapping for GSLB.
Connection Resume Configure the minimum number of active connections before resuming to take on new connections). The valid range is 1-1000000.
Weight The Connection weight for the real server. The valid range is 1 to 1000.
Slow Start Slowly ramp up the connection number after server is up (start from 128, then double every 10 sec till 4096).
Spoofing Cache This DNS server is a spoofing cache.
Stats Data Action Enable or disable Statistics data. Enabled by default.
Extended Stats Enable or disable extended statistics on real server. Disabled by default.
Alternate Server Specify alternate server IP:
• Alternate: Priority or weight of alternate server. • Name: Name of alternate server. • +Add another item: Add another alternate server.
ADC App v3.7 User Guide
Configuring Servers
72
eeeFF Feedback
Template
This section provides the option to load a pre-defined server template configuration to create or edit the Server.
Port
The +Add a Server/ Edit a Server > Port configuration contains the following fields:
Field Description
Template Virtual Server Select virtual server template name; predefined virtual server configuration template, from drop-down list. Default selection.
Template Logging Select logging template; predefined logging configuration template, from drop-down list. Default selection.
Template Policy Select policy template; predefined policy configuration template, from drop-down list. Default selection.
Template Scaleout Select scaleout template name; predefined scaleout con-figuration template, from drop-down list.
Field Description
Port Displays Port ID.
Port Number Displays port number.
Protocol Specifies protocol (TCP, UDP, or HTTP) running on port.
Range Displays range of port values.
Health Check Displays if health check enabled or disabled on port.
73
ADC App v3.7 User Guide
Configuring Servers
Feedback
Delete Server
To delete a Server:
• Select Service Objects > Servers > : > Delete
• Click OK on the pop-up confirmation
Configuring Server Ports: Add/Edit Port
The ADC App > Service Objects > Servers provides options to Add, Edit to Configure Servers.
Configure Servers port and health checks on ports by manually specifying values or loading predefined server templates using the ADC App > Service Objects > Servers > Ports > +Add Server Port or Edit Port option.
Basic
The + Add ServerPort > Basic configuration contains has the following fields:
Field Description
Port Number Specify port number. Valid range is 0 to 65534.
Protocol Configure protocol for port. Options are TCP or UDP
Range Define port range value used for vip-to-rport-mapping, VIP-to-Remote Port-mapping and Virtual Port-Remote Port range mapping. Valid range is 0 to 254.
Health Check Select from pre-defined health check monitor options; for example: “ping”, “http”, or “Hm_WebApps_80_Http”
Health Check Follow Port
Specify which port to follow for health status. Valid range is 1 to 65534.
Follow Port Protocol Specify which port to follow to configure port protocol.
Health Check Dis-able
Enable or Disable Health Check. Disabled by default.
Connection Limit Configure active connection limit. The valid range is 1 to 64000000.
No Logging Disable or Enable logging connection over limit event. Disabled by default.
ADC App v3.7 User Guide
Configuring Servers
74
eeeFF Feedback
Advanced
The + Add Server Port / Edit Server Port > Advanced configuration contains the following fields:
Delete Server Port
To delete a port:
• Select Service Objects > Servers > Ports > : > Delete
• Click OK on the pop-up confirmation.
Field Description
Weight The Connection weight for the real server port. The valid range is 1 to 1000.
Connection Resume Configure the minimum number of active connections before resuming to take on new connections). The valid range is 1-1000000.
Stats Data Action Enable or disable Statistics data. Enabled by default.
Extended Stats Enable or disable extended statistics on real server. Disabled by default.
Alternate Port Specify alternate server port:
• Alternate: Priority or weight of alternate server port. • Alternate Name: Name of alternate server port. • Alternate Server Port: Priority or weight of alternate server
port. • +Add another item: Add another alternate server port.
Service Principal Name
Kerberos principal port name
75
ADC App v3.7 User Guide
Configuring Servers
Feedback
FIGURE 52: ADC App > Service Objects > Servers > Ports > Add Server Port
ADC App v3.7 User Guide
Configuring Service Groups
76
eeeFF Feedback
Configuring Service GroupsThe ADC App > Service Objects > Service Groups tab provides options to create new service groups and add members or servers to these groups. Service groups can be assigned to vPorts while creating vPorts.
Creating a new service group
1. Click Add a Service Group on the Service Groups page.
2. On the Add Service Group, enter the service group name and protocol.
FIGURE 53:
3. (Optional) Modify the Template settings, Algorithm Settings, and Advanced set-tings.
4. Click Create. A new service group is created. Add members or servers to the group and set their priority. For more information, see Creating a member.
77
ADC App v3.7 User Guide
Configuring Service Groups
Feedback
Basic Settings
Field Description
Name Specify the ADC Service name
Protocol Select the service protocol
LB Method Load Balancing method: Various methods selection list with description
LC Method Least connection method
Stateless LB Method Stateless LB method
Pseudo Round Robin PRR, select the oldest node for sub-select
Stateless Auto Switch
Enable auto stateless method
Stateless LB Meth-od2
Stateless LB method
Connection Rate (conn/sec)
Dynamically enable stateless method by conn-rate. Rate to trigger stateless method (conn/sec). Valid range: 1-1000000
Rate Duration (seconds)
Enable auto stateless method. Valid range: 1-600
Revert Rate (conn/sec)
PRR, select the oldest node for sub-select. Valid range: 1-1000000
Revert Rate Dura-tion (seconds)
Period that revert condition consistently happens(seconds).Valid range: 1-600
Grace Period (seconds)
Define the grace period during transition(seconds).Valid range: 1-600.
Connection Rate Log Send log if transition happens
L4 Session Usage Dynamically enable stateless method by connection rate. Rate to trigger state-less method (conn/sec). The valid range is 1-100.
L4 Session Usage Duration (seconds)
Period that trigger condition consistently happens (seconds). The valid range is 1-600
L4 Session Usage Revert Rate
Usage to revert to statelful method. The valid range is 1-100
L4 Session Revert Duration (seconds)
Period that trigger condition consistently happens (seconds). The valid range is 1-600
L4 Session Usage Grace Period (seconds)
Define the grace period during transition. Define the grace period during transition (seconds). The valid range is 1-600
L4 Session Usage Log
Send log if transition happens
Strict Select Strict selection for service group
Health Check Select templates with Health Check options
Health Check Dis-able
Enable or Disable Health Check. Disabled by default
ADC App v3.7 User Guide
Configuring Service Groups
78
eeeFF Feedback
Advanced Settings :
Fields Description
Template Port Port template name
Template Server Server template name
Template Policy Policy template name
Min Active Member Minimum Active Member Per Priority.Minimum Active Member before Action. Valid range is 1-1024.
Min Active Member Action
Select the action on Minimum active member event.
Reset On Server Selec-tion Fail
Enable or disable send reset to client if server selection fails
Priority Affinity Enable or Disable priority affinity. Persist to the same priority if possi-ble.
Reset Priority Affinity Reset the priority affinity
Backup Server Event Log Send log information on back up server events
Stats Data Action Statistical data collection
Extended Stats Enable extended statistics on service group
Traffic Replication Mir-ror
Mirror the bi-directional packets
Traffic Replication Mir-ror DA Repl
Replace Destination MAC
Traffic Replication Mir-ror IP Repl
Replace IP with server-IP
Traffic Replication Mir-ror SA DA Repl
Replace Source MAC and Destination MAC address
Traffic Replication Mir-ror SA Repl
Replace Source MAC address
Priorities Configure values for sub-fields:
• Priority option: Valid range is 1-16. Define different action for each priority node.
• Priority Action: Select options from drop-down list.For example: Proceed: Move to next priority when all priority nodes fail.
• +Add another item: Add new priority
Sample Rsp Time Enable or disable sample server response time
Rpt Ext Server Enable or disable reporting of top 10 fastest/slowest servers
Report Delay Reporting frequency (in minutes). Reporting frequency (in minutes). Valid range is 1-7200
79
ADC App v3.7 User Guide
Configuring Service Groups
Feedback
Adding a member
After you create a service group, you must add servers or members to the group.
1. Expand the service group on the Service Groups page.
2. Click Add a Member. The Add Service Group Member page opens.
3. Choose the creation type as Existing Server.
4. Enter name of the server.
5. Enter the port number on the server that you want to add as a member.
6. (Optional) Enable the member state.
7. (Optional) Select a server template.
8. (Optional) Disable the server statistics data.
9. (Optional) Set Member Priority. The new member along with its member priority is shown on the Service Groups page.
NOTE: Alternatively, members or servers can be created, edited, ordeleted on the Edit Service Group page. Click the vertical ellip-sis next to the service group in the Service Groups table, andclick Edit to edit the groups definition.
Delete Service Groups
1. In the Service Groups table, Click the vertical ellipsis next to the service group that you want to delete.
2. Click Delete. A conformation dialog opens.
3. Click OK
Top Slowest Enable or disable to report top 10 slowest servers
Top Fastest Enable or disable to report top 10 fastest servers
Fields Description
ADC App v3.7 User Guide
Configuring VIPs
80
eeeFF Feedback
Configuring VIPsThe ADC App > Service Objects > VIPs provides options to Add and configure VIPs, and also Delete a VIP. Configure Servers VIPS by manually specifying values or loading predefined VIP templates. The Add VIP page contains various advanced configuration parameters from ACOS GUI. Please refer Application Delivery Controller Guide or ACOS GUI Online Help. for details.
VIP Page Usage
The following functionalities are enhanced in Service Objects > VIPs tab:
• Click an arrow icon to expand the row in VIPs tableThe expander shows the "vPorts" and "Shared Objects" tabs. "vPorts" is active by default.
• Switch the active tab between "vPorts" and "Shared Objects"Associated content shows below the tabs.
• Activate "vPorts" tab, and click an arrow icon in the inside vPorts tableThe expander shows the "vPort Shared Objects" and "Service Group: **" tabs. If the vPort has assigned a service group, shows "Service Group: sg_name". If not, shows "Service Group: Not Associ-ated"."vPort Shared Objects" is active by default.
• Switch the active tab between "vPort Shared Objects" and "Service Group: **"The associ-ated content is displayed below the tabs.
• Activate "Service Group: Not Associated" tab, and click the "Associate a Service Group" button. An assign form is displayed to associate a service group instance to the vPort
• Associate a Service Group to the vPort. Activate "Service Group: sg_name" tab. The expander displays the "Service Group Shared Objects" and "Members" tabs.
• Switch the active tab between "Service Group Shared Objects" and "Members. The associ-ated content shows below the tabs.
• Associate a Service Group to the vPort. After table refreshes, activate "Service Group: sg_name" tab and click the "Edit Service Group" buttonShow the Edit Service Group form.
• Click an arrow icon to expand the row in VIPs tableThe expander displays below informa-tion texts above the tabs:
• Template
• Description
• VRID Number
• Extend Stats
81
ADC App v3.7 User Guide
Configuring VIPs
Feedback
• Disable When All Ports Down
• Disable When Any Port Down
• Activate "vPorts" tab, and click an arrow icon in the inside vPorts table. The expanderdisplays below information texts above the tabs:
• Template
• Source NAT Pool
• Auto Source NAT
• HA Connection Mirror
• No Destination NAT
• Use RCV Hop For Resp
• Extended Stats
• Connection Limit
• Associate a Service Group to the vPort. After table refreshes, activate "Service Group: sg_name" tab.The expander displays below information texts above the tabs:
• Method
• Health Check
• Extended Stats
• Check the values of all information texts. The configurations of the instances are displayed
• If you create a new VIP with no vPortsThe value in "vPort: Protocol" column is empty. Add one vPort to the VIPIt displays the port number and protocol of the vPort, in the format "port-number: protocol"
• Click the "show-more" icon to expand the current row
ADC App v3.7 User Guide
Configuring VIPs
82
eeeFF Feedback
FIGURE 54: Enhanced Service Objects > VIP GUI interface
Add/Edit VIP
The Add/Edit VIP page has the following components:
• Basic
• Advanced VIP Options
• Template
• Port
Basic
The + Add a VIP > Basic configuration contains has the following fields:
Field Description
Name Specify the VIP name
Special Type Select the special type as:
• Wildcard or
• Interface for vThunder/ cThunder onlyAddress Type Resolve VIP IP address as: IPv4 or IPv6
Use Interface IP Enable or Disable interface IP.
83
ADC App v3.7 User Guide
Configuring VIPs
Feedback
Advanced VIP Options
The + Add a VIP / Edit a VIP > Advanced configuration contains advanced options such as ARP, Suppress Internal Loopback, VRRP, and High Availability, configurations.
Template
This section provides the option to load a pre-defined server template configuration to create or edit the VIP.
Port
The +Add a Server/ Edit a VIP > Port configuration contains the following fields:
IP Address Select IP address.
Netmask Select Netmask.
ACL ID Assign ACL ID
ACL Name Configure ACL Name
Enable Disable Action
Configure VIP action as: Enable, Disable or Disable with Health Check
Ethernet Ethernet port number
Description Description of VIP
Field Description
Field Description
Template Virtual Server Select virtual server template name; predefined virtual server configuration template, from drop-down list. Default selection.
Template Logging Select logging template; predefined logging configura-tion template, from drop-down list. Default selection.
Template Policy Select policy template; predefined policy configuration template, from drop-down list. Default selection.
Template Scaleout Select scaleout template name; predefined scaleout configuration template, from drop-down list.
Field Description
Port Displays Port ID.
Port Number Displays port number.
Protocol Specifies protocol (TCP, UDP, or HTTP) running on port.
Range Displays range of port values.
Health Check Displays if health check enabled or disabled on port.
85
ADC App v3.7 User Guide
Configuring VIPs
Feedback
FIGURE 55: ADC App > Service Objects > VIPs > Add VIP
ADC App v3.7 User Guide
Configuring VPorts (Virtual Ports)
86
eeeFF Feedback
Configuring VPorts (Virtual Ports) The ADC App > Service Objects > VPorts provides options to Add, Edit to Configure virtual ports, and also Delete a virtual port.
vPort Page Usage
The following functionalities are enhanced in Service Objects > vPorts tab:
• When the v downward arrowicon is clicked to left to the configured vPort (virtual port) expand the row in VIPs table the "vPorts" and "Shared Objects" tabs are displayed. "vPorts" are active by default.
• Switch the active tab between "vPorts" and "Shared Objects, the associated content is displayed in the expanded tabs.
• Activate "vPorts" tab, and click an arrow icon in the inside vPorts table; the related content; "vPort Shared Objects" and "Service Group: **" is displayed in the expanded tabs.
• If the vPort is assigned a service group, it is displayed for example, as "Service Group: <sg_name>". If vPort is not assigned a service group, shows "Service Group: Not Associated".
• "vPort Shared Objects" is active by default.
• Activate the "Service Group: Not Associated" tab, and click the "Associate a Service Group" button. An assign form is displayed with configuration options to associate a service group instance to the vPort.
• Associate a Service Group to the vPort. When the vPorts table refreshes, activate "Service Group: sg_name" tabThe expanded tab displays the "Service Group Shared Objects" and "Members" tabs.
• Switch the active tab between "Service Group Shared Objects" and "Members”. The related content is displayed in the expanded tab.
87
ADC App v3.7 User Guide
Configuring VPorts (Virtual Ports)
Feedback
FIGURE 56: Enhanced Service Objects > vPorts GUI interface
Configuring Virtual Ports: Add VPort
The ADC App > Service Objects > VPorts provides options to Add, Edit to Configure Servers.
Configure virtual ports and health checks, run aFlex scripts, on virtual ports by manually specifying values or loading predefined virtual port templates using the ADC App > Service Objects > VPorts > +Add VPort option.
Basic
The + Add ServerPort > Basic configuration contains has the following fields:
Field Description
Name Name of virtual port.
Port Number or Range
Specify port number. Valid range is 0 to 65534.
Protocol Configure protocol for port. Options are TCP or UDP
Range Define port range value used for vip-to-rport-mapping, VIP-to-Remote Port-mapping and Virtual Port-Remote Port range map-ping. Valid range is 0 to 254.
Alternate Port Enable or disable alternate Virtual Port
Connection Limit Configure active connection limit. The valid range is 1 to 64000000.
Def Selection If Pref Failed
Enable or disable virtual port selection If Preference Failed is defined.
ADC App v3.7 User Guide
Configuring VPorts (Virtual Ports)
88
eeeFF Feedback
Service Group Bind a Service Group to this Virtual Server.
Enable Enable or disable service group.
No Destination NAT Disable destination NAT, this option only supports in wildcard VIP or when a connection is operated in ADC + EP mode
Port Translation Enable port translation under no-dest-nat.
Field Description
89
ADC App v3.7 User Guide
Configuring VPorts (Virtual Ports)
Feedback
FIGURE 57 : Service Objects > VPorts > Add vPorts > Basic
ADC App v3.7 User Guide
Configuring VPorts (Virtual Ports)
90
eeeFF Feedback
Advanced
The + Add vPort > Advanced configuration contains various advanced configuration parameters similar to ACOS GUI. Please refer Application Delivery Controller Guide or ACOS GUI Online Help
Delete VPort
To delete a virtual port:
• Select Service Objects > vPorts > : > Delete
• Click OK on the pop-up confirmation.
FIGURE 58: ADC App > Service Object >vPorts
91
ADC App v3.7 User GuideFeedback
ADC APP SHARED OBJECTS
The Harmony Controller ADC App v3.6 provides configuration management, visibility and analytics for your A10 Networks® ADC services and WAF services and Shared Objects.
Shared objects are used to extend the configuration of the primary ADC application object, such as a virtual server or server and can be referenced by multiple application objects.
The following topics are covered in this chapter:
• Logical Partition
• Configure Versions of Partition
• Templates
• WAF Templates
• aFleX
• Certificates
• CRLs
• IP NAT Pool
• Health Monitor
• How to Configure a Health Monitor for Service Objects
In the app shared objects are defined at the logical partition level and can be re-used for all app services deployed with-in the partition. Logical Partition level shared objects can reference provider level shared objects which are defined at the provider level by a provider user.
ADC App v3.7 User Guide
92
eeeFF Feedback
FIGURE 59: ADC App > Shared Objects
Logical Partition
Logical partition is a logical entity predefined at Harmony Controller, based on the type of application run on the device.
Cluster partition is a physical device entity that deals with Shared and Layer 3 Virtualization (L3V) partitions inside a device.
Shared objects can be configured in a logical partition and during deployment, they are pushed to the corresponding Thunder partition. Shared objects can also be configured in the provider space andreferenced from one or more logical partitions belonging to one or more tenants within the provider.
For instance, provider admin can define a TCP template in a provider space. An application or tenant admin defining application related configuration in a logical partition can refer to the TCP template in the provider scope. This can achieved by creating a TCP template local to the logical partition and having it refer to the one in provider scope.
This ADC App > Shared Objects > Logical Partition drop-down lists the various predefined Logical Partitions available.
93
ADC App v3.7 User GuideFeedback
Configure Versions of Partition
Versions of Logical Partition for “[Name of Thunder Instance]”
Three options are available for this selection:
• Save
• Compare
• Deploy
Save
Click Save to save the shared objects configuration to load ADC App and Thunder ADC functionalities.
Compare
Select Compare to compare the different pre-configured versions of Logical Partition Configurations.
For deployment to work correctly, please ensure that “config-replace” is enabled on Thunder ADC.
Save or Hide unsaved configuration.
• Make Candidate - Select the logical partition and make it the “Candidate”
• Validate - Validates the loaded logical partition.
• Deploy - Deploys the loaded logical partition.
ADC App v3.7 User Guide
94
eeeFF Feedback
FIGURE 60: Deploy Shared Objects Configuration.
Deploy
Click Deploy, to deploy or implement the configuration template or code.
Templates
On the Shared Objects > Templates page, templates can be created under the logical partition that you have selected. You can use objects or templates shared by the provider in Harmony Controller.
To add a new template
1. Click Shared Objects > Templates.
2. Click Add Template.
3. Select a template type on the Select Template Type page.
95
ADC App v3.7 User GuideFeedback
4. Click Next. The Add <template type> Template page opens.
FIGURE 61 : Adding a template
5. (Optional) Enable the Use Provider Shared Object.
6. (Optional) Select the template or object in the Provider Shared Object box.
NOTE: The provider shared objects are created in Harmony Controllerunder Provider scope. The Shared Resources > Templatescreated and deployed in Harmony Controller are available here forselection.
7. Enter the name of the template.
8. Click Create to add the new template.
WAF Templates
You can add various WAF templates, using Shared objects page .
ADC App v3.7 User Guide
96
eeeFF Feedback
To add a new template, follow the below steps:
1. Click Shared Objects > WAF Templates.
2. Click on +Add WAF Template.
3. Enter the Template Information , deployment mode , logging template, and select the various WAF configuration parameters. For details, refer Web Application Firewall Guide
4. Click Save to save and load the WAF template.
FIGURE 62: Shared Objects > WAF Template > + Add WAF Template
aFleX
You can add aflex scripts, using Shared objects page .
To add a new template, follow the below steps:
97
ADC App v3.7 User GuideFeedback
1. Click Shared Objects > aFlex.
2. Click on +Add AFlex.
3. Enter the aFlex Name, Description and aFlex Script. For details, refer ACOS aFlex Reference Guide.
4. Click Save to save and load the aFlex script.
FIGURE 63: Shared Objects > aFlex > + Add aFlex
Certificates
To import a certificate, follow the steps:
1. Select Shared Objects > Certificates.
2. Click + Import a Certificate.
3. Create or update certificate information and type. Click ot upload Certificate.
ADC App v3.7 User Guide
98
eeeFF Feedback
4. Click Save.
FIGURE 64: Shared Objects > Certificate > + Import Certificate
CRLs
To import a CRL, follow the steps:
1. Select Shared Objects > CRL .
2. Click + Import a CRL.
3. Enter the file name, description, and click to Upload the CRL file.
4. Click Save.
99
ADC App v3.7 User GuideFeedback
FIGURE 65: Shared Objects > CRL > + Import CRL
IP NAT Pool
To add an IP or IPv6 NAT Pool Group, follow the steps:
1. Click Shared Objects > IPNAT Pool .
2. Click on +Add > IP NAT Pool Groups or IPv6 NAT Pool Groups.
FIGURE 66: Shared Objects > IPNAT Pool > +Add
ADC App v3.7 User Guide
100
eeeFF Feedback
3. Enter the Pool Name and Member List.
4. Click Create to create new IP NAT Pool.
FIGURE 67 : Figure 9 > Shared Objects > IPNAT Pool > +Add > Add IP NAT Pool Group
Health Monitor
To create or add a new Health Monitor, follow the steps:
1. Click Shared Objects > Health Monitor .
2. Click on +Add Health Monitor.
101
ADC App v3.7 User GuideFeedback
3. Enter the Health Monitor Name. Configure the various health monitor parameters and select Method.
4. Click Create to create new Health Monitor.
The various Health monitor parameters are as follows:
Field Description
Name Specify Monitor Name
Dsr L2 Strict Enable strict Layer 2 DSR health-check
Retry Specify the Healthcheck Retries. Valid range for retry Count is 1-10. Default is 3.
Up Retry Specify the Healthcheck Retries before declaring target up.Up-retry count. Default is 1
Override IPv4 Override implicitly inherited IPv4 address from target.
Override IPv6 Override implicitly inherited IPv6 address from target.
Override Port Override implicitly inherited port from target. Valid Port number (1-65534)
Strict Retry On Server Err Resp
Enable or disable require strictly retry.
Disable After Down Disable the target if health check failed. Default is disable
Interval Specify the Healthcheck Interval.Default value, in seconds is 5
Timeout Specify the Healthcheck Timeout. Timeout Value, in seconds(default 5), Timeout should be less than or equal to interval
SSL Ciphers Specify OpenSSL Cipher Suite name(s) for Health check..Default value is DEFAULT
For example: AES128-SHA256), if the cipher is invalid, would give information reason for Health monitor down
Method Specify pre-defined HM method.
ADC App v3.7 User Guide
102
eeeFF Feedback
FIGURE 68: Shared Objects > Health Monitor > +Add Health Monitor
How to Configure a Health Monitor for Service Objects
We can configure Health Monitor and associate it only to a Server or Service Group:
To configure health monitor for Servers or Service Groups:
• Configure Health Monitor as mentioned.
• Goto ADC App > Service Objects > Servers / Service Groups > + Add a Server / Edit a Server > Basic
• Select predefined health monitor in Health Check drop-down.
• Enable Health Check button.
103
ADC App v3.7 User Guide
Log View Panel
Feedback
ADC APP LOG VIEW AND TROUBLESHOOTING
ADC App provides quicker troubleshooting with visibility and analytics for the application traffic and infrastructure through the Log View Panel, Dashboard, and Analytics.
The Log view panel is an expandable panel at the bottom of App window Dashboard. This panel provides access to detailed service logs and an ability to filter logs for troubleshooting.
The sections in this chapter are as follows:
• Log View Panel
• Troubleshooting
Log View PanelIt is an expandable panel at the bottom of the ADC App page. It displays service operation and system logs for detailed analysis and troubleshooting. It displays the following types of logs:
• Log View: HTTP
• Log View: Alerts
• Log View: Events
• Log View: WAF
The logs can be filtered on an extensive set of parameters, using the filter controls available on the left hand side of the panel.
NOTE: All log view tabs provide search and download options for logswithin selected time range and filtered by configured filters as aCSV file. The number of logs are limited to the newest 10,000 logs.
ADC App v3.7 User Guide
Log View Panel
104
eeeFF Feedback
FIGURE 69: ADC App > Log View Panel
Log View: HTTP
The HTTP Log View tab displays data only for Layer-7 or HTTP services selection. It provides various statistics and logs for the following options:
• Reset
• Browser
• Client OS
• Devices
• Client IP
• Server IP
• URL
• Request Type
• Server Port
• Service Name
• Response Code
• Request Size
• Response Size
105
ADC App v3.7 User Guide
Log View Panel
Feedback
The following statistics are provided for each HTTP Log View option:
• Timestamp
• Client IP
• URI
• Request
• Response
• Response Size
• End-To-End
• Cached
FIGURE 70 : Log View > HTTP
Related Topics
Related Troubleshooting topics:
• HTTP Monitoring
Log View: Alerts
The Log View > Alerts panel displays Log Collection Alerts data that can be reset or filtered by:
ADC App v3.7 User Guide
Log View Panel
106
eeeFF Feedback
• Cluster
• Device
• App Svc Type
• App Svc Name
• Tenant Name
• Trigger Name
• Alert Name
• Severity
The various types of Alerts displayed are:
• System Events
• Service Alerts
• Infrastructure Alerts
• Configuration Events
• Anomalies
FIGURE 71 : Log View > Alerts
Related Topics
Related Troubleshooting topics:
107
ADC App v3.7 User Guide
Log View Panel
Feedback
• Alerts Analysis
Log View: Events
Displays ADC related Events for the following selections:
• Cluster
• Device
• Tenant
• Thunder Module
• Message Lineage
• Severity
The following Events related information is displayed along with the time chart of grouped events:
• Timestamp
• Tenant ID
• Cluster ID
• System Module
• Message
ADC App v3.7 User Guide
Log View Panel
108
eeeFF Feedback
FIGURE 72 : Log View > Events
Related Topics
Related Troubleshooting topics:
• Chart Overlay Drill Down to Event Logs
Log View: WAF
Displays WAF logs filtered by:
• URL
• Status
• Violations
• Source IP
New WAF Work flow
New WAF false positive options are added as a configuration change updates based on WAF violation logs. The new field components are added to ADC App > Log View > WAF logs.
109
ADC App v3.7 User Guide
Log View Panel
Feedback
FIGURE 73 : ADC App > Log View > WAF logs: Update Policy on Bot check Violation
Whenever a user reports that a valid transaction is blocked by WAF, administrator can locate the corresponding WAF log, Update Policy option provides a much faster way to overwrite WAF policy to handle such false positive event.
Depending on the WAF violation type, different policy editing window will show up and provides the administrator 3 options,
• to bypass such WAF check for the particular URL only.
• to disable such WAF check for the current HTTP/HTTPs service.
• or to disable the WAF check in the WAF template (which might impact multiple HTTP/HTTPs service if the same WAF templates are applied).
NOTE: ADC APP will automatically update the modified WAF policy to corresponding ADC instances.
ADC App v3.7 User Guide
Troubleshooting
110
eeeFF Feedback
Related Topics
Related Troubleshooting topics:
• WAF Security Policy Violations
Troubleshooting This section specifies some trouble shooting scenarios where user can monitor and troubleshoot specific issues using the ADC App.
• HTTP Monitoring
• WAF Security Policy Violations
• Chart Overlay Drill Down to Event Logs
• Alerts Analysis
HTTP Monitoring
To monitor HTTP2 response issues and broken app services link issues, follow the steps:
• Check ADC App > Dashboard >Response Codes and ADC App > Analytics (Cli-ent) > Response Codes widget. This widget displays the distribution of HTTP response codes. To monitor app accessibility issues, check request response codes.
• Check for 400 series response codes.
• Now in Log View > HTTP filter for 400 Response Codes.
• Check which client IP and URI are showing 400 response code.
• View the URI, browser, IP Server in the Log View Panel > HTTP Logs > Client IP drill down.
WAF Security Policy Violations
To monitor WAF Security Policy Violations, follow the steps:
• Drilldown to Log View > WAF tab
• Check which URLs are logged for WAF security policy violations
111
ADC App v3.7 User Guide
Troubleshooting
Feedback
Chart Overlay Drill Down to Event Logs
ADC App has Events tabs in the Log View panel. It displays all the events for ADC App service and system and infrastructure level alerts as well.
NOTE: Alerts and events are also displayed in log section of HarmonyController Provider dashboards.
Overlay is displayed on all charts in ADC App widget if Sync Tooltip is enabled and Alerts and Events are enabled in the “:” menu next to “Sync Tooltip”. All charts are synced and a red dot represents the time selection cursor. The total count is displayed for the log timestamps near the time of the clicked red point on the chart.
The following event counters are displayed in overlay:
• System Events
• Configuration Events
• Anomalies
When you click any one of the event logs in Overlay or tooltip, the related events logs detail drilldown is displayed in Log View > Events tab.
Alerts Analysis
To monitor ADC system, DNS, Layer-4 or Layer-7 Alerts, follow the steps:
1. Mouseover the red point for any chart of ADC App.
2. The various categories of alerts are displayed in tooltip:
• Service Alerts,
• Infrastructure Alerts.
3. Click any alert category in overlay and tooltip to open Log View > Alerts tab automati-cally.
4. The opened Alerts panel displays relevant logs. For example, query logs and alerts. The total count is same as the count in tooltip with the log timestamps.
ADC App v3.7 User Guide
Troubleshooting
112
eeeFF Feedback
FIGURE 74 : Overlay Drilldown to Log View > Alerts display
113
ADC App v3.7 User Guide
Technical and Customer Support
Feedback
SUPPORT INFORMATION FOR HARMONY CONTROLLER: ADC APP V3.6
The A10 Networks® technical and customer support team is available at your service on phone, email and web channels:
Technical and Customer SupportTo know more about A10 Networks® Harmony Controller and ADC App v3.6, refer the following:
• Contact: https://www.a10networks.com/company/contact-us
• Support: https://www.a10networks.com/support
• Call (International): 1-408-325-8676
• Call (Toll-Free USA & Canada): 1-888-TACS-A10
ADC App v3.7 User Guide
Technical and Customer Support
114
eeeFF Feedback
115
ADC App v3.7 User Guide
Contents
ADC App v3.7 User Guide
Contents
116