NetBrain System Setup Guide HA
Uploaded by
ajrob69_187428023NetBrain System Setup Guide HA
Uploaded by
ajrob69_187428023NetBrain® Integrated Edition 10.
0
System Setup Guide
High Availability (Internal Use Only)
Version 10.0 | Last Updated 2021-04-26
Copyright ©2004-2021 NetBrain Technologies, Inc. All rights reserved.
Contents
1. System Overview......................................................................................................................................................................... 4
2. System Requirements ................................................................................................................................................................ 7
3. Deploying and Installing System............................................................................................................................................ 14
3.1. Installing MongoDB Replica Set on Linux .................................................................................................................... 14
3.2. Installing Elasticsearch Cluster on Linux ...................................................................................................................... 23
3.3. Installing License Agents on Linux ................................................................................................................................ 30
3.4. Installing Redis Cluster on Linux .................................................................................................................................... 33
3.5. Installing RabbitMQ Cluster on Linux ........................................................................................................................... 43
3.6. Installing Service Monitor Agent .................................................................................................................................... 49
3.6.1. Installing Service Monitor Agent on Linux ......................................................................................................... 50
3.6.2. Installing Service Monitor Agent on Windows .................................................................................................. 54
3.7. Installing Web/Web API Servers ..................................................................................................................................... 58
3.8. Installing Worker Servers ................................................................................................................................................ 69
3.9. Installing Task Engines ..................................................................................................................................................... 80
3.10. Installing Front Server Controllers ............................................................................................................................ 85
3.11. Installing Front Servers ................................................................................................................................................ 91
3.11.1. Installing Front Server on Linux ........................................................................................................................... 91
3.11.2. Installing Front Server on Windows .................................................................................................................... 94
4. Setting Up Your System ........................................................................................................................................................... 98
4.1. Logging in to System Management Page ..................................................................................................................... 99
4.2. Activating a Subscription License .................................................................................................................................. 99
4.3. Creating a Tenant ............................................................................................................................................................ 100
4.4. Creating User Accounts ................................................................................................................................................. 101
4.5. Allocating Tenants to Front Server Controller .......................................................................................................... 102
4.6. Adding a Front Server for a Tenant ............................................................................................................................. 104
4.7. Registering a Front Server ............................................................................................................................................. 105
4.8. Customizing Auto-Update Settings ............................................................................................................................. 109
4.9. Monitoring Server and Service Metrics ...................................................................................................................... 118
5. Appendix ................................................................................................................................................................................... 120
5.1. Offline Installing Third-party Dependencies ............................................................................................................. 120
5.2. Editing a File with VI Editor ............................................................................................................................................ 121
5.3. SSL Certificate Requirements ....................................................................................................................................... 121
5.4. Third-Party User Authentication .................................................................................................................................. 123
5.5. Configuring NTP Clients on NetBrain Servers ........................................................................................................... 123
5.6. System Switchover Across Data Centers ................................................................................................................... 123
5.7. Interactive Pre-Installation of Service Monitor Agent ............................................................................................. 126
1. System Overview
NetBrain Integrated Edition is an adaptive automation platform, where you can integrate with your existing
Network Management System (NMS) tools and IT workflows to automate documentation, troubleshooting,
network change, and defense. It serves as an operating system of your whole network to relieve network
professionals from manual CLI-digging and also empowers team collaboration to elevate productivity.
The browser-based interface of NetBrain Integrated Edition is backed by a full-stack architecture, adopting
advanced distributed technologies to support large-scale networks with more expansion possibilities.
The distributed system architecture with high availability is as follows:
4 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Note: The port numbers listed in the above architecture diagram are defaults only. The actual port numbers used
during installation might be different.
The system components include:
Component Description
Browser-based Thin Client provides a user interface for end users to access the system.
MongoDB serves as a system data repository.
License Agent provides services that validate and activate licenses.
Elasticsearch serves as a full-text search and analytics engine in a distributed multi-user
environment.
Redis provides memory cache for the system.
RabbitMQ prioritizes and forwards requested tasks.
Web Server serves static content such as HTML, JavaScript, and CSS resources, which serves as the
user interface of the Thin Client.
Web API Server provides the front-end web applications to support the browser-based Thin Clients
and serves RESTful API calls from third-party applications for integration.
Worker Server serves as a resource manager to support computing tasks. It relies on both Redis and
RabbitMQ to work.
Task Engine coordinates computing tasks.
Front Server Controller serves to coordinate and communicate with Front Servers and other components.
Front Server serves as a polling server to collect and parse live network data. It is the only
component required to access the live network.
Service Monitor Agent monitors the health of your NetBrain Servers with operations management of related
services.
Ansible Agent (add-on) integrates with Ansible to define, execute playbooks and visualize results in Change
Management Runbooks. See Ansible Integration for more details.
Smart CLI (add-on) provides a Telnet/SSH client to connect to devices from Windows and can be
integrated with NetBrain workflows. See Smart CLI for more details.
Considerations for System Scalability
The following table introduces the considerations for system scalability:
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 5
Server Scalability
Web Server ▪ Multiple Web Servers can be installed as per data center locations and load-balanced under your
Web API Server load balancing infrastructure to ensure the response time for accessing web pages of Thin Client.
▪ Multiple Web API Servers can be installed with Web Servers and load-balanced under your load
balancing infrastructure when there is a large number of API calls for intensive API triggered
diagnosis in large networks.
Worker Server Deploying more Worker Servers is recommended for a large number of back-end network automation
tasks, such as network monitoring, path discovery, runbook execution, triggered diagnosis.
Task Engine Supports high availability with active/standby nodes.
RabbitMQ Supports high availability with three nodes.
Redis Supports high availability with master/replica/sentinel nodes.
MongoDB Supports high availability with primary/secondary/arbiter nodes.
Elasticsearch Supports high availability with normal/master-eligible-only nodes.
Front Server Deploying more Front Servers is recommended for a large number of network nodes. Each Front
Server is recommended to manage at most 5,000 nodes.
Front Server Controller Supports high availability with active/standby nodes.
6 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
2. System Requirements
This section introduces the hardware requirements, network connectivity requirements, and more prerequisites
for deploying a high availability system.
▪ HA Design Requirements
▪ Network Connectivity Requirements
▪ Deployment Prerequisites
HA Design Requirements
HA deployment is aiming to provide server redundancy to eliminate single points of failure or any node that would
impact the system as a whole if it becomes dysfunctional. NetBrain HA design utilizes a load balancing mechanism
to distribute tasks across multiple servers.
The HA deployment is only applicable to an environment within one data center, and it cannot be stretched across
two data centers as the network latency can impact the performance of NetBrain application servers. This HA
design doesn’t provide a disaster recovery solution in case of a data center failure such as power outage, network
interruptions, and natural disaster.
Ensure there is no physical or virtual firewall implemented between NetBrain Applications Servers as NetBrain will
utilize multiple TCP ports to communicate between the servers. Also, the virtual machines that host MongoDB and
Front Servers must be equipped with Solid State Drive (SSD) to increase the system performance and to avoid any
operational system delays.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 7
Environment System Component Machine CPU Memory 2) Hard Disk Operating System
Count
5001~10000 Web Server 2 8 Physical 32GB 200GB ▪ Windows Server 2012/2012
nodes Web API Server Cores 1) R2 (Standard/Datacenter
≤50 users Task Engine Edition), 64-bit
Front Server Controller ▪ Windows Server 2016/2019
Service Monitor (Standard/Datacenter
2 Edition), 64-bit
Worker Server 8 Physical 32GB 200GB
Service Monitor Cores 1)
Front Server 2 4) 4 Physical 8GB ▪ 200GB ▪ Windows Server 2012/2012
Service Monitor Cores 1) (HDD) R2 (Standard/Datacenter
(Essential Edition), 64-bit
Mode; ▪ Windows Server 2016/2019
node # (Standard/Datacenter
<=5000) 3) Edition), 64-bit
▪ 300GB ▪ Red Hat Enterprise Linux
(HDD) Server
(IBA Mode; 7.5/7.6/7.7/7.8/7.9/8.2/8.3,
node # 64-bit
<=2000) 6)
▪ CentOS
▪ 300GB 7.5/7.6/7.7/7.8/7.9/8.2/8.3,
(SSD) 64-bit
(IBA Mode;
▪ Oracle Linux
node #
7.7/7.8/7.9/8.2/8.3, 64-bit
<=5000) 6)
MongoDB (Primary/Secondary) 2 8 Physical 64GB 1TB 4) ▪ Red Hat Enterprise Linux
License Agent Cores 1) Server
7.5/7.6/7.7/7.8/7.9/8.2/8.3,
Elasticsearch (Master/Master)
64-bit
Redis (Master/Slave)
▪ CentOS
RabbitMQ (Master/Slave)
7.5/7.6/7.7/7.8/7.9/8.2/8.3,
Service Monitor 64-bit
MongoDB (Arbiter) 1 4 Physical 8GB 100GB ▪ Oracle Linux
Elasticsearch (Master-only) Cores 1) 7.7/7.8/7.9/8.2/8.3, 64-bit
Redis (Sentinel)
RabbitMQ (Slave)
Service Monitor
10001~50000 Web Server 2 8 Physical 32GB 200GB ▪ Windows Server 2012/2012
nodes Web API Server Cores 1) R2 (Standard/Datacenter
≤200 users Task Engine Edition), 64-bit
Front Server Controller
Service Monitor
8 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Environment System Component Machine CPU Memory 2) Hard Disk Operating System
Count
Worker Server 3 8 Physical 32GB 200GB ▪ Windows Server 2016/2019
Service Monitor Cores 1) (Standard/Datacenter
Edition), 64-bit
Front Server 3~10 4) 4 Physical 8GB ▪ 200GB ▪ Windows Server 2012/2012
Service Monitor Cores 1) (HDD) R2 (Standard/Datacenter
(Essential Edition), 64-bit
Mode; ▪ Windows Server 2016/2019
node # (Standard/Datacenter
<=5000) 3) Edition), 64-bit
▪ 300GB ▪ Red Hat Enterprise Linux
(HDD) Server
(IBA Mode; 7.5/7.6/7.7/7.8/7.9/8.2/8.3,
node # 64-bit
<=2000) 6)
▪ CentOS
▪ 300GB 7.5/7.6/7.7/7.8/7.9/8.2/8.3,
(SSD) 64-bit
(IBA Mode;
▪ Oracle Linux
node #
7.7/7.8/7.9/8.2/8.3, 64-bit
<=5000) 6)
MongoDB (Primary/Secondary) 2 8 Physical 128GB 2TB 4) ▪ Red Hat Enterprise Linux
License Agent Cores 1) Server
7.5/7.6/7.7/7.8/7.9/8.2/8.3,
Elasticsearch (Master/Master)
64-bit
Redis (Master/Slave)
▪ CentOS
RabbitMQ (Master/Slave)
7.5/7.6/7.7/7.8/7.9/8.2/8.3,
Service Monitor 64-bit
MongoDB (Arbiter) 1 4 Physical 8GB 100GB ▪ Oracle Linux
Elasticsearch (Master-only) Cores 1) 7.7/7.8/7.9/8.2/8.3, 64-bit
Redis (Sentinel)
RabbitMQ (Slave)
Service Monitor
Notes:
1) If hyper-threading is enabled, one physical core equals to two logical processors; in a virtual environment, the number
of vCPUs required is twice the number of physical cores (as listed in the table).
2) Allocating at least half of the RAM amount for swap space on your Linux server is required to provide the necessary
additional memory when the RAM space has been exhausted.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 9
3) Each Front Server is recommended to manage 5,000 network nodes at most. For good performance of data
processing and caching, it is recommended to install the Front Server on a machine equipped with Solid State Drive
(SSD) when managing up to 5000 nodes.
4) The required hard disk space must be exclusively reserved for NetBrain. And MongoDB must be installed on a
machine equipped with Solid State Drive (SSD).
5) Minimum bandwidth requirement between Front Server Controller and each Front Server: 10Mbps.
6) If the Intent Based Automation (IBA) license is activated, It is recommended to install the Front Server on a machine
equipped with:
▪ Solid State Drive (SSD) when managing up to 5000 nodes
▪ Hard Disk Drive (HDD) when managing up to 2000 nodes
7) In order to achieve the best performance, it is recommended that the network delay between the Front Server
Controller and the Front Server be within 30ms.
Network Connectivity Requirements
Source Destination Protocol *) and Port Number **)
Thin Client Web Server HTTP/HTTPS (80/443)
Web API Server
Service Monitor Agent Web API Server HTTP/HTTPS (80/443)
Web API Server MongoDB TCP 27017
Worker Server
Task Engine
Front Server Controller
Web API Server Elasticsearch TCP (HTTP/HTTPS) 9200
Worker Server
Web API Server License Agent TCP 27654
Web API Server Redis TCP 6379/6380
Worker Server
Front Server Controller
Web API Server RabbitMQ TCP 5672
Worker Server
Task Engine
Front Server Controller
10 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Source Destination Protocol *) and Port Number **)
Worker Server Front Server Controller TCP 9095
Task Engine
Front Server
Front Server Live Network ICMP/SNMP/Telnet/SSH/REST API
Front Server Ansible Agent (add-on) TCP 9098
Redis Redis TCP 16379/26379
RabbitMQ RabbitMQ TCP 4369/25672
MongoDB MongoDB TCP 27017
Elasticsearch Elasticsearch TCP (SSL) 9300
MongoDB Web API Server TCP 9099
License Agent
Elasticsearch
Redis
RabbitMQ
Web Server
Worker Server
Task Engine
Front Server
Front Server Controller
Note: *) If SSL was enabled for any component including MongoDB/ElasticSearch/Redis/RabbitMQ/License Agent/Front
Server Controller/Ansible Agent/Auto Update Server (within Web API Server), the SSL protocol should be added to
firewall rules to enable SSL connection between servers.
Note: **) The port numbers listed in this column are defaults only. The actual port numbers used during installation
might be different.
Deployment Prerequisites
The following requirements must be satisfied before setting up your NetBrain system:
▪ The operating system must be installed with an English-language version (not language packs).
▪ When installing NetBrain servers, comply with your company security policy to set the passwords and
archive them for further reference.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 11
▪ NetBrain servers use hostnames to identify and communicate with each other. Make sure each server has a
unique hostname.
▪ Add all the NetBrain installation folders and files (on both Windows and Linux) to the allow list of antivirus
software for routine scans, and keep the TCP connections unblocked between NetBrain components.
▪ If the machine's firewall is turned on, make sure the firewall rules allow traffics to all the ports and protocols
that will be used by the NetBrain system.
▪ Special Requirements for Windows Server
o Users with administrative privileges of the machine are required to implement the installation.
o NetBrain Integrated Edition should not be installed on the same server as an existing NetBrain
Enterprise Edition (6.2 or earlier version), except that Front Server and Network Server (EEv6.2) can be
installed on the same machine.
o There must be more than 5GB free space in the system drive (for example, C drive) to complete the
installation no matter which drives the NetBrain system will be installed on.
o Temporarily disable antivirus software during the installation process.
o Ensure the NetBrain installation process using administrator account has the necessary permissions
to modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges.
Otherwise, the following error message will prompt when installing each Windows component.
o Click ‘Yes’ to continue with installation/upgrade process and NetBrain service will be configured to run as Local
System. If you have security concerns, please click ‘No’ to abort the installation/upgrade.
Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this
is an acceptable risk in accordance with your SysAdmin policies.
Note: After clicking ‘No’, please check with your system administration team to enable the relevant
permissions, uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need
any assistance during the process.
▪ Special Requirements for Linux Server
o Users with root privileges of the machine are required to implement the installation.
o It is highly recommended to store the data files and log files of NetBrain servers into separated disk
partitions. Make sure each partition has enough disk space.
12 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
• More than 100GB free space in the directory where the data files of MongoDB/Elasticsearch will be
saved.
• More than 50GB free space in the directory where the log files of MongoDB/Elasticsearch will be
saved.
• More than 180GB free space for the Front Server PostgreSQL data path.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 13
3. Deploying and Installing System
Select an appropriate way to deploy the system based on your network scale and locations.
High Availability
HA deployment is only applicable to an environment within one data center, aiming to prevent the single point of
failure (SPOF) on applications, virtual or physical machines . Install the system components in the following order:
1. Install a MongoDB Replica Set on Linux.
2. Install an Elasticsearch Cluster on Linux.
3. Install License Agent Servers on Linux.
4. Install a Redis Cluster on Linux.
5. Install a RabbitMQ Cluster on Linux.
6. Install Service Monitor Agents.
7. Install Web/Web API Servers on Windows.
8. Install Worker Servers on Windows.
9. Install Task Engines on Windows.
10. Install Front Server Controllers on Windows.
11. Install Front Servers.
Note: To avoid unexpected clock synchronization issues, it is highly recommended to configure Network Timing Protocol
(NTP) client on the machines where NetBrain servers will be installed. See Configuring NTP Client on NetBrain Servers for
more details.
3.1. Installing MongoDB Replica Set on Linux
Pre-installation Tasks
▪ Service Monitor Agent will be installed with MongoDB and it has dependencies on the third-party package zlib-
devel readline-devel bzip2-devel ncurses-devel gdbm-devel xz-devel tk-devel libffi-devel gcc. Run the rpm
-qa|grep -E "zlib-devel|readline-devel|bzip2-devel|ncurses-devel|gdbm-devel|xz-devel|tk-
devel|libffi-devel|gcc" command to check whether it has been installed on this Linux server. If it has not
been installed yet, you can choose either option below to install the dependencies:
14 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
o Online Install: run the yum -y install zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-
devel xz-devel tk-devel libffi-devel gcc command to install it online.
o Offline Install: refer to Offline Installing Third-party Dependencies for more details.
Note: You can also install the Service Monitor Agent separately.
Installing MongoDB Replica Set
For redundancy and fault tolerance, you can set up a MongoDB replica set. A replica set should always have an
odd number of members.
▪ Primary node — the only member in the replica set that receives write operations.
▪ Secondary node — replicates the primary node and applies the operations to its data sets.
▪ Arbiter node — only votes in elections for the primary, but cannot become the primary.
Example: Set up a three-member replica set by installing the arbiter node first, and then the secondary node,
finally the primary node.
Note: Make sure that your network configurations allow communications among all nodes.
1. Prepare three Linux servers.
2. Complete the following steps to install the arbiter, secondary, and primary nodes.
1) Log in to each Linux server as the root user.
Note: It is highly recommended to install numactl on the Linux server to optimize MongoDB performance. Run the
rpm -qa|grep numactl command to check whether numactl has been installed. If it has not been installed yet
and the Linux server has access to the Internet, run the yum install numactl command to install it online.
2) Run the mkdir command to create a directory under the /opt directory to place the installation package.
For example, netbraintemp10.0.
Note: Don't place the installation package under any personal directories, such as /root.
3) Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
4) Download the installation package.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 15
▪ Option 1: If the Linux server has no access to the Internet, obtain the mongodb-linux-x86_64-rhel-
4.0.19-10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0 directory by
using a file transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/mongodb-linux-x86_64-rhel-4.0.19-10.0.tar.gz
command under the /opt/netbraintemp10.0 directory to download the mongodb-linux-x86_64-rhel-
4.0.19-10.0.tar.gz file from NetBrain official download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed on the
server.
5) Run the tar -zxvf mongodb-linux-x86_64-rhel-4.0.19-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@centos netbraintemp10.0]# tar -zxvf mongodb-linux-x86_64-rhel-4.0.19-10.0.tar.gz
MongoDB/
MongoDB/config/
MongoDB/config/setup.conf
...
MongoDB/replica/
MongoDB/replica/install_arbiter.sh
MongoDB/replica/install_primary.sh
MongoDB/replica/install_secondary.sh
...
6) Run the cd MongoDB/config command to navigate to the config directory.
7) Modify the parameters in the setup.conf file located under the config directory according to your
environment and save the changes. For how to modify the configuration file, refer to Editing a File with VI
Editor.
Note: In the following example, 10.10.3.142 is the IP address of the primary node; 10.10.3.143 is the IP address of
the secondary node; 10.10.3.144 is the IP address of the arbiter node.
Note: Make sure to use space to separate replica set member's IPs or FQDNs.
Sample Configurations of the Arbiter Node:
[root@centos config]# vi setup.conf
#NetBrain Database configuration file
#Note: Entries other than the database username and password
#can only contain letters and numbers, and should start with a letter.
DataPath=/usr/lib/mongodb
LogPath=/var/log/mongodb
BindIp=10.10.3.144
FQDN=127.0.0.1
16 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
#The port must be between 1025 and 32767.
Port=27017
ReplicaSetName=rs
UseSSL=no
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
#The UserName or Password cannot be empty
#The UserName or Password should not contain: {}[]:",'|<>@&^%\ or a space.
#The length of UserName or Password should not be more than 64 characters.
UserName=admin
Password=Admin1.#
CPULimit=55%
MemoryLimit=55%
#List all replica set members. The members should be separated with spaces. The total number
of members should an odd number.
#The first member will be used as the primary member, the last will be used as the arbiter.
The rest are the secondary members.
#It is recommended to use FQDN. The address of 0.0.0.0 or 127.0.0.1 is not allowed. For
example:
#ReplicaSetMembers=192.168.1.1 192.168.1.2 192.168.1.3
ReplicaSetMembers=10.10.3.142 10.10.3.143 10.10.3.144
Sample Configurations of the Secondary Node:
[root@centos config]# vi setup.conf
#NetBrain Database configuration file
#Note: Entries other than the database username and password
#can only contain letters and numbers, and should start with a letter.
DataPath=/usr/lib/mongodb
LogPath=/var/log/mongodb
BindIp=10.10.3.143
FQDN=127.0.0.1
#The port must be between 1025 and 32767.
Port=27017
ReplicaSetName=rs
UseSSL=no
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
#The UserName or Password cannot be empty
#The UserName or Password should not contain: {}[]:",'|<>@&^%\ or a space.
#The length of UserName or Password should not be more than 64 characters.
UserName=admin
Password=Admin1.#
CPULimit=55%
MemoryLimit=55%
#List all replica set members. The members should be separated with spaces. The total number
of members should an odd number.
#The first member will be used as the primary member, the last will be used as the arbiter.
The rest are the secondary members.
#It is recommended to use FQDN. The address of 0.0.0.0 or 127.0.0.1 is not allowed. For
example:
#ReplicaSetMembers=192.168.1.1 192.168.1.2 192.168.1.3
ReplicaSetMembers=10.10.3.142 10.10.3.143 10.10.3.144
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 17
Sample Configurations of the Primary Node:
[root@centos config]# vi setup.conf
#NetBrain Database configuration file
#Note: Entries other than the database username and password
#can only contain letters and numbers, and should start with a letter.
DataPath=/usr/lib/mongodb
LogPath=/var/log/mongodb
BindIp=10.10.3.142
FQDN=127.0.0.1
#The port must be between 1025 and 32767.
Port=27017
ReplicaSetName=rs
UseSSL=no
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
#The UserName or Password cannot be empty
#The UserName or Password should not contain: {}[]:",'|<>@&^%\ or a space.
#The length of UserName or Password should not be more than 64 characters.
UserName=admin
Password=Admin1.#
CPULimit=55%
MemoryLimit=55%
#List all replica set members. The members should be separated with spaces. The total number
of members should an odd number.
#The first member will be used as the primary member, the last will be used as the arbiter.
The rest are the secondary members.
#It is recommended to use FQDN. The address of 0.0.0.0 or 127.0.0.1 is not allowed. For
example:
#ReplicaSetMembers=192.168.1.1 192.168.1.2 192.168.1.3
ReplicaSetMembers=10.10.3.142 10.10.3.143 10.10.3.144
8) Complete the following steps to install MongoDB.
a) On the arbiter node, run the cd .. command to navigate to the MongoDB directory, then run the cd
replica command to navigate to the replica directory, and then run the ./install_arbiter.sh
command. After the arbiter node is successfully installed, run the reboot command to restart the
machine.
b) After the arbiter node is successfully installed, on the secondary node, run the cd .. command to
navigate to the MongoDB directory, then run the cd replica command to navigate to the replica
directory, and then run the ./install_secondary.sh command. After the secondary node is
successfully installed, run the reboot command to restart the machine.
c) After the secondary node is successfully installed, on the primary node, run the cd .. command to
navigate to the MongoDB directory, then run the cd replica command to navigate to the replica
directory, and then run the ./install_primary.sh command. After the primary node is successfully
installed, run the reboot command to restart the machine.
Note: You do not need to initialize NetBrain data in all MongoDB nodes because the Installation Wizard will
automatically perform the initialization when you install Web API Server or Worker Server later.
18 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Note: If the Service Monitor Agent was not previously installed, you'll need to use the interactive command line
to install it with MongoDB. See Interactive Pre-Installation of Service Monitor Agent for more details.
9) Run the ps -ef|grep mongo command to verify whether its service starts successfully.
[root@centos ~]# ps -ef|grep mongo
netbrain 46482 1 3 01:30 ? 00:00:03 /bin/mongod -f /etc/mongodb/mongod.conf
root 46639 37939 0 01:31 pts/2 00:00:00 grep --color=auto mongo
3. Complete the following steps to verify the replica set:
1) Run the following command on the arbiter node.
▪ If SSL is not enabled:
mongo --host <IP>:<port> -u <username> --authenticationDatabase admin --
authenticationMechanism SCRAM-SHA-256 (and then enter the original password of MongoDB)
▪ If SSL is enabled:
mongo --host <IP>:<port> -u <username> --ssl -sslAllowInvalidCertificates --
authenticationDatabase admin --authenticationMechanism SCRAM-SHA-256 (and then enter the
original password of MongoDB)
Example of Non-SSL Connections:
[root@centos ~]# mongo --host 10.10.3.144:27017 -u admin --authenticationDatabase admin --
authenticationMechanism SCRAM-SHA-256
MongoDB shell version v4.0.19
Enter password:
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("40d16429-e6a9-4da6-8c78-2becb1df1a5b") }
MongoDB server version: 4.0.19
...
rs:ARBITER>
2) Run the rs.status() command to browse the replica set information.
rs:ARBITER> rs.status()
{
"set" : "rs",
"date" : ISODate("2019-05-07T06:43:27.054Z"),
"myState" : 7,
"term" : NumberLong(6),
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"heartbeatIntervalMillis" : NumberLong(2000),
"optimes" : {
"lastCommittedOpTime" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
},
"readConcernMajorityOpTime" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 19
},
"appliedOpTime" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
},
"durableOpTime" : {
"ts" : Timestamp(0, 0),
"t" : NumberLong(-1)
}
},
"lastStableCheckpointTimestamp" : Timestamp(0, 0),
"members" : [
{
"_id" : 0,
"name" : "10.10.3.142:27017",
"health" : 1,
"state" : 1,
"stateStr" : "PRIMARY",
"uptime" : 157,
"optime" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
},
"optimeDurable" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
},
"optimeDate" : ISODate("2019-05-07T06:43:19Z"),
"optimeDurableDate" : ISODate("2019-05-07T06:43:19Z"),
"lastHeartbeat" : ISODate("2019-05-07T06:43:25.691Z"),
"lastHeartbeatRecv" : ISODate("2019-05-07T06:43:26.321Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"electionTime" : Timestamp(1557211258, 1),
"electionDate" : ISODate("2019-05-07T06:40:58Z"),
"configVersion" : 1
},
{
"_id" : 1,
"name" : "10.10.3.143:27017",
"health" : 1,
"state" : 2,
"stateStr" : "SECONDARY",
"uptime" : 251,
"optime" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
},
"optimeDurable" : {
"ts" : Timestamp(1557211399, 1),
"t" : NumberLong(6)
20 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
},
"optimeDate" : ISODate("2019-05-07T06:43:19Z"),
"optimeDurableDate" : ISODate("2019-05-07T06:43:19Z"),
"lastHeartbeat" : ISODate("2019-05-07T06:43:25.703Z"),
"lastHeartbeatRecv" : ISODate("2019-05-07T06:43:25.174Z"),
"pingMs" : NumberLong(0),
"lastHeartbeatMessage" : "",
"syncingTo" : "10.10.3.142:27017",
"syncSourceHost" : "10.10.3.142:27017",
"syncSourceId" : 0,
"infoMessage" : "",
"configVersion" : 1
},
{
"_id" : 2,
"name" : "10.10.3.144:27017",
"health" : 1,
"state" : 7,
"stateStr" : "ARBITER",
"uptime" : 254,
"syncingTo" : "",
"syncSourceHost" : "",
"syncSourceId" : -1,
"infoMessage" : "",
"configVersion" : 1,
"self" : true,
"lastHeartbeatMessage" : ""
}
],
"ok" : 1
}
rs:ARBITER>
Note: When your disk space is insufficient for large amounts of logs, you can modify the log settings (including log
archive frequency and default archive file size) in the mongod.conf under the /etc/logrotate.d directory.
Tip: NetBrain supports to customize data storage by separating data in different MongoDB instances when you have
two or more replica sets. See Storing Data on a Replica Set for more details.
Parameters
The following table describes the parameters that can be configured when installing MongoDB.
Parameter Default Value Description
DataPath /usr/lib/mongodb Specify the storage path for all MongoDB data files.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 21
Parameter Default Value Description
Note: Make sure the destination directory has more than 100GB free space to save
all the data files. If you want to deploy a replica set, make sure the directory on the
arbiter node has more than 30GB free space.
Tip: You can run the df -h command to check which directory has been mounted
to a large disk.
LogPath /var/log/mongodb Specify the storage path for all MongoDB log files.
Note: Make sure the destination directory has more than 50GB free space to save
all the log files.
BindIp 127.0.0.1 Specify the IP address of MongoDB.
Note: Don't use 127.0.0.1.
Note: Select either to specify the actual value of BindIp or the FQDN for MongoDB
by setting BindIp as 0.0.0.0.
FQDN 127.0.0.1 Specify the fully qualified domain name (FQDN) of MongoDB.
Note: If you select to specify the FQDN for MongoDB, you must specify the FQDN
in the ReplicaSetMembers parameter and when installing other components that
require to connect to MongoDB.
Port 27017 Specify the port number that the MongoDB service listens to. It is recommended to
keep the default value.
Note: Each member in the replica set must have the same port number.
ReplicaSetName rs Specify the replica set name used for replication. It is recommended to keep the
default value. If you want to modify it, keep notes of your customized one because
it is required to connect to MongoDB when you install other components, such as
Web API Server, Worker Server, Task Engine, and Front Server Controller.
Note: It can only contain letters and numbers, and must start with a letter.
Note: Each member in the replica set must have the same replica set name,
UserName, and Password.
UseSSL no Specify whether to encrypt the connections to MongoDB with SSL.
To enable SSL, replace no with yes. For detailed requirements of SSL certificates
and keys, refer to SSL Certificate Requirements.
Certificate /etc/ssl/cert.pem Specify the name and storage path of the certificate file that contains the public
key.
Note: It is required only if UseSSL is enabled.
PrivateKey /etc/ssl/key.pem Specify the name and storage path of the private key file.
Note: It is required only if UseSSL is enabled.
22 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Parameter Default Value Description
UserName admin Specify the admin username used to connect with and log in to MongoDB.
Note: The value of the DBUser and DBPassword parameters cannot contain any
of the following special characters, and their length cannot exceed 64 characters.
{ } [ ] : " , ' | < > @ & ^ % \ and spaces
Password Admin1.# Specify the admin password used to connect with and log in to MongoDB.
CPULimit 55% Specify the maximum CPU utilization that can be consumed by MongoDB. To make
both MongoDB and Elasticsearch reasonably share the CPU resources of the same
machine, the recommended value is 55%.
MemoryLimit 55% Specify the maximum memory capacity of the machine that can be consumed by
the MongoDB. To make both MongoDB and Elasticsearch utilize the memory
resources of the same machine, the recommended value is 55%.
ReplicaSetMembe 127.0.0.1 Enter the actual IP address to be bound or FQDN.
rs Note: The members should be separated by spaces. The total number of members
should an odd number.
Note: The first member will be used as the primary member, the last will be used
as the arbiter. The rest are the secondary members.
Note: The address of 0.0.0.0 or 127.0.0.1 is not allowed.
3.2. Installing Elasticsearch Cluster on Linux
NetBrain adopts Elasticsearch as a full-text search and analytics engine in a distributed multi-user environment.
Elasticsearch cluster is a collection of one or more nodes (servers) that together holds your entire data and
provides federated indexing and search capabilities across all nodes. By default, the cluster name is
elasticsearch. Make sure that the cluster name is unique in the same LAN.
By default, each node is a master-eligible node, which has the chance to be selected as the master node through
the master election process. A master node takes the responsibilities for lightweight cluster-wide actions, such as
creating or deleting an index, tracking which nodes are part of the cluster, and deciding which shards to allocate to
which nodes.
In a cluster deployment, you can configure two node types:
▪ Normal Node — a master-eligible node eligible to be elected as the master node, which controls the
cluster.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 23
▪ Master-eligible-only Node — a master-eligible node dedicated to the master node functionality, but does
not store any index data.
The normal nodes back up the data of each other through shards. No data will be lost when one of the normal
nodes are unavailable. Even if both the master-eligible-only node and one of the normal nodes are unavailable,
the other normal node(s) can serve the search service as normal.
Example: Set up a three-member cluster, including two normal nodes and one master-eligible-only node.
Note: It is recommended to install the master-eligible-only node on the same machine with the MongoDB arbiter node.
Note: Elasticsearch cluster requires the port TCP (SSL) 9300 for internal node-to-node communication. Make sure that
your network configurations allow communications among all nodes .
Note: Elasticsearch has a dependency on AdoptOpenJDK-11.0.9, which will be automatically installed while
Elasticsearch is installed.
1. Complete the following steps to install all nodes.
1) Log in to each Linux server where a MongoDB node is installed as the root user.
2) Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
3) Download the installation package.
▪ Option 1: If the Linux server has no access to the Internet, obtain the elasticsearch-linux-rhel-6.8.12-
10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0 directory by using a file
transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/elasticsearch-linux-x86_64-rhel-6.8.12-10.0.tar.gz
command under the /opt/netbraintemp10.0 directory to directly download the elasticsearch-linux-
rhel-6.8.12-10.0.tar.gz file from NetBrain official download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed.
4) Run the tar -zxvf elasticsearch-linux-x86_64-rhel-6.8.12-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@centos netbraintemp10.0]# tar -zxvf elasticsearch-linux-x86_64-rhel-6.8.12-
10.0.tar.gz
Elasticsearch/
Elasticsearch/config/
...
Elasticsearch/config/setup.conf
...
Elasticsearch/install.sh
...
24 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
5) Run the cd Elasticsearch/config command to navigate to the config directory.
6) Modify the parameters in the setup.conf file located under the config directory and save the changes. For
how to modify the configuration file, refer to Editing a File with VI Editor.
Note: In the following example, 10.10.3.142 and 10.10.3.143 are the IP addresses of the two normal nodes;
10.10.3.144 is the IP address of the master-eligible-only node.
Note: The first entered cluster member has the tendency to be elected as the master but the master-eligible-only
node cannot be the first member.
Note: Make sure to use comma(s) to separate cluster member's IPs or FQDNs.
Sample Configurations of the Normal Node:
[root@centos config]# vi setup.conf
# Account info
# The UserName or Password should not contain:{}[]:”,’|<>@&^%\ or a space
# The first character of UserName and Password cannot be ! or #.
# The length of UserName or Password should not be more than 64 characters
UserName=admin
Password=Admin1.#
# DataPath is used to store data files for Elasticsearch. This directory must be at least a
second level directory and used exclusively for this purpose.
DataPath=/var/lib/elasticsearch
# LogPath is used to store log files for Elasticsearch. This directory must be at least a
second level directory and used exclusively for this purpose.
LogPath=/var/log/elasticsearch
# BindIp: The IP address to be bound to provide service. 127.0.0.1 is not allowed. If this
IP is set as default 0.0.0.0, you can use Fully Qualified
Domain Name (FQDN) in ClusterMembers.
BindIp=0.0.0.0
# Port is used to start elasticsearch service on specified port. The port must be between
1025 and 32767.
Port=9200
# CPULimit and MemoryLimit should be ended by % and the range is from 1% to 100%.
CPULimit=35%
MemoryLimit=25%
# Specify whether to enable Secure Sockets Layer(SSL)
# By default, it is disabled. "no" indicates disabled; "yes" indicates enabled.
UseSSL=no
# If SSL is enabled, you must enter the full path of the server certificate and key file.
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
CertAuth=/etc/ssl/cacert.pem
# SingleNode: Define the node type. Default ‘yes’ indicates standalone node. For cluster,
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 25
please set it as ‘no’.
SingleNode=no
# ClusterMembers: List all the cluster members' IP addresses or FQDNs (if the BindIp is set
as 0.0.0.0) here,
using ',' to separate each of them. The address of 0.0.0.0 or 127.0.0.1 is not allowed
ClusterMembers=10.10.3.142,10.10.3.143,10.10.3.144
#It is not supported to firstly install the master-only node.
MasterOnlyNode=no
Sample Configurations of the Master-eligible-only Node:
[root@centos config]# vi setup.conf
# Account info
# The UserName or Password should not contain:{}[]:”,’|<>@&^%\ or a space
# The first character of UserName and Password cannot be ! or #.
# The length of UserName or Password should not be more than 64 characters
UserName=admin
Password=Admin1.#
# DataPath is used to store data files for Elasticsearch. This directory must be at least a
second level directory and used exclusively for this purpose.
DataPath=/var/lib/elasticsearch
# LogPath is used to store log files for Elasticsearch. This directory must be at least a
second level directory and used exclusively for this purpose.
LogPath=/var/log/elasticsearch
# BindIp: The IP address to be bound to provide service. 127.0.0.1 is not allowed. If this
IP is set as default 0.0.0.0, you can use Fully Qualified
Domain Name (FQDN) in ClusterMembers.
BindIp=0.0.0.0
# Port is used to start elasticsearch service on specified port. The port must be between
1025 and 32767.
Port=9200
# CPULimit and MemoryLimit should be ended by % and the range is from 1% to 100%.
CPULimit=35%
MemoryLimit=25%
# Specify whether to enable Secure Sockets Layer(SSL)
# By default, it is disabled. "no" indicates disabled; "yes" indicates enabled.
UseSSL=no
# If SSL is enabled, you must enter the full path of the server certificate and key file.
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
CertAuth=/etc/ssl/cacert.pem
# SingleNode: Define the node type. Default ‘yes’ indicates standalone node. For cluster,
please set it as ‘no’.
SingleNode=no
# ClusterMembers: List all the cluster members' IP addresses or FQDNs (if the BindIp is set
as 0.0.0.0) here,
using ',' to separate each of them. The address of 0.0.0.0 or 127.0.0.1 is not allowed
ClusterMembers=10.10.3.142,10.10.3.143,10.10.3.144
26 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
#It is not supported to firstly install the master-only node.
MasterOnlyNode=yes
7) Run the cd .. command to navigate to the Elasticsearch directory.
8) Run the ./install.sh command under the Elasticsearch directory.
Note: To avoid the split-brain problem (two master nodes being elected), ensure to install normal nodes before
installing the master-eligible-only node, and execute the ./install.sh scripts synchronously on the two normal
nodes. The execution of the ./install.sh script on the first normal node will be put on hold till the
./install.sh script is executed on the second normal node.
Note: If the Service Monitor Agent was not previously installed, you'll need to use the interactive command line to
install it with MongoDB. See Interactive Pre-Installation of Service Monitor Agent for more details.
2. After successfully installing the cluster, you can use either of the following ways to verify the cluster.
▪ Method 1: Run the following command on any of the node.
o If SSL is not enabled:
curl -s -XGET --user <user:password> http://<IP address of
Elasticsearch>:<Port>/_cat/nodes?v
o If SSL is enabled:
curl -s -XGET --user <user:password> https://<IP address of
Elasticsearch>:<Port>/_cat/nodes?v -k
Example of Non-SSL Connections:
[root@centos Elasticsearch]# curl -s -XGET --user admin:admin
http://10.10.3.142:9200/_cat/nodes?v
ip heap.percent ram.percent cpu load_1m load_5m load_15m node.role master name
10.10.3.142 9 38 1 0.15 0.27 0.17 mdi *
localhost.localdomain
10.10.3.143 8 37 0 0.03 0.13 0.13 mdi -
localhost.localdomain1
10.10.3.144 5 37 0 0.13 0.13 0.13 m -
localhost.localdomain2
The node.role column indicates the role that each node plays in the cluster. The * character indicates the
location of the current elected master. A cluster can only have one master at any time.
o m indicates the node is used as a master-eligible-only node.
o mdi indicates the node is used as a normal node.
▪ Method 2: Open a web browser on a Windows server and do the following:
1) Enter http(s)://<IP address of any Elasticsearch node>:<port number>/_cat/nodes?v in the address bar
of your web browser. For example, http://10.10.3.142:9200/_cat/nodes?v.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 27
2) Enter the login username and password that you configured in the setup.conf file and click Login to
authenticate your credentials.
3) Browse the cluster information on the login page.
Parameters
The following table describes the parameters that can be configured when installing Elasticsearch.
Parameter Default Value Description
UserName admin Specify the admin username used to log in to Elasticsearch.
Note: The username and password cannot contain any of the following special
characters, and its length cannot exceed 64 characters.
{ } [ ] : " , ' | < > @ & ^ % \ and spaces
Password Admin1.# Specify the admin password used to log in to Elasticsearch.
Note: The password cannot be empty, and it cannot start with ! or #.
DataPath /var/lib/elasticsearc Specify the storage path for all data files of Elasticsearch. It is recommended to
h
keep the default path.
Note: If you want to modify it, don't use an existing directory.
Note: Make sure the directory has more than 100GB free space to save all the
data files.
Tip: You can run the df -h command to check which directory has been
mounted to a large disk.
LogPath /var/log/elasticsearc Specify the storage path for all log files of Elasticsearch.
h
Note: It is recommended to keep the default path as it is. If you want to
modify it, don't use an existing directory.
Note: Make sure the directory has more than 50GB free space to save all the
log files.
BindIp 0.0.0.0 Enter the IP address of the network card you want to use for the Elasticsearch.
Note: Modify the value only if you have multiple network cards on this
machine.
Port 9200 Specify the port number that Elasticsearch service listens to.
CPULimit 35% Specify the maximum CPU utilization that can be consumed by Elasticsearch.
To make both MongoDB and Elasticsearch utilize the CPU resources of the
same machine, the recommended value is 35%. And the sum of CPU utilization
allocated to the MongoDB and Elasticsearch cannot exceed 90% of the
machine's CPU.
28 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Parameter Default Value Description
MemoryLimit 25% Specify the maximum memory capacity of the machine that can be consumed
by Elasticsearch.
To make both MongoDB and Elasticsearch utilize the memory resources of the
same machine, the recommended value is in the range of 12.5%~25%.
Note: The maximum memory that Elasticsearch can utilize is 35%. Setting the
value of the MemoryLimit parameter to higher than 35% will not increase the
performance of Elasticsearch. Instead, it may affect the performance of co-
existing servers on this machine.
UseSSL no Set whether to enable the encrypted connections to Elasticsearch by using SSL.
For detailed requirements of SSL certificates and keys, refer to SSL Certificate
Requirements.
Certificate /etc/ssl/cert.pem Specify the name of the SSL certificate file containing the public key.
Note: It is required only if UseSSL is enabled.
PrivateKey /etc/ssl/key.pem Specify the name of the SSL private key file.
Note: It is required only if UseSSL is enabled.
CertAuth /etc/ssl/cacert.pem Specify the name of the SSL certificate chain or intermediate certificate (class 2
or class 3 certificate).
Note: It is required only if UseSSL is enabled.
SingleNode yes Set whether to enable cluster deployments. The default option yes means
cluster deployment is disabled.
If you want to deploy a cluster, change it to no.
ClusterMembers 10.10.2.34,10.10.2.35 This parameter is only required for cluster deployments.
,10.10.2.36
If you want to deploy a cluster, specify all the cluster members' IP addresses or
FQDNs (if the BindIp is set as 0.0.0.0).
Note: Use ',' to separate each of the cluster members.
Note: The first entered cluster member has the tendency to be elected as the
master, but the master-eligible-only node cannot be the first member.
MasterOnlyNode no Set whether the node is master-eligible-only.
Note: If you want to deploy a cluster, it is not allowed to firstly install the
master-only node.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 29
3.3. Installing License Agents on Linux
Note: If a MongoDB replica set has been deployed, you must install License Agent on each primary and secondary node.
1. Log in to the Linux server where MongoDB is installed as the root user.
2. Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
3. Download the installation package.
▪ Option 1: If the Linux server has no access to the Internet, obtain the netbrain-licenseagent-linux-x86_64-
rhel-10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0 directory by using a
file transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/netbrain-licenseagent-linux-x86_64-rhel-10.0.tar.gz
command under the /opt/netbraintemp10.0 directory to directly download the file from NetBrain official
download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed on the
server.
4. Run the tar -zxvf netbrain-licenseagent-linux-x86_64-rhel-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@localhost netbraintemp10.0]# tar -zxvf netbrain-licenseagent-linux-x86_64-rhel-10.0.tar.gz
License/
License/include/
License/include/yaml.sh
License/include/yq
...
License/install.sh
...
5. Run the cd License/config command to navigate to the config directory.
6. Modify the parameters in the setup.conf file located under the config directory according to your environment
and save the changes. For how to modify the configuration file, refer to Editing a File with VI Editor.
[root@localhost config]# vi setup.conf
# The IP address of the License Agent Server.
BindIp=0.0.0.0
# The port number that the License Agent Server listens to. It should be more than 1025 and less
than 32767. By default, it is 27654.
Port=27654
# Specify whether to use SSL to encrypt the connections to the License Agent Server.
30 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
# By default, it is disabled. no indicates disabled; yes indicates enabled.
UseSSL=no
# If SSL is enabled, you must enter the full path of the server certificate and key file.
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
# LogPath is used to store log files for the service of netbrainlicense.
# This directory must be at least a second level directory and used exclusively for this
purpose.
LogPath=/var/log/netbrain/netbrainlicense
7. Run the cd .. command to navigate to the License directory.
8. Run the ./install.sh script under the License directory to install License Agent.
1) Read the license agreement, and then type YES and press the Enter key.
2) Type I ACCEPT and press the Enter key to accept the license agreement. The script starts to check whether
the system configuration of the Linux server meets the requirement, and all required dependent packages
are installed for each Linux component.
[root@localhost License]# ./install.sh
Please read the End User License Agreement (“EULA”) for the license type (perpetual or
subscription)
purchased in the order form at https://www.netbraintech.com/legal-tc/ carefully. I have read
the
subscription EULA, if I have purchased a subscription license, or the perpetual EULA, if I have
purchased a perpetual license, at the link provided above. Please type “YES” if you have read
the
applicable EULA and understand its and understand its contents, or “NO” if you have not read
the
applicable EULA. [YES/NO]: YES
Do you accept the terms in the subscription EULA, if you have purchased a subscription license,
or
the perpetual EULA, if you have purchased a perpetual license? If you accept, and to continue
with
the installation, please type "I Accept" to continue. If you do not accept, and to quit the
installation script, please type "CANCEL" to stop. [I ACCEPT/CANCEL]: I ACCEPT
INFO: Starting to check Linux OS info...
INFO: Creating installation log file SUCCEEDED
INFO: Dependent packages:
INFO: Component Name: License Agent
INFO: RPM name: netbrainlicense
INFO: Preprocessing SUCCEEDED.
...
INFO: Installing /opt/netbraintemp/License/sources/netbrainlicense-10.0-el7.x86_64.rpm
Preparing... ########################################
Find configuration file
/var/log/netbrain/installationlog/licenseagent/install_licenseagent.conf.
Bind IP: 0.0.0.0
License Agent port: 27654
The NetBrain License Agent will not use SSL to communicate.
Updating / installing...
1:netbrainlicense-10.0-el7 ########################################
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 31
Bind IP: 0.0.0.0
License Agent port: 27654
The NetBrain License Agent will not use SSL to communicate.
User name: netbrain
User group: netbrain
NetBrain License Agent Server has been started.
Redirecting to /bin/systemctl status firewalld.service
Successfully installed NetBrain License Agent.
INFO: 2020-01-13 00-26-30.295: Rpm package installing SUCCEEDED.
INFO: 2020-01-13 00-26-30.304: Starting permission assigning...
INFO: Port 27654 is added to the firewall.
INFO: 2020-01-13 00-26-30.359: Permission assigning SUCCEEDED.
Created symlink from /etc/systemd/system/multi-user.target.wants/netbrainlicense.service to
/usr/lib/systemd/system/netbrainlicense.service.
?netbrainlicense.service - NetBrain license agent service
Loaded: loaded (/usr/lib/systemd/system/netbrainlicense.service; enabled; vendor preset:
disabled)
Active: active (running) since Mon 2020-01-13 00:26:30 EST; 18ms ago
Process: 15534 ExecStop=/usr/bin/pkill licensed (code=exited, status=0/SUCCESS)
Process: 15540 ExecStart=/usr/bin/netbrainlicense/licensed -f
/etc/netbrain/netbrainlicense/licensed.conf (code=exited, status=0/SUCCESS)
Process: 15536 ExecStartPre=/bin/chmod o+r /sys/class/dmi/id/product_uuid (code=exited,
status=0/SUCCESS)
Main PID: 15541 (licensed)
Memory: 1.0M
CGroup: /system.slice/netbrainlicense.service
15541 /usr/bin/netbrainlicense/licensed -f
/etc/netbrain/netbrainlicense/licensed.conf
Jan 13 00:26:30 localhost.localdomain systemd[1]: Starting NetBrain license agent service...
Jan 13 00:26:30 localhost.localdomain systemd[1]: Started NetBrain license agent service.
INFO: 2021-02-24 01-30-48.747: Successfully installed License Agent. Service is running.
INFO: 2021-02-24 01-30-48.775: Backing up uninstall.sh SUCCEEDED
INFO: 2021-02-24 01-30-48.785: Successfully installed License Agent.
Note: If the Service Monitor Agent was not previously installed, it will be installed with License Agent. You'll need to use
the interactive command line to install it. See Interactive Pre-Installation of Service Monitor Agent for more details.
9. Run the systemctl status netbrainlicense command to check the service status of License.
[root@localhost ~]# systemctl status netbrainlicense
netbrainlicense.service - NetBrain license agent service
Loaded: loaded (/usr/lib/systemd/system/netbrainlicense.service; enabled; vendor preset:
disabled)
Active: active (running) since Wed 2021-02-24 01:30:48 EST; 8min ago
Process: 6054 ExecStart=/usr/bin/netbrainlicense/licensed -f
/etc/netbrain/netbrainlicense/licensed.conf (code=exited, status=0/SUCCESS)
Process: 5907 ExecStartPre=/bin/chmod o+r /sys/class/dmi/id/product_uuid (code=exited,
status=0/SUCCESS)
Main PID: 6138 (licensed)
Memory: 8.2M
CGroup: /system.slice/netbrainlicense.service
└─6138 /usr/bin/netbrainlicense/licensed -f
/etc/netbrain/netbrainlicense/licensed.conf
32 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Jul 19 09:02:40 localhost.localdomain systemd[1]: Starting NetBrain license agent service...
Jul 19 09:02:40 localhost.localdomain systemd[1]: Started NetBrain license agent service.
Parameters
The following table describes the parameters that can be configured when installing License Agent.
Parameter Default Value Description
BindIp 0.0.0.0 Specify the IP address of License Agent.
Note: Modify the value only if you have multiple network cards on this
machine.
Port 27654 The port number that the License Agent Server listens to.
UseSSL no Set whether to encrypt the connections to the License Agent with SSL.
To enable SSL, modify it to yes. For detailed requirements of SSL
certificates and keys, see SSL Certificate Requirements.
Certificate /etc/ssl/cert.pem Specify the storage path and name of the SSL certificate that contains
the public key.
Note: It is required only if UseSSL is enabled.
Note: Do not set the values of the Certificate, PrivateKey, and LogPath
arguments to any personal directories, such as /root. Besides, do not
include any special characters or spaces except slashes (/) in the values.
PrivateKey /etc/ssl/key.pem Specify the storage path and name of the SSL private key file.
Note: It is required only if UseSSL is enabled.
LogPath /var/log/netbrain/netbrainlice Specify the storage path for all License Agent log files.
nse
3.4. Installing Redis Cluster on Linux
Pre-Installation Task
▪ Service Monitor Agent will be installed or upgraded with Redis and it has dependencies on the third-party
package libffi-devel zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-devel xz-devel tk-devel
libffi-devel gcc. Run the
rpm -qa|grep -E "zlib-devel|readline-devel|bzip2-devel|ncurses-devel|gdbm-devel|xz-devel|tk-
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 33
devel|libffi-devel|gcc" command to check whether it has been installed on this Linux server. If it has not
been installed yet, you can choose either option below to install the dependencies:
o Online Install: run the yum -y install zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-
devel xz-devel tk-devel libffi-devel gcc command to install them online
o Offline Install: refer to Appendix: Offline Installing Third-party Dependencies for further instructions.
▪ Redis has dependencies on the third-party package logrotate. Before you install the Redis, run the rpm -
qa|grep logrotate command to check whether it has been installed on the server. If it has not been installed
yet, you can choose either option below to install the dependencies.
o Online Install: run the yum -y install logrotate command to install it online.
o Offline Install: refer to Offline Installing Third-party Dependencies for more details.
▪ Ensure you have upgraded the Linux OS to Red Hat Enterprise Linux Server 7.5/7.6/7.7/7.8/7.9/8.2/8.3, 64-
bit, CentOS 7.5/7.6/7.7/7.8/7.9/8.2/8.3, 64-bit or Oracle Linux Server 7.7/7.8/7.9/8.2/8.3, 64-bit to avoid
installation or upgrade failure. Refer to Linux System Upgrade Instructions Online for more details. If your Linux
server has no access to the Internet, refer to Linux System Upgrade Instructions Offline.
Note: During and after the Linux OS upgrade, do not restart the Linux server, and keep all the NetBrain services on Linux
server including MongoDB running normally and all the services on the Windows server stopped.
Installing Redis Cluster on Linux
A Redis cluster contains the following three types of nodes:
▪ Redis Master — the primary node of a Redis replication.
▪ Redis Slave — the secondary node of a Redis replication, and will be promoted as the Master by the
Sentinel during a failover.
▪ Redis Sentinel — the crucial part of a reliable Redis failover plan, which monitors both Master and Slave,
and attempts a failover when the Redis Master service is unavailable.
Example: Set up a three-member cluster on three Linux servers.
Note: It is recommended to install the master node on the same machine with the MongoDB primary node first, then
install the slave node on the same machine with the MongoDB secondary node and the sentinel node on the same
machine with the MongoDB arbiter node.
Note: Redis Cluster requires TCP 16379 port for internal node-to-node data exchange. Redis Sentinel node requires TCP
26379 port to listen for its connections.
1. Complete the following steps to install the master, slave, and sentinel nodes.
1) Log in to the Linux server as the root user.
34 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
2) Run the mkdir command to create a directory under the /opt directory to place the installation package.
For example, netbraintemp10.0.
3) Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
4) Download the installation package.
▪ Option 1: If the Linux server has no access to the Internet, obtain the redis-linux-x86_64-rhel-6.0.9-
10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0 directory by using a file
transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/redis-linux-x86_64-rhel-6.0.9-10.0.tar.gz command
under the /opt/netbraintemp10.0 directory to directly download the redis-linux-x86_64-rhel-6.0.9-
10.0.tar.gz file from NetBrain official download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed on the
server.
5) Run the tar -zxvf redis-linux-x86_64-rhel-6.0.9-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@localhost netbraintemp10.0]# tar -zxvf redis-linux-x86_64-rhel-6.0.9-10.0.tar.gz
redis/
redis/sources/
...
redis/config/setup.conf
...
install.sh
...
6) Run the cd redis/config/ command to navigate to the config directory.
7) Modify the parameters in the setup.conf file located under the config directory and save the changes. For
how to modify the configuration file, refer to Editing a File with VI Editor.
Note: Each member in a cluster must have the same Password, and SSL settings.
Sample Configurations of the Master Node:
[root@localhost config]# vi setup.conf
#Redis configuration file
#Note: Entries other than the password can only contain letters and numbers, and should
start with a letter.
#Account info.
#Password should not contain: {}[]:",'|<>@&^%\ or a space. Password should be the same in
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 35
all nodes if the mode is cluster.
Password=Admin1.#
# Mode use 'standalone' if single installation, use 'cluster' if HA mode
Mode=cluster
# Port is used to start the redis service on specified port. We use default port 6379.
Port=6379
# Data Path is used to store redis files. Default path /var/lib/redis.
DataPath=/var/lib/redis
# Log Path is used to store redis log files. Default path /var/log/redis.
LogPath=/var/log/redis
# Role (NodeRole can only be 'master', 'slave' 'sentinel' or 'dr-sentinel')
# sentinel - start the redis in sentinel mode so that it can monitor a cluster
# dr-sentinel - start the redis in sentinel mode so that it can monitor a DR cluster for a
multi-DC on same node where you have redis already installed
NodeRole=master
#Master Node (Master Node can support ip address, hostname or FQDN and is used if the Mode
is cluster)
MasterNode=10.10.3.142
# Start the redis sentinel service on Sentinel port. Default port is 6380.
# For a multi-DC DR cluster there will be 2 instances of sentinel on same arbiter node so
user should change this value to default port 6381
or any other port which is not used by other service
# Please enter the same value for all nodes that belong to the same cluster
SentinelPort=6380
# Resource limitation. It can only be 'yes' or 'no'
ResourceLimit=no
# CPU Limit. should end with %. Range is 1% to 100%
CPULimit=100%
#Memory Limit. should end with %. Range is 1% to 100%
MemmoryLimit=100%
# TLS. It can only be 'yes' or 'no'
UseSSL=no
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
CertAuth=/etc/ssl/cacert.pem
Sample Configurations of the Slave Node:
[root@localhost config]# vi setup.conf
#Redis configuration file
#Note: Entries other than the password can only contain letters and numbers, and should
start with a letter.
#Account info.
#Password should not contain: {}[]:",'|<>@&^%\ or a space. Password should be the same in
all nodes if the mode is cluster.
36 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Password=Admin1.#
# Mode use 'standalone' if single installation, use 'cluster' if HA mode
Mode=cluster
# Port is used to start the redis service on specified port. We use default port 6379.
Port=6379
# Data Path is used to store redis files. Default path /var/lib/redis.
DataPath=/var/lib/redis
# Log Path is used to store redis log files. Default path /var/log/redis.
LogPath=/var/log/redis
# Role (NodeRole can only be 'master', 'slave' 'sentinel' or 'dr-sentinel')
# sentinel - start the redis in sentinel mode so that it can monitor a cluster
# dr-sentinel - start the redis in sentinel mode so that it can monitor a DR cluster for a
multi-DC on same node where you have redis already installed
NodeRole=slave
#Master Node (Master Node can support ip address, hostname or FQDN and is used if the Mode
is cluster)
MasterNode=10.10.3.142
# Start the redis sentinel service on Sentinel port. Default port is 6380.
# For a multi-DC DR cluster there will be 2 instances of sentinel on same arbiter node so
user should change this value to default port 6381
or any other port which is not used by other service
# Please enter the same value for all nodes that belong to the same cluster
SentinelPort=6380
# Resource limitation. It can only be 'yes' or 'no'
ResourceLimit=no
# CPU Limit. should end with %. Range is 1% to 100%
CPULimit=100%
#Memory Limit. should end with %. Range is 1% to 100%
MemmoryLimit=100%
# TLS. It can only be 'yes' or 'no'
UseSSL=no
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
CertAuth=/etc/ssl/cacert.pem
Sample Configurations of the Sentinel Node:
[root@localhost config]# vi setup.conf
#Redis configuration file
#Note: Entries other than the password can only contain letters and numbers, and should
start with a letter.
#Account info.
#Password should not contain: {}[]:",'|<>@&^%\ or a space. Password should be the same in
all nodes if the mode is cluster.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 37
Password=Admin1.#
# Mode use 'standalone' if single installation, use 'cluster' if HA mode
Mode=cluster
# Port is used to start the redis service on specified port. We use default port 6379.
Port=6379
# Data Path is used to store redis files. Default path /var/lib/redis.
DataPath=/var/lib/redis
# Log Path is used to store redis log files. Default path /var/log/redis.
LogPath=/var/log/redis
# Role (NodeRole can only be 'master', 'slave' 'sentinel' or 'dr-sentinel')
# sentinel - start the redis in sentinel mode so that it can monitor a cluster
# dr-sentinel - start the redis in sentinel mode so that it can monitor a DR cluster for a
multi-DC on same node where you have redis already installed
NodeRole=sentinel
#Master Node (Master Node can support ip address, hostname or FQDN and is used if the Mode
is cluster)
MasterNode=10.10.3.142
# Start the redis sentinel service on Sentinel port. Default port is 6380.
# For a multi-DC DR cluster there will be 2 instances of sentinel on same arbiter node so
user should change this value to default port 6381
or any other port which is not used by other service
# Please enter the same value for all nodes that belong to the same cluster
SentinelPort=6380
# Resource limitation. It can only be 'yes' or 'no'
ResourceLimit=no
# CPU Limit. should end with %. Range is 1% to 100%
CPULimit=100%
#Memory Limit. should end with %. Range is 1% to 100%
MemmoryLimit=100%
# TLS. It can only be 'yes' or 'no'
UseSSL=no
Certificate=/etc/ssl/cert.pem
PrivateKey=/etc/ssl/key.pem
CertAuth=/etc/ssl/cacert.pem
8) Run the cd .. command to navigate to the redis directory.
9) Run the ./install.sh script under the redis directory. Take the master node for example:
Note: You'll need to use the interactive command line to install the Service Monitor Agent with Redis. See
Interactive Pre-Installation of Service Monitor Agent for more details.
10) Run the following commands to check the service status of each node.
▪ systemctl status redis-master
38 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
[root@redhat redis]# systemctl status redis-master
redis-master.service - Redis
Loaded: loaded (/usr/lib/systemd/system/redis-master.service; enabled; vendor preset:
disabled)
Active: active (running) since Thu 2020-07-16 03:22:48 EDT; 6min ago
Main PID: 18778 (redis-server)
CGroup: /system.slice/redis-master.service
18778 /sbin/redis-server *:6379
Jan 14 03:22:48 redhat systemd[1]: Started Redis.
▪ systemctl status redis-slave
[root@centos redis]# systemctl status redis-slave
redis-slave.service - Redis
Loaded: loaded (/usr/lib/systemd/system/redis-slave.service; enabled; vendor preset:
disabled)
Active: active (running) since Thu 2020-07-16 03:23:32 EDT; 2min 54s ago
Main PID: 20372 (redis-server)
CGroup: /system.slice/redis-slave.service
20372 /sbin/redis-server *:6379
Jan 14 03:23:32 centos systemd[1]: Started Redis.
▪ systemctl status redis-sentinel
[root@centos redis]# systemctl status redis-sentinel
redis-sentinel.service - Redis
Loaded: loaded (/usr/lib/systemd/system/redis-sentinel.service; enabled; vendor
preset: disabled)
Active: active (running) since Thu 2020-07-16 03:23:32 EDT; 4min 39s ago
Main PID: 20355 (redis-server)
CGroup: /system.slice/redis-sentinel.service
20355 /sbin/redis-server *:6380 [sentinel]
Jan 14 03:23:32 centos systemd[1]: Started Redis.
2. Complete the following steps to verify the status of the cluster.
1) On the Sentinel node, run the following commands:
▪ If SSL is not enabled:
redis-cli -h <sentinel_ip_address> -p <port_number> -a <Admin password of Redis>
▪ If SSL is enabled:
redis-cli --tls --cacert <the used CA file path > -h <sentinel_ip_address> -p
<port_number> -a <Admin password of Redis>
Example of Non-SSL Connections:
[root@centos redis]# redis-cli -h 10.10.3.144 -p 6380 -a admin
10.10.3.144:6380>
2) Run the sentinel masters command to look into the information about the Master node.
10.10.3.143:6379> sentinel masters
1) 1) "name"
2) "nbreplica"
3) "ip"
4) "10.10.3.142"
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 39
5) "port"
6) "6379"
7) "runid"
8) "3ae353b666495dc953f3be5d462e6bd9347b735b"
9) "flags"
10) "master"
11) "link-pending-commands"
12) "0"
13) "link-refcount"
14) "1"
15) "last-ping-sent"
16) "0"
17) "last-ok-ping-reply"
18) "890"
19) "last-ping-reply"
20) "890"
21) "down-after-milliseconds"
22) "5000"
23) "info-refresh"
24) "7618"
25) "role-reported"
26) "master"
27) "role-reported-time"
28) "77942"
29) "config-epoch"
30) "0"
31) "num-slaves"
32) "1"
33) "num-other-sentinels"
34) "0"
35) "quorum"
36) "1"
37) "failover-timeout"
38) "5000"
39) "parallel-syncs"
40) "1"
10.10.3.144:6380>
3) Run the sentinel slaves nbreplica command to look into the information about the Slave node.
10.10.3.143:6380> sentinel slaves nbreplica
1) 1) "name"
2) "10.10.3.143:6379"
3) "ip"
4) "10.10.3.143"
5) "port"
6) "6379"
7) "runid"
8) "fd538ebcb255e0152d29fa74bf46c1032b068134"
9) "flags"
10) "slave"
11) "link-pending-commands"
12) "0"
13) "link-refcount"
14) "1"
40 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
15) "last-ping-sent"
16) "0"
17) "last-ok-ping-reply"
18) "485"
19) "last-ping-reply"
20) "485"
21) "down-after-milliseconds"
22) "5000"
23) "info-refresh"
24) "127"
25) "role-reported"
26) "slave"
27) "role-reported-time"
28) "401932"
29) "master-link-down-time"
30) "0"
31) "master-link-status"
32) "ok"
33) "master-host"
34) "10.10.3.142"
35) "master-port"
36) "6379"
37) "slave-priority"
38) "100"
39) "slave-repl-offset"
40) "27449"
10.10.3.144:6380>
4) Enter the exit command and press the Enter key to exit the redis-cli command line.
10.10.3.144:6380>exit
bye
Note: When your disk space is insufficient for large amounts of logs, you can modify the log settings (including log
archive frequency and default archive file size) in the redis.conf under the /etc/logrotate.d directory.
Parameters
The following table describes the parameters that can be configured when installing Redis.
Parameter Default Value Description
Password Admin1.# Specify the admin password used to connect to Redis.
Note: The password cannot contain any of the following special characters, and its
length cannot exceed 64 characters.
{ } [ ] : " , ' | < > @ & ^ % \ and spaces
Note: Each member in a cluster must have the same password.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 41
Parameter Default Value Description
Mode standalone Set whether to enable cluster deployment.
If you plan to deploy a cluster, modify it to cluster.
Port 6379 Specify the port number that the master Redis node listens to.
DataPath /var/lib/redis/ Specify the storage path for all data files of Redis.
LogPath /var/log/redis/ Specify the storage path for all log files of Redis.
NodeRole master Set the role for the current node. Available options are master, slave, sentinel and
dr-sentinel. If you plan to deploy a cluster, modify it to slave and sentinel on the
other nodes.
MasterNode This parameter is only required for cluster deployments.
Enter the IP address of the master node when you configure the setting for the
master, slave and sentinel (or dr-sentinel) node.
SentinelPort 6380 The port number that the sentinel or dr-sentinel node listens to.
Note: Use alternative port such as 6381 when deploying the dr-sentinel node.
ResourceLimit no Set whether to limit the system resource usage for Redis.
CPULimit 100% The maximum CPU utilization of the machine that can be consumed by Redis.
MemoryLimit 100% The maximum memory capacity of the machine that can be consumed by Redis.
UseSSL no Set whether to enable the encrypted connections to Redis by using SSL.
Note: Redis itself does not support SSL. It uses stunnel as an SSL service agent.
Stunnel will be automatically installed together with Redis. For detailed
requirements of SSL certificates and keys, refer to SSL Certificate Requirements.
Certificate /etc/ssl/cert.p Specify the storage path for all the certificates and key files used for SSL
em
authentication.
Note: It is required only if UseSSL is enabled.
PrivateKey /etc/ssl/key.pe Specify the name of SSL private key file.
m
Note: It is required only if UseSSL is enabled.
CertAuth /etc/ssl/cacert Specify the name of the SSL certificate chain or intermediate certificate (class 2 or
.pem
class 3 certificate).
Note: It is required only if UseSSL is enabled.
42 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
3.5. Installing RabbitMQ Cluster on Linux
Pre-Installation Task
▪ Service Monitor Agent will be installed or upgraded with RabbitMQ and it has dependencies on the third-party
package libffi-devel zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-devel xz-devel tk-devel
libffi-devel gcc. Run the
rpm -qa|grep -E "zlib-devel|readline-devel|bzip2-devel|ncurses-devel|gdbm-devel|xz-devel|tk-
devel|libffi-devel|gcc" command to check whether it has been installed on this Linux server. If it has not
been installed yet, you can choose either option below to install the dependencies:
o Online Install: run the yum -y install zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-
devel xz-devel tk-devel libffi-devel gcc command to install them online
o Offline Install: refer to Appendix: Offline Installing Third-party Dependencies for further instructions.
▪ Ensure you have upgraded the Linux OS to Red Hat Enterprise Linux Server 7.5/7.6/7.7/7.8/7.9/8.2/8.3, 64-
bit, CentOS 7.5/7.6/7.7/7.8/7.9/8.2/8.3, 64-bit or Oracle Linux Server 7.7/7.8/7.9/8.2/8.3, 64-bit to avoid
installation or upgrade failure. Refer to Linux System Upgrade Instructions Online for more details. If your Linux
server has no access to the Internet, refer to Linux System Upgrade Instructions Offline.
Note: During and after the Linux OS upgrade, do not restart the Linux server, and keep all the NetBrain services on Linux
server including MongoDB running normally and all the services on the Windows server stopped.
▪ Ensure the hostname of the Linux server must be resolvable by DNS or configured in /etc/hosts on each server
because RabbitMQ needs resolvable hostname(s) no matter it is a standalone server or a cluster.
Installing RabbitMQ Cluster on Linux
Note: A RabbitMQ cluster provides high availability but also has higher requirements on network stability, because it
cannot automatically recover from network partitions.
Note: When setting up a three-node RabbitMQ cluster, install the master node first and then install the slave nodes. TCP
port 25672 is required for internal node-to-node communication. Besides, the IP addresses of the three servers must be in
the same network segment.
Note: RabbitMQ has dependencies on the third-party package socat and logrotate. Before you install the RabbitMQ, run
the rpm -qa|grep socat and rpm -qa|grep logrotate commands to check whether they have been installed on the
server. If they have not been installed yet, you can choose either option below to install the dependencies.
▪ Online Install: run the yum -y install socat and yum -y install logrotate commands to install them online.
▪ Offline Install: refer to Offline Installing Third-party Dependencies for more details.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 43
Example: Set up a three-member cluster on three Linux servers.
Note: To avoid the split-brain problem (two master nodes being elected), ensure to install two slave nodes on two
separate Linux Servers.
Note: All the three Linux servers must be able to communicate with each other by using resolvable hostnames.
1. Install the three nodes as follows:
1) Log in to each Linux server as the root user.
2) Run the mkdir command to create a directory under the /opt directory to place the installation package.
For example, netbraintemp10.0.
3) Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
4) Download the installation package.
▪ Option 1: If the Linux server has no access to the Internet, obtain the rabbitmq-linux-x86_64-rhel-
3.8.9-10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0 directory by
using a file transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/rabbitmq-linux-x86_64-rhel-3.8.9-10.0.tar.gz
command under the /opt/netbraintemp10.0 directory to directly download the rabbitmq-linux-
x86_64-rhel-3.8.9-10.0.tar.gz file from NetBrain official download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed on the
server.
5) Run the tar -zxvf rabbitmq-linux-x86_64-rhel-3.8.9-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@centos netbraintemp10.0]# tar -zxvf rabbitmq-linux-x86_64-rhel-3.8.9-10.0.tar.gz
rabbitmq/
rabbitmq/config/
rabbitmq/config/setup.conf
...
rabbitmq/install.sh
...
6) Run the cd rabbitmq/config command to navigate to the config directory.
7) Modify the parameters in the setup.conf file located under the config directory and save the changes. For
how to modify the configuration file, refer to Editing a File with VI Editor.
Note: Each member in a cluster must have the same UserName, Password, ClusterId, and SSL settings.
44 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Note: When you configure the slave node, only hostname is supported in the MasterNode parameter.
Note: The mapping relationships between the IP address and hostname of the nodes are required in the
/etc/hosts file on each node. If dots (.) are contained in any hostname, for example, "nb90.co", you must also add
its short hostname "nb90" into the /etc/hosts file, like: 10.10.33.90 nb90.co nb90.
Sample Configurations of the Master Node:
[root@centos config]# vi setup.conf
#RabbitMQ configuration file
#Account info
#The UserName or Password should not contain: {}[]:",'|<>@&^%\ or a space
#The length of UserName or Password should not be more than 64 characters
UserName=admin
Password=Admin1.#
# Mode (Mode can only be 'mirror' or 'standalone')
Mode=mirror
# A unique cluster string is used to join all cluster nodes. Each cluster node
# must have the same cluster ID.
ClusterId=rabbitmqcluster
# The role of the current node in the cluster. One of the two roles can be configured:
# master or slave.
NodeRole=master
# Must specify a resolvable hostname of the master node in either standalone or mirror
mode.
MasterNode=centos7
# Resource limitation
ResourceLimit=no
# CPULimit and MemoryLimit should be ended by % and the range is from 1% to 100%
CPULimit=100%
MemLimit=100%
# TLS
UseSSL=no
CertFile=/etc/ssl/cert.pem
KeyFile=/etc/ssl/key.pem
# Port --Please enter the same Port for all nodes that belong to the same cluster
Port=5672
# Log path
LogPath=/var/log/rabbitmq
Sample Configurations of the Two Slave Nodes:
[root@centos config]# vi setup.conf
#RabbitMQ configuration file
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 45
#Account info
#The UserName or Password should not contain: {}[]:",'|<>@&^%\ or a space
#The length of UserName or Password should not be more than 64 characters
UserName=admin
Password=Admin1.#
# Mode (Mode can only be 'mirror' or 'standalone')
Mode=mirror
# A unique cluster string is used to join all cluster nodes. Each cluster node
# must have the same cluster ID.
ClusterId=rabbitmqcluster
# The role of the current node in the cluster. One of the two roles can be configured:
# master or slave.
NodeRole=slave
# Must specify a resolvable hostname of the master node in either standalone or mirror
mode.
MasterNode=centos7
# Resource limitation
ResourceLimit=no
# CPULimit and MemoryLimit should be ended by % and the range is from 1% to 100%
CPULimit=100%
MemLimit=100%
# TLS
UseSSL=no
CertFile=/etc/ssl/cert.pem
KeyFile=/etc/ssl/key.pem
# Port --Please enter the same Port for all nodes that belong to the same cluster
Port=5672
# Log path
LogPath=/var/log/rabbitmq
8) Run the cd .. command to navigate to the rabbitmq directory.
9) Run the ./install.sh script under the rabbitmq directory.
Note: When you upgrade one node, shut down the service of the other node. And still keep the other node
service down to upgrade it.
Note: If the Service Monitor Agent was not previously installed, you'll need to use the interactive command line
to install it. See Appendix: Interactive Pre-Installation of Service Monitor Agent for more details.
2. Use either of the following ways to verify the status of the cluster.
46 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Method 1: Run the rabbitmqctl -n rabbit@<hostname of any of the RabbitMQ Node> cluster_status
command on either of the node to see the status of the cluster.
Example:
[root@centos rabbitmq]# rabbitmqctl -n rabbit@centos7 cluster_status
Cluster status of node rabbit@centos7 ...
Basics
Cluster name: rabbit@centos7
Disk Nodes
rabbit@centos7
rabbit@linux2
rabbit@linux3
Running Nodes
rabbit@centos7
rabbit@linux2
rabbit@linux3
Versions
rabbit@centos7: RabbitMQ 3.8.9 on Erlang 23.2.1
rabbit@linux2: RabbitMQ 3.8.9 on Erlang 23.2.1
rabbit@linux3: RabbitMQ 3.8.9 on Erlang 23.2.1
...
▪ Method 2: Log in to the RabbitMQ Management page to browse the cluster nodes.
1) In your web browser, navigate to http(s)://<IP address or hostname of RabbitMQ>:15672. For
example, http://10.10.3.142:15672. 15672 is the default port number for RabbitMQ management plugin.
2) Enter the username and password that you created when installing RabbitMQ and click Login. You can
see two server nodes under the Overview tab.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 47
Parameters
The following table describes the parameters that can be configured when installing RabbitMQ.
Parameter Default Value Description
Username admin Specify the admin username used to connect to RabbitMQ.
Note: The username and password cannot contain any of the following special
characters, and its length cannot exceed 64 characters.
{ } [ ] : " , ' | < > @ & ^ % \ and spaces
Note: Each member in a cluster must have the same username and password.
Password Admin1.# Specify the admin password used to connect to RabbitMQ.
Mode standalone Set the RabbitMQ deployment Mode. Available options are standalone or mirror.
If you plan to deploy a cluster, modify the default value to mirror.
ClusterId rabbitmqcluster Specify the cluster id used by all nodes to join the cluster. This parameter is required
only for cluster deployments.
Note: Each member in a cluster must have the same cluster ID.
Note: Make sure that you don’t reuse the same cluster ID, otherwise you might end up
with nodes joining the wrong cluster.
NodeRole master Set the role for the current node. Available options are master or slave.
If you plan to deploy a cluster, modify it to slave on the other node.
MasterNode localhost This parameter is required for both standalone and cluster deployments.
If you plan to deploy a cluster, always enter a resolvable hostname of the master node.
Note: FQDN and IP address are NOT supported.
ResourceLimit no Set whether to limit the system resource usage for RabbitMQ.
CPULimit 100% Specify the maximum CPU utilization of the machine that can be consumed by
RabbitMQ.
MemoryLimit 100% Specify the maximum memory capacity of the machine that can be consumed by
RabbitMQ.
UseSSL no Set whether to enable the encrypted connections to RabbitMQ by using SSL.
Tip: If UseSSL is set to yes, you can follow the steps below to modify the RabbitMQ
Plugin config file after the service monitor is installed.
48 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Parameter Default Value Description
1) Run the vi /etc/netbrain/nbagent/check/rabbitmq.yaml command to open
the RabbitMQ Plugin config file.
2) Set the ssl value to true and save the changes. For how to modify the configuration
file, see Editing a File with VI Editor for more details.
[root@localhost check]# vi rabbitmq.yaml
init_config:
instances:
- name: default
managementPort: 15672,
checkAvailableIntervalSeconds: 300
ssl: true
collectQueues:
equal: []
startWith:
['FullTextSearch','TaskManager','event_callback','RMClientCallbac
k','ETL_Task']
endWith: ['IndexDriver']
Certificate /etc/ssl/cert.p Specify the storage path for all the certificates and key files used for SSL authentication.
em
Note: It is required only if UseSSL is enabled.
PrivateKey /etc/ssl/key.pe Specify the name of SSL private key file.
m
Note: It is required only if UseSSL is enabled.
Port 5672 Specify the port number that RabbitMQ service listens to.
LogPath /var/log/rabbit Specify the directory to save logs of RabbitMQ.
mq
3.6. Installing Service Monitor Agent
Select one of the following ways to install the Service Monitor Agent on each NetBrain server, depending on its
operating system:
▪ Installing Service Monitor Agent on Linux
▪ Installing Service Monitor Agent on Windows
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 49
3.6.1.Installing Service Monitor Agent on Linux
Pre-installation Tasks
▪ Service Monitor Agent will be installed with all Linux components and it has dependencies on the third-party
package zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-devel xz-devel tk-devel libffi-devel gcc.
Run the rpm -qa|grep -E "zlib-devel|readline-devel|bzip2-devel|ncurses-devel|gdbm-devel|xz-
devel|tk-devel|libffi-devel|gcc" command to check whether it has been installed on this Linux server. If it
has not been installed yet, you can choose either option below to install the dependencies:
o Online Install: run the yum -y install zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-
devel xz-devel tk-devel libffi-devel gcc command to install it online.
o Offline Install: refer to Offline Installing Third-party Dependencies for more details.
Installing Service Monitor Agent on Linux
1. Log in to the Linux server as the root user.
2. Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
3. Download the installation package.
▪ Option 1: If the Linux server has no access to the Internet, obtain the netbrain-servicemonitoragent-
linux-x86_64-rhel-10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0
directory by using a file transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/netbrain-servicemonitoragent-linux-x86_64-rhel-
10.0.tar.gz command under the /opt/netbraintemp10.0 directory to directly download the netbrain-
servicemonitoragent-linux-x86_64-rhel-10.0.tar.gz file from NetBrain official download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed on the
server.
4. Run the tar -zxvf netbrain-servicemonitoragent-linux-x86_64-rhel-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@localhost netbraintemp10.0]# tar -zxvf netbrain-servicemonitoragent-linux-x86_64-rhel-
10.0.tar.gz
ServiceMonitorAgent/
ServiceMonitorAgent/config/
ServiceMonitorAgent/config/setup.conf
...
50 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
ServiceMonitorAgent/install.sh
...
5. Run the cd ServiceMonitorAgent/config command to navigate to the config directory.
6. Modify the parameters in the setup.conf file located under the config directory according to your environment
and save the changes. For how to modify the configuration file, refer to Editing a File with VI Editor.
[root@localhost config]# vi setup.conf
# IE API Url, for example: http://ie.netbrain.com/ServicesAPI
# Attention please: /ServicesAPI is a fixed suffix
Server_Url=http://10.10.3.141/ServicesAPI
# Authentication Key to be used to communicate with Web API server.
# Note: please ensure this key must be the same as the API key created on Web API server.
Server_Key=Admin1.#
# LogPath is used to store log files for Servicemonitor.
# This directory must be at least a second level directory and used exclusively for this
purpose.
LogPath=/var/log/nbagent
# Whether to enable verifying Certificate Authority (CA): By default, it is disabled.
yes indicates enabled; no indicates disabled.
# Note: To enable the verifying CA, it is needed to change configuration of the Web Server.
CA_Verify=no
# CertAuth specifies the CA file source path. Below CA file will be copied to folder
/etc/ssl/netbrain/nbagent
CertAuth=/etc/ssl/cacert.pem
7. Run the cd .. command to navigate to the ServiceMonitorAgent directory.
8. Run the ./install.sh script under the ServiceMonitorAgent directory to install the Service Monitor Agent.
1) Read the License Agreement, and type YES.
2) Type I ACCEPT to accept the License Agreement. The script starts to install Service Monitor Agent.
[root@localhost ServiceMonitorAgent]# ./install.sh
Please read the End User License Agreement (“EULA”) for the license type (perpetual or
subscription) purchased in the order form at
https://www.netbraintech.com/legal-tc/ carefully. I have read the subscription EULA, if I have
purchased a subscription license, or the
perpetual EULA, if I have purchased a perpetual license, at the link provided above. Please type
“YES” if you have read the applicable EULA
and understand its contents, or “NO” if you have not read the applicable EULA. [YES/NO]: YES
Do you accept the terms in the subscription EULA, if you have purchased a subscription license,
or the perpetual EULA, if you have purchased
a perpetual license? If you accept, and to continue with the installation, please type "I
Accept" to continue. If you do not accept, and to quit
the installation script, please type "CANCEL" to stop. [I ACCEPT/CANCEL]: I ACCEPT
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 51
Preprocessing SUCCEEDED
Starting to install Service Monitor Agent ...
Starting to system checking...
Collecting system information...
...
Collecting system information SUCCEEDED.
System checking SUCCEEDED.
Starting to configuration parameters checking...
Configuration parameters checking SUCCEEDED.
Start dependencies checking...
Dependencies checking SUCCEEDED.
...
Obtaining file:///usr/share/nbagent
Installing collected packages: agent
Running setup.py develop for agent
Successfully installed agent
You are using pip version 18.1, however version 19.0.3 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Configuration parameters updating SUCCEEDED.
Starting to permission assigning...
Permission assigning SUCCEEDED.
Starting to deamon setting...
Deamon setting SUCCEEDED.
...
Successfully installed Service Monitor Agent. Service is running.
INFO: Backing up uninstall.sh SUCCEEDED
INFO: Successfully installed Service Monitor Agent.
9. Run the systemctl status netbrainagent command to verify whether its service starts successfully.
[root@localhost ~]# systemctl status netbrainagent
netbrainagent.service - NetBrain Service Monitor Agent Daemon
Loaded: loaded (/usr/lib/systemd/system/netbrainagent.service; enabled; vendor preset:
disabled)
Active: active (running) since Sat 2019-05-04 23:19:09 EDT; 5min ago
Main PID: 4520 (python3)
Memory: 73.5M
...
10. (Only required if you have configured DNS connection when installing
MongoDB/Elasticsearch/Redis/RabbitMQ). To make the Server Monitor Agent can still detect and monitor its
service, add the customized port number to the corresponding configuration file.
Server Name File Name
MongoDB mongodb.yaml
Elasticsearch elasticsearch.yaml
RabbitMQ rabbitmq.yaml
Redis redis.yaml
redis-sentinel.yaml
52 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Server Name File Name
Front Server fs.yaml
License Agent license.yaml
Example: If you use FQDN during MongoDB installation, do the following:
1) Run the cd /etc/netbrain/nbagent/checks command to navigate to the checks directory.
2) Add the following DNS info to the mongodb.yaml file, and save the changes. For how to modify the file,
refer to Editing a File with VI Editor.
Note: Follow the text format in the example strictly, including alignment, punctuations, and spaces.
init_config:
instances:
- name: default
dns: mongo2.cloud.netbraintech.com
Example: If you installed multiple MongoDB instances on one server with different ports and service names
(e.g,, instance 1 with service name mongod and port 27017; instance 2 with service name mongod2 and port
27018), do the following:
1) Run the cd /etc/netbrain/nbagent/checks command to navigate to the checks directory.
2) Add the customized port number to the mongodb.yaml file, and save the changes. For how to modify the
file, refer to Editing a File with VI Editor.
Note: Follow the text format in the example strictly, including alignment, punctuations, and spaces.
Note: Parameter name refers to the MongoDB service name.
init_config:
instances:
- name: mongod
port: 27017
- name: mongod2
port: 27018
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 53
Parameters
Parameter Default Value Description
Server_Url http://localhost/ServicesA The URL used to call the Web API service, http://<IP address of NetBrain Web
PI
API Server>/ServicesAPI. For example, http://10.10.3.141/ServicesAPI.
Note: If SSL will be enabled with https binding created for the system website
in IIS Manager, type https in the URL. Besides, if CA_Verify is enabled,
hostname must be specified in the URL.
Server_Key Admin1.# The key used to authenticate the connections to your NetBrain Web API Server.
Note: The Server_Key must be kept consistent with the key configured when
you installed Web API Server.
LogPath /var/log/netbrain/nbagent The storage path for the log files of the Service Monitor Agent.
Note: At least 10GB free disk space is required.
CA_Verify no Set whether to authenticate the Certificate Authority (CA) of the certificates,
which are used to enable SSL for the system website in IIS Manager.
Note: It is required only if https is used in Server_Url.
CertAuth /etc/ssl/cacert.pem The storage path and file name of the root or class 2 CA file used for CA
authentication.
Note: It is required only if CA_Verify is enabled. Only the CA file in the Base-64
encoded X.509 (.CER) format is supported.
3.6.2.Installing Service Monitor Agent on Windows
Complete the following steps with administrative privileges.
1. Download the netbrain-servicemonitoragent-windows-x86_64-10.0.zip file from
http://download.netbraintech.com/netbrain-servicemonitoragent-windows-x86_64-10.0.zip and save it in your
local folder.
2. Extract installation files from the netbrain-servicemonitoragent-windows-x86_64-10.0.zip file.
3. Right-click the netbrain-servicemonitoragent-windows-x86_64-10.0.exe file, and then select Run as
administrator to start the Installation Wizard.
1) On the Welcome page, click Next.
2) On the System Configuration page, review the system configuration summary and click Next.
54 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
3) On the License Agreement page, read the license agreements, select the I have read the subscription
EULA… check box and then click I ACCEPT.
4) On the Customer Information page, enter your company name, and then click Next.
5) On the Destination Location page, click Next to install the Service Monitor Agent under the default path
C:\Program Files\NetBrain\. If you want to install it under another location, click Change.
6) On the Web API Server Configuration page, enter the following information to connect to your NetBrain
Web API Server, and then click Next.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 55
▪ API URL — the URL used to call the Web API service, http://<IP address of NetBrain Web API
Server>/ServicesAPI. For example, http://10.10.3.141/ServicesAPI.
Note: If SSL is enabled with https binding created for the system website in IIS Manager, use https in the URL.
Besides, if you want to authenticate the Certificate Authority of the SSL certificate used by the system website (to
be completed in the next step), the hostname must be specified in the URL.
▪ API Key — the key used to authenticate the connections to Web API Server.
Note: The API Key must be kept consistent with the API Key configured when you install Web API Server.
7) This step is required only if https is used in API URL. Configure whether to authenticate the Certificate
Authority (CA) of the certificates used to enable SSL for NetBrain website in IIS Manager, and then click
Next.
To authenticate CA:
a) Select the Conduct Certificate Authority verification check box.
b) Click Browse to import the CA certificate file, for example, ca.pem.
Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.
8) Review the summary of the installation information and click Install.
▪ Ensure the NetBrain installation process using administrator account has the necessary permissions to
modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges. Otherwise,
56 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
the following error message will prompt when installing each Windows component.
▪ Click ‘Yes’ to continue with installation/upgrade process and NetBrain service will be configured to run
as Local System. If you have security concerns, please click ‘No’ to abort the installation/upgrade.
Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this is
an acceptable risk in accordance with your SysAdmin policies.
Note: After clicking ‘No’, please check with your system administration team to enable the relevant permissions,
uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need any assistance
during the process.
4. After NetBrain Service Monitor Agent is successfully installed, click Finish to complete the installation process
and exit the Installation Wizard.
Tip: After the installation is completed, you can open the Task Manager and navigate to the Services panel to check
whether NetBrainAgent is running.
5. If you changed the default port number when installing a NetBrain server, you must add the customized port
number to its corresponding configuration file so that the Server Monitor can detect and monitor its service.
See Configuration Files for Port Information for more details.
Configuration Files for Port Information
The Service Monitor Agent checks the following configuration files for the customized port or service name
information about NetBrain servers installed on Windows.
Server Name File Name
Front Server fs.yaml
postgresql.yaml
Front Server Controller fsc.yaml
Web API Server iis.yaml
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 57
Server Name File Name
Task Engine taskengine.yaml
Worker Server workerserver.yaml
Example: If you configured a port number 5662 during Task Engine installation, do the following:
1. Navigate to the C:\ProgramData\Netbrain\nbagent\checks directory.
Tip: The ProgramData folder is hidden usually. You can copy and paste the directory to navigate to the checks folder
directly.
2. Open the taskengine.yaml file with a text editor to modify it.
Note: Follow the text format in the example strictly, including alignment, punctuations, and spaces.
init_config:
instances:
- name: default
port: 5662
3.7. Installing Web/Web API Servers
Multiple Web/Web API Servers can be installed and load-balanced under your load-balancing infrastructure. You
can repeat the installation steps to install Web Servers paired with Web API Servers per data center location to
reduce the response time for accessing web pages of Thin Clients.
Note: Don’t install multiple Web/Web API Servers at the same time; install them one after another on separate machines.
Otherwise, it will cause the database initialization failure
Note: Service Monitor Agent needs to be installed prior to installing Web/Web API Server. Refer to Installing Service
Monitor Agent on Windows for more detailed steps.
Note: Web/Web API Servers are integrated into one installation package with Worker Server. It is highly recommended to
install Worker Server on a standalone machine after the installation of Web/Web API Server. See Installing Worker Server
on Windows for more details.
Note: It is highly recommended that the extended memory of your machine is larger than 16GB.
58 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Note: Before the installation, the Existing Internet Information Services (IIS) must be removed, and the FIPS setting must
be disabled by modifying the Enabled value to 0 under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy directory of Windows registry.
Complete the following steps to install Web API Server and Web Server on the same machine with administrative
privileges.
1. Download the netbrain-ie-windows-x86_64-10.0.zip file from http://download.netbraintech.com/netbrain-ie-
windows-x86_64-10.0.zip and save it in your local folder.
2. Extract installation files from the netbrain-ie-windows-x86_64-10.0.zip file.
3. Right-click the netbrain-ie-windows-x86_64-10.0.exe file, and then select Run as administrator to start the
Installation Wizard.
4. Follow the Installation Wizard to complete the installation step by step:
1) .NET Framework 4.8 must be pre-installed on this machine before you install the Application Server. The
Installation Wizard will automatically check this dependency. If it has not been installed, the wizard will
guide you through the installation as follows; it has been installed, the wizard will directly go to step 2).
Note: Make sure the Windows update is of the latest. For Windows Server 2012, you might be asked to install some
software patches before the .NET Framework 4.8 installation can start.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 59
a) Click Install.
b) Read the license agreement of Microsoft .NET Framework 4.8, select the I agree to the license terms
and conditions check box and click Install. It might take a few minutes for the installation to be
completed.
Note: Some running applications must be closed during the installation of .NET Framework 4.8, such as Server
Manager.
60 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
c) You must click Restart Now to restart the machine immediately. Otherwise, the upgrade will fail due to
the failure of upgrading the new .Net Framework. After the machine reboots, continue with step 2).
Note: The interface above may not appear if the .NET Framework has never been installed on the server. In
such case, it is still highly recommended to reboot the server after the installation of the .NET Framework
completes.
Note: Ensure the FIPS is disabled after restarting the machine. To disable the FIPS setting, modify the Enabled
value to 0 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
directory of Windows registry
2) On the Welcome page, click Next.
3) On the NetBrain Integrated Edition Prerequisites page, read the components that must be set up in your
environment beforehand and click Next.
4) On the System Configuration page, review the system configuration summary and click Next.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 61
5) On the License Agreement page, read the license agreements, select the I have read the subscription
EULA… check box and then click I ACCEPT.
6) On the Customer Information page, enter your company name, and then click Next.
7) On the Destination Location page, click Next to install the Web Server and Web API Server under the
default directory C:\Program Files\NetBrain\. If you want to install them under another location, click
Change.
8) Select both the Web API Service and Web Server check boxes, and then click Next.
62 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
9) On the MongoDB Server Connection page, enter the following information to connect to MongoDB and
then click Next.
▪ Address — enter the IP address or resolvable FQDN of MongoDB and the corresponding port number.
By default, the port number is 27017.
Tip: If you set up a MongoDB Replica Set, enter the IP address (or resolvable FQDN) and port number of the
primary server, secondary server, and arbiter server in order in three lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the username that you created when installing MongoDB.
▪ Password — enter the password that you created when installing MongoDB.
▪ Replica Set Name — enter the replica set name of MongoDB. By default, it is rs.
▪ Use SSL — used to encrypt the connections to MongoDB with SSL. If SSL is enabled on MongoDB, select
this check box; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 63
10) On the License Agent Server Information page, enter the following information to connect to License
Agent, and then click Next.
▪ License Agent port — the port number that the service of License Agent Server listens to. By default, it
is 27654.
▪ Use SSL — used to encrypt the connections to License Agent Server with SSL. If SSL is enabled on License
Agent Server, select it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
11) On the Elasticsearch Connection page, enter the following information to connect to Elasticsearch, and
then click Next.
▪ Address — enter the IP address or resolvable FQDN of Elasticsearch and the corresponding port
number. For example, 10.10.3.142:9200.
Note: If a proxy server is configured on this machine to access the Internet, you must add the IP address and
port number of Elasticsearch into the proxy exception list of the web browser, to ensure this NetBrain server can
communicate with Elasticsearch.
64 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Tip: If you set up an Elasticsearch Cluster, enter the IP address (or resolvable FQDN) and port number of the two
normal nodes and one master-eligible-only node in order in three lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the username that you created when installing Elasticsearch.
▪ Password — enter the password that you created when installing Elasticsearch.
▪ Use SSL — used to encrypt the connections to Elasticsearch with SSL. If SSL is enabled on Elasticsearch,
select it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
12) On the RabbitMQ Connection page, enter the following information to connect to RabbitMQ, and then click
Next.
▪ Address — enter the IP address or resolvable FQDN of RabbitMQ.
Tip: If you set up a RabbitMQ Cluster, enter the IP address or resolvable FQDN of each member in order in three
lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the admin username that you created when installing RabbitMQ.
▪ Password — enter the admin password corresponding to the username that you created when installing
RabbitMQ.
▪ Port Number — enter the port number used by RabbitMQ to communicate with Web API Server, Worker
Server, and Task Engine. By default, it is 5672.
▪ Use SSL — used to encrypt the connections to RabbitMQ with SSL. If SSL is enabled on RabbitMQ, select
it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 65
13) On the Redis Connection page. enter the following information to connect to Redis by selecting the Redis
Sentinels mode, and then click Next.
▪ Sentinel Address — enter the IP address of Sentinel.
Note: If you set up a Redis Cluster, enter the IP address of each member in order in three lines by pressing the
Ctrl + Enter keys. Don't use FQDN or hostnames to connect to Master Redis Server.
▪ Password — enter the admin password that you created when installing Redis.
▪ Use SSL — used to encrypt the connections to Redis with SSL. If SSL is enabled on Redis, select it;
otherwise, leave it unchecked.
▪ Sentinel Port — enter the port number used by Redis cluster to communicate with Web API Server,
Worker Server, and Front Server Controller. By default, it is 6380 (Required only if the Use SSL check box
is selected when configuring the connections to MongoDB, License Agent, Elasticsearch, RabbitMQ, or
Redis.) Configure whether to authenticate the Certificate Authority (CA) of the SSL certificates used on
these servers, and then click Next.
To authenticate CA:
a) Select the Conduct Certificate Authority verification check box.
66 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
b) If the CA has not been installed on this machine, click Browse to import the CA certificate file, for
example, ca.pem.
Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.
Note: The following conditions must be met for the CA certificate file:
- The CA certificate must contain CRL Distribution Points property with valid CRL HTTP distribution point URL. (CRL
stands for Certificate Revocation List.)
- The CRL Distribution Points URL must be accessible to Web Server/Worker Server.
- Internet access must be ensured if the certificate is signed by third-party CA.
14) On the KeyVault Administration Passphrase Settings page, create a passphrase to initialize and manage
the system KeyVault which contains all encryption keys to protect data security. Type it twice and select the
Enable Resetting KVAP check box to enable the KVAP resetting. Click Next.
Tip: The passphrase must contain at least one uppercase letter, one lowercase letter, one number, and one special
character, and the minimum permissible length is 8 characters. All special characters except for the quotation mark
(") are allowed.
Note: Keep notes of the passphrase because it is required when you scale up or upgrade the Application Server. In
case of losing the passphrase, keep the Enable Resetting KVAP check box selected so that NetBrain system admin
can reset the passphrase at any time.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 67
15) On the Web API Server Configuration page, create an API key for Web API Server to verify the connection
request from Service Monitor Agent. Type it twice and click Next.
Note: This API Key must be consistent with the one entered during installing Service Monitor Agent before.
16) On the Auto Update Server page, configure the listen address and listen port.
▪ Use SSL between Auto Update Server and Client — used to encrypt the connections between Auto
Update Server and Client with SSL. Otherwise, leave it unchecked.
o Certicate — required only if Use SSL... is selected. Click Browse to select the certificate file
containing the public key. For example, cert.pem.
o Private Key — required only if Use SSL... is selected. Click Browse to select the private key file. For
example, key.pem.
Note: The Listen Address must be the local server’s IP address which can be reached from other NetBrain servers
including Front Server.
17) Review the summary of the installation settings and click Install.
68 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Ensure the NetBrain installation process using administrator account has the necessary permissions to
modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges. Otherwise,
the following error message will prompt when installing each Windows component.
▪ Click ‘Yes’ to continue with installation/upgrade process and NetBrain service will be configured to run
as Local System. If you have security concerns, please click ‘No’ to abort the installation/upgrade.
Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this is
an acceptable risk in accordance with your SysAdmin policies.
Note: After clicking ‘No’, please check with your system administration team to enable the relevant permissions,
uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need any assistance
during the process.
5. After successfully installing the Web Server and Web API Server, click Finish to complete the installation
process and exit the Installation Wizard.
6. Open the IIS Manager to check that the Default Web Site and ServicesAPI under the Sites exist.
7. Open the Task Manager to check that the NetBrainKCProxy service is running.
Tip: To have the required configurations auto-populated during the installation of other system components, you can
copy the netbrain,ini file from the C:\NBIEInstall of this machine directly to the C:\NBIEInstall drive of the machines
where Worker Server, Task Engine, and Front Server Controller will be installed.
3.8. Installing Worker Servers
Depending on your network scale, you can deploy either a standalone Worker Server or multiple for load
balancing.
Note: Service Monitor Agent needs to be installed prior to installing Worker Server. Refer to Installing Service Monitor
Agent on Windows for more detailed steps.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 69
Note: Worker Server is integrated into one installation package with Web/Web API Servers. It is highly recommended to
install Worker Server on a standalone machine after the installation of Web/Web API Server.
Note: Don’t install multiple Worker Servers at the same time and don’t install Worker Server and Web API Server at the
same time, either; install them one after another on separate machines. Otherwise, it will cause the database
initialization failure.
Note: It is highly recommended that the extended memory of your machine is larger than 16GB.
Complete the following steps with administrative privileges.
1. Download the netbrain-ie-windows-x86_64-10.0.zip file from http://download.netbraintech.com/netbrain-ie-
windows-x86_64-10.0.zip and save it in your local folder.
2. Extract installation files from the netbrain-ie-windows-x86_64-10.0.zip file.
3. Right-click the netbrain-ie-windows-x86_64-10.0.exe file, and then select Run as administrator to launch the
Installation Wizard.
4. Follow the Installation Wizard to complete the installation step by step:
1) .NET Framework 4.8 must be pre-installed on this machine before you install the Application Server. The
Installation Wizard will automatically check this dependency. If it has not been installed, the wizard will
guide you through the installation as follows; it has been installed, the wizard will directly go to step 2).
Note: Make sure the Windows update is of the latest. For Windows Server 2012, you might be asked to install some
software patches before the .NET Framework 4.8 installation can start.
a) Click Install.
b) Read the license agreement of Microsoft .NET Framework 4.8, select the I agree to the license terms
and conditions check box and click Install. It might take a few minutes for the installation to be
70 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
completed.
Note: Some running applications must be closed during the installation of .NET Framework 4.8, such as Server
Manager.
c) You must click Restart Now to restart the machine immediately. Otherwise, the upgrade will fail due to
the failure of upgrading the new .Net Framework. After the machine reboots, continue with step 2).
Note: The interface above may not appear if the .NET Framework has never been installed on the server. In
such case, it is still highly recommended to reboot the server after the installation of the .NET Framework
completes.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 71
Note: Ensure the FIPS is disabled after restarting the machine. To disable the FIPS setting, modify the Enabled
value to 0 under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
directory of Windows registry
2) On the Welcome page, click Next.
3) On the NetBrain Integrated Edition Prerequisites page, view the Linux components that must be deployed
beforehand in your environment and click Next.
4) On the System Configuration page, review the system configuration summary and click Next.
5) On the License Agreement page, read the license agreements, select the I have read the subscription
EULA… check box and then click I ACCEPT.
6) On the Customer Information page, enter your company name, and then click Next.
7) Click Next to install the Worker Server under the default directory C:\Program Files\NetBrain\. If you
want to install it under another location, click Change.
72 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
8) Select the Worker Server check box, and then click Next.
9) On the MongoDB Server Connection page, enter the following information to connect to MongoDB and
then click Next.
▪ Address — enter the IP address or resolvable FQDN of MongoDB and the corresponding port number.
By default, the port number is 27017.
Tip: If you set up a MongoDB Replica Set, enter the IP address (or resolvable FQDN) and port number of the
primary server, secondary server, and arbiter server in order in three lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the username that you created when installing MongoDB.
▪ Password — enter the password that you created when installing MongoDB.
▪ Replica Set Name — enter the replica set name of MongoDB. By default, it is rs.
▪ Use SSL — used to encrypt the connections to MongoDB with SSL. If SSL is enabled on MongoDB, select
this check box; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 73
10) On the Elasticsearch Connection page, enter the following information to connect to Elasticsearch, and
then click Next.
▪ Address — enter the IP address or resolvable FQDN of Elasticsearch and the corresponding port
number. For example, 10.10.3.142:9200.
Note: If a proxy server is configured on this machine to access the Internet, you must add the IP address and
port number of Elasticsearch into the proxy exception list of the web browser, to ensure this NetBrain server can
communicate with Elasticsearch.
Tip: If you set up an Elasticsearch Cluster, enter the IP address (or resolvable FQDN) and port number of the two
normal nodes and one master-eligible-only node in order in three lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the username that you created when installing Elasticsearch.
▪ Password — enter the password that you created when installing Elasticsearch.
▪ Use SSL — used to encrypt the connections to Elasticsearch with SSL. If SSL is enabled on Elasticsearch,
select it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
74 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
11) On the RabbitMQ Connection page, enter the following information to connect to RabbitMQ, and then click
Next.
▪ Address — enter the IP address or resolvable FQDN of RabbitMQ.
Tip: If you set up a RabbitMQ Cluster, enter the IP address or resolvable FQDN of each member in order in three
lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the admin username that you created when installing RabbitMQ.
▪ Password — enter the admin password corresponding to the username that you created when installing
RabbitMQ.
▪ Port Number — enter the port number used by RabbitMQ to communicate with Web API Server, Worker
Server, and Task Engine. By default, it is 5672.
▪ Use SSL — used to encrypt the connections to RabbitMQ with SSL. If SSL is enabled on RabbitMQ, select
it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 75
12) On the Redis Connection page, enter the following information to connect to Redis by selecting the Redis
Sentinels mode, and then click Next.
▪ Sentinel Address — enter the IP address of Sentinel.
Note: If you set up a Redis Cluster, enter the IP address of each member in order in three lines by pressing the
Ctrl + Enter keys. Don't use FQDN or hostnames to connect to Master Redis Server.
▪ Password — enter the admin password that you created when installing Redis.
▪ Use SSL — used to encrypt the connections to Redis with SSL. If SSL is enabled on Redis, select it;
otherwise, leave it unchecked.
▪ Sentinel Port — enter the port number used by Redis cluster to communicate with Web API Server,
Worker Server, and Front Server Controller. By default, it is 6380(Required only if the Use SSL check box
is selected when configuring the connections to MongoDB, License Agent, Elasticsearch, RabbitMQ, or
Redis.) Configure whether to authenticate Certificate Authority (CA) of the SSL certificates used on these
servers, and then click Next.
To authenticate CA:
a) Select the Conduct Certificate Authority verification check box.
76 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
b) If the CA has not been installed on this machine, click Browse to import the CA certificate file, for
example, ca.pem.
Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.
Note: The following conditions must be met for the CA certificate file:
- The CA certificate must contain CRL Distribution Points property with valid CRL HTTP distribution point URL. (CRL
stands for Certificate Revocation List.)
- The CRL Distribution Points URL must be accessible to Web Server/Worker Server.
- Internet access must be ensured if the certificate is signed by third-party CA.
14) On the KeyVault Administration Passphrase Settings page, enter the passphrase that you created when
installing Web API Server twice and select the Enable Resetting KVAP check box to enable the KVAP
resetting. Click Next.
15) Review the summary of the installation information and click Install.
▪ Ensure the NetBrain installation process using administrator account has the necessary permissions to
modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges. Otherwise,
the following error message will prompt when installing each Windows component.
▪ Click ‘Yes’ to continue with installation/upgrade process and NetBrain service will be configured to run
as Local System. If you have security concerns, please click ‘No’ to abort the installation/upgrade.
Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this is
an acceptable risk in accordance with your SysAdmin policies.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 77
Note: After clicking ‘No’, please check with your system administration team to enable the relevant permissions,
uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need any assistance
during the process.
5. After successfully installing the Worker Server on your machine , click Finish to complete the installation
process and exit the Installation Wizard.
6. Open the Task Manager and navigate to the Services panel to check that the NetBrainWorkerServer service is
running.
7. If you have a large number of network tasks to be executed, you can deploy a Worker Server Cluster for load
balancing by repeating the above installation steps on separate machines.
Note: Make sure all cluster members have the same configurations for MongoDB, License Agent, Elasticsearch,
RabbitMQ, and Redis. And your network configurations allow communications among them.
Verifying Worker Server Cluster
After deploying Worker Server cluster, you can log in to the RabbitMQ Management page to browse all cluster
nodes.
1. In your web browser, navigate to http(s)://<IP address of RabbitMQ>:port_number. For example,
http://10.10.3.142:15672. 15672 is the default port number for the RabbitMQ Management Plugin.
2. Enter the username and password that you created when installing the RabbitMQ, and then click Login.
78 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
3. Select Queues > resource_manager_leader.
4. Click Consumers. You can see two Worker Server nodes are consuming the RabbitMQ resources.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 79
3.9. Installing Task Engines
Note: Service Monitor Agent needs to be installed prior to installing Task Engine. Refer to Installing Service Monitor Agent
on Windows for more detailed steps.
Depending on your network scale, you can deploy either a standalone Task Engine, or two for high availability.
Complete the following steps with administrative privileges.
1. Download the netbrain-taskengine-windows-x86_64-10.0.zip file from
http://download.netbraintech.com/netbrain-taskengine-windows-x86_64-10.0.zip and save it in your local
folder.
2. Extract installation files from the netbrain-taskengine-windows-x86_64-10.0.zip file.
3. Right-click the netbrain-taskengine-windows-x86_64-10.0.exe file, and then select Run as administrator to
start the Installation Wizard.
1) On the Welcome page, click Next.
2) On the NetBrain Task Engine Prerequisites page, view the components that must be deployed beforehand
in your environment and click Next.
3) On the System Configuration page, review the system configuration summary and click Next.
80 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
4) On the License Agreement page, read the license agreements, select the I have read the subscription
EULA… check box and then click I ACCEPT.
5) On the Customer Information page, enter your company name, and then click Next.
6) On the Destination Location page, click Next to install the Task Engine under the default directory
C:\Program Files\NetBrain\. If you want to install it under another location, click Change.
7) On the High Availability page, to set up a Task Engine Cluster, select the Enable High Availability check
box.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 81
8) On the MongoDB Server Connection page, enter the following information to connect to the MongoDB, and
then click Next.
▪ Address — enter the IP address or resolvable FQDN of MongoDB and the corresponding port number.
By default, the port number is 27017.
Tip: If you set up a MongoDB Replica Set, enter the IP address (or resolvable FQDN) and port number of the
primary server, secondary server, and arbiter server in order in three lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the username that you created when installing MongoDB.
▪ Password — enter the password that you created when installing MongoDB.
▪ Replica Set Name — enter the replica set name of MongoDB. By default, it is rs.
▪ Use SSL — used to encrypt the connections to MongoDB with SSL. If SSL is enabled on MongoDB, select
this check box; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
9) On the RabbitMQ Connection page, enter the following information to connect to RabbitMQ, and then click
Next.
82 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Address — enter the IP address or resolvable FQDN of RabbitMQ.
Tip: If you set up a RabbitMQ Cluster, enter the IP address or resolvable FQDN of each member in order in three
lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the admin username that you created when installing RabbitMQ.
▪ Password — enter the admin password corresponding to the username that you created when installing
RabbitMQ.
▪ Port Number — enter the port number used by RabbitMQ to communicate with Web API Server, Worker
Server, and Task Engine. By default, it is 5672.
▪ Use SSL — used to encrypt the connections to RabbitMQ with SSL. If SSL is enabled on RabbitMQ, select
it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
10) (Required only if the Use SSL check box is selected when configuring the connections to MongoDB or
RabbitMQ.) On the Certificate Configuration page, configure whether to authenticate the CA of SSL
certificates used on MongoDB or RabbitMQ, and then click Next.
To authenticate CA:
a) Select the Conduct Certificate Authority verification check box.
b) If the CA has not been installed on this machine, click Browse to import the CA certificate file, for
example, ca.pem.
Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.
Note: The following conditions must be met for the CA certificate file:
- The CA certificate must contain CRL Distribution Points property with valid CRL HTTP distribution point URL. (CRL
stands for Certificate Revocation List.)
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 83
- The CRL Distribution Points URL must be accessible to Web Server/Worker Server.
- Internet access must be ensured if the certificate is signed by third-party CA.
11) Review the summary of the installation information and then click Install.
4. After successfully installing the Task Engine, click Finish to complete the installation process and exit the
Installation Wizard.
5. Open the Task Manager and navigate to the Services panel to check that the NetBrainTaskEngine service is
running.
6. For high availability, you can install one more Task Engine on another machine by repeating the above
installation steps.
Note: Make sure that each Task Engine has the same configurations for Worker Server, MongoDB, and RabbitMQ. And
your network configurations allow communications among them.
Verifying Configurations of Task Engine Cluster
After configuring the cluster, you can log in to the RabbitMQ Management page to browse all cluster nodes.
1. In your web browser, navigate to http(s)://<IP address of RabbitMQ>:port_number. For example,
http://10.10.3.142:15672. 15672 is the default port number for the RabbitMQ Management Plugin.
2. Enter the username and password that you created when installing the RabbitMQ, and then click Login.
3. Select Queues > nb_flowengine_leader.
84 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
4. Click Consumers. The Task Engine cluster nodes are listed.
The first one is the active node responsible for active operation management. The other one is the standby node.
3.10. Installing Front Server Controllers
Note: Service Monitor Agent needs to be installed prior to installing Front Server Controller. Refer to Installing Service
Monitor Agent on Windows for more detailed steps.
Complete the following steps with administrative privileges.
1. Download the netbrain-frontservercontroller-windows-x86_64-10.0.zip file from
http://download.netbraintech.com/netbrain-frontservercontroller-windows-x86_64-10.0.zip and save it in your
local folder.
2. Extract installation files from the netbrain-frontservercontroller-windows-x86_64-10.0.zip file.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 85
3. Right-click the netbrain-frontservercontroller-windows-x86_64-10.0.exe file, and then select Run as
administrator to start the Installation Wizard.
1) On the Welcome page, click Next.
2) On the System Configuration page, review the system configuration summary and click Next.
3) On the License Agreement page, read the license agreements, select the I have read the subscription
EULA… check box and then click I ACCEPT.
4) On the Customer Information page, enter your company name, and then click Next.
5) On the Destination Location page, click Next to install the Front Server Controller under the default
directory C:\Program Files\NetBrain\. If you want to install it under another location, click Change.
6) On the Local Configuration page, configure the following information, and then click Next.
▪ Front Server Controller Name — create a name for the controller to authenticate the connections
established from Worker Server and Front Server.
Note: This field cannot contain any of the special characters: \ / : * ? ” < > | . $
Note: Keep notes of Front Server Controller Name as well as Port, Username, and Password because they are
required when you allocate tenants to Front Server Controller and register a Front Server.
86 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Port — specify the port number used for the connections from Worker Server and Front Server. By
default, it is 9095.
▪ Username — create a username to authenticate the connections established from Worker Server and
Front Server.
▪ Password — create a password to authenticate the connections established from Worker Server and
Front Server.
7) On the Local SSL Configuration page, configure whether to enable SSL on Front Server Controller, and then
click Next.
▪ Enable SSL — used to encrypt the connections established from Worker Server and Front Server with
SSL. For detailed requirements of SSL certificates and keys, refer to SSL Certificate Requirements.
o Certificate — required only if Enable SSL is selected. Click Browse to select the certificate file
containing the public key. For example, cert.pem.
o Private Key — required only if Enable SSL is selected. Click Browse to select the private key file. For
example, key.pem.
8) On the MongoDB Configuration page, enter the following information to connect to MongoDB and then
click Next.
▪ Address — enter the IP address or resolvable FQDN of MongoDB and the corresponding port number.
By default, the port number is 27017.
Tip: If you set up a MongoDB Replica Set, enter the IP address (or resolvable FQDN) and port number of the
primary server, secondary server, and arbiter server in order in three lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the username that you created when installing MongoDB.
▪ Password — enter the password that you created when installing MongoDB.
▪ Replica Set Name — enter the replica set name of MongoDB. By default, it is rs.
▪ Use SSL — used to encrypt the connections to MongoDB with SSL. If SSL is enabled on MongoDB, select
this check box; otherwise, leave it unchecked.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 87
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
9) On the RabbitMQ Connection page, enter the following information to connect RabbitMQ, and then click
Next.
▪ Address — enter the IP address or resolvable FQDN of RabbitMQ.
Tip: If you set up a RabbitMQ Cluster, enter the IP address or resolvable FQDN of each member in order in three
lines by pressing the Ctrl + Enter keys.
▪ User Name — enter the admin username that you created when installing RabbitMQ.
▪ Password — enter the admin password corresponding to the username that you created when installing
RabbitMQ.
▪ Port Number — enter the port number used by RabbitMQ to communicate with Web API Server, Worker
Server, and Task Engine. By default, it is 5672.
▪ Use SSL — used to encrypt the connections to RabbitMQ with SSL. If SSL is enabled on RabbitMQ, select
it; otherwise, leave it unchecked.
▪ Validation Timeout (seconds) — it is used to set the connection timeout threshold (in second) to
validate the connection to the dependent server. This will not affect the application running timeout
value.
88 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
10) On the Redis Connection page, enter the following information to connect to Redis by selecting the Redis
Sentinels mode, and then click Next.
▪ Sentinel Address — enter the IP address of Sentinel.
Note: If you set up a Redis Cluster, enter the IP address of each member in order in three lines by pressing the
Ctrl + Enter keys. Don't use FQDN or hostnames to connect to Master Redis Server.
▪ Password — enter the admin password that you created when installing Redis.
▪ Use SSL — used to encrypt the connections to Redis with SSL. If SSL is enabled on Redis, select it;
otherwise, leave it unchecked.
▪ Sentinel Port — enter the port number used by Redis cluster to communicate with Web API Server,
Worker Server, and Front Server Controller. By default, it is 6380(Required only if the Use SSL check box
is selected when configuring the connections to MongoDB, RabbitMQ, or Redis). Configure whether to
authenticate the CA of SSL certificates on these servers, and then click Next.
To authenticate CA:
a) Select the Conduct Certificate Authority verification check box.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 89
b) If the CA has not been installed on this machine, click Browse to import the CA certificate file, for
example, ca.pem.
Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.
Note: The following conditions must be met for the CA certificate file:
- The CA certificate must contain CRL Distribution Points property with valid CRL HTTP distribution point URL. (CRL
stands for Certificate Revocation List.)
- The CRL Distribution Points URL must be accessible to Web Server/Worker Server.
- Internet access must be ensured if the certificate is signed by third-party CA.
12) On the KeyVault Administration Passphrase Settings page, enter the passphrase that you created when
installing Web API Server twice and select the Enable Resetting KVAP check box to enable the KVAP
resetting. Click Next.
13) Review the summary of the installation information and click Install.
▪ Ensure the NetBrain installation process using administrator account has the necessary permissions to
modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges. Otherwise,
the following error message will prompt when installing each Windows component.
▪ Click ‘Yes’ to continue with installation/upgrade process and NetBrain service will be configured to run
as Local System. If you have security concerns, please click ‘No’ to abort the installation/upgrade.
Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this is
an acceptable risk in accordance with your SysAdmin policies.
90 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Note: After clicking ‘No’, please check with your system administration team to enable the relevant permissions,
uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need any assistance
during the process.
4. After successfully installing the Front Server Controller, click Finish to complete the installation process and
exit the Installation Wizard.
5. Open the Task Manager and navigate to the Services panel to check that the NetBrainFrontServerController
service is running.
6. To install one more Front Server Controller for failover, repeat the above steps, and then go to the System
Management page to group the two Front Server Controllers as active/standby nodes.
Tip: The installation log file is saved under the C:\NBIEInstall and named as nbfscinstall. If you encounter any issues
during the installation, check the log file for more details.
3.11. Installing Front Servers
Each Front Server is recommended to manage 5,000 network nodes at most. Depending on your network scale,
you can deploy either a standalone Front Server, or multiple Front Servers for load balancing.
Note: Ports 7778, 7086, and 29916 must be open for internal communications.
Select either of the following ways to install Front Server, depending on your operating system:
▪ Installing Front Server on Linux
▪ Installing Front Server on Windows
3.11.1. Installing Front Server on Linux
Pre-installation Tasks
Service Monitor Agent will be installed with Front Server and it has dependencies on the third-party package zlib-
devel readline-devel bzip2-devel ncurses-devel gdbm-devel xz-devel tk-devel libffi-devel gcc. Run the rpm -
qa|grep -E "zlib-devel|readline-devel|bzip2-devel|ncurses-devel|gdbm-devel|xz-devel|tk-
devel|libffi-devel|gcc" command to check whether it has been installed on this Linux server. If it has not been
installed yet, you can choose either option below to install the dependencies:
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 91
o Online Install: run the yum -y install zlib-devel readline-devel bzip2-devel ncurses-devel gdbm-
devel xz-devel tk-devel libffi-devel gcc command to install it online.
o Offline Install: refer to Offline Installing Third-party Dependencies for more details.
Note: You can also install the Service Monitor Agent separately.
▪ Front Server has dependencies on several third-party packages. Before you install the Front Server, run the rpm
-qa|grep -E "glibc|libstdc++|libuuid|pam" command to check whether these dependencies have been
installed. If they have not been installed yet, you can choose either option below to install the dependencies:
o Online Install: run the yum install -y glibc libstdc++ libuuid pam command to install these third-
party packages online.
o Offline Install: refer to Offline Installing Third-party Dependencies for more details.
Installing Front Server on Linux
1. Log in to the Linux server as the root user.
2. Run the mkdir command to create a directory under the /opt directory to place the Front Server installation
package. For example, netbraintemp10.0.
3. Run the cd /opt/netbraintemp10.0 command to navigate to the /opt/netbraintemp10.0 directory.
4. Download the installation package.
▪ Option 1: If the Linux server has no access to the Internet, obtain the netbrain-frontserver-linux-x86_64-
rhel-10.0.tar.gz file from NetBrain and then upload it to the /opt/netbraintemp10.0 directory by using a
file transfer tool.
▪ Option 2: If the Linux server has access to the Internet, run the
wget http://download.netbraintech.com/netbrain-frontserver-linux-x86_64-rhel-10.0.tar.gz
command under the /opt/netbraintemp10.0 directory to directly download the netbrain-frontserver-
linux-x86_64-rhel-10.0.tar.gz file from NetBrain official download site.
Note: The download link is case-sensitive.
Tip: Run the yum -y install wget command to install the wget command if it has not been installed on the
server.
5. Run the tar -zxvf netbrain-frontserver-linux-x86_64-rhel-10.0.tar.gz command under the
/opt/netbraintemp10.0 directory to extract installation files.
[root@localhost netbraintemp10.0]# tar -zxvf netbrain-frontserver-linux-x86_64-rhel-10.0.tar.gz
FrontServer/
FrontServer/config/
92 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
FrontServer/install.sh
...
6. Run the cd FrontServer/config command to navigate to the config directory.
7. Modify the value of DataPath (based on your enironment) in the setup.conf file located under the config
directory and save the changes. For how to modify the configuration file, refer to Editing a File with VI Editor.
[root@localhost config]# vi setup.conf
#DataPath is used to store data and log files for Front server. This directory must be at least
a second
level directory and used exclusively for this purpose.
#The PostgreSQL port must be between 1025 and 32767.
Port=5432
#Password should not contain: {}[]:",'|<>@&^%\ or a space.
This password is used by front server to connect to PostgreSQL.
Password=Admin1.#
DataPath=/usr/lib/netbrain/frontserver
# To disable the Service Monitor Agent installation, set the 'DisableSM=1'
# The default value of 'DisableSM' is 0 which means Service Monitor Agent
# will be installed with FrontServer if it has not yet been installed.
DisableSM=0
8. Run the cd .. command to navigate to the FrontServer directory and run the ./install.sh script under the
FrontServer directory to install the Front Server.
1) Read the License Agreement, and type YES.
2) Type I ACCEPT to accept the License Agreement. The script starts to install the Front Server.
[root@localhost FrontServer]# ./install.sh
Please read the End User License Agreement (“EULA”) for the license type (perpetual or
subscription)
purchased in the order form at https://www.netbraintech.com/legal-tc/ carefully. I have read
the subscription EULA,
if I have purchased a subscription license, or the perpetual EULA, if I have purchased a
perpetual license,
at the link provided above. Please type “YES” if you have read the applicable EULA and
understand its contents,
or “NO” if you have not read the applicable EULA. [YES/NO]: YES
Do you accept the terms in the subscription EULA, if you have purchased a subscription
license, or the
perpetual EULA, if you have purchased a perpetual license? If you accept, and to continue
with the
installation, please type "I ACCEPT" to continue. If you do not accept, and to quit the
installation
script, please type "CANCEL" to stop. [I ACCEPT/CANCEL]: I ACCEPT
INFO: Starting to check Linux OS info...
INFO: Starting to check required CPU...
INFO: Starting to check minimum memory...
...
INFO: Creating application databases and update PostgreSQL user SUCCEEDED
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 93
INFO: Backing up uninstall.sh SUCCEEDED
INFO: Successfully installed Front Server.
Note: The Front Server service will not be automatically started until the Front Server is added to a tenant and
successfully registered. You cannot register a Front Server immediately until adding the Front Server to a Tenant.
Note: Disk space check will be performed to ensure the requirement of minimum 180G free disk space is met.
Note: If the Service Monitor Agent was not previously installed, you'll need to use the interactive command line to install
it. See Installing MongoDB on Linux for more details.
9. To install more Front Servers for load balancing, repeat the above installation steps on separate machines.
3.11.2. Installing Front Server on Windows
Note: Service Monitor Agent needs to be installed prior to installing Front Server. Refer to Installing Service Monitor Agent
on Windows for more detailed steps.
Complete the following steps with administrative privileges.
1. Download the netbrain-frontserver-windows-x86_64-10.0.zip file by using the download link provided in the
email and save it in your local folder.
2. Extract installation files from the netbrain-frontserver-windows-x86_64-10.0.zip file.
3. Right-click the netbrain-frontserver-windows-x86_64-10.0.exe file, and then select Run as administrator to
start the Installation Wizard.
1) On the Welcome page, click Next.
2) On the System Configuration page, review the system configuration summary and click Next.
94 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
3) On the License Agreement page, read the license agreements, select the I have read the subscription
EULA… check box and then click I ACCEPT.
4) On the Customer Information page, enter your company name, and then click Next.
5) On the Destination Location page, click Next to install the Front Server under the default directory
C:\Program Files\NetBrain\. If you want to install it under another location, click Change.
6) On the Location of PostgreSQL data page, click Next to store the PostgreSQL data to the default directory
C:\Program Files\NetBrain\PostgreData. If you want to restore it under another location, click Change.
Note: Make sure the designated data folder has more than 180GB free space.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 95
7) On the Local Configuration page, set password and port for PostgreSQL database.
8) Review the summary of the current installation settings and click Install.
▪ Ensure the NetBrain installation process using administrator account has the necessary permissions to
modify “User Rights Assignment” in “Local Security Policy” or change the local user privileges. Otherwise,
the following error message will prompt when installing each Windows component.
▪ Click ‘Yes’ to continue with installation/upgrade process and NetBrain service will be configured to run
as Local System. If you have security concerns, please click ‘No’ to abort the installation/upgrade.
Note: Local System accounts have additional privileges that are considered a high risk. Please verify that this is
an acceptable risk in accordance with your SysAdmin policies.
Note: After clicking ‘No’, please check with your system administration team to enable the relevant permissions,
uninstall the affected component(s) and reinstall. Contact NetBrain support team if you need any assistance
during the process.
4. After the Front Server is successfully installed, click Finish to complete the installation process and exit the
Installation Wizard. Close the pop-up registration program.
Note: The Front Server service will not be automatically started until the Front Server is added to a tenant and
successfully registered. See Adding a Front Server to a Tenant and Registering the Front Server for more details.
5. To install more Front Servers for load balancing, repeat the above installation steps on separate machines.
96 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 97
4. Setting Up Your System
Complete the following steps to set up your system:
1. Log in to System Management Page.
2. Activate Your License.
3. Create a Tenant.
4. Create System Users Accounts.
5. Allocate the Tenant to a Front Server Controller.
6. Add a Front Server to the Tenant.
7. Register the Front Server.
8. Configuring Auto Upgrade Settings.
9. Monitor Server and Service Metrics.
Note: The system is designed to work with a minimum screen resolution of 1440x900 pixels. Make sure the
Notifications and Popups are allowed for the Web Server URL in your web browser and zoom it at 100% to get the best
view.
98 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
4.1. Logging in to System Management Page
1. In your web browser, navigate to http(s)://<Hostname or IP address of NetBrain Web Server>/admin.html.
For example, https://10.10.3.141/admin.html or http://10.10.3.141/admin.html.
2. In the login page, enter your username or email address, and password. The initial username/password is
admin/admin.
3. Click Log In.
4. Modify your password first and then complete your user profile in the pop-up dialog, by entering the email
address, first name, and last name, and then click Save.
4.2. Activating a Subscription License
1. In the System Management page, click Activate under the License tab. The activation wizard prompts.
2. Activate your subscription license:
1) Select Activate Subscription License and click Next.
2) Enter the license ID and activation key that you received from NetBrain, with your first name, last name,
and email address.
3) Select the activation method based on your situation.
▪ Online (recommended) — click Activate to connect to NetBrain License Server and validate your license
information immediately.
Note: If your NetBrain Web/Web API Server is not allowed to access the Internet, you can configure a proxy
server. Click the icon at the upper-right corner, select the Use a proxy server to access the internet check
box and enter the required information.
▪ Via Email — validate your license information by sending an email to NetBrain.
Note: Only use this activation method when your NetBrain Web/Web API Server is not allowed to access the
Internet.
a) Follow the instructions to generate your license file. Attach the file to your email and send it to
NetBrain Support Team. After receiving your email, the NetBrain team will fill in the license
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 99
information on NetBrain License Server and generate the corresponding activation file, and then
send it back to you.
b) Click Browse to select the activation file that you received from the NetBrain team, and then click
Activate.
4) A message box will prompt you the subscription license has been activated successfully. Click OK.
3. A confirmation dialog box prompts to ask you whether to generate an initial tenant. Click Yes and the initial
tenant will be created automatically with all purchased nodes assigned.
4.3. Creating a Tenant
In the previous section, an initial tenant is created automatically with assigned nodes.
Note: To make changes of the initial tenant, point to it, then click the icon to select Edit and continue with step 2.
1. In the System Management page, select the Tenants tab and click Add.
2. Configure the following settings for the tenant.
1) Specify the basic information:
▪ Tenant Name — a unique name in the system, which is case-insensitive.
▪ Description (optional) — a brief text to describe the tenant.
2) Specify the following advanced options to customize data storage for better system performance.
Note: These settings are only applicable if you have set up multiple MongoDB replica sets.
a) Expand Advanced options.
b) Select the corresponding check boxes and click Server Settings for configurations, such as IP address,
replica set name, username, and password.
▪ Store tenant data on a different server — by default, all tenant data is stored in the default
MongoDB replica set. If you specify another MongoDB replica set to store the data of this tenant, the
data of all domains created under this tenant will also be stored on it.
▪ Store all live data on a different server — live data is an important part of tenant data, including
device data and data view. By default, all live data is stored on the same MongoDB replica set with
other tenant data.
c) Specify the License Allocation.
100 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Assign required nodes or ports for your network modules.
▪ Specify the Function Modules you can choose to apply to this tenant.
d) Specify the user privilege.
e) Click OK to save the settings.
3) Click OK.
4.4. Creating User Accounts
Tip: To synchronize authenticated user accounts that are managed in third-party user management servers, refer to
Third-Party User Authentication.
To manually create a user account, do the following:
1. In the System Management page, select the User Accounts tab.
2. Click Add at the upper-left corner, and complete the settings. This is an example:
1) Enter basic information. The fields marked with asterisks are mandatory.
2) Assign user rights, including access permissions and user roles. See online help for more details.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 101
Note: For authenticated users account from external servers (LDAP/AD/TACACS+), their roles and privileges can be
locked as follows. After being locked, the roles and privileges will not be synced with any changed settings of
external authentication.
3) Configure the advanced settings if required, including account expiration and privilege to modify/reset
password.
3. Click Submit. The user account will be added to the Existing User List.
4.5. Allocating Tenants to Front Server Controller
1. In the System Management page, select the Front Server Controllers tab, and then click Add Front Server
Controller.
2. In the Add Front Server Controller dialog, configure the settings for the Front Server Controller, and then
allocate tenants to it.
1) Select the deployment mode, and then specify the basic information about the Front Server Controllers.
See FSC Settings for more details.
▪ Standalone — applicable to a single Front Server Controller deployment.
▪ Group — applicable to a failover deployment of Front Server Controller. A meaningful group name is
required to help you identify it.
Note: The group name cannot contain any of the following special characters, and their length cannot exceed
128 characters.
\ : < > | " .
2) Configure the SSL settings. The two controllers share the same SSL settings. It is invalid if one controller
uses SSL, and the other one does not use SSL.
a) If SSL is enabled on both Front Server Controllers, select the Use SSL check box to encrypt the
connections established from the Worker Server and Front Server with SSL. Otherwise, leave it
unchecked.
102 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
b) To authenticate the Certificate Authority (CA) certificate on the Front Server Controllers, select the
Conduct Certificate Authority verification check box.
c) If CA has not been installed on the Worker Server and Task Engine, click Browse to upload the CA file,
for example, ca.pem.
Note: Only certificates in the Base-64 encoded X.509 PEM format are supported.
3) Click Test to verify whether the Web API Server can establish a connection to both Front Server Controllers
one by one with the configurations.
4) In the Allocated Tenants area, select the target tenants to allocate them to the controller group.
5) Click OK to save the settings. The system will automatically elect a controller as the active one. Then the
other one is standby.
The active controller displays Active in the Failover Status column, while the standby controller displays
Standby. When the active controller becomes unavailable, the standby controller is switched as the active shortly
for failover.
Front Server Controller Settings
The following items (except Timeout and Description) are required to be consistent with those configured during
the installation of Front Server Controller.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 103
Field Description
Name The name of the Front Server Controller created when you install the Front Server Controller.
Hostname or IP Address Enter the IP address of Front Server Controller.
Port The port number created when you install the Front Server Controller for listening to the
connections from Worker Server. By default, it is 9095.
Username The user name created when you install the Front Server Controller to authenticate the
connections from Worker Server.
Password The password created on the NetBrain Front Server Controller page when installing the Front
Server Controller.
Timeout The maximum waiting time for establishing a connection from Worker Server to this Front Server
Controller. By default, it is 5 seconds.
Description The brief description to help you add more information about the Front Server Controller.
4.6. Adding a Front Server for a Tenant
1. In the Front Server Controller Manager, select the target tenant and click New Front Server.
2. Enter the following properties of the Front Server.
104 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Front Server ID — create an ID for identifying the Front Server.
▪ Authentication Key — create an authentication key for the Front Server.
Tip: Keep notes of the Authentication Key because it is required when you register this Front Server.
3. Click OK. The Front Server is added to the Front Server list.
4.7. Registering a Front Server
Select either of the following ways to register the Front Server, depending on the operating system of your
machine:
▪ Registering Front Server on Windows
▪ Registering Front Server on Linux
Note: If you deployed multiple Front Servers for load balancing, repeat the registration steps on separate machines.
Registering a Front Server on Windows
Example: Register a Front Server on Windows Server 2012 R2.
Complete the following steps with administrative privileges.
1. On the machine where the Front Server is installed, click the Windows start menu and then click the icon to
open the Apps pane.
2. Under the NetBrain category, right-click Registration and then select Run as administrator from the drop-
down list.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 105
3. In the Registration dialog, complete the registration form.
1) Enter the following information about the Front Server Controller.
▪ Hostname or IP address with port — the IP address or FQDN Front Server Controller and the port
number (defaults to 9095).
Tip: If you set up a Front Server Controller group, enter the IP address and port number of the two members in
two lines by pressing the Ctrl + Enter keys.
2) Configure the SSL settings.
a) Select the Use SSL check box to encrypt the connections to Front Server Controller with SSL. If SSL is
disabled on Front Server Controller, leave it unchecked and skip step b) to c).
Note: Select the Use SSL check box only if you enabled SSL on Front Server Controller.
b) To authenticate the Certificate Authority (CA) of SSL certificates on Front Server Controller, select the
Conduct Certificate Authority verification check box.
c) If the CA has not been installed on this machine, click Browse to upload the CA file, for example,
ca.pem; otherwise, select I have installed the Certificate Authority on this machine.
Note: Only the certificate in Base-64 encoded X.509 PEM format is supported.
3) Click Test to verify whether this Front Server can establish a connection with Front Server Controller.
4) Enter the following information about the Front Server.
106 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
▪ Tenant Name — the name of the tenant that this Front Server will serve.
▪ Front Server ID — the ID created when you add this Front Server to a tenant.
▪ Authentication Key — the authentication key created when you add this Front Server to a tenant.
4. Click Register.
Tip: After registering the Front Server successfully, you can open the Task Manager and navigate to the Services panel
to check whether the NetBrainFrontServer service is running.
5. Click Close after the registration is finished. The Front Server information in the Front Server Controller
Manager will be synchronized by clicking Refresh.
Registering a Front Server on Linux
1. On the machine where the Front Server is installed, run the cd /usr/lib/netbrain/frontserver/conf
command to navigate to the default conf directory.
2. Modify the following parameters in the register_frontserver.conf file located under the conf directory and
save the changes. For how to modify the configuration file, refer to Editing a File with VI Editor.
[root@localhost conf]# vi register_frontserver.conf
# Enter <hostname or IP address>:<port> of the Front Server Controller. For example,
192.168.1.1:9095
# Use a semicolon to separate multiple Front Server Controllers.
Front Server Controller =10.10.3.141:9095
# Define the SSL settings. "no" indicates disable; "yes" indicates enable
Enable SSL = Yes
# If "Conduct SSL certificate authority" is enabled, please enter the full path of the
certificate file
Conduct SSL Certificate Authority = Yes
SSL Certificate Path = /root/test.pem
# Define the Front Server register to
Tenant Name =Initial Tenant
Front Server ID =FS1
3. Run the cd ../bin command to navigate to the bin directory.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 107
4. Run the ./registration command under the bin directory, input the Authentication Key and press the Enter
key.
[root@localhost bin]# ./registration
Loading configuration files...
Authentication Key:
Stopping Front Server Service...
Registering Front Server...
Successfully registered to the tenant "Initial Tenant".
10.10.3.141: active.
Succeeded in starting up front server service.
5. Run the service netbrainfrontserver status command to verify whether the service of the Front Server
starts successfully.
[root@localhost FrontServer]# service netbrainfrontserver status
Redirecting to /bin/systemctl status NetBrainFrontServer.service
NetBrainFrontServer.service - NetBrain Front Server Daemon
Loaded: loaded (/usr/lib/systemd/system/NetBrainFrontServer.service)
Active: active (running)
Parameters
Parameter Default Value Description
Front Server The hostname, IP address of the Application Server and the port number.
Controller Note: If you deploy two Front Server Controllers for failover, enter the IP address
and port number of the two members, separated by a semicolon. For example,
10.10.3.141:9095;10.10.3.143:9095
Enable SSL No Set whether to encrypt the connections to Front Server Controller with SSL.
If SSL is enabled on the Front Server Controller, type Yes; otherwise, leave the
default value as it is.
Note: Type Yes only if you enabled SSL on MongoDB.
Conduct SSL No Set whether to authenticate the Certificate Authority (CA) of SSL certificates on the
Certificate Authority Front Server Controller.
If you want to authenticate the Certificate Authority, type Yes.
SSL Certificate Path The full storage path and certificate name.
Note: Only the certificate in the Base-64 encoded X.509 PEM format is supported.
Note: Please ensure that the user netbrain can access the certificate file.
Tenant Name Initial The name of the tenant that this Front Server will serve.
Tenant
Front Server ID FS1 The ID created when you add this Front Server to a tenant.
108 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Parameter Default Value Description
Authentication Key The authentication key created when you add this Front Server to a tenant.
4.8. Customizing Auto-Update Settings
Knowledge Cloud (KC) manages both the framework components and the platform resources and allows NetBrain
Workstation to automatically upgrade a patch or minor release. Besides replacing the files, the auto-upgrade
process may restart services, execute the database upgrading, check the system health and roll back the release if
the update fails.
Due to security considerations, there will be no direct connection between KC and NetBrain Workstation. NetBrain
System Administrator must download the software update package from NetBrain Customer Portal, manually
upload the package into the system and then schedule system updates accordingly.
NetBrain Workstation Auto Update flow consists of the following steps:
1. Check the Latest Version
2. Download Package from NetBrain Customer Portal
3. Upload Package to NetBrain Workstation
4. Schedule Update
5. View Update Status
6. View Update History
Check the Latest Version
Follow the steps below to check the available releases from NetBrain:
Note: Only user with System Management permissions can perform the following actions.
1. In the System Management page, select Operations > System Update.
2. By default, the Automatically check the latest version check box is enabled. You can click Check Update
Now to see if there is a new version available.
Note: Internet connection is required to perform Check Update Now function.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 109
3. When this check is enabled, NetBrain Workstation will check whether a minor release, a patch, a customized
built-in, a customized resource or common platform resource updates have been published since the last time
check (either auto or manual check). The latest available version will be displayed with the release note.
Download Package from NetBrain Customer Portal
Follow the steps below to download the system upgrade package from NetBrain Customer Portal:
1. Log into the NetBrain Customer Portal with your username and password.
2. Confirm the required info and click Generate Package.
3. Click Resource Package Link to download the package to your local drive.
4. Keep note of the password for next step- Upload Package to NetBrain Workstation.
110 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
Upload Package to NetBrain Workstation
Follow the steps below to upload the system upgrade package to NetBrain Workstation:
1. In the System Management page, select Operations > System Update.
2. Click Upload Latest Version.
3. Click Browse and select the system upgrade package (.zip file).
4. Enter the password and click Upload.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 111
Schedule Update
Follow the steps below to schedule the system update:
1. In the System Management page, select Operations > System Update.
112 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
2. Click Schedule.
3. Review and update Test Plan
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 113
1) Click Select and specify the desired Tenant/Domain to perform Domain Health Check.
Note: If there are more than one tenant or domain, step 1) must be completed before proceeding to step 2).
Note: If there is only one tenant and domain, the Initial Tenant will be automatically selected and you can directly
proceed to step 2).
2) Click Auto Test Group to specify the devices for Data Accuracy Test.
Tip: The devices in the Auto Test Group are automatically selected according to the device type discovered by the
system. You can also manually edit or delete any devices to suit your specific needs.
114 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
3) Click Auto Test Application Folder to specify the application for Data Accuracy Test.
Note: The last used Application Paths (up to 5 paths) will be automatically copied to the Auto Test Application
Folder. You can also manually change the auto selected path in Application Manager.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 115
5. Set up the schedule to start the system update.
Tip: You can edit or remove the system update time once it is scheduled.
6. Click Submit to apply the above settings.
Note: A confirmation message will prompt if the selected tenant/domain does not have application path, you can click
Yes to dismiss the message and continue with the update process.
View Update Status
There are three possible outputs of auto update:
• The system is successfully updated to the new version.
• The update fails, and the system is rolled back to the old version.
• The update fails, and the system rollback fails.
116 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
View Update History
Follow the steps below to view the update history:
1. In the System Management page, select Operations > System Update.
2. Click View Update History.
The update history only records the releases the system is scheduled to update with. The update history table
provides the following information:
• Version: the release number to which the system is updated.
• Update time: when the system finished the update.
• Executor: the person to schedule the update
• Status: one of three status in View Update Status.
• Installation log: the link of the installation log.
• Test report: the link of the test results.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 117
4.9. Monitoring Server and Service Metrics
Note: The Service Monitor Agent must be installed on the servers that you want to monitor. If you deploy more than one
system across multiple data centers, you will have more than one Service Monitor portal.
To monitor server and service metrics:
1. In the System Management page, click Operations > Service Monitor from the quick access toolbar.
118 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
2. In the Service Monitor home Page, you can monitor key server metrics, server connectivity, resource utilization,
service status and so on.
3. Customize the conditions for when to send out alert emails and take more actions for low disk space on
MongoDB by clicking Alert Rules. See Managing Alert Rules for more details.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 119
5. Appendix
▪ Offline Installing Third-party Dependencies
▪ Editing a File with VI Editor
▪ SSL Certificate Requirements
▪ Third-Party User Authentication
▪ Configuring NTP Client on NetBrain Servers
▪ System Switchover Across Data Centers
5.1. Offline Installing Third-party Dependencies
1. Download the dependency package from a server with the Internet access using one of the following download
links according to the version of your Operating System:
▪ CentOS7.5: http://download.netbraintech.com/dependencies-centos7.5.tar.gz
▪ CentOS7.6: http://download.netbraintech.com/dependencies-centos7.6.tar.gz
▪ CentOS7.7: http://download.netbraintech.com/dependencies-centos7.7.tar.gz
▪ CentOS7.8: http://download.netbraintech.com/dependencies-centos7.8.tar.gz
▪ CentOS7.9: http://download.netbraintech.com/dependencies-centos7.9.tar.gz
▪ CentOS8.2: http://download.netbraintech.com/dependencies-centos8.2.tar.gz
▪ CentOS8.3: http://download.netbraintech.com/dependencies-centos8.3.tar.gz
▪ RHEL7.5: http://download.netbraintech.com/dependencies-rhel7.5.tar.gz
▪ RHEL7.6: http://download.netbraintech.com/dependencies-rhel7.6.tar.gz
▪ RHEL7.7: http://download.netbraintech.com/dependencies-rhel7.7.tar.gz
▪ RHEL7.8: http://download.netbraintech.com/dependencies-rhel7.8.tar.gz
▪ RHEL7.9: http://download.netbraintech.com/dependencies-rhel7.9.tar.gz
▪ RHEL8.2: http://download.netbraintech.com/dependencies-rhel8.2.tar.gz
▪ RHEL8.3: http://download.netbraintech.com/dependencies-rhel8.3.tar.gz
▪ OL7.7: http://download.netbraintech.com/dependencies-ol7.7.tar.gz
▪ OL7.8: http://download.netbraintech.com/dependencies-ol7.8.tar.gz
▪ OL7.9: http://download.netbraintech.com/dependencies-ol7.9.tar.gz
▪ OL8.2: http://download.netbraintech.com/dependencies-ol8.2.tar.gz
▪ OL8.3: http://download.netbraintech.com/dependencies-ol8.3.tar.gz
120 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
2. Copy the downloaded dependency package to your Linux server.
3. Run the tar -zxvf dependencies-<OS version>.tar.gz command to decompress the package.
Tip: Possible values of OS version include: centos7.5; centos7.6; centos7.7; centos7.8; centos7.9; centos8.2;
centos8.3; rhel7.5; rhel7.6; rhel7.7; rhel7.8; rhel7.9; rhel8.2; rhel8.3; ol7.7; ol7.8; ol7.9; ol8.2;
ol8.3.
4. Run the cd dependencies command to navigate to the decompressed directory.
5. Run the offline-install.sh command to install the dependencies.
5.2. Editing a File with VI Editor
The following steps illustrate how to edit a configuration file with the vi editor, which is the default text file editing
tool of a Linux operating system.
1. Create a terminal and run the cd command at the command line to navigate to the directory where the
configuration file is located.
2. Run the vi <configuration file name> command under the directory to show the configuration file.
3. Press the Insert or I key on your keyboard, and then move the cursor to the location where you want to edit.
4. Modify the file based on your needs, and then press the Esc key to exit the input mode.
5. Enter the :wq! command and press the Enter key to save the changes and exit the vi editor.
5.3. SSL Certificate Requirements
The requirements of SSL certificates may vary for different NetBrain servers, depending on their different roles in
SSL encrypted connections, SSL-server or SSL-client.
▪ SSL Certificate Requirements for SSL-Server
▪ SSL Certificate Requirements for SSL-Client
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 121
Certificate Requirements for SSL-Server
The following table lists the requirements of SSL certificates for NetBrain servers that work as SSL-server in
encrypted connections.
NetBrain Server Required SSL Certificate and Key Format
MongoDB ▪ Certificate that contains a public key. For example, cert.pem. Base-64 encoded X.509 PEM
License Agent ▪ CA certificate (only required for Elasticsearch). For example,
Elasticsearch ca.pem.
Redis ▪ Private key. For example, key.pem. PKCS#8 key
RabbitMQ Note: Private keys protected by a password are not supported.
Front Server Controller
Ansible Agent
Tip: The certificates in PEM format usually have extensions such as .pem, .crt, .cer, and .key.
Certificate Requirements for SSL-Client
Note: By default, NetBrain servers that work as SSL-client don't require any SSL certificates. If you want to authenticate the
Certificate Authority of the certificates for SSL-server, then the SSL certificates are required on SSL-client.
The following table lists the certificate requirements for SSL-client, including Web Server, Web API Server, Worker
Server, Front Server, Task Engine, and Service Monitor Agent.
Authentication Method Requirements Format
Use the certificates installed ▪ All the certificates are valid and installed in the certificate N/A
on Windows store.
▪ The certificate store must be under the Trusted Root
Certification Authorities directory instead of the Personal
directory.
Upload certificates when ▪ For Front Server and Worker Server: CA certificate containing Base-64 encoded X.509 PEM
installing NetBrain servers root CA certificate and class 2 CA certificate is required.
▪ For other SSL-client: class 2 or class 3 CA certificate is required.
122 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
5.4. Third-Party User Authentication
In addition to creating user accounts manually, the system supports integrating with the following third-party user
management systems for authentication.
▪ LDAP Authentication
▪ AD Authentication
▪ TACACS+ Authentication
▪ SSO Authentication
5.5. Configuring NTP Clients on NetBrain Servers
Note: If all NetBrain servers are joined to a Windows domain, the NTP client service on these servers is automatically
started by default. In this case, configuring NTP is not required.
Prerequisite: Before configuring NTP, prepare an internal NTP server or find the FQDN of a reliable external NTP
server for usage. UDP port 123 must be open on the internal NTP server and on network firewalls to allow NTP
traffic.
Follow the instructions to configure NetBrain servers as an NTP client:
▪ Configuring NTP on Windows
▪ Configuring NTP on Linux
5.6. System Switchover Across Data Centers
NetBrain system provides manual failover in the event of a system-wide outage if you have deployed an offsite
standby system across data centers. With this solution, the standby system can come online much more quickly to
tackle disaster recovery.
This section introduces how to manually switch NetBrain system services between two data centers, that is,
switchover from the primary DC (production environment) to the standby DC (backup environment). This solution
applies to all multi-DC deployments, no matter how the system is deployed within each data center.
In a normal case, only the primary DC is active and the backup one is standby (inactive system status). Two data
centers work as redundancy to each other. The load balancer only propagates traffic to the active system in the
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 123
primary DC. The system will not automatically change its status from active to standby nor from standby to active
under any circumstances. Instead, you need to manually deactivate one system and activate the other one at any
time if required.
Note: Only NetBrain system administrators have the authority to invoke and complete the manual switching process.
Deactivating NetBrain System in Primary DC
Tip: Deactivating the system in your primary DC can be skipped if the entire DC is disconnected or experiencing a power
outage.
1. Log in to the System Management page of your primary DC. For example, http(s)://<IP address of NetBrain
Web Server>/admin.html.
2. Click Operations > Deployment Status from the quick access toolbar.
3. The system status displays active. Click the hyperlink to deactivate it. Then the system status will change to
Inactive. The logged-in users will be required to refresh the page and re-login, and all running tasks (if any) will
124 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
be terminated.
Activating NetBrain System in Backup DC
1. Log in to the System Management page of your backup DC.
2. Click Operations > Deployment Status from the quick access toolbar. The system status displays inactive.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 125
3. Click the hyperlink to activate it. Then the system status will change to active.
Note: To enable users to log in to this system by using the same DNS or Virtual IP (VIP), you need to update the load
balancer VIP pointing to the Web Servers in the backup DC.
4. Go to the Front Server Controllers tab and make sure the information about your Front Server and Front
Server Controller have been configured in the tenants of the newly activated DC.
1) Allocate your tenants to a Front Server Controller group in the newly activated DC. Refer to Allocating
Tenants to Front Server Controller for more reference.
2) Associate your Front Servers to these tenants. Refer to Adding a Front Server to a Tenant for more
reference.
3) Register the Front Servers to the new Front Server Controller group. Refer to Registering Front Server for
more reference.
5.7. Interactive Pre-Installation of Service Monitor Agent
Service Monitor Agent will be pre-installed with MongoDB, Elasticsearch, License Agent, Redis, RabbitMQ and Front
Server if it was not previously installed.
In such scenario, you'll be prompted to configure the following parameters before the installation or upgrade of
the above components takes place:
126 | NetBrain Integrated Edition 10.0 System Setup Guide (HA)
INFO: Starting to check configuration parameters...
Configuring Service Monitor Agent ...
The values in brackets are the default values of the parameters. To keep the default value for
the current parameter,
press the Enter key.
Please enter the URL (must end with /) to call NetBrain Web API service for the Service Monitor
[http(s):
//<IP address or hostname of NetBrain Application Server>/]: http://10.10.3.141/
Please enter the API Key to be used to communicate with application server which must be the same
as the one created on Web API server:
Please re-enter API key to confirm:
Please enter a log path for NetBrain Service Monitor Agent
[/var/log/netbrain/nbagent]:/log/nbagent
NetBrain Web API service URL: http://10.10.3.141/ServicesAPI
API key: ******
NetBrain Service Monitor Agent LogPath: /log/nbagent
Certificate Authority verification: no
Do you want to continue using these parameters? [yes]
...
Note: The log path for Service Monitor Agent must have at least 10G free space. You can keep the default path or input
your required path after inputting the URL and API key.
Note: If https:// is used in the Web API Service URL, you will be asked whether to enable the Certificate Authority
verification and input the Certificate Authority file if enabled.
Note: The API Key is will be reused later to install Web API Server.
NetBrain Integrated Edition 10.0 System Setup Guide (HA) | 127
You might also like
- Ultimate Test Drive: Network Security Management With PanoramaNo ratings yetUltimate Test Drive: Network Security Management With Panorama69 pages
- CIS Palo Alto Firewall 7 Benchmark v1.0.0 PDFNo ratings yetCIS Palo Alto Firewall 7 Benchmark v1.0.0 PDF143 pages
- UTD-Advanced-Endpoint-Workshop Guide-3.1-20190822 PDFNo ratings yetUTD-Advanced-Endpoint-Workshop Guide-3.1-20190822 PDF87 pages
- Cisco 300-410 2021 Dumps CCNP Implementing Cisco IP Routing (ROUTE v2.0) Sample Exam Questions PDFNo ratings yetCisco 300-410 2021 Dumps CCNP Implementing Cisco IP Routing (ROUTE v2.0) Sample Exam Questions PDF253 pages
- Fireware Essentials Student Guide (En US) v11 12No ratings yetFireware Essentials Student Guide (En US) v11 12504 pages
- Cisco IOS Network Management Configuration Guide, Release 12.4No ratings yetCisco IOS Network Management Configuration Guide, Release 12.4564 pages
- UTD-CybersecurityPortfolio-2.2 Workshop Guide-20221123No ratings yetUTD-CybersecurityPortfolio-2.2 Workshop Guide-2022112374 pages
- Junos OS Network Management Admin GuideNo ratings yetJunos OS Network Management Admin Guide922 pages
- Cisco Nexus 9000 NX Os Fundamentals Configuration Guide 102xNo ratings yetCisco Nexus 9000 NX Os Fundamentals Configuration Guide 102x160 pages
- MPLS Traffic Engineering Path Link and Node Protection Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series) PDFNo ratings yetMPLS Traffic Engineering Path Link and Node Protection Configuration Guide, Cisco IOS XE Release 3S (Cisco ASR 900 Series) PDF82 pages
- How To Enable Netflow On FirePower Using FDMNo ratings yetHow To Enable Netflow On FirePower Using FDM2 pages
- Theory Palo Alto Networks Pan Os Web Interface Help100% (1)Theory Palo Alto Networks Pan Os Web Interface Help982 pages
- Cisco Press Network Consultants Handbook-1No ratings yetCisco Press Network Consultants Handbook-1300 pages
- Palo Alto Networks - Edu 210 Lab 1: Initial Configuration: Document VersionNo ratings yetPalo Alto Networks - Edu 210 Lab 1: Initial Configuration: Document Version19 pages
- Customer Deck - NGFW - Cloud NGFW For Azure - External (May 2025)100% (1)Customer Deck - NGFW - Cloud NGFW For Azure - External (May 2025)39 pages
- Cloudguard For NSX: Administration GuideNo ratings yetCloudguard For NSX: Administration Guide45 pages
- NetScaler Master Class: Load Balancing & Security100% (1)NetScaler Master Class: Load Balancing & Security105 pages
- Lab 12 Configuring HIP For Global ProtectNo ratings yetLab 12 Configuring HIP For Global Protect35 pages
- Must-Have Gadgets For JIRA Dashboards - SmartsheetNo ratings yetMust-Have Gadgets For JIRA Dashboards - Smartsheet14 pages
- Mcafee Web Gateway 8.0.x Interface Reference Guide 1-2-2020No ratings yetMcafee Web Gateway 8.0.x Interface Reference Guide 1-2-2020335 pages
- Cisco Umbrella WLAN Integration Guide PDFNo ratings yetCisco Umbrella WLAN Integration Guide PDF36 pages
- Administering Avaya Session Border Controller For EnterpriseNo ratings yetAdministering Avaya Session Border Controller For Enterprise466 pages
- Ultimate Test Drive: Network Security Management With PanoramaNo ratings yetUltimate Test Drive: Network Security Management With Panorama64 pages
- 2019 Cloudflare Enterprise Best PracticesNo ratings yet2019 Cloudflare Enterprise Best Practices23 pages
- CIS Palo Alto Firewall 8 Benchmark v1.0.0No ratings yetCIS Palo Alto Firewall 8 Benchmark v1.0.0167 pages
- NetBrain System Setup Guide Distributed DeploymentNo ratings yetNetBrain System Setup Guide Distributed Deployment108 pages
- NetBrain System Setup Guide Two-Server DeploymentNo ratings yetNetBrain System Setup Guide Two-Server Deployment49 pages
- NetBrain System Setup Guide Two-Server Deployment100% (1)NetBrain System Setup Guide Two-Server Deployment52 pages
- Season 1 - The Crimson Plague - Last War: Surviva100% (1)Season 1 - The Crimson Plague - Last War: Surviva70 pages
- Cato Networks State of The Business Feb 2022No ratings yetCato Networks State of The Business Feb 20228 pages
- Network Automation Takes Flight at US Federal AgencyNo ratings yetNetwork Automation Takes Flight at US Federal Agency3 pages
- Informatics Practice With Python-XII - Practaice Paper (Solutions) FinalNo ratings yetInformatics Practice With Python-XII - Practaice Paper (Solutions) Final4 pages
- Doctor Who Security and Encryption FAQ - Revision 22.3100% (8)Doctor Who Security and Encryption FAQ - Revision 22.336 pages
- IEEE Cloud Computing - November-December 2016No ratings yetIEEE Cloud Computing - November-December 201694 pages
- C.V Wessam Fouad - English - Final 24 May 2017 PDFNo ratings yetC.V Wessam Fouad - English - Final 24 May 2017 PDF3 pages
- THE ELDER SCROLLS IV OBLIVION TRUCOS (Cheat) Por Pirata of SpainNo ratings yetTHE ELDER SCROLLS IV OBLIVION TRUCOS (Cheat) Por Pirata of Spain13 pages
- Cisco IE 4010 Switch Hardware Installation Guide: September 2016 September 2019No ratings yetCisco IE 4010 Switch Hardware Installation Guide: September 2016 September 201976 pages
- A Comparative Analysis of DXPRUM and DSDM: March 2017No ratings yetA Comparative Analysis of DXPRUM and DSDM: March 20177 pages
- What's New in Avaya Aura Release 6.2 Feature Pack 4No ratings yetWhat's New in Avaya Aura Release 6.2 Feature Pack 466 pages
