1 Configuring Devices

1 Configuring Devices
CH AP TE R
1
Configuring Devices
This chapter discusses configuring locations and device groups for devices, and detailed instructions on
configuring the different types of devices–SEs, SRs, and VOSMs. This chapter presents the following
major topics:
•
Configuring Locations, page 1-1
•
Configuring Device Groups, page 1-3
•
Configuring the Service Engine, page 1-9
•
Configuring the Service Router, page 1-66
•
Configuring the VOSM, page 1-72
Configuring Locations
Locations are set up in the VOSM to organize and group SEs into virtual networks for distribution of
content through origin services.
Locations need to be configured before you can activate SEs and SRs and bring them online in the
VDS-OS network. Table 1-1 describes the icons for the Locations Table page.
Table 1-1
Icon
Location Icons
Function
Create a new location.
Create a filtered table.
View all locations.
Refresh the table.
Print the current window.
Edit a location.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-1
Chapter 1
Configuring Devices
Configuring Locations
To create a new location or edit an existing one, do the following:
Step 1
Choose Devices > Locations. The Locations Table page is displayed (Figure 1-1).
The table is sortable by clicking the column headings.
Figure 1-1
Step 2
Locations Table Page
In the task bar, click the Create New Location icon. The Creating New Location page is displayed
(Figure 1-2).
To edit a location, click the Edit icon next to the location name.
Figure 1-2
Step 3
Creating New Location Page
Enter the settings as appropriate. See Table 1-2 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-2
OL-28084-04
Chapter 1
Configuring Devices
Configuring Device Groups
Table 1-2
Step 4
Location Fields
Field
Description
Name
Name of the location.
Parent Location
Choose a location from the drop-down list. A location with no parent, None, is
level 1. The location level is displayed after you choose a parent location.
Comments
Enter any information about the location.
Click Submit to save the settings.
To delete a location, from the Locations Table page, click the Edit icon next to the location you want to
delete, and click the Delete icon in the task bar.
To view the location tree, click the Location Trees icon in the task bar. The location tree represents the
network topology you configured when you assigned a parent to each location.
Configuring Device Groups
The VOSM allows you to configure SEs into device groups so that the entire group of SEs is configured
at one time. Device groups and SEs share the same configuration features and options.
Table 1-3 describes the icons for the Device Groups Table page.
Table 1-3
Icon
Device Group Table Icons
Function
Creates a new device group.
Creates a filtered table.
Views all device groups.
Refreshes the table.
Prints the current window.
Edits a device group.
This section covers creating, editing, and deleting device groups. All other configuration pages for a
device group are covered in the “Configuring the Service Engine” section on page 1-9.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-3
Chapter 1
Configuring Devices
Configuring Device Groups
To create or edit a device group, do the following:
Step 1
Choose Devices > Device Groups. The Device Groups Table page is displayed (Figure 1-3).
The table is sortable by clicking the column headings.
Figure 1-3
Step 2
Device Groups Table Page
In the task bar, click the Create New Device Group icon. The Creating New Device Group page is
displayed (Figure 1-4).
To edit a device group, click the Edit icon next to the device group name.
Figure 1-4
Creating New Device Group Page
Step 3
In the Name field, enter the name of the device group. The name must be unique and should be a name
that is useful in distinguishing the device group from the others in the VDS-OS.
Step 4
Check the Automatically assign all newly activated devices to this group check box if applicable.
Step 5
Choose Regular Group to indicate this group is not used as a baseline for all SEs or choose Baseline
Group and select the baseline type to define this group as a baseline for all SEs.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-4
OL-28084-04
Chapter 1
Configuring Devices
Configuring Device Groups
A baseline group is a special type of device group that denotes a group of devices for a particular service.
There are three baseline groups:
•
Web Baseline Group—Used for web-based content
•
Video Baseline Group—Used for video content
•
Platform Baseline Group—Used for platform-specific configurations
A device group can be configured as a baseline group. A device can be assigned to a baseline group in
the following two ways:
Step 6
•
From the Devices home page.
•
From the Device Group Assignment page.
To customize the left panel menu for this device group, click the Select pages to hide from the menu
for this device group arrow, and check the pages you want to hide. To collapse these settings, click the
arrow again.
Use this feature to remove from view any configuration pages that you do not need for the device group.
Step 7
In the Comments field, enter any information about the device group.
Step 8
Click Submit to save the settings.
If you are editing this device group, you can view a list of all settings configured for this device group
by clicking the Pages configured for this device group arrow. To collapse this information list, click
the arrow again.
To delete a device group, click the Delete icon in the task bar.
Step 9
Note
Step 10
To assign SEs to the device group, choose Assignments > Devices. The Assignment table is displayed
listing all SEs in the VDS-OS.
From this point forward, the steps to get to a configuration page are combined into one step using
notation similar to the following: Device Group > Assignments > Devices.
Click the Assign icon (blue cross mark) next to each SE name you want to assign to this group.
To assign all SEs, click Assign all Service Engines in the task bar.
Step 11
Click Submit to add the selected SEs to the device group.
To remove an SE from the device group, click the Unassign icon (green check mark) next to the name
of the SE, and click Submit.
To remove all SEs from the device group, click the Unassign all Service Engines icon in the task bar,
and click Submit.
Working with Device Groups
When you first create a device group, all settings you configure for the device group are automatically
propagated to all the SEs assigned to that group.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-5
Chapter 1
Configuring Devices
Configuring Device Groups
Note
All SE settings in the “Configuring the Service Engine” section on page 1-9, except those listed below,
can also be configured for a device group. The following pages are not available for device group
configuration:
•
Devices > General Settings > Network > Network Interfaces. See the “Viewing Network
Interfaces” section on page 1-39 for more information.
•
Devices > General Settings > Network > External IP. See the “Configuring External IP
Addresses” section on page 1-39 for more information.
•
Devices > General Settings > Network > IP ACL. See the “Configuring IP ACL for IPv4” section
on page 1-40 for more information.
After configuring the device group settings, the task bar for the corresponding configuration page for an
individual SE that is part of that device group displays the Override Group Settings icon and the Device
Group drop-down list with the device group name displayed.
When an SE is associated with one or many device groups, the name of the device group whose settings
were applied last are displayed.
To configure individual settings for an SE in a device group, click the Override Group Settings icon in
the task bar. You can then edit the fields on the page and click Submit. The Device Group drop-down
list displays “Select a Device Group.”
To reapply the settings for the device group, select the device group from the Device Group drop-down
list and click Submit. Alternatively, you can go to the corresponding device group configuration page
and click the Force Settings on SEs in Group. The Force Settings on SEs in Group only displays for
a device group configuration page when an SE’s individual settings override the group settings.
Note
The individual SE configuration page does not display the Override Group Settings icon and Device
Group drop-down list in the task bar if the settings have not been configured for the corresponding device
group configuration page.
Note
When adding an SE to an existing device group, the new SE does not automatically inherit the device
group settings. Use the Force Group Settings option for the device group to force the group settings to
all SEs in the group. 

Alternatively, you can go to each device group configuration page and click the Force Settings on SEs
in Group. A dialog box lists all the SEs that have different configuration settings than the device group
settings. The Force Settings on SEs in Group only displays for a device group configuration page when
an SE’s individual settings override the group settings.
To force all device group settings to all assigned SEs, go to the Device Group Home page and click the
Force Group Settings icon in the task bar.
Note
The last configuration submitted for the device, whether it is the device group configuration or the
individual device configuration, is the configuration the device uses.
Table 1-4 describes the icons for the Device Groups configuration pages.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-6
OL-28084-04
Chapter 1
Configuring Devices
Configuring Device Groups
Table 1-4
Icon
Device Group Configuration Icons
Function
Deletes a device group.
Updates application statistics.
Forces full database update.
Reboots all devices in device group.
Forces the group settings. Forces the complete set of configurations
made for a device group to all devices associated with that group.
Forces settings on SEs in a device group. Forces the configuration of
the displayed page to all SEs in the device group.
Overrides the group settings on the device.
Prints the current window.
Aggregate Settings
The following device and device group configuration pages have aggregate settings:
•
Service Control > URL Signing. See the “Configuring Transaction Logs” section on page 1-15 for
more information.
•
General Settings > Login Access Control > Users > Usernames. See the “Creating, Editing, and
Deleting Users—Usernames” section on page 1-26 for more information.
To access these pages, first choose Devices > Devices or Devices > Device Groups, followed by the Edit
icon next to the device or device group you want to configure.
Aggregate Settings is set to Yes by default. When Aggregate Settings is set to Yes, the settings for the
device group are aggregated with the settings for the SE. This means you can configure settings for all
SEs in a device group, then configure individual settings for each SE, and the combined settings for the
device group and individual SE are apply to the SE. Any settings for the device group are listed with the
View icon and any settings for the individual SE are listed with the Edit icon on the individual SE
configuration page.
If Aggregate Settings is set to No, only the individual SE settings are applied to the SE and the device
group settings do not apply to the SE.
To edit the device group settings, or configure new settings for the device group, you must go to the
device group corresponding configuration page.
If you remove all device group settings, all device settings displayed with Aggregate Settings enabled
are removed as well.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-7
Chapter 1
Configuring Devices
Configuring Device Groups
Note
The last configuration submitted for the device, whether it is the device group configuration or
the individual device configuration, is the configuration the device uses.
Table 1-5 describes the icons for the configuration pages that have aggregate settings.
Table 1-5
Icon
Aggregate Settings Icons
Function
Creates a new entry.
Edits an entry.
Deletes an entry.
Views read-only entry.
Creates a filtered table. Filter the table based on the field values.
Views all table entries. Click this icon to view all entries after you
have created a filtered table.
Refreshes the table.
Prints the current window.
Device Group Overlap
If you want the ability to assign a device to more than one device group, you must enable device group
overlap. Device group overlap is enabled by default.
To enable or disable device group overlap, do the following:
Step 1
Choose System > Configuration. The Configuration Properties page is displayed.
Step 2
Click the Edit icon next to the DeviceGroup.overlap property. The Modifying Config Property page is
displayed.
Step 3
To enable device group overlap, choose true from the Value drop-down list.
To disable device group overlap, choose false from the Value drop-down list.
Step 4
Click Submit to save the settings.
You cannot disable device group overlap after you have assigned devices to multiple device groups.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-8
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Tip
To force the complete configuration set of a device group to all devices in that group, click the Force
Group Settings icon in the task bar.
Configuring the Service Engine
This section walks you through the different configuration pages available for a Service Engine. The
main configuration groups are described as follows:
•
Service Control—Settings for access control by way of URL signing and transaction logs are
configured to monitor traffic
•
Application Control—Settings for HTTP cache freshness
•
General Settings—Settings for access control of the device, maintenance, network connectivity, and
monitoring
The first two pages, Device Activation and Assignment, cover activating an SE in the VOSM and
assigning it to a location, and assigning device groups and origin services to the SE.
Activating a Service Engine
Activating a device (Service Engine, Service Router, or standby VOSM) can be done through the
Devices home page initially, or through the Device Activation page.
To activate a device from the Device Activation page, do the following:
Step 1
Choose Devices > Devices. The Devices Table page is displayed (Figure 1-5).
Figure 1-5
Devices Table Page
Step 2
Click the Edit icon next to the device you want to configure. The Devices home page is displayed.
Step 3
Click Show All to display the top-level menu options, and click Device Activation. The Device
Activation page is displayed (Figure 1-6).
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-9
Chapter 1
Configuring Devices
Configuring the Service Engine
Figure 1-6
Step 4
Device Activation Page
Enter the settings as appropriate. See Table 1-6 for a description of the fields.
Table 1-6
Device Activation Fields
Field
Description
Name
Name of the device.
Location
Lists all the locations configured for the VDS-OS.
Activate
To activate or deactivate the device, check or uncheck the Activate check box.
Alternatively, you can click the Deactivate Device icon in the task bar.
Note
You cannot deactivate an SE if it is the only active Acquisition node for a
live channel.
When you uncheck the Activate check box and click Submit, the Replaceable
check box is displayed. Check the Replaceable check box when you need to
replace the device or recover lost registration information. For more information,
see the “Recovering VDS-OS Network Device Registration Information” section
on page 1-24.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-10
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-6
Device Activation Fields (continued)
Field
Description
Server Offload
To offload this device for maintenance or a software upgrade, check the Server
Offload check box. When checked, the Service Router stops sending requests to
this device.
Note
If a client paused a program at that moment Server Offload is enabled,
most likely resuming the program will fail.
To monitor the current streams on an SE during the Server Offload state, use the
show interface command. If the packets received or packets sent is increasing then
the SE is streaming. The number of packets received is high if there is an incoming
stream.
Note
We recommend separating the management traffic from the streaming
traffic by using the port channel configuration, see the “Configuring Port
Channel” section on page 1-1 for more information.
•
If management and streaming traffic are separated, the show interface
command for the streaming port channel displays information on active
sessions.
•
If management and streaming traffic are not separated, the show interface
command shows very low traffic; the packets received and packets sent are
lower than a client streaming session.
Once the SE has finished streaming, you can perform maintenance or upgrade the
software on the device. For information about upgrading the software, see the
“Software Upgrade” section on page 1-1.
The Status field on the Device Activation page and the Devices Table page displays
“offloading” when Server Offload is checked.
Once the software upgrade or maintenance is complete, you need to uncheck the
Server Offload check box so that the device can again participate in the system.
Content Cache
Informational only. The content cache size is the total disk space on the content
delivery network file system (CDNFS) on the SE that is designated for cache. The
Content Cache represents the unused cache space. The used cache space is the disk
space allotted for all the origin services to which the SE is assigned. To view the
used cache space, choose Services > Service Definition > Virtual Origin
Services > Assign Service Engines.
Mount Option
Profile
Lists all the mount option profiles for mounting a Network Storage Share. If a
mount option profile is not selected, the SE uses the VDS-OS default mount
profile. For more information, see the “Creating Mount Option Profiles for
Network Storage Shares” section on page 1-14.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-11
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-6
Device Activation Fields (continued)
Field
Description
Set Default
Coverage Zone
File
When checked, which is the default setting, a default Coverage Zone file is
generated with the SE serving the local subnet it resides on. The coverage zone is
a VDS-OS network-wide mapping of client IP addresses to SE IP addresses that
should respond to client requests. For more information, see the “Coverage Zone
File Registration” section on page 1-10.
The default coverage zone can be disabled and you can create and assign custom
coverage zones using the Coverage Zone file import or upload.
Uncheck the Set Default Coverage Zone File check box to use a user-defined
Coverage Zone file that was imported or uploaded.
Use SE’s primary
IP address
Note
If the Use SE’s primary IP Address for Management Communication
check box is checked and the Management Communication Address and
Port are configured, the VOSM uses the SE’s primary IP address for
communication.
Note
Do not check the Use SE’s primary IP Address for Management
Communication check box if you want to separate management and
streaming traffic. Instead, use the Management Communication Address
and Port fields to specify where management traffic should be sent.
Management
Communication
Address
Manually configures a management IP address for the VOSM to communicate with
the SE.
Management
Communication
Port
Port number to enable communication between the VOSM and the SE.
Comments
Information about the settings.
Note
Step 5
Enables the VOSM to use the IP address on the primary interface of the SE for
management communications.
Manual configuration of the management IP address and port are used when using
port channel configuration to separate management and streaming traffic. For more
information about port channel configuration see the “Configuring Port Channel
and Load Balancing Settings” section on page 1-39 and the “Configuring Port
Channel” section on page 1-1.
To make sure the SE is binding to the primary interface (or management IP address if
configured) as the source IP address when sending management traffic to the VOSM, create a
static route from the SE to the VOSM. To configure a static IPv4 route from the SE, see the
“Configuring Static IPv4 Routes” section on page 1-49 section. Alternatively, you can use the
ip route command on the VDS-OS device.
Click Submit to save the settings.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-12
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Assigning Devices to Device Groups
You can assign devices to device groups in three ways:
•
Through the Device Group Assignment page
•
Through the device Assignment page
•
Through the Devices home page, if the device group is a baseline group
To assign devices to device groups through the Assignment page, do the following:
Step 1
Choose Devices > Devices, and click the Edit icon next to the device you want to assign.
Step 2
Click Show All, and then choose Assignments > Device Groups. The Device Group Table page is
displayed with all of the configured device groups listed (Figure 1-7).
Note
From this point forward, the beginning steps in the procedures are combined into one step using
notation similar to the following: Devices > Devices > Assignments > Device Groups.
Figure 1-7
Step 3
Device Group Assignment Page
Click the Assign icon (blue cross mark) next to the device group you want to assign to this SE.
Alternatively, click the Assign All Device Groups icon in the task bar.
A green arrow wrapped around the blue X indicates an SE assignment is ready to be submitted. To
unassign an SE, click this icon. The SE assignment states are described in Figure 1-8.
Figure 1-8
Step 4
SE Assignment State
Click Submit to save the settings.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-13
Chapter 1
Configuring Devices
Configuring the Service Engine
A green circle with a check mark indicates a device group is assigned to this SE. To unassign the device
group, click this icon, or click the Remove All Device Groups icon in the task bar. Click Submit to save
the changes.
Additionally, the Filter Table icon and View All Device Groups icon allow you to first filter a table and
then view all device groups again.
Assigning Devices to Origin Services
You can assign devices to origin services in two ways:
•
Through the Origin Services Assignment page (Services > Virtual Origin Services > Service
Definition > Assign Service Engines)
•
Through the device Assignment page (Devices > Devices > Assignments > Origin Services)
To assign devices to origin services through the Assignment page, do the following:
Step 1
Choose Devices > Devices, and click the Edit icon next to the device you want to assign.
Step 2
Click Show All, and then choose Assignments > Origin Services. The Origin Services Table page is
displayed with all of the configured device groups listed (Figure 1-9).
Figure 1-9
Step 3
Origin Service Assignment Page
Click the Assign icon (blue cross mark) next to the origin service you want to assign to this SE.
Alternatively, click the Assign All Origin Services icon in the task bar.
A green arrow wrapped around the blue X indicates an SE assignment is ready to be submitted. To
unassign an SE, click this icon. The SE assignment states are described in Figure 1-8.
Step 4
Click Submit to save the settings.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-14
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
A green circle with a check mark indicates an origin service is assigned to this SE. To unassign the origin
service, click this icon, or click the Remove All Origin Services icon in the task bar. Click Submit to
save the changes.
Additionally, the Filter Table icon and View All Origin Services icon allow you to first filter a table
and then view all device groups again.
Service Control
The Service Control pages provide settings for client request filtering, URL signing, and Authorization
Server settings. Additionally, transaction logs that monitor traffic are configured under the Service
Control. Configuring service control consists of the Configuring Transaction Logs page.
Table 1-7 describes the icons for the Service Control pages.
Table 1-7
Service Control Icons
Icon
Function
Refreshes the table or page.
Applies the default settings to the device.
Creates a new item.
Creates a filtered table.
Views all data. Click this icon to view all data after you have created
a filtered table.
Prints the current window.
Edits an item.
Deletes an item. To delete an item, click the Edit icon and then click
this icon.
Configuring Transaction Logs
Transaction logs allow administrators to view the traffic that has passed through the SE. Typical fields
in the transaction log are the date and time when a request was made, the URL that was requested,
whether it was a cache hit or a cache miss, the type of request, the number of bytes transferred, and the
source IP address. For more information about transaction logs and their formats, see the “Transaction
Logs” section on page 1-23.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-15
Chapter 1
Configuring Devices
Configuring the Service Engine
To enable transaction logging, do the following:
Table 1-8
Step 1
Choose Devices > Devices > Service Control > Transaction Logging. The Transaction Log Settings
page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-8 for a description of the fields.
Transaction Log Settings Fields
Field
Description
General Settings
Transaction Log Enable
Enables transaction logging.
Log Windows Domain
If NTLM authentication is configured, you can record the Windows
domain name and username in the “authenticated username” field of the
transaction log by checking this check box.
Compress Files before
Export
When this check box is checked, archived log files are compressed into
gzip format before being exported to external FTP servers
Log File Format
Log file format choices are extended-squid or apache. The default is
apache. For more information, see the “Transaction Log Formats for Web
Engine” section on page 1-23.
Log Format Custom
Or, choose Log Format Custom and enter a custom format string. For
more information, see the “Custom Format” section on page 1-26.
Archive Settings
Max size of Archive File
Maximum size (in kilobytes) of the archive file to be maintained on the
local disk. The range is from 1000 to 2000000. The default is 500000.
Max number of files to be
archived
Maximum number of files to be maintained on the local disk. The range
is from 1 to 10000. The default is 10.
Archive occurs
How often the working log is archived and the data is cleared from the
working log. Choose one of the following:
•
Choose every to archive every so many seconds, and enter the
number of seconds for the interval. The range is from 120 to 604800.
•
Choose every hour to archive using intervals of one hour or less, and
choose one of the following:
– at—Specifies the minute in which each hourly archive occurs
– every—Specifies the number of minutes for the interval (2, 5, 10,
15, 20, or 30)
•
Choose every day to archive using intervals of one day or less, and
choose one of the following:
– at—Specifies the hour in which each daily archive occurs
– every—Specifies the number of hours for the interval (1, 2, 3, 4,
6, 8, 12, 24)
•
Choose every week on to archive at intervals of one or more times a
week, choose the days of the week, and choose what time each day.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-16
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-8
Transaction Log Settings Fields (continued)
Field
Description
Export Settings
Enable Export
Enables exporting of the transaction log to an FTP server.
Export occurs
How often the working log is sent to the FTP server and the data is cleared
from the working log. Choose one of the following:
•
Choose every to export every so many minutes, and enter the number
of minutes for the interval. The range is from 1 to 10080.
•
Choose every hour to export using intervals of one hour or less, and
choose one of the following:
– at—Specifies the minute in which each hourly export occurs
– every—Specifies the number of minutes for the interval (2, 5, 10,
15, 20, or 30)
•
Choose every day to export using intervals of one day or less, and
choose one of the following:
– at—Specifies the hour in which each daily export occurs
– every—Specifies the number of hours for the interval (1, 2, 3, 4,
6, 8, 12, 24)
•
Step 3
Choose every week on to export using intervals of one or more times
a week, choose the days of the week, and what time each day.
FTP Export Server
IP address or hostname of the FTP server.
Name
Name of the user.
Password
Password for the user.
Confirm Password
Confirms the password for the user.
Directory
Name of the directory used to store the transaction logs on the FTP server.
SFTP
Check the SFTP check box, if you are using an SFTP server.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
Application Control
The Application Control pages provide settings for HTTP cache freshness.
Note
Application Control is not supported in VDS-OS 2.1.1.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-17
Chapter 1
Configuring Devices
Configuring the Service Engine
Configuring Web Engine HTTP Cache Freshness
To configure the web engine HTTP cache freshness, do the following:
Step 1
Choose Devices > Devices > Application Control > Web > HTTP > HTTP Cache Freshness. The
HTTP Cache Freshness page is displayed (Figure 1-10).
Figure 1-10
Step 2
HTTP Cache Freshness Page
Enter the settings as appropriate. See Table 1-9 for a description of the fields.
Table 1-9
HTTP Cache Freshness Fields
Field
Description
Enable
When checked, HTTP cache freshness is enabled.
Object Age Multiplier The age multiplier value (as a percentage) enables the SE to guess the life
of an object by multiplying the time since the object was last modified by a
percentage to obtain an approximate expiration date. After this date, the
object is considered stale, and subsequent results cause a fresh retrieval by
the SE. The range is from 0 to 100. The default value is 30.
Max TTL Scale
The scale (seconds, hours, minutes, or days) to use for the Max Object TTL.
The time-to-live (TTL) sets a ceiling on estimated expiration dates. If an
object has an explicit expiration date, this takes precedence over the
configured TTL. The default is days.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-18
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-9
HTTP Cache Freshness Fields (continued)
Field
Description
Max Object TTL
The maximum time-to-live (TTL) for objects in cache. The ranges are as
follows:
1 to 1825 days
1 to 43800 hours
1 to 2628000 minutes
1 to 157680000 seconds
The default is 61 day.
Minimum TTL
Step 3
The minimum time-to-live (in minutes) for objects in the cache. The range
is from 0 to 86400. The default value is 60.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
General Settings
The General Settings pages provide settings for access control of the device, maintenance, network
connectivity, and monitoring. The configuring of general settings consists of the following procedures:
•
Login Access Control
•
Authentication
•
Scheduling Database Maintenance
•
Setting Storage Handling
•
Network Settings
•
Configuring Notification and Tracking
•
Configuring Troubleshooting
•
Configuring Service Router Settings
Login Access Control
Login authentication and authorization are used to control user access and configuration rights to SEs,
SRs, and VOSMs. Login authentication is the process by which the devices verify whether the person
who is attempting to log in to the device has a valid username and password. The person logging in must
have a user account registered with the device. User account information serves to authorize the user for
login and configuration privileges. The user account information is stored in an authentication,
authorization, and accounting (AAA) database, and the devices must be configured to access the
particular authentication server (or servers) where the AAA database is kept.
In a VDS-OS network, user accounts can be created for access to the VOSM and, independently, for
access to the SEs and SRs that are registered to the VOSM. For user accounts that access the VOSM, see
the “Configuring AAA” section on page 1-1.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-19
Chapter 1
Configuring Devices
Configuring the Service Engine
Login Authentication
Login authentication provides the configuration for independent logins; in other words, login access to
the device only.
Login authentication can also be used to log in to the VOSM GUI. When logging in to the VOSM GUI
with an external user account (RADIUS or TACACS+), the user is authenticated by the external
database. After the external user is authenticated, its role depends on the privilege configured in the
external database (zero [0] means a normal user and 15 means a super user). The privilege level of 0 or
15 is mapped to the read-only or admin user role in the VOSM GUI. No VOSM local user is created in
the VOSM database for the external user that logs in, so the external user cannot be managed by the
VOSM GUI.
Note
If you plan to use a RADIUS server or a TACACS+ server for authentication, you must configure the
server settings before you configure and submit these settings. See the “Configuring RADlUS Server
Settings” section on page 1-27 and the “Configuring TACACS+ Server Settings” section on page 1-28
for more information.
When the primary login server and the primary enable server are set to local, usernames and passwords
are local to each device. Local authentication and authorization uses locally configured login and
passwords to authenticate login attempts.
Note
If the Enable Failover Server Unreachable option is enabled, it applies to both the login authorization
methods and the exec authentication methods.

If you are going to use different servers for login authentication and enable authentication (for example,
local for login authentication and RADIUS for the enable authentication), then the username and
password must be the same for both servers.
By default, local login authentication is enabled. You can disable local login authentication only after
enabling one or more of the other login authentication servers. However, when local login authentication
is disabled, if you disable all other login authentication methods, a warning message is displayed stating
“At least one authentication method is required to select for login.”
Caution
Make sure that RADIUS or TACACS+ authentication is configured and operating correctly before
disabling local authentication and authorization. If you disable local authentication and RADIUS or
TACACS+ is not configured correctly, or if the RADIUS or TACACS+ server is not online, you may be
unable to log in to the device.
To configure the login authentication and enable authentication schemes for the device, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > Login Authentication. The
Login Authentication page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-10 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-20
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-10
Login Authentication Fields
Field
Description
Login Authentication Settings
Enable Failover Server If Enable Failover Server Unreachable is enabled, the following applies:
Unreachable
• Only two login authentication schemes (a primary and secondary scheme)
are allowed on the device.
•
Device fails over from the primary authentication scheme to the
secondary authentication scheme only if all specified authentication
servers of the primary authentication scheme are unreachable.
Conversely, if the Enable Failover Server Unreachable option is disabled,
the device contacts the secondary authentication database, regardless of the
reason the authentication failed with the primary authentication database.
Note
Authentication Login
Servers
To use this option, you must set TACACS+ or RADIUS as the primary
authentication method and local as the secondary authentication
method.
When enabled, login authentication servers are used to authenticate user
logins and whether the user has access permissions to the device.
Check this option and set one or more Login servers for login authentication.
By clearing this option, local authentication is used by default. Three servers
can be configured.
Note
If local is selected for any of the Login servers, the password in the
username is used to authenticate the user. See the “Creating, Editing,
and Deleting Users—Usernames” section on page 1-26
Primary Login Server
Choose local, RADIUS, or TACACS+.
Secondary Login
Server
Choose local, RADIUS, or TACACS+.
Tertiary Login Server
Choose local, RADIUS, or TACACS+.
Enable Authentication Settings
Primary Enable Server The enable server is used to allow normal users to enter the privileged EXEC
mode.Choose local, RADIUS, or TACACS+.
Secondary Enable
Server
Choose local, RADIUS, or TACACS+.
Tertiary Enable Server Choose local, RADIUS, or TACACS+.
Local Enable
Password
Set the local enable password for normal users to log in to the Enable server
and have privileged EXEC mode.
If multiple authorization methods are configured, the SE tries to authenticate
the enable password by way of each configured method until one of them is
successful.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-21
Chapter 1
Configuring Devices
Configuring the Service Engine
To remove the settings from the device, click the Remove Settings icon in the task bar.
Exec Authorization
Exec authorization provides the configuration for determining the services allowed for each user that
logs in to the device.
Exec authorization can also be used to determine the services the user has for the VOSM GUI. When
logging in to the VOSM GUI with an external user account (RADIUS or TACACS+), the user is
authenticated by the external database. After the external user is authenticated, its role depends on the
privilege configured in the external database (zero [0] means a normal user and 15 means a super user).
The privilege level of 0 or 15 is mapped to the read-only or admin user role in the VOSM GUI. No VOSM
local user is created in the VOSM database for the external user that logs in, so the external user cannot
be managed by the VOSM GUI.
Note
If you plan to use a TACACS+ server for authorization, you must configure the server settings before
you configure and submit these settings. See the “Configuring RADlUS Server Settings” section on
page 1-27 and the “Configuring TACACS+ Server Settings” section on page 1-28 for more information.
When the primary authorization server is set to local, usernames and passwords are local to each device.
Local authorization uses locally configured login and passwords to authorize services for the user.
Note
If the Enable Failover Server Unreachable option is enabled, it applies to both the login authorization
methods and the exec authentication methods.

If you are going to use different servers for login authentication and enable authentication (for example,
local for login authentication and RADIUS for the enable authentication), then the username and
password must be the same for both servers.
Caution
Make sure that RADIUS or TACACS+ authentication is configured and operating correctly before
disabling local authentication and authorization. If you disable local authentication and RADIUS or
TACACS+ is not configured correctly, or if the RADIUS or TACACS+ server is not online, you may be
unable to log in to the device.
To configure the exec authorization schemes for the device, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > Exec Authorization. The
Exec Authorization page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-11 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-22
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-11
Exec Authorization Fields
Field
Description
Authorization Exec
Servers
When enabled, authorization exec servers are used to authorize services for
logged in users.
Check this option and set one or more servers for exec authorization. By
clearing this option, local authentication is used by default. Three servers can
be configured.
Note
Primary Exec Server
If a user encounters failure during EXEC shell) startup authorization,
the user fails to log in to the SE even if the user passed the login
authentication.
Choose local, RADIUS, or TACACS+.
Secondary Exec Server Choose local, RADIUS, or TACACS+.
Tertiary Exec Server
Choose local, RADIUS, or TACACS+.
Primary Enable Server
The enable server determines if the normal user can enter the privileged
EXEC mode. Choose local, RADIUS, or TACACS+.
Normal User
Commands
Choose Enable or Enable if Authenticated.
Super User Commands
Choose Enable or Enable if Authenticated.
The Enable if Authenticated option turns off authorization on the
TACACS+ server and authorization is granted to any Normal user who is
authenticated.
The Enable if Authenticated option turns off authorization on the
TACACS+ server and authorization is granted to any Super user who is
authenticated.
Enable Config
Commands
Check the Enable Config Commands check box to enable authorization of
the configuration mode commands.
By default, this option is disabled, which means all configuration commands
issued are allowed.
Enable Console Config Check the Enable Console Commands check box to enable authorization of
all commands issued on a console TTY connection.
By default, this option is disabled, which means commands issued through a
console TTY connection always succeed.
Note
Step 3
The following commands bypass authorization and accounting: CTRL+C, CTRL+Z, exit, end,
and all of configuration commands for entering submode (for example, interface
GigabitEthernet 1/0).
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-23
Chapter 1
Configuring Devices
Configuring the Service Engine
Configuring SSH
Secure Shell (SSH) consists of a server and a client program. Like Telnet, you can use the client program
to remotely log in to a machine that is running the SSH server. However, unlike Telnet, messages
transported between the client and the server are encrypted. The functionality of SSH includes user
authentication, message encryption, and message authentication.
The SSH page allows you to specify the key length and login grace time.
To enable the SSH daemon, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > SSH. The SSH page is
displayed.
Step 2
Check Enable to enable the SSH feature. SSH enables login access to the device through a secure and
encrypted channel.
Step 3
In the Length of Key field, specify the number of bits needed to create an SSH key. The default is 2048.
Step 4
In the Login Grace Time field, specify the number of seconds the server waits for the user to
successfully log in before it ends the connection. The authentication procedure must be completed within
this time limit. The default is 300 seconds.
Note
Step 5
Select the SSH version.
a.
To allow clients to connect using SSH protocol version 1, check the Enable SSHv1 check box.
b.
To allow clients to connect using SSH protocol version 2, check the Enable SSHv2 check box.
Note
Step 6
When changing the Login Grace Time, you need to first uncheck the Enable check box and
click Submit. Enter the new Login Grace Time, check Enable, and click Submit.
You can enable both SSHv1 and SSHv2, or you can enable one version and not the other. You
cannot disable both versions of SSH unless you disable the SSH feature by clearing the Enable
check box.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Enabling Telnet
To enable the Telnet service, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > Telnet. The Telnet page is
displayed.
Step 2
Check Telnet Enable to enable the terminal emulation protocol for remote terminal connections.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-24
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
To remove the settings from the device, click the Remove Settings icon in the task bar.
Setting the Message of the Day
The Message of the Day (MOTD) feature enables you to provide information bits to the users when they
log in to a device. There are three types of messages that you can set up:
•
MOTD banner
•
EXEC process creation banner
•
Login banner
To configure the Message of the Day settings, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > Message of the Day. The
MOTD page is displayed.
Step 2
Check Enable to enable the MOTD settings. The Message of the Day (MOTD) banner, EXEC process
creation banner, and Login banner fields become enabled.
Step 3
In the Message of the Day (MOTD) Banner field, enter a string that you want to display as the MOTD
banner when a user attempts to log in to the device.
Note
In the Message of the Day (MOTD) Banner, EXEC Process Creation Banner, and Login Banner
fields, you can enter a maximum of 980 characters. A new line character (or Enter) is counted
as two characters, as it is interpreted as \n by the system. You cannot use special characters such
as `, % ,^ , and “ in the MOTD text.
Step 4
In the EXEC Process Creation Banner field, enter a string to be displayed as the EXEC process
creation banner when a user enters into the EXEC shell of the device.
Step 5
In the Login Banner field, enter a string to be displayed after the MOTD banner when a user attempts
to log in to the device.
Step 6
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Changing the CLI Session Time
To change the CLI session time, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > CLI Session Time. The CLI
Session Time page is displayed.
Step 2
In the CLI Session Time field, enter the time (in minutes) that the device waits for a response before
ending the session.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-25
Chapter 1
Configuring Devices
Configuring the Service Engine
To remove the settings from the device, click the Remove Settings icon in the task bar.
Changing Users—Admin Password
Every device (SE, SR, and VOSM) has a built-in user account. The username is admin and the default
password is default. This account allows access to all services and entities in the VDS-OS. Any user that
can access the Admin Password page in the VOSM can configure a new password for the administrator
user account on individual SEs and SRs.
To change the Admin password, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > Users > Admin Password.
The Admin Password page is displayed.
Step 2
In the Password field, enter a new password.
The following characters are not allowed: ?./;[]{}”@=|
Step 3
In the Confirm Password field, re-enter the password.
Step 4
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Creating, Editing, and Deleting Users—Usernames
You can create, edit, and delete user accounts for login access to individual devices or device groups. A
privilege profile must be assigned to each new user account. The Usernames page uses privilege profiles
to determine which tasks a user can perform and the level of access provided. Users with administrative
privileges can add, delete, or modify user accounts through the VOSM or the device CLI.
To create, edit, or delete a user account, do the following:
Step 1
Choose Devices > Devices > General Settings > Login Access Control > Users > Usernames. The
User Table page is displayed.
The table is sortable by clicking the column headings.
For information about Aggregate Settings, see the “Aggregate Settings” section on page 1-7
Step 2
Click the Create New icon in the task bar. The Local User page is displayed.
To edit a local user, click the Edit icon next to the name you want to edit.
Step 3
Enter the settings as appropriate. See Table 1-12 for a description of the fields.
Table 1-12
Local User Fields
Field
Description
Username
Name of user.
Password
User password.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-26
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-12
Step 4
Local User Fields (continued)
Field
Description
Confirm Password
Re-enter user password.
Privilege
There are two types of predefined privilege profiles:
•
Normal user—User has read access and can see some of the SE, SR, or
VOSM settings.
•
Superuser—User has administrative privileges such as creating new
users and modifying the SE, SR, or VOSM settings.
Click Submit to save the settings.
To delete a user, click the Edit icon for the user, then click the Delete icon in the task bar.
Authentication
User authentication and authorization (configuration rights) data can be maintained in any combination
of these three databases:
•
Local database (located on the device)
•
RADIUS server (external database)
•
TACACS+ server (external database)
The Login Authentication page allows you to choose an external access server or the internal (local)
device-based authentication, authorization, and accounting (AAA) system for user access management.
You can choose one method or a combination of the three methods. The default is to use the local
database for authentication.
Configuring RADlUS Server Settings
Note
The VOSM does not cache user authentication information. Therefore, the user is reauthenticated against
the Remote Authentication Dial In User Service (RADIUS) server for every request. To prevent
performance degradation caused by many authentication requests, install the VOSM in the same location
as the RADIUS server, or as close as possible to it, to ensure that authentication requests can occur as
quickly as possible.
To configure the RADIUS server settings, do the following:
Step 1
Choose Devices > Devices > General Settings > Authentication > RADIUS Server. The RADIUS
Server Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-13 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-27
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-13
Step 3
RADIUS Server Settings Fields
Field
Description
Enable Radius
Authentication
Enables RADIUS authentication.
Time to wait
Number of seconds to wait for a response before timing out on a connection to
a RADIUS server. The range is from 1 to 20. The default is 5.
Number of
retransmits
Number of attempts allowed to connect to a RADIUS server. The default is 2.
Enable redirect
Redirects an authentication response to a different authentication server if an
authentication request using the RADIUS server fails.
Redirect Message
[1-3]
Message sent to the user if redirection occurs.
Note
If the redirect message has a space, it must be in quotes (“ “).
Location [1-3]
Sets an HTML page location. This is the URL destination of the redirect
message that is sent when authentication fails.
Shared Encryption
Key
Encryption key shared with the RADIUS server. The maximum number of
characters allowed is 15.
Server Name [1-5]
IP address or hostname of the RADIUS server.
Server Port [1-5]
Port number on which the RADIUS server is listening. The default is 1645.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
To use RADIUS for login authentication and authorization, see the “Login Authentication” section on
page 1-20.
Configuring TACACS+ Server Settings
Note
The VOSM does not cache user authentication information. Therefore, the user is reauthenticated against
the Terminal Access Controller Access Control System Plus (TACACS+) server for every request. To
prevent performance degradation caused by many authentication requests, install the VOSM in the same
location as the TACACS+ server, or as close as possible to it, to ensure that authentication requests can
occur as quickly as possible.
To configure the TACACS+ server settings, do the following:
Step 1
Choose Devices > Devices > General Settings > Authentication > TACACS+ Server. The TACACS+
Server Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-14 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-28
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-14
Field
Description
Enable TACACS+
Servers
Enables TACACS+ authentication.
Use ASCII
Password
Authentication
Changes the default password type from Password Authentication Protocol
(PAP) to ASCII clear text format.
Time to wait
Number of seconds to wait for a response before timing out on a connection to
a TACACS+ server. The range is from 1 to 20. The default is 5.
Number of
retransmits
Number of attempts allowed to connect to a TACACS+ server. The default is 2.
Security Word
Encryption key shared with the TACACS+ server. The range is from 1 to 99. An
empty string is the default.
Primary Server
IP address or hostname of the primary TACACS+ server.
Secondary Server
IP address or hostname of the backup TACACS+ server. Up to two backup
servers are allowed.
Tertiary Server
Step 3
TACACS+ Server Settings Fields
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
To use TACACS+ for login authentication and authorization, see the “Login Authentication” section on
page 1-20.
Configuring AAA Accounting
Accounting tracks all user actions and when the action occurred. It can be used for an audit trail or for
billing for connection time or resources used (bytes transferred).
The VDS-OS accounting feature uses TACACS+ server logging. Accounting information is sent to the
TACACS+ server only, not to the console or any other device. The syslog file on the SE logs accounting
events locally. The format of events stored in the syslog is different from the format of accounting
messages.
The TACACS+ protocol allows effective communication of AAA information between SEs and a central
TACACS+ server. It uses TCP for reliable connections between clients and servers. SEs send
authentication and authorization requests, as well as accounting information to the TACACS+ server.
Note
Before you can configure the AAA accounting settings for a device, you must first configure a
TACACS+ server for the device. See the “Configuring TACACS+ Server Settings” section on page 1-28.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-29
Chapter 1
Configuring Devices
Configuring the Service Engine
Note
The VOSM does not cache user authentication information. Therefore, the user is reauthenticated against
the Terminal Access Controller Access Control System Plus (TACACS+) server for every request. To
prevent performance degradation caused by many authentication requests, install the VOSM in the same
location as the TACACS+ server, or as close as possible to it, to ensure that authentication requests can
occur as quickly as possible.
To configure the AAA accounting settings, do the following:
Step 1
Choose Devices > Devices > General Settings > Authentication > AAA Accounting. The AAA
Accounting Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-14 for a description of the fields.
Table 1-15
AAA Accounting Settings Fields
Field
Description
System Events
Enables accounting records on the TACACS+ server about system events; such
as system reboot, interface up or down states, and accounting configuration
enabled or disabled.
From the System Events drop-down list choose start-stop or stop-only.
The start-stop option records events when they start and when they stop. The
stop-only option records events when they stop.
Exec Shell Events
Enables accounting records on the TACACS+ server about user EXEC terminal
sessions, including username, date, and start and stop times.
From the Exec Shell Events drop-down list choose start-stop or stop-only.
The start-stop option records events when they start and when they stop. The
stop-only option records events when they stop.
Normal User
Commands
Enables accounting records on the TACACS+ server for Normal users using
commands in the EXEC mode.
From the Normal User Commands drop-down list choose start-stop or
stop-only.
The start-stop option records events when they start and when they stop. The
stop-only option records events when they stop.
Super User
Commands
Enables accounting records on the TACACS+ server for Super users using
commands in the EXEC mode.
From the Super User Commands drop-down list choose start-stop or
stop-only.
The start-stop option records events when they start and when they stop. The
stop-only option records events when they stop.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-30
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Configuring an Access Control List
To configure an access control list (ACL) for group authorization, do the following:
Step 1
Choose Devices > Devices > General Settings > Authentication > Access Control List > Configure
Access Control List. The Access Control List Table page is displayed.
The table is sortable by clicking the column headings.
Step 2
Click the Create New icon in the task bar. The Configure Access Control List page is displayed.
To edit a group, click the Edit icon next to the name you want to edit.
Step 3
Enter the settings as appropriate. See Table 1-16 for a description of the fields.
Table 1-16
Access Control List Fields
Field
Description
Action
Whether to permit or deny access for this group.
Group Name
If this action is for all groups, choose Any Group Name.
If this action is for a specific group, choose Enter Group Name and enter
the group name in the field.
Change Position
Step 4
To change the order of this group in the access control list, which is
displayed in the Access Control List Table page, click Change Position.
Click Submit to save the settings.
To delete a group, click the Edit icon for the group, then click the Delete icon in the task bar.
Step 5
From the left-panel menu, choose Enable Access Control List. The Enable Access Control List page is
displayed.
Step 6
Check the Enable Access Control List check box and click Submit.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
To move a group up or down in the Access Control List table, click the Up arrow or Down arrow in the
Move column.
The ACL can be applied from the device or from a device group. The source of the currently applied
settings is shown in the Access Control List Table page.
Scheduling Database Maintenance
The database maintenance runs at the scheduled time only when the following three conditions are
satisfied:
•
Last vacuum process happened more than 30 minutes in the past.
•
Percent increase in disk space usage is greater than 10 percent.
•
Available free disk space is greater than 10 percent of the total disk space.
If any of these conditions are not satisfied, the database maintenance does not run at the scheduled time.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-31
Chapter 1
Configuring Devices
Configuring the Service Engine
To schedule a database cleaning or reindexing, do the following:
Step 1
Choose Devices > Devices > General Settings > Database Maintenance. The Database Maintenance
Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-17 for a description of the fields.
Table 1-17
Field
Database Maintenance Settings Fields
Description
Full Database Maintenance Settings
Enable
When enabled, a full database maintenance routine is performed on the device.
Every Day
The days of the week when the maintenance is performed
Sun-Sat
When Every Day is enabled, all days of the week are also enabled.
At (time)
Time of day the maintenance is performed. Time is entered in 24-hour format as
hh:mm. The default is 04:00.
Regular Database Maintenance Settings
Step 3
Enable
When enabled, a re-indexing routine is performed on the device.
Every Day
The days of the week when the maintenance is performed.
Sun-Sat
When Every Day is enabled, all days of the week are also enabled.
At (time)
Time of day the maintenance is performed. Time is entered in 24-hour format as
hh:mm. The default is 02:00.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Setting Storage Handling
The Storage option offers disk error-handling settings.
Enabling Disk Error Handling
The Disk Error Handling page allows you to configure how disk errors are handled, and to define disk
error-handling thresholds for bad sectors and disk errors (I/O errors).
The Threshold for Bad Sectors and the Threshold for Disk Errors counts only apply to bad sectors
and disk errors detected since the last reboot of the device. These counts do not persist across a device
reboot (reload).
If the Enable Disk Error Handling Reload option is enabled and a SYSTEM disk drive is marked bad
because the disk error-handling threshold (bad sectors or disk errors) was reached, the device is
automatically reloaded. Following the device reload, the bad sector and disk error threshold counts are
reset, and a syslog message and an SNMP trap are generated.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-32
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
If a critical disk drive is marked bad, the redundancy of the system disks for this device is affected.
Critical disks are disks with SYSTEM partitions. However, drives with SYSTEM partitions use RAID1.
With the RAID system, if the critical primary disk fails, the other mirrored disk (mirroring only occurs
for SYSTEM partitions) seamlessly continues operation. There is a separate alarm for bad RAID. The
SMART statistics that are returned by the show disks SMART-info detail command include sector
errors directly reported by the drive itself.
Note
We do not recommend enabling the Enable Disk Error Handling Reload option, because the software
state may be lost when the device is reloaded.
To configure a disk error-handling method, do the following:
Step 1
Choose Devices > Devices > General Settings > Storage > Disk Error Handling. The Disk Error
Handling Settings page is displayed.
Step 2
Check the Enable check box.
Step 3
Check the Enable Disk Error Handling Reload check box if you want the device to reload when a
critical disk (SYSTEM) has problems.
Step 4
Check the Enable Disk Error Handling Threshold check box if you want to set the number of disk
errors allowed before the disk is marked bad, and enter the following:
a.
In the Threshold for Bad Sectors field, enter the number of allowed bad sectors before marking the
disk bad. This threshold only applies to bad sectors detected since the last reboot of the device. The
range is 0 to 100. The default threshold is 30
b.
In the Threshold for Disk Errors field, enter the number of allowed disk errors (I/O errors) before
marking the disk bad. This threshold only applies to disk and sector errors detected since the last
reboot of the device. The range is from 0 to 100,000. The default is 500.
Note
Step 5
When both Threshold for Bad Sectors and Threshold for Disk Errors are set to 0, it means
never mark the disk bad when it detects bad sectors or disk errors, and the disk_failure alarm
is not raised. A disk with SYSTEM partitions uses RAID1. There is a separate alarm for bad
RAID.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
When a sector I/O error is detected, a “badsector” alarm is raised against the corresponding disk, which
occurs during the lifetime of a disk. A “badsector” alarm is raised when the number of bad sectors for a
specific disk exceeds the “badsector” alarm threshold. The default threshold for bad sector alarms is set
to 15 errored sectors. See the Cisco Videoscape Distribution Suite Origin Server Release 2.1.1
Command Reference for information on setting the threshold for bad sector alarms and remapped sector
alarms, by using the following commands:
(config)# disk error-handling threshold alarm-bad-sectors <threshValue>
(config)# disk error-handling threshold alarm-remapped-sectors <threshValue>
(config)# disk error-handling bad-sectors-mon-period <minutes>
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-33
Chapter 1
Configuring Devices
Configuring the Service Engine
The Disk Failure Percentage Threshold field on the Service Monitor page sets the overall percentage
of CDNFS disk failures. When the percentage of failed disks (default is 75) exceeds this threshold, no
further requests are sent to this device. The Disk Failure Threshold setting is only for the CDNFS disks.
For more information, see the “Setting Service Monitor Thresholds” section on page 1-52.
Network Settings
The Network pages provide settings for network connectivity. Configuring network settings consist of
the following procedures:
•
Enabling FTP Services
•
Enabling DNS
•
Enabling RCP
•
Configuring NTP
•
Setting the Time Zone
•
Viewing Network Interfaces
•
Configuring External IP Addresses
•
Configuring Port Channel and Load Balancing Settings
•
Configuring IP General Settings
•
Configuring IP ACL for IPv4
•
Configuring Static IPv4 Routes
•
Configuring DSR VIP
Enabling FTP Services
To enable FTP services to listen for connection requests, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > FTP. The FTP Settings page is displayed.
Step 2
Check the Enable FTP Services check box.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Enabling DNS
DNS Settings are required on all SEs, SRs, and VOSMs. The SEs need to be able to resolve the content
origin server host name, the SRs need to be able to communicate with the DNS servers, and the VOSMs
need to resolve host names.
To configure Domain Name System (DNS) servers, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > DNS. The DNS Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-18 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-34
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-18
Step 3
DNS Settings Fields
Field
Description
Enable
Enables Domain Name System (DNS) on the device.
List of DNS Servers
Space-delimited list of IP addresses for up to eight name servers
for name and address resolution.
Domain Names
A space-delimited list of up to three default domain names. A
default domain name allows the system to resolve any unqualified
hostnames. Any IP hostname that does not contain a domain name
will have the configured domain name appended to it. This
appended name is resolved by the DNS server and then added to
the host table. A DNS server must be configured on the system for
hostname resolution to work correctly. To do this, use the List of
DNS Servers field.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Enabling RCP
Remote Copy Protocol (RCP) lets you download, upload, and copy configuration files between remote
hosts and a switch. Unlike TFTP, which uses User Datagram Protocol (UDP), a connectionless protocol,
RCP uses TCP, which is connection oriented. This service listens for requests on TCP port 514.
To enable RCP services, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > RCP. The RCP page is displayed.
Step 2
Check the RCP Enable check box to have the RCP services listen for RCP requests.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring NTP
To configure the device to synchronize its clock with an NTP server, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > NTP. The NTP page is displayed.
Step 2
Check Enable to enable NTP.
Step 3
In the NTP Server field, enter the IP address or hostname of up to four NTP servers. Use a space to
separate the entries.
Step 4
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-35
Chapter 1
Configuring Devices
Configuring the Service Engine
To remove the settings from the device, click the Remove Settings icon in the task bar.
Setting the Time Zone
If you have an outside source on your network that provides time services, such as an NTP server, you
do not need to set the system clock manually. When manually setting the clock, enter the local time. The
device calculates Coordinated Universal Time (UTC) based on the time zone set.
Note
Caution
Two clocks exist in the system: the software clock and the hardware clock. The software uses the
software clock. The hardware clock is used only at startup to initialize the software clock.
We highly recommend that you use NTP servers to synchronize the devices in your VDS-OS network.
If you change the local time on the device, you must change the BIOS clock time as well; otherwise, the
timestamps on the error logs are not synchronized. Changing the BIOS clock is required because the
kernel does not handle time zones.
To manually configure the time zone, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > Time Zone. The Time Zone page is
displayed with the default settings of UTC (offset = 0) and no daylight savings time configured.
Step 2
To configure a standard time zone, do the following:
a.
Click the Standard Time Zone radio button.
The standard convention for time zones uses a Location/Area format in which Location is a
continent or a geographic region of the world and Area is a time zone region within that location.
For a list of standard time zones that can be configured and their UTC offsets, see Table 1-19 on
page 1-37.
b.
From the Standard Time Zone drop-down list, choose a location for the time zone. The page
refreshes, displaying all area time zones for the chosen location in the second drop-down list.
c.
Choose an area for the time zone.
The UTC offset (hours and minutes ahead or behind UTC) for the corresponding time zone is
displayed. During summer time savings, the offset may differ and is displayed accordingly.
Note
Step 3
Some of the standard time zones (mostly time zones within the United States) have daylight
savings time zones configured automatically.
To configure a customized time zone, do the following:
a.
Click the Customized Time Zone radio button.
b.
In the Customized Time Zone field, enter a name to for the time zone. The time zone entry is case
sensitive and can contain up to 40 characters. Spaces are not allowed. If you specify any of the
standard time zone names, an error message is displayed when you click Submit.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-36
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
For UTC offset, choose + or – from the UTC Offset drop-down list to indicate whether the
configured time zone is ahead or behind UTC. Also, choose the number of hours (0 to 23) and
minutes (0 to 59) offset from UTC for the customized time zone. The range for the UTC offset is
from –23:59 to 23:59, and the default is 0:0.
c.
Step 4
To configure customized summer time savings, do the following:
Note
Customized summer time can be specified for both standard and customized time zones.
The start and end dates for summer time can be configured in two ways: absolute dates or recurring dates.
Absolute dates apply once and must be reset every year. Recurring dates apply every year.
a.
Click the Absolute Dates radio button to configure summer settings once.
b.
In the Start Date and End Date fields, specify the month, day, and year that the summer time
savings starts and ends in mm/dd/yyyy format.
Alternatively, click the Calendar icon and select a date. The chosen date is highlighted in blue.
Click Apply.
Step 5
c.
Click the Recurring Dates radio button to configure a recurring summer setting.
d.
Using the drop-down lists, choose the start day, week, and month when the summer time savings
starts. For example, if the summer time savings begins the first Sunday in March, you would select
Sunday, 1st, March from the drop-down lists.
e.
Using the drop-down lists, choose the start day, week, and month when the summer time savings
ends.
Using the Start Time drop-down lists and the End Time drop-down lists, choose the hour (0 to 23) and
minute (0 to 59) at which daylight savings time starts and ends.
Start Time and End Time fields for summer time are the times of the day when the clock is changed to
reflect summer time. By default, both start and end times are set at 00:00.
Step 6
In the Offset field, specify the minutes offset from UTC (0 to 1439). (See Table 1-19 on page 1-37.)
The summer time offset specifies the number of minutes that the system clock moves forward at the
specified start time and backward at the end time.
Step 7
To not specify a summer or daylight savings time for the corresponding time zone, click the No
Customized Summer Time Configured radio button.
Step 8
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Table 1-19 lists the UTC offsets for the different locations around the world.
Table 1-19
Time Zone—Offset from UTC
Time Zone
Offset from UTC
(in hours)
Time Zone
Offset from UTC
(in hours)
Africa/Algiers
+1
Asia/Vladivostok
+10
Africa/Cairo
+2
Asia/Yekaterinburg
+5
Africa/Casablanca
0
Asia/Yakutsk
+9
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-37
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-19
Time Zone—Offset from UTC (continued)
Time Zone
Offset from UTC
(in hours)
Time Zone
Offset from UTC
(in hours)
Africa/Harare
+2
Australia/Adelaide
+9.30
Africa/Johannesburg
+2
Australia/Brisbane
+10
Africa/Nairobi
+3
Australia/Darwin
+9.30
America/Buenos_Aires
–3
Australia/Hobart
+10
America/Caracas
–4
Australia/Perth
+8
America/Mexico_City
–6
Australia/Sydney
+10
America/Lima
–5
Canada/Atlantic
–4
America/Santiago
–4
Canada/Newfoundland
–3.30
Atlantic/Azores
–1
Canada/Saskatchewan
–6
Atlantic/Cape_Verde
–1
Europe/Athens
+2
Asia/Almaty
+6
Europe/Berlin
+1
Asia/Baghdad
+3
Europe/Bucharest
+2
Asia/Baku
+4
Europe/Helsinki
+2
Asia/Bangkok
+7
Europe/London
0
Asia/Colombo
+6
Europe/Moscow
+3
Asia/Dacca
+6
Europe/Paris
+1
Asia/Hong_Kong
+8
Europe/Prague
+1
Asia/Irkutsk
+8
Europe/Warsaw
+1
Asia/Jerusalem
+2
Japan
+9
Asia/Kabul
+4.30
Pacific/Auckland
+12
Asia/Karachi
+5
Pacific/Fiji
+12
Asia/Katmandu
+5.45
Pacific/Guam
+10
Asia/Krasnoyarsk
+7
Pacific/Kwajalein
–12
Asia/Magadan
+11
Pacific/Samoa
–11
Asia/Muscat
+4
US/Alaska
–9
Asia/New Delhi
+5.30
US/Central
–6
Asia/Rangoon
+6.30
US/Eastern
–5
Asia/Riyadh
+3
US/East–Indiana
–5
Asia/Seoul
+9
US/Hawaii
–10
Asia/Singapore
+8
US/Mountain
–7
Asia/Taipei
+8
US/Pacific
–8
Asia/Tehran
+3.30
The offset time (number of hours ahead or behind UTC) as displayed in the table is in effect during
winter time. During summer time or daylight savings time, the offset may be different from the values
in the table and is calculated and displayed accordingly by the system clock.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-38
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Viewing Network Interfaces
The Network Interfaces page is informational only. To view this information, choose Devices >
Devices > General Settings > Network > Network Interfaces. Information about the network
interfaces configured for the device is displayed.
Configuring External IP Addresses
The External IP page allows you to configure up to eight Network Address Translation (NAT) IP
addresses. This allows a router to translate up to eight internal addresses to registered unique addresses
and translate external registered addresses to addresses that are unique to the private network.
To configure NAT IP addresses, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > External IP. The External IP Settings page
is displayed.
Step 2
Check the Enable check box.
Step 3
In the External IP Address fields (1–8), enter up to eight IP addresses.
Step 4
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring Port Channel and Load Balancing Settings
For information about configuring port channels using the CLI, see the “Redundant Dedicated
Management Ports” section on page 1-1.
To configure load balancing on port channels, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > Port Channel Settings. The Port Channel
Settings page is displayed.
Step 2
From the Load Balancing Method drop-down list, choose one of the following load balancing methods:
•
dst-ip—Destination IP address
•
dst-mac—Destination MAC address
•
dst-mixed-ip-port—Destination IP address and TCP/UDP port
•
dst-port—Destination port
•
round robin—Each interface in the channel group
•
src-dst-ip—Source and destination IP address
•
src-dst-mac—Source and destination MAC address
•
src-dst-mixed-ip-port—Source destination IP address and source destination port
•
src-dst-port—Source and destination port
•
src-mixed-ip-port—Source IP address and source destination port
•
src-port—Source port
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-39
Chapter 1
Configuring Devices
Configuring the Service Engine
Round robin allows traffic to be distributed evenly among all interfaces in the channel group. The other
balancing options give you the flexibility to choose specific interfaces (by IP address, MAC address,
port) when sending an Ethernet frame.
The source and destination options mean that while calculating the outgoing interface, take into account
both the source and destination (MAC address or port).
Note
Step 3
Round-robin load-balancing mode is not supported when Link Aggregation Control Protocol
(LACP) is enabled on the port channel.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring IP General Settings
The Path Maximum Transmission Unit (MTU) Discovery discovers the largest IP packet size allowable
between the various links along the forwarding path and automatically sets the correct value for the
packet size. By using the largest MTU the links can support, the sending device can minimize the number
of packets it must send.
Note
The Path MTU Discovery is a process initiated by the sending device. If a server does not support IP
Path MTU Discovery, the receiving device has no mechanism available to avoid fragmenting datagrams
generated by the server.
To enable Path MTU Discovery, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > IP General Settings. The IP General
Settings page is displayed.
Step 2
Check Enable Path MTU Discovery.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring IP ACL for IPv4
Access control lists (ACLs) provide a means to filter packets by allowing a user to permit or deny IP
packets from crossing specified interfaces. Packet filtering helps to control packet movement through
the network. Such control can help limit network traffic and restrict network use by certain users or
devices.
You can also apply ACLs to management services such as SNMP, SSH, HTTPS, Telnet, and FTP. ACLs
can be used to control the traffic that these applications provide by restricting the type of traffic that the
applications handle.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-40
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
In a managed VDS-OS network environment, administrators need to be able to prevent unauthorized
access to various devices and services. VDS-OS supports standard and extended ACLs that allow
administrators to restrict access to or through a VDS-OS network device, such as the SE. Administrators
can use ACLs to reduce the infiltration of hackers, worms, and viruses that can harm the network.
ACLs provide controls that allow various services to be tied to a particular interface. For example, the
administrator can use IP ACLs to define a public interface on the Service Engine for content serving and
a private interface for management services (for example, Telnet, SSH, SNMP, HTTPS, and software
upgrades). A device attempting to access one of the services must be on a list of trusted devices before
it is allowed access. The implementation of ACLs for incoming traffic on certain ports for a particular
protocol type is similar to the ACL support for the Cisco Global Site Selector and Cisco routers.
To use ACLs, the system administrator must first configure ACLs and then apply them to specific
services. The following are some examples of how IP ACLs can be used in various enterprise
deployments:
Note
•
Application layer proxy firewall with a hardened outside interface has no ports exposed. (Hardened
means that the interface carefully restricts which ports are available for access primarily for security
reasons. Because the interface is outside, many types of attacks are possible.) The device’s outside
address is globally accessible from the Internet, while its inside address is private. The inside
interface has an ACL to limit Telnet, SSH, and VOSM traffic.
•
Device is deployed anywhere within the enterprise. Like routers and switches, the administrator
wants to limit Telnet, SSH, and VOSM access to the IT source subnets.
•
Device is deployed as a reverse proxy in an untrusted environment, and the administrator wishes to
allow only port 80 inbound traffic on the outside interface and outbound connections on the
back-end interface.
IP ACLs are defined for individual devices only. IP ACLs cannot be managed through device groups.
When you create an IP ACL, you should note the following constraints:
•
IP ACL names must be unique within the device.
•
IP ACL names must be limited to 30 characters and contain no spaces or special characters.
•
VOSM can manage up to 50 IP ACLs and a total of 500 conditions per device.
•
When the IP ACL name is numeric, numbers 1 through 99 denote standard IP ACLs and numbers
100 through 199 denote extended IP ACLs. IP ACL names that begin with a number cannot contain
nonnumeric characters.
•
Extended IP ACLs cannot be used with SNMP applications.
Creating a New IP ACL
To create a new IP ACL, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > IP ACL for IPv4 addressing. The IP ACL
Table page is displayed.
The table is sortable by clicking the column headings.
Step 2
Click the Create New icon in the task bar. The IP ACL page is displayed.
To edit an ACL, click the Edit icon next to the name you want to edit.
Step 3
In the Name field, enter a name, observing the naming rules for IP ACLs.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-41
Chapter 1
Configuring Devices
Configuring the Service Engine
Step 4
From the ACL Type drop-down list, choose an IP ACL type (Standard or Extended). The default is
Standard.
Step 5
Click Submit. The page refreshes and the Modifying IP ACL page for a newly created IP ACL is
displayed.
Note
Clicking Submit at this point merely saves the IP ACL; IP ACLs without any conditions defined
do not appear on the individual devices.
Adding Conditions to an IP ACL
To add conditions to an IP ACL, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > IP ACL for IPv4 addressing. C The IP ACL
Table page is displayed.
Step 2
Click the Edit icon next to the name of the IP ACL you want to add a condition to. The Modifying IP
ACL page is displayed.
Step 3
Click the Create New icon in the task bar. The Condition page is displayed.
To edit a condition, click the Edit icon next to the name you want to edit.
Note
Step 4
Step 5
The number of available fields for creating IP ACL conditions depends on the whether the IP
ACL type is standard or extended.
Enter values for the properties that are enabled for the type of IP ACL that you are creating.
•
To create a standard IP ACL, go to Step 5.
•
To create an extended IP ACL, go to Step 6.
To set up conditions for a standard IP ACL, do the following:
a.
From the Purpose drop-down list, choose a purpose (Permit or Deny).
b.
In the Source IP field, enter the source IP address.
c.
In the Source IP Wildcard field, enter a source IP wildcard address.
d.
Click Submit. The Modifying IP ACL page is displayed showing the new condition and its
configuration.
e.
To add another condition to the IP ACL, repeat the steps.
f.
To reorder your list of conditions in the Modifying IP ACL page, use the Up arrow or Down arrow
in the Order column, or click a column heading to sort by any configured parameter.
Note
g.
The order of the conditions listed becomes the order in which IP ACLs are applied to the
device.
When you have finished adding conditions to the IP ACL, and you are satisfied with all your entries
and the order in which the conditions are listed, click Submit in the Modifying IP ACL page to
commit the IP ACL to the device database.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-42
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
A green “Change submitted” indicator appears in the lower right corner of the Modifying IP ACL
page to indicate that the IP ACL is being submitted to the device database.
Table 1-20 describes the fields in a standard IP ACL.
Table 1-20
Standard IP ACL Conditions
Field
Default Value
Description
Purpose1
Permit
Specifies whether a packet is to be passed (Permit) or dropped
(Deny).
Source IP1
0.0.0.0
IP address of the network or host from which the packet is being
sent, specified as a 32-bit quantity in 4-part dotted decimal format.
for IPv4.
Source IP1
Wildcard
255.255.255.255
Wildcard bits to be applied to the source, specified as a 32-bit
quantity in 4-part dotted decimal format for IPv4. Place a 1 in the
bit positions that you want to ignore and identify bits of interest
with a 0.
Source Prefix
0
1. Required field.
Step 6
To set up conditions for an extended IP ACL, do the following:
a.
From the Purpose drop-down list, choose a purpose (Permit or Deny).
b.
From the Extended Type drop-down list, choose Generic, TCP, UDP, or ICMP.
After you choose a type of extended IP ACL, various options become available depending on what
type you choose.
c.
Enter the settings as appropriate. See Table 1-21 for descriptions of the extended IP ACL fields.
d.
Click Submit. The Modifying IP ACL page is displayed showing the new condition and its
configuration.
e.
To add another condition to the IP ACL, repeat the steps.
f.
To reorder your list of conditions from the Modifying IP ACL page, use the Up arrow or Down arrow
in the Order column, or click a column heading to sort by any configured parameter.
Note
g.
The order of the conditions listed becomes the order in which IP ACLs are applied to the
device.
When you have finished adding conditions to the IP ACL, and you are satisfied with all your entries
and the order in which the conditions are listed, click Submit in the Modifying IP ACL page to
commit the IP ACL to the device database.
A green “Change submitted” indicator appears in the lower-left corner of the Modifying IP ACL
page to indicate that the IP ACL is being submitted to the device database.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-43
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-21
Extended IP ACL Conditions
Field
Default Value
Description
Permit
Specifies whether a packet is to be passed (Permit) or dropped Generic, TCP,
(Deny).
UDP, ICMP
Protocol
ip
Internet protocol (gre, icmp, ip, tcp, or udp). To match any
Internet protocol, use the ip keyword.
Generic
Established
Unchecked (false)
When checked, a match with the ACL condition occurs if the
TCP datagram has the ACK or RST bits set, indicating an
established connection. Initial TCP datagrams used to form a
connection are not matched.
TCP
Source IP1
0.0.0.0
IP address of the network or host from which the packet is being Generic, TCP,
sent, specified as a 32-bit quantity in 4-part dotted decimal
UDP, ICMP
format for IPv4.
Purpose
1
Source IP Wildcard1 255.255.255.255
Source Prefix
0
Source Port 1
0
Extended Type
Wildcard bits to be applied to the source, specified as a 32-bit
quantity in 4-part dotted decimal format for IPv4. Place a 1 in
the bit positions that you want to ignore and identify bits of
interest with a 0.
Generic, TCP,
UDP, ICMP
Decimal number or name of a port. Valid port numbers are 0 to TCP, UDP
65535. See Table 1-22 and Table 1-23 for port name
descriptions and associated port numbers.
Valid TCP port names are as
follows:
Valid UDP port names are as
follows:
•
domain
•
bootpc
•
exec
•
bootps
•
ftp
•
domain
•
ftp-data
•
netbios-dgm
•
https
•
netbios-ns
•
nfs
•
netbios-ss
•
rtsp
•
nfs
•
ssh
•
ntp
•
telnet
•
snmp
•
www
•
snmptrap
Source Operator
range
Specifies how to compare the source ports against incoming
packets. Choices are <, >, ==, !=, or range.
TCP, UDP
Source Port 2
65535
Decimal number or name of a port. See Source Port 1.
TCP, UDP
Destination IP
0.0.0.0
IP address of the network or host to which the packet is being
sent, specified as a 32-bit quantity in 4-part dotted decimal
format for IPv4.
Generic, TCP,
UDP, ICMP
Destination IP
Wildcard
255.255.255.255
Wildcard bits to be applied to the source, specified as a 32-bit
quantity in 4-part dotted decimal format for IPv4. Place a 1 in
the bit positions that you want to ignore and identify bits of
interest with a 0.
Generic, TCP,
UDP, ICMP
Destination Prefix
0
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-44
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-21
Extended IP ACL Conditions (continued)
Field
Default Value
Description
Destination Port 1
0
Decimal number or name of a port. Valid port numbers are 0 to TCP, UDP
65535. See Table 1-22 and Table 1-23 for port name
descriptions and associated port numbers.
Valid TCP port names are as
follows:
Extended Type
Valid UDP port names are as
follows:
•
domain
•
bootpc
•
exec
•
bootps
•
ftp
•
domain
•
ftp-data
•
netbios-dgm
•
https
•
netbios-ns
•
nfs
•
netbios-ss
•
rtsp
•
nfs
•
ssh
•
ntp
•
telnet
•
snmp
•
www
•
snmptrap
Destination Operator range
Specifies how to compare the destination ports against incoming TCP, UDP
packets. Choices are <, >, ==, !=, or range.
Destination Port 2
65535
Decimal number or name of a port. See Destination Port 1.
TCP, UDP
None
Choices are None, Type/Code, or Msg.
ICMP
ICMP Param Type
1
ICMPv6 Param Type
ICMP Message1
ICMPv6 Message
administratively-
prohibited
•
None—Disables the ICMP Type, Code, and Message fields.
•
Type/Code—Allows ICMP messages to be filtered by
ICMP message type and code. Also enables the ability to set
an ICMP message code number.
•
Msg—Allows a combination of type and code to be
specified using a keyword. Activates the ICMP Message
drop-down list. Disables the ICMP Type field.
Allows a combination of ICMP type and code to be specified
using a keyword chosen from the drop-down list.
ICMP
See Table 1-24 for descriptions of the ICMP messages.
ICMP Type1
0
Number from 0 to 255. This field is enabled when you choose
Type/Code.
ICMP
Unchecked
When checked, enables the ICMP Code field.
ICMP
0
Number from 0 to 255. Message code option that allows ICMP ICMP
messages of a particular type to be further filtered by an ICMP
message code.
ICMPv6 Type
Use ICMP Code1
Use ICMPv6 Code
ICMP Code1
ICMPv6 Code
1. Required field.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-45
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-22 lists the UDP keywords that you can use with extended access control lists.
Table 1-22
UDP Keywords and Port Numbers
Port Name
Description
UDP Port Number
bootpc
Bootstrap Protocol (BOOTP) client service
68
bootps
Bootstrap Protocol (BOOTP) server service
67
domain
Domain Name System (DNS) service
53
netbios-dgm
NetBIOS datagram service
138
netbios-ns
NetBIOS name resolution service
137
netbios-ss
NetBIOS session service
139
nfs
Network File System service
2049
ntp
Network Time Protocol settings
123
snmp
Simple Network Management Protocol service
161
snmptrap
SNMP traps
162
Table 1-23 lists the TCP keywords that you can use with extended access control lists.
Table 1-23
TCP Keywords and Port Numbers
Port Name
Description
TCP Port Number
domain
Domain Name System service
53
exec
Remote process execution
512
ftp
File Transfer Protocol service
21
ftp-data
FTP data connections (used infrequently)
20
https
Secure HTTP service
443
nfs
Network File System service applications
2049
rtsp
Real-Time Streaming Protocol applications
554
ssh
Secure Shell login
22
telnet
Remote login using Telnet
23
www
World Wide Web (HTTP) service
80
Table 1-24 lists the keywords that you can use to match specific ICMP message types and codes.
Table 1-24
Keywords for ICMP Message Type and Code
Message
Description
administratively-prohibited
Messages that are administratively prohibited from being allowed
access.
alternate-address
Messages that specify alternate IP addresses.
conversion-error
Messages that denote a datagram conversion error.
dod-host-prohibited
Messages that signify a Department of Defense (DoD) protocol
Internet host denial.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-46
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-24
Keywords for ICMP Message Type and Code (continued)
Message
Description
dod-net-prohibited
Messages that specify a DoD protocol network denial.
echo
Messages that are used to send echo packets to test basic network
connectivity.
echo-reply
Messages that are used to send echo reply packets.
general-parameter-problem
Messages that report general parameter problems.
host-isolated
Messages that indicate that the host is isolated.
host-precedence-unreachable
Messages that have been received with the protocol field of the IP
header set to 1 (ICMP) and the type field in the ICMP header set to
3 (Host Unreachable). This is the most common response. Large
numbers of this datagram type on the network are indicative of
network difficulties or may be indicative of hostile actions.
host-redirect
Messages that specify redirection to a host.
host-tos-redirect
Messages that specify redirection to a host for type of
service-based (ToS) routing.
host-tos-unreachable
Messages that denote that the host is unreachable for ToS-based
routing.
host-unknown
Messages that specify that the host or source is unknown.
host-unreachable
Messages that specify that the host is unreachable.
information-reply
Messages that contain domain name replies.
information-request
Messages that contain domain name requests.
mask-reply
Messages that contain subnet mask replies.
mask-request
Messages that contain subnet mask requests.
mobile-redirect
Messages that specify redirection to a mobile host.
net-redirect
Messages that are used for redirection to a different network.
net-tos-redirect
Messages that are used for redirection to a different network for
ToS-based routing.
net-tos-unreachable
Messages that specify that the network is unreachable for the
ToS-based routing.
net-unreachable
Messages that specify that the network is unreachable.
network-unknown
Messages that denote that the network is unknown.
no-room-for-option
Messages that specify the requirement of a parameter, but that no
room is available for it.
option-missing
Messages that specify the requirement of a parameter, but that
parameter is not available.
packet-too-big
Messages that specify that the ICMP packet requires fragmentation
but the Do Not Fragment (DF) bit is set.
parameter-problem
Messages that signify parameter-related problems.
port-unreachable
Messages that specify that the port is unreachable.
precedence-unreachable
Messages that specify that host precedence is not available.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-47
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-24
Keywords for ICMP Message Type and Code (continued)
Message
Description
protocol-unreachable
Messages that specify that the protocol is unreachable.
reassembly-timeout
Messages that specify a timeout during reassembling of packets.
redirect
Messages that have been received with the protocol field of the IP
header set to 1 (ICMP) and the type field in the ICMP header set to
5 (Redirect). ICMP redirect messages are used by routers to notify
the hosts on the data link that a better route is available for a
particular destination.
router-advertisement
Messages that contain ICMP router discovery messages called
router advertisements.
router-solicitation
Messages that are multicast to ask for immediate updates on
neighboring router interface states.
source-quench
Messages that have been received with the protocol field of the IP
header set to 1 (ICMP) and the type field in the ICMP header set to
4 (Source Quench). This datagram may be used in network
management to provide congestion control. A source quench
packet is issued when a router is beginning to lose packets due to
the transmission rate of a source. The source quench is a request to
the source to reduce the rate of a datagram transmission.
source-route-failed
Messages that specify the failure of a source route.
time-exceeded
Messages that specify information about all instances when
specified times were exceeded.
timestamp-reply
Messages that contain timestamp replies.
timestamp-request
Messages that contain timestamp requests.
traceroute
Messages that specify the entire route to a network host from the
source.
ttl-exceeded
Messages that specify that ICMP packets have exceeded the
time-to-live configuration.
unreachable
Messages that are sent when packets are denied by an access
control list; these packets are not dropped in the hardware but
generate the ICMP-unreachable message.
Applying an IP ACL to an Interface
The IP ACLs can be applied to a particular interface (such as management services to a private IP
address) so that the device can have one interface in a public IP address space that serves content and
another interface in a private IP address space that the administrator uses for management purposes. This
feature ensures that clients can access the Service Engine only in the public IP address space for serving
content and not access it for management purposes. A device attempting to access one of these
applications that is associated with an IP ACL must be on the list of trusted devices to be allowed access.
To apply an IP ACL to an interface from the CLI, use the following interface configuration command:
interface {GigabitEthernet | Portchannel | Standby | TenGigabitEthernet} slot/port [ip]
access-group {accesslistnumber | accesslistname} {in | out}
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-48
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Deleting an IP ACL
You can delete an IP ACL, including all conditions and associations with network interfaces, or you can
delete only the IP ACL conditions. Deleting all conditions allows you to change the IP ACL type if you
choose to do so. The IP ACL entry continues to appear in the IP ACL listing; however, it is in effect
nonexistent.
To delete an IP ACL, do the following:
Step 1
Choose Devices > Devices. > General Settings > Network > IP ACL for IPv4 addressing. The IP ACL
Table page is displayed.
Step 2
Click the Edit icon next to the name of the IP ACL that you want to delete. The Modifying IP ACL page
is displayed. If you created conditions for the IP ACL, you have three options for deletion:
•
Delete ACL—This option removes the IP ACL, including all conditions and associations with
network interfaces and applications.
•
Delete All Conditions—This option removes all the conditions, while preserving the IP ACL name.
•
Delete IP ACL Condition—This option removes one condition from the ACL.
Step 3
To delete the entire IP ACL, click Delete ACL in the task bar. You are prompted to confirm your action.
Click OK. The record is deleted.
Step 4
To delete only the conditions, click Delete All Conditions in the task bar. You are prompted to confirm
your action. Click OK. The window refreshes, conditions are deleted, and the ACL Type field becomes
available.
Step 5
To delete one condition, do the following:
a.
Click the Edit icon next to the condition. The condition settings are displayed.
b.
Click the Delete IP ACL Condition icon in the task bar. The IP ACL table is displayed.
c.
Click Submit to save the IP ACL table to the database.
Configuring Static IPv4 Routes
The Static IP Routes page allows you to configure a static IPv4 route for a network or host. Any IP packet
designated for the specified destination uses the configured route.
To configure a static IP route, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > Static IP Routes. The IP Route Table page
is displayed.
The table is sortable by clicking the column headings.
Step 2
Click the Create New icon in the task bar. The IP Route page is displayed.
To edit a static route, click the Edit icon next to the name you want to edit.
Step 3
In the Destination Network Address field, enter the destination network IP address.
Step 4
In the Netmask field, enter the destination host netmask.
Step 5
In the Gateway’s IP Address field, enter the IP address of the gateway interface.
Step 6
Click Submit to save the settings.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-49
Chapter 1
Configuring Devices
Configuring the Service Engine
To delete a route, click the Edit icon for the route, then click the Delete icon in the task bar.
Configuring DSR VIP
The VDS-OS supports Virtual IP (VIP) configuration for Direct Server Return (DSR) when working
with networks that use load balancers. DSR bypasses the load balancer for all server responses to client
requests by using MAC Address Translation (MAT).
The VDS-OS allows for the configuration of up to four VIPs (on loopback interfaces).
Client requests are sent to the load balancer and the load balancer sends the requests on to the Service
Router. If DSR VIP is configured on the VDS-OS (and supported on the load balancer), all VDS-OS
responses to the client are sent directly to the client, bypassing the load balancer.
Note
If DSR VIP is configured on an SE, the DSR VIP IP address cannot be the same as the origin service
FQDN (OFQDN).
To configure a DSR VIP, do the following:
Step 1
Choose Devices > Devices > General Settings > Network > DSR VIP. The DSR VIP page is displayed.
Step 2
In the Direct Server Return VIP 1 field, enter the IPv4 address of the Direct Server Return VIP.
Step 3
Enter any additional DSR VIPs in the remaining fields (Direct Server Return VIP 2 to 4).
Step 4
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring Notification and Tracking
The Notification and Tracking pages provide settings for alarms, thresholds, SNMP connectivity, and
device monitoring. Configuring notification and tracking consists of the following procedures:
•
Enabling Alarm Overload Detection
•
Setting Service Monitor Thresholds
•
Configuring SNMP
•
Enabling System Logs
Alarm Settings
The Alarm Settings page covers the following configuration settings;
•
Enabling Alarm Overload Detection
•
Alarms for Admin Shutdown Interface
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-50
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Enabling Alarm Overload Detection
The device tracks the rate of incoming alarms from the Node Health Manager. If the rate of incoming
alarms exceeds the high-water mark (HWM) threshold, the device enters an alarm overload state. This
condition occurs when multiple applications raise alarms at the same time. When a device is in an alarm
overload state, the following events occur:
•
Traps for the raise alarm-overload alarm and clear alarm-overload alarm are sent. SNMP traps for
subsequent alarm raise-and-clear operations are suspended.
•
Traps for alarm operations that occur between the raise-alarm-overload alarm and the
clear-alarm-overload alarm operations are suspended, but individual device alarm information is
still collected and available using the CLI.
•
Device remains in an alarm overload state until the rate of incoming alarms decreases to less than
the low-water mark (LWM).
•
If the incoming alarm rate falls below the LWM, the device comes out of the alarm overload state
and begins to report the alarm counts to the SNMP servers and the VOSM.
Alarms that have been raised on a device can be listed by using the CLI commands shown in Table 1-25.
These CLI commands allow you to systematically drill down to the source of an alarm.
Table 1-25
Viewing Device Alarms
Command Syntax
Description
show
alarms
Displays a list of all currently raised alarms (critical, major, and
minor alarms) on the device.
show alarms critical Displays a list of only currently raised critical alarms on the device.
show alarms major
Displays a list of only currently raised major alarms on the device.
show alarms minor
Displays a list of only currently raised minor alarms on the device.
show alarms detail
Displays detailed information about the currently raised alarms.
show alarms history Displays a history of alarms that have been raised and cleared on the
device. The CLI retains the last 100 alarm raise and clear events
only.
show alarms status
Displays the counts for the currently raised alarms on the device.
Also lists the alarm-overload state and the alarm-overload settings.
To configure the alarm overload detection, do the following:
Step 1
Choose Devices > Devices > General Settings > Notification and Tracking > Alarm Settings. The
Alarm Settings page is displayed.
Step 2
Uncheck the Enable Alarm Overload Detection check box if you do not want to configure the device
to suspend alarm raise and clear operations when multiple applications report error conditions. Alarm
overload detection is enabled by default.
Step 3
In the Alarm Overload Low Water Mark field, enter the number of alarms per second for the clear
alarm overload threshold. The low water mark is the level to which the number of alarms must drop
below before alarm traps can be sent. The default value is 1.
Step 4
In the Alarm Overload High Water Mark field, enter the number of alarms per second for the raise
alarm-overload threshold. The high-water mark is the level the number of alarms must exceed before
alarms are suspended. The default value is 10.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-51
Chapter 1
Configuring Devices
Configuring the Service Engine
Step 5
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Alarms for Admin Shutdown Interface
When the Alarms for Admin Shutdown Interface check box is checked, the interface alarm is
shutdown. If there is already an alarm raised when the setting is submitted, clearing the option and
submitting the change does not clear the outstanding alarm. There are two ways to avoid this situation:
Note
1.
Clear the outstanding alarm first before disabling this option.
2.
Disable this option and reboot. The alarm is cleared during reboot.
The Alarms for Admin Shutdown Interface option should be enabled before any of the above for the
alarm to take affect.
To enable the Alarms for Admin Shutdown Interface option, do the following:
Step 1
Choose Devices > Devices > General Settings > Notification and Tracking > Alarm Settings. The
Alarm Settings page is displayed.
Step 2
Check the Alarms for Admin Shutdown Interface check box to enable this option.
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Setting Service Monitor Thresholds
The Service Monitor page is where you configure workload thresholds for the device.
In load-based routing, these thresholds are used to determine the best device to serve requested content.
For more information about load-based routing, see the “Configuring the Service Router” section on
page 1-66.
Note
Threshold monitoring is performed on each device in the VDS-OS. The NIC bandwidth thresholds are
only monitored on the SE. They are not monitored on the SR and VOSM.
Note
The base license limit is set to 200 sessions and 200 Mbps bandwidth.
•
The burst count, which indicates the number of days after which a major alarm is raised, is
configurable. On the Service Engine, use the service-router service-monitor threshold burstcnt
command to configure the burst count. The default setting is one (1), which means all the minor
alarms that occur in a single day (24-hour interval) are counted as one single alarm. If the
service-router service-monitor threshold burstcnt command is set to two, all minor alarms that
occur in two days (48-hour interval) are counted as a single alarm.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-52
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
To configure workload thresholds, do the following:
Step 1
Choose Devices > Devices > General Settings > Notification and Tracking > Service Monitor. The
Service Monitor page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-26 for a description of the fields.
Table 1-26
Service Monitor Fields
Field
Description
CPU Settings
Enable
Allows the SR to collect CPU load information from the device.
Threshold
Value (as a percentage) that determines when the device is overloaded. The threshold
determines the extent of CPU usage allowed. The range is from 1 to 100. The default
is 80.
Sample Period
Time interval (in seconds) between two consecutive samples. The sample period is
the time during which the devices exchange keepalive messages that contain the
device load information. The range is from 1 to 60. The default is 1.
Number of
Samples
Number of most recently sampled values used when calculating the average. The
range is from 1 to 120. The default is 2.
Disk Settings
Enable
Allows the SR to collect disk transaction information from the device.
Threshold
The threshold, as a percentage, determines the extent of disk I/O load allowed. The
disk threshold is a disk I/O load threshold setting. It is not used to monitor disk
usage, it is calculated using the kernel’s diskstats status. This represents how much
disk I/O capacity the device is using. It is calculated across all disks on the device.
The range is from 1 to 100. The default is 80.
Sample Period
Time interval (in seconds) between two consecutive samples. The range is from 1 to
60. The default is 1.
Number of
Samples
Number of most recently sampled values used when calculating the average. The
range is from 1 to 120. The default is 2.
Memory Settings
Enable
Allows the SR to collect memory usage information from the device.
Threshold
The threshold (in percent) determines the extent of memory usage allowed. The
range is from 1 to 100. The default is 80.
Sample Period
Time interval (in seconds) between two consecutive samples. The range is from 1 to
60. The default is 1.
Number of
Samples
Number of most recently sampled values used when calculating the average. The
range is from 1 to 120. The default is 2.
KMemory Settings
Enable
Allows the SR to collect kernel memory usage information from the device.
Threshold
The threshold (in percent) determines the extent of kernel memory usage allowed.
The range is from 1 to 100. The default is 50.
Sample Period
Time interval (in seconds) between two consecutive samples. The range is from 1 to
60. The default is 1.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-53
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-26
Service Monitor Fields (continued)
Field
Description
Number of
Samples
Number of most recently sampled values used when calculating the average. The
range is from 1 to 120. The default is 2.
NIC Bandwidth Settings (Only applicable to SEs)
Enable
Allows the SR to collect NIC bandwidth information from the SE.
Threshold
The threshold, as a percentage, determines the extent of NIC bandwidth usage
allowed. The range is from 1 to 100. The default is 90.
Sample Period
Time interval (in seconds) between two consecutive samples. The range is from 1 to
60. The default is 3.
Number of
Samples
Number of most recently sampled values used when calculating the average. The
range is from 1 to 120. The default is 2.
Disk Failure Settings
Threshold
Overall percentage of CDNFS disk failures. The range is from 1 to 100. The default
is 75.
When the percentage failed disks exceeds this threshold, no further requests are sent
to this device. The Disk Failure Threshold is only for the CDNFS disks.
Note
When an alarm is received for a SYSTEM disk, it is immediately marked as
a failed disk. It is not checked against the Disk Failure Threshold. The SR
continues redirecting to the SE, unless all SYSTEM disks on the SE are
marked as failed disks. If disks have both SYSTEM and CDNFS partitions,
they are treated as only system disks, which means they are not included in
the accounting of the CDNFS disk calculation.
Augmentation Alarms
Enable
Enables augmentation alarms. For more information, see the “Augmentation
Alarms” section on page 1-55.
Threshold
The augmentation alarms threshold is a percentage, that applies to the CPU, memory,
kernel memory, disk, disk fail count, and NIC usages. By default it is set to 80
percent. The threshold value range is 1–100.
As an example of an augmentation alarm, if the threshold configured for CPU usage
is 80 percent, and the augmentation threshold is set to 80 percent, then the
augmentation alarm for CPU usage is raised when the CPU usage crosses 64 percent.
If “A” represents the Service Monitor threshold configured, and “B” represents the
augmentation threshold configured, then the threshold for raising an augmentation
alarm = (A * B) / 100 percent.
Transaction Logging
Enable
Step 3
Enables Service Monitoring transaction logging. For more information, see the
“Service Monitor Transaction Logs” section on page 1-31.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-54
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Augmentation Alarms
Augmentation alarms are soft alarms that send alerts before the threshold is reached. These alarms are
applicable to all devices—Service Engines, Service Routers, and VOSMs. Augmentation thresholds
apply to device parameters.
A different augmentation alarm is supported for each of the device-level thresholds. Based on the device
parameters monitored by Service Monitor, the following minor alarms could be raised for device-level
thresholds:
•
CpuAugThreshold—Service Monitor CPU augmentation alarm.
•
MemAugThreshold—Service Monitor memory augmentation alarm.
•
KmemAugThreshold—Service Monitor kernel memory augmentation alarm.
•
DiskAugThreshold—Service Monitor disk augmentation alarm.
•
DiskFailCntAugThreshold—Service Monitor disk failure count augmentation alarm.
•
NicAugThreshold—Service Monitor NIC augmentation alarm.
Check the augmentation threshold, device-level threshold, and average load for the above alarm
instance. Add more devices if necessary. A useful command is the show service-router service-monitor
command. The augmentation alarms raised are displayed in the show alarms detail command. The
alarms are cleared when the load goes below the augmentation threshold.
Note
For system disks (disks that contain SYSTEM partitions), only when all system disks are bad is the
diskfailure augmentation and threshold alarms raised. The diskfailcnt threshold does not apply to system
disks. The threshold only applies to CDNFS disks, which is also the case for the augmentation
thresholds. This is because the system disks use RAID1. There is a separate alarm for bad RAID. With
the RAID system, if the critical primary disk fails, the other mirrored disk (mirroring only occurs for
SYSTEM partitions) seamlessly continues operation. However, if the disk drive that is marked bad is a
critical disk drive, the redundancy of the system disks for this device is affected. For more information
on disk error handling and threshold recommendations, see the “Enabling Disk Error Handling” section
on page 1-32.

As the show disk details command output reports, if disks have both SYSTEM and CDNFS partitions,
they are treated as only system disks, which means they are not included in the accounting of the CDNFS
disk calculation.
Note
The NIC augmentation alarm is only applicable if the device is an SE.
Configuring SNMP
The VDS-OS supports the following versions of SNMP:
•
Version 1 (SNMPv1)—A network management protocol that provides a means to monitor and
control network devices, and to manage configurations, statistics collection, performance, and
security.
•
Version 2 (SNMPv2c)—The second version of SNMP, it supports centralized and distributed
network management strategies, and includes improvements in the Structure of Management
Information (SMI), protocol operations, management architecture, and security.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-55
Chapter 1
Configuring Devices
Configuring the Service Engine
•
Version 3 (SNMPv3)—An interoperable standards-based protocol for network management.
SNMPv3 provides secure access to devices by a combination of authenticating and encrypting
packets over the network. The security features provided in SNMPv3 are:
– Message integrity—Ensuring that a packet has not been tampered with in-transit.
– Authentication—Determining the message is from a valid source.
– Encryption—Scrambling the contents of a packet prevent it from being seen by an unauthorized
source.
SNMPv3 provides for both security models and security levels. A security model is an
authentication strategy that is set up for a user and the group in which the user resides. A security
level is the permitted level of security within a security model. A combination of a security model
and a security level determines which security mechanism is employed when handling an SNMP
packet. Three security models are available: SNMPv1, SNMPv2c, and SNMPv3.
Table 1-27 identifies what the combinations of security models and levels mean.
Table 1-27
SNMP Security Models and Levels
Model Level
Authentication
Encryption
Process
v1
noAuthNoPriv
Community String
No
Uses a community string match for
authentication.
v2c
noAuthNoPriv
Community String
No
Uses a community string match for
authentication.
v3
noAuthNoPriv
Username
No
Uses a username match for authentication.
v3
authNoPriv
MD5 or SHA
No
Provides authentication based on the
HMAC-MD5 or HMAC-SHA algorithms.
v3
authPriv
MD5 or SHA
DES
Provides authentication based on the
HMAC-MD5 or HMAC-SHA algorithms.
Provides DES 56-bit encryption in
addition to authentication based on the
CBC-DES (DES-56) standard.
The SNMPv3 agent can be used in the following modes:
•
noAuthNoPriv mode (that is, no security mechanisms turned on for packets)
•
AuthNoPriv mode (for packets that do not need to be encrypted using the privacy algorithm [DES
56])
•
AuthPriv mode (for packets that must be encrypted; privacy requires that authentication be
performed on the packet)
Using SNMPv3, users can securely collect management information from their SNMP agents without
worrying that the data has been tampered with. Also, confidential information, such as SNMP set packets
that change a Content Engine’s configuration, can be encrypted to prevent their contents from being
exposed on the wire. Also, the group-based administrative model allows different users to access the
same SNMP agent with varying access privileges.
Note the following about SNMPv3 objects:
•
Each user belongs to a group.
•
Group defines the access policy for a set of users.
•
Access policy is what SNMP objects can be accessed for reading, writing, and creating.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-56
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
•
Group determines the list of notifications its users can receive.
•
Group also defines the security model and security level for its users.
To configure the SNMP settings, do the following:
Step 1
Choose Devices > Devices > General Settings > Notification and Tracking > SNMP > General
Settings. The SNMP General Settings page is displayed.
Step 2
Enable the settings as appropriate. See Table 1-28 for a description of the fields.
Table 1-28
Field
SNMP General Settings Fields
Description
Traps
Enable SNMP
Settings
Enables the SNMP agent to transmit traps to the SNMP server.
Service Engine
Enables the Disk Fail trap, which is the disk failure error trap.
SNMP
Enables SNMP-specific traps:
SE Alarm
•
Authentication—Enables authentication trap.
•
Cold Start—Enables cold start trap.
Enables alarm traps:
•
Raise Critical—Enables raise-critical alarm trap.
•
Clear Critical—Enables clear-critical alarm trap.
•
Raise Major—Enables raise-major alarm trap.
•
Clear Major—Enables clear-major alarm trap.
•
Raise Minor—Enables raise-minor alarm trap.
•
Clear Minor—Enables clear-minor alarm trap.
Entity
Enables SNMP entity traps.
Config
Enables CiscoConfigManEvent error traps.
Miscellaneous Settings
Notify Inform
Step 3
Enables the SNMP notify inform request.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Step 4
From the left-panel menu, click Community. The SNMP Community Table page is displayed.
The table is sortable by clicking the column headings. The maximum number of community strings that
can be created is ten.
Step 5
Click the Create New icon in the task bar. The SNMP Community page is displayed.
Click the Edit icon next to the community name to edit a community setting.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-57
Chapter 1
Configuring Devices
Configuring the Service Engine
Note
Step 6
Each community is associated with a group. Each group has a view and users are assigned to a
group. If the group does not have a view associated with it, then users associated that group
cannot access any MIB entry.
Enter the settings as appropriate. See Table 1-29 for a description of the fields.
Table 1-29
Field
Description
Community
Community string used as a password for authentication when you access the
SNMP agent of the device using SNMPv1 or SNMPv2. The “Community Name”
field of any SNMP message sent to the device must match the community string
defined here to be authenticated. You can enter a maximum of 64 characters in this
field.
Group name/rw
Group to which the community string belongs. The Read/Write option allows a
read or write group to be associated with this community string. The Read/Write
option permits access to only a portion of the MIB subtree. Choose one of the
following three options from the drop-down list:
Group Name
Step 7
SNMP Community Fields
•
None—Choose this option if you do not want to specify a group name to be
associated with the community string.
•
Read/Write—Choose this option if you want to allow read-write access to the
group associated with this community string.
•
Group—Choose this option if you want to specify a group name.
Name of the group to which the community string belongs. You can enter a
maximum of 64 characters in this field. This field is available only if you have
chosen the Group option in the Group name/rw field.
Click Submit to save the settings.
To delete an SNMP community, click the Edit icon for the community, then click the Delete icon in the
task bar.
Step 8
From the left-panel menu, click Group. The SNMP Group Table page is displayed.
The table is sortable by clicking the column headings. The maximum number of groups that can be
created is ten.
Step 9
Click the Create New icon in the task bar. The SNMP Group page is displayed.
Click the Edit icon next to the Group Name to edit a group.
Step 10
Enter the settings as appropriate. See Table 1-30 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-58
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-30
SNMP Group Fields
Field
Description
Name
Name of the SNMP group. You can enter a maximum of 256 characters.
A group defines a set of users belonging to a particular security model. A group
defines the access rights for all the users belonging to it. Access rights define what
SNMP objects can be read, written to, or created. In addition, the group defines
what notifications a user is allowed to receive.
An SNMP group is a collection of SNMP users that belong to a common SNMP
list that defines an access policy, in which object identification numbers (OIDs) are
both read-accessible and write-accessible. Users belonging to a particular SNMP
group inherit all of the attributes defined by the group.
Sec Model
Security model for the group. Choose one of the following options from the
drop-down list:
•
v1—Version 1 security model (SNMP Version 1 [noAuthNoPriv]).
•
v2c—Version 2c security model (SNMP Version 2 [noAuthNoPriv]).
•
v3-auth—User security level SNMP Version 3 (AuthNoPriv).
•
v3-noauth—User security level SNMP Version 3 (noAuthNoPriv).
•
v3-priv— User security level SNMP Version 3 (AuthPriv).
The Sec Model you choose determines which of the following three security
algorithms is used on each SNMP packet:
Read View
•
noAuthNoPriv—Authenticates a packet by a string match of the username.
•
AuthNoPriv—Authenticates a packet by using either the HMAC MD5 or SHA
algorithms.
•
AuthPriv—Authenticates a packet by using either the HMAC MD5 or SHA
algorithms and encrypts the packet using the CBC-DES (DES-56) algorithm.
Name of the view (a maximum of 64 characters) that enables you only to view the
contents of the agent. By default, no view is defined. To provide read access to
users of the group, a view must be specified.
A read view defines the list of object identifiers (OIDs) that are accessible for
reading by users belonging to the group.
Write View
Name of the view (a maximum of 64 characters) that enables you to enter data and
configure the contents of the agent. By default, no view is defined.
A write view defines the list of object identifiers (OIDs) that are able to be created
or modified by users of the group.
Notify View
Name of the view (a maximum of 64 characters) that enables you to specify a
notify, inform, or trap. By default, no view is defined.
A notify view defines the list of notifications that can be sent to each user in the
group.
Step 11
Click Submit to save the settings.
To delete an SNMP group, click the Edit icon for the group, then click the Delete icon in the task bar.
Step 12
From the left-panel menu, click User. The SNMP User Table page is displayed.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-59
Chapter 1
Configuring Devices
Configuring the Service Engine
The table is sortable by clicking the column headings. The maximum number of users that can be created
is ten.
Step 13
Click the Create New icon in the task bar. The SNMP User page is displayed.
Click the Edit icon next to the username to edit a user.
Step 14
Enter the settings as appropriate. See Table 1-31 for a description of the fields.
Table 1-31
SNMP User Fields
Field
Description
Name
String representing the name of the user (256 characters maximum) who can access
the device.
An SNMP user is a person for which an SNMP management operation is
performed.
Group
Name of the group (256 characters maximum) to which the user belongs.
Remote SNMP ID Globally unique identifier for a remote SNMP entity. To send an SNMPv3 message
to the device, at least one user with a remote SNMP ID must be configured on the
device. The SNMP ID must be entered in octet string format. For example, if the
IP address of a remote SNMP entity is 192.147.142.129, then the octet string
would be 00:00:63:00:00:00:a1:c0:93:8e:81.
Authentication
Algorithm
Authentication
Password
Authentication algorithm that ensures the integrity of SNMP packets during
transmission. Choose one of the following three options from the drop-down list:
•
No-auth—Requires no security mechanism to be turned on for SNMP
packets.
•
MD5—Provides authentication based on the hash-based Message
Authentication Code Message Digest 5 (HMAC-MD5) algorithm.
•
SHA—Provides authentication based on the hash-based Message
Authentication Code Secure Hash (HMAC-SHA) algorithm.
String (256 characters maximum) that configures the user authentication
(HMAC-MD5 or HMAC-SHA) password. The number of characters is adjusted to
fit the display area if it exceeds the limit for display.
This field is optional if the no-auth option is chosen for the authentication
algorithm. Otherwise, this field must contain a value.
Step 15
Confirmation
Password
Authentication password for confirmation. The re-entered password must be the
same as the one entered in the Authentication Password field.
Private Password
String (256 characters maximum) that configures the authentication (HMAC-MD5
or HMAC-SHA) parameters to enable the SNMP agent to receive packets from the
SNMP host. The number of characters is adjusted to fit the display area if it
exceeds the limit for display.
Confirmation
Password
Private password for confirmation. The re-entered password must be the same as
the one entered in the Private Password field.
Click Submit to save the settings.
To delete an SNMP user, click the Edit icon for the user, then click the Delete icon in the task bar.
Step 16
To define a SNMPv2 MIB view, click View from the left-panel menu. The SNMP View Table page is
displayed.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-60
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
The table is sortable by clicking the column headings. The maximum number of SNMPv2 views that can
be created is ten.
SNMP view—A mapping between SNMP objects and the access rights available for those objects. An
object can have different access rights in each view. Access rights indicate whether the object is
accessible by either a community string or a user.
Step 17
Click the Create New icon in the task bar. The SNMP View page is displayed.
Click the Edit icon next to the username to edit a view.
Step 18
Enter the settings as appropriate. See Table 1-32 for a description of the fields.
Table 1-32
SNMP View Fields
Field
Description
Name
String representing the name of this family of view subtrees (256 characters
maximum). The family name must be a valid MIB name such as ENTITY-MIB.
Family
Object identifier (256 characters maximum) that identifies a subtree of the MIB.
View Type
View option that determines the inclusion or exclusion of the MIB family from the
view. Choose one of the following two options from the drop-down list:
•
Included—The MIB family is included in the view.
•
Excluded—The MIB family is excluded from the view.
Note
Step 19
When configuring an SNMP View with Excluded, the specified MIB that
is excluded is not accessible for the community associated with the group
that has that view.
Click Submit to save the settings.
To delete an SNMP view, click the Edit icon for the view, then click the Delete icon in the task bar.
Step 20
From the left-panel menu, click Host. The SNMP Host Table page is displayed.
The table is sortable by clicking the column headings. The maximum number of hosts that can be created
is four.
Step 21
Click the Create New icon in the task bar. The SNMP Host page is displayed.
Click the Edit icon next to the hostname to edit a host.
Step 22
Enter the settings as appropriate. See Table 1-33 for a description of the fields.
Table 1-33
SNMP Host Fields
Field
Description
Trap Host
Hostname or IP address an SNMP entity to which notifications (traps and informs)
are to be sent.
Community/User
Name of the SNMP community or user (256 characters maximum) that is sent in
SNMP trap messages from the device.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-61
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-33
Step 23
SNMP Host Fields (continued)
Field
Description
Authentication
Security model to use for sending notification to the recipient of an SNMP trap
operation. Choose one of the following options from the drop-down list:
•
No-auth—Sends notification without any security mechanism.
•
v2c—Sends notification using Version 2c security.
•
Model v3-auth—Sends notification using SNMP Version 3 (AuthNoPriv).
•
Security Level v3-noauth—Sends notification using SNMP Version 3
(NoAuthNoPriv security).
•
Level v3-priv—Sends notification using SNMP Version 3 (AuthPriv
security).
Retry
Number of retries (1 to 10) allowed for the inform request. The default is 2.
Timeout
Timeout for the inform request in seconds (1 to 1000). The default is 15.
Click Submit to save the settings.
To delete an SNMP host, click the Edit icon for the host, then click the Delete icon in the task bar.
Step 24
From the left-panel menu, click Asset Tag. The SNMP Asset Tag page is displayed.
Step 25
In the Asset Tag Name field, enter a name for the asset tag and click Submit.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Step 26
From the left-panel menu, click Contact. The SNMP Contact page is displayed.
Step 27
In the Contact field, enter a name of the contact person for this device.
Step 28
In the Location field, enter a location of the contact person for this device.
Step 29
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Supported MIBs
The SNMP agent supports the following MIBs:
•
ENTITY-MIB (RFC 2037 Revision 199610310000Z))
•
MIB-II (RFC 1213)
•
HOST-RESOURCES-MIB (RFC 2790, hrSWInstalled and hrPrinterTable subgroups are not
supported)
•
BGP-4-MIB (RFC-4274)
•
UCD-SNMP-MIB
•
CISCO-ENTITY-ASSET-MIB
•
CISCO-CONFIG-MAN-MIB (Revision 9511280000Z)
•
CISCO-SERVICE-ENGINE-MIB (supports streaming media-related MIB objects)
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-62
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
ENTITY-MIB, MIB-II, HOST-RESOURCES-MIB, BGP-4-MIB, and UCD-SNMP-MIB are
public-available MIBs.
To download a copy of the CISCO-SERVICE-ENGINE-MIB, do the following:
Step 1
Choose System > Files > SNMP MIB. The CISCO_SERVICE-ENGINE-MIB.my is listed.
Step 2
Click one of the following links;
•
CISCO_SERVICE-ENGINE-MIB.my
•
CISCO_CDS_SERVICE_ROUTING_MIB.my
Your browser program displays a dialog box asking if you want to open or save the file.
Step 3
Choose the appropriate option; either open or save the file.
For each 64-bit counter MIB object in the CISCO-SERVICE-ENGINE-MIB, a 32-bit counter MIB
object is implemented so that SNMP clients using SNMPv1 can retrieve data associated with 64-bit
counter MIB objects. The MIB objects of each of these groups are read-only.
The CISCO_CDS_SERVICE_ROUTING_MIB.my provides some object identifiers (OIDs) for Service
Router statistics. All the OIDs in the MIB are only for querying purposes; no traps have been added to
this MIB. The Service Router MIB provides two groups, cdssrStatsGroup and
cdssrServiceMonitorGroup, which contain OIDs for the statistics from the show statistics
service-router summary/dns/history/se/content-origin command and the show service-router
service-monitor command.
Use the following link to access the CISCO-ENTITY-ASSET-MIB and the
CISCO-CONFIG-MAN-MIB:
ftp://ftp.cisco.com/pub/mibs/v2/
Note
If your browser is located behind a firewall or you are connecting to the Internet with a DSL modem and
you are unable to access this file folder, you must change your web browser compatibility settings. In
the Internet Explorer (IE) web browser, choose Tools > Internet Options > Advanced, and check the
Use Passive FTP check box.
Enabling System Logs
Use the System Logs page to set specific parameters for the system log file (syslog). This file contains
authentication entries, privilege level settings, and administrative details. System logging is always
enabled. By default, the system log file is stored as /local1/syslog.txt.
To enable system logging, do the following:
Step 1
Choose Devices > Devices > General Settings > Notification and Tracking > System Logs. The
System Log Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-34 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-63
Chapter 1
Configuring Devices
Configuring the Service Engine
Table 1-34
Field
System Logs Settings Fields
Description
System Logs
Enable
Enables system logs.
Facility
Facility where the system log is sent.
Console Settings
Enable
Enable sending the system log to the console.
Priority
Severity level of the message that should be sent to the specified remote syslog
host. The default priority is warning. The priorities are:
Emergency—System is unusable.
Alert—Immediate action needed.
Critical—Critical condition.
Error—Error conditions.
Warning—Warning conditions.
Notice—Normal but significant conditions.
Information—Informational messages.
Debug—Debugging messages.
Disk Settings
Enable
Enables saving the system logs to disk.
File Name
Path and filename where the system log file is stored on the disk. The default is
/local1/syslog.txt.
Priority
Severity level of the message that should be sent to the specified remote syslog
host.
Recycle
The maximum size of the system log file before it is recycled. The default is
10000000 bytes.
Host Settings
Step 3
Enable
Enables sending the system log file to a host. You can configure up to four hosts.
Hostname
A hostname or IP address of a remote syslog host.
Priority
Severity level of the message that should be sent to the specified remote syslog
host.
Port
The destination port on the remote host. The default is 514.
Rate Limit
The message rate per second. To limit bandwidth and other resource consumption,
messages can be rate limited. If this limit is exceeded, the remote host drops the
messages. There is no default rate limit, and by default all system log messages are
sent to all syslog hosts.
Click Submit to save the settings.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-64
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Engine
Multiple Hosts for System Logging
Each syslog host can receive different priority levels of syslog messages. Therefore, you can configure
different syslog hosts with a different syslog message priority code to enable the device to send varying
levels of syslog messages to the four external syslog hosts.
However, if you want to achieve syslog host redundancy or failover to a different syslog host, you must
configure multiple syslog hosts on the device and assign the same priority code to each configured syslog
host.
Configuring Troubleshooting
The Kernel Debugger troubleshooting page allows you to enable or disable access to the kernel debugger.
Once enabled, the kernel debugger is automatically activated when kernel problems occur.
Note
The “hardware watchdog” is enabled by default and automatically reboots a device that has stopped
responding for over ten minutes. Enabling the kernel debugger disables the “hardware watchdog.”
If the device runs out of memory and kernel debugger (KDB) is enabled, the KDB is activated and dump
information. If the KDB is disabled and the device runs out of memory, the syslog reports only dump
information and reboots the device.
Enabling the Kernel Debugger
To enable the kernel debugger, do the following:
Step 1
Choose Devices > Devices > General Settings > Troubleshooting > Kernel Debugger. The Kernel
Debugger window appears.
Step 2
To enable the kernel debugger, check the Enable check box, and click Submit.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
For information about monitoring the SEs, see the “Device Monitoring” section on page 1-8.
Configuring Service Router Settings
The keepalive interval is used by the SE to send keepalive messages to the SR. If the SE is configured
with more than one streaming interface, the keepalives are sent for each streaming interface.
Keepalive interval the SE uses for messages to this SR, do the following:
Step 1
Choose Devices > Devices > General Settings > Service Routing Settings. The Service Routing
Settings page is displayed.
Step 2
In the Keepalive-Interval field, enter the number of seconds the messages from the SR should be kept
alive on this SE. The range is from 1 to 120. The default is 2.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-65
Chapter 1
Configuring Devices
Configuring the Service Router
Step 3
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring the Service Router
Configuring a Service Router (SR) consists of the following procedures:
•
Activating a Service Router
•
Configuring Routing Settings
•
Configuring Load Monitoring
•
Configuring Transaction Logs for the Service Router
For information on configuring the general settings, except last-resort routing and transaction logging,
see the “General Settings” section on page 1-19.
Activating a Service Router
Step 1
Devices > Devices. The Devices Table page is displayed.
Step 2
Click the Edit icon next to the SR you want to configure. The Devices home page is displayed.
Step 3
Click Show All to display the top-level menu options, and choose Device Activation. The Device
Activation page is displayed.
Step 4
Enter the settings as appropriate. See Table 1-35 for a description of the fields.
Table 1-35
Service Router Activation Fields
Field
Description
Name
Name of the device.
Location
The Location drop-down list lists all the location configured for the
VDS-OS.
Activate
To activate or deactivate the device, check or uncheck the Activate check
box. Alternatively, you can click the Deactivate Device icon in the task
bar.
When you uncheck the Activate check box and click Submit, the
Replaceable check box is displayed. Check the Replaceable check box
when you need to replace the device or recover lost registration
information. For more information, see the “Recovering VDS-OS
Network Device Registration Information” section on page 1-24.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-66
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Router
Table 1-35
Service Router Activation Fields (continued)
Field
Description
Server Offload
To offload this device for maintenance or a software upgrade, check the
Server Offload check box. When checked, the Service Router stops
processing client requests.
When the SR is marked as inactive or is marked with server offload on the
VOSM it stops responding to DNS queries. Instead, the SR sends a
SERVFAIL error as the DNS response, and for RTSP/HTTP requests, the
SR sends a 503 Service Unavailable message.
To monitor the current activity on an SR during the Server Offload state,
use the show interface command. If the packets received or packets sent
is increasing then the SR is processing client requests.
Note
We recommend separating the management traffic from the client
request traffic by using the port channel configuration, see the
“Configuring Port Channel” section on page 1-1 for more
information.
•
If management and client request traffic are separated, the show
interface command for the client request port channel displays
information on active sessions.
•
If management and streaming traffic are not separated, the show
interface command shows very low traffic; the packets received and
packets sent are lower than a client request session.
Once the SR has finished processing client requests, you can perform
maintenance or upgrade the software on the device. For information about
upgrading the software, see the “Upgrading the Software” section on
page 1-4.
The Status field on the Device Activation page and the Devices Table page
displays “offloading” when Server Offload is checked.
Once the software upgrade or maintenance is complete, you need to
uncheck the Server Offload check box so that the device can again
participate in the system.
Coverage Zone File
To have a local Coverage Zone file overwrite the VDS-OS network-wide
Coverage Zone file, choose a file from the Coverage Zone drop-down list.
See the “Coverage Zone File Registration” section on page 1-10 for
information about creating and registering a Coverage Zone file.
Otherwise, choose None.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-67
Chapter 1
Configuring Devices
Configuring the Service Router
Table 1-35
Service Router Activation Fields (continued)
Field
Description
Use SR’s primary IP
address
Enables the VOSM to use the IP address on the primary interface of the
SR for management communications.
Note
If the Use SR’s primary IP Address for Management
Communication check box is checked and the Management
Communication Address and Port are configured, the VOSM uses
the SR’s primary IP address for communication.
Note
Do not check the Use SR’s primary IP Address for
Management Communication check box if you want to separate
management and streaming traffic. Instead, use the Management
Communication Address and Port fields to specify where
management traffic should be sent.
Management
Manually configures a management IP address for the VOSM to
Communication Address communicate with the SR.
Manual configuration of the management IP address and port are used
when using port channel configuration to separate management and
streaming traffic. For more information about port channel configuration
see the “Configuring Port Channel and Load Balancing Settings” section
on page 1-39 and the “Configuring Port Channel” section on page 1-1.
Management
Communication Port
Port number to enable communication between the VOSM and the SR.
Comments
Information about the settings.
Note
Step 5
To make sure the SR is binding to the primary interface (or management IP address if
configured) as the source IP address when sending management traffic to the VOSM, create a
static route from the SR to the VOSM. To configure a static IPv4 route from the SR, see the
“Configuring Static IPv4 Routes” section on page 1-49 section. Alternatively, you can use the
ip route command on the VDS-OS device.
Click Submit to save the settings.
Configuring Routing Settings
Configuring Redirect Burst ControlConfiguring Redirect Burst Control. For more information, see the
“Service Router (SR)” section on page 1-34.
Configuring Redirect Burst Control
Keepalive messages between the SEs and the SR. The keepalive messages occur every two seconds. If a
burst of client requests occurs between two keepalive messages, the SR may not know about the current
state of the SE, and might route a request to an already overloaded SE.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-68
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Router
The Redirect Burst Control page allows you to configure how many requests (transactions per second
[TPS]) the SR should redirect to an SE during a burst.
To configure the redirect burst control, do the following:
Step 1
Choose Devices > Devices > Routing Settings > Request Routing Settings > Redirect Burst Control.
The Redirect Burst Control page is displayed.
Step 2
Check the Enable Redirect Burst Control check box. The Redirect Burst Control is disabled by default.
Step 3
In the Rate field, enter the maximum TPS the SR can send to an SE. The default is 100000. The range
is from 1 to 100000.
Step 4
Click Submit.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring Load Monitoring
“General Settings” section on page 5-19“General Settings” section on page 1-19.
Load monitoring provides the following functionality:
•
Monitoring and aggregates of the load information of all SEs in the VDS-OS
•
Monitoring and aggregates of all SEs assigned to a specific origin service
Minor alarms are raised when the monitored load exceeds the configured average or maximum threshold
for all SEs in an origin service or all SEs in the VDS-OS.
To configure load monitoring, do the following:
Step 1
Choose Devices > Devices. The Devices Table page is displayed.
Step 2
Click the Edit icon next to the SR you want to configure. The Devices home page is displayed.
Step 3
Click Show All to display the top-level menu options, and choose General Settings > Notification and
Tracking > VOS Monitor > General Settings. The VOS Monitor General Settings page is displayed.
Step 4
In the Sample Period field, enter the number of seconds between two consecutive samples. The sample
period is the time during which the SE and the SR exchange keepalive messages that contain the device
information. The default is 2. The range is from 1 to 300.
Step 5
Check the Enable check box to enable load monitoring. If the Enable check box is not checked, the SE
Settings and Domain Settings pages do not take effect.
Step 6
Click Submit.
Step 7
To enable the monitoring of all SEs in the VDS-OS and configure the aggregate thresholds for the
VDS-OS, choose Devices > Devices (SR) > General Settings > Notification and Tracking > VOS
Monitor > SE Settings. The VOS Monitor Settings page is displayed.
Step 8
Enter the settings as appropriate. See Table 1-36 for a description of the fields.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-69
Chapter 1
Configuring Devices
Configuring the Service Router
Table 1-36
VDS-OS Load Monitoring Fields
Field
Description
Enable
Check the Enable check box to enable load monitoring of all SEs in the VDS-OS.
Note
If the Enable check box is not checked on the VOS Monitor General Settings
page, the SE Settings do not take effect.
Device Average Aggregate load value (as a percentage) of the average of all SEs in the VDS-OS. This
Threshold
threshold defines the average device load of all the SEs in the VDS-OS. If the
threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to
100.
Device
Maximum
Threshold
Aggregate load value (as a percentage) of the maximum of all SEs in the VDS-OS.
This threshold defines the maximum device load of all the SEs in the VDS-OS. If the
threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to
100.
Step 9
Click Submit.
Step 10
To enable monitoring of specific origin services and configure the aggregate thresholds for each domain,
choose Devices > Devices (SR) > General Settings > Notification and Tracking > VOS Monitor >
Domain Settings. The Domain Monitor Table page is displayed.
The table is sortable by clicking the column headings.
Step 11
Click the Create New icon.
Click the Edit icon next to the domain name to edit a table entry.
Step 12
Enter the settings as appropriate. See Table 1-37 for a description of the fields.
Table 1-37
Domain Load Monitoring Fields
Field
Description
Domain Name
The service routing fully-qualified domain name (RFQDN) (for example,
srfqdn.cisco.com) configured for the origin service.
Enable
Check the Enable check box to enable load monitoring of this domain.
Note
If the Enable check box is not checked on the VOS Monitor General Settings
page, the Domain Settings do not take effect.
Device Average Aggregate load value (as a percentage) of the average of all SEs in the VDS-OS. This
Threshold
threshold defines the average device load of all the SEs in the VDS-OS. If the
threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to
100.
Device
Maximum
Threshold
Step 13
Aggregate load value (as a percentage) of the maximum of all SEs in the VDS-OS.
This threshold defines the maximum device load of all the SEs in the VDS-OS. If the
threshold is exceeded, an alarm is raised. The default is 80. The range is from 1 to
100.
Click Submit. The entry is added to the Domain Monitor Table.
To delete a load monitoring configuration for a domain, click the Edit icon for the domain, then click
the Delete icon in the task bar.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-70
OL-28084-04
Chapter 1
Configuring Devices
Configuring the Service Router
Configuring Transaction Logs for the Service Router
“Service Router Transaction Log Fields” section on page 8-29“Service Router Transaction Log Fields”
section on page 1-31.
To enable transaction logging for the SR, do the following:
Step 1
Choose Devices > Devices > General Settings > Notification and Tracking > Transaction Logging.
The Transaction Log Settings page is displayed.
Step 2
Enter the settings as appropriate. See Table 1-38 for a description of the fields.
Table 1-38
Transaction Log Settings Fields
Field
Description
General Settings
Transaction Log Enable
Enables transaction logging.
Compress Files before Export
When this check box is checked, archived log files are compressed
into gzip format before being exported to external FTP servers
Archive Settings
Max size of Archive File
Maximum size (in kilobytes) of the archive file to be maintained on
the local disk. The range is from 1,000 to 2,000,000. The default is
500,000.
Max number of files to be
archived
Maximum number of files to be maintained on the local disk. The
range is from 1 to 10,000. The default is 10.
Archive occurs
How often the working log is archived and the data is cleared from the
working log. Choose one of the following:
•
Choose every to archive every so many seconds, and enter the
number of seconds for the interval. The range is from 120 to
604800.
•
Choose every hour to archive using intervals of one hour or less,
and choose one of the following:
– at—Specifies the minute in which each hourly archive occurs
– every—Specifies the number of minutes for the interval (2, 5,
10, 15, 20, or 30)
•
Choose every day to archive using intervals of one day or less,
and choose one of the following:
– at—Specifies the hour in which each daily archive occurs
– every—Specifies the number of hours for the interval (1, 2,
3, 4, 6, 8, 12, 24)
•
Choose every week on to archive at intervals of one or more times
a week, choose the days of the week, and choose what time each
day.
Export Settings
Enable Export
Enables exporting of the transaction log to an FTP server.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-71
Chapter 1
Configuring Devices
Configuring the VOSM
Table 1-38
Transaction Log Settings Fields (continued)
Field
Description
Export occurs
How often the working log is sent to the FTP server and the data is
cleared from the working log. Choose one of the following:
•
Choose every to export every so many minutes, and enter the
number of minutes for the interval. The range is from 1 to 100800.
•
Choose every hour to export using intervals of one hour or less,
and choose one of the following:
– at—Specifies the minute in which each hourly export occurs
– every—Specifies the number of minutes for the interval (2, 5,
10, 15, 20, or 30)
•
Choose every day to export using intervals of one day or less, and
choose one of the following:
– at—Specifies the hour in which each daily export occurs
– every—Specifies the number of hours for the interval (1, 2,
3, 4, 6, 8, 12, 24)
•
Step 3
Choose every week on to export using intervals of one or more
times a week, choose the days of the week, and what time each
day.
FTP Export Server
IP address or hostname of the FTP server.
Name
Name of the user.
Password
Password for the user.
Confirm Password
Confirms the password for the user.
Directory
Name of the directory used to store the transaction logs on the FTP
server.
SFTP
Check the SFTP check box, if you are using an SFTP server.
Click Submit to save the settings.
To apply the factory default settings for the device, click the Apply Defaults icon in the task bar.
To remove the settings from the device, click the Remove Settings icon in the task bar.
Configuring the VOSM
Configuring a VOSM consists of the General Settings menu items. For information on configuring
general settings, see the “General Settings” section on page 1-19.
Device activation is accomplished during installation and initialization of the VDS-OS devices.
The Device Activation page for the VOSM displays information about the management IP address and
the role of the VOSM. To change the name of the VOSM, enter a new name in the Name field and click
Submit.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-72
OL-28084-04
Chapter 1
Configuring Devices
Configuring the VOSM
For information about primary and standby VOSMs, see the “Configuring Primary and Standby
VOSMs” section on page 1-11.
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
OL-28084-04
1-73
Chapter 1
Configuring Devices
Configuring the VOSM
Cisco Videoscape Distribution Suite Origin Server Release 2.1.1 Software Installation and Configuration Guide
1-74
OL-28084-04
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising