Configuration is the last stage of building the Entuity server. You can run Configure at any time after installation to change the configuration, but ensure you have shut down Entuity before doing so.
The wizard is only available on Windows. You can navigate between the pages in the configuration process at any time using Back and Next. You can re-run configuration by navigating to the Entuity install directory.
Note, the Control Panel Services App in Windows should be closed down before running configure, because this app can lock Windows Services such that they cannot be edited.
Note regarding security recommendations
When the install has reached 100%, you can click Run Configure. An administrative access permission window will open. Click Yes if you want to allow configure permission to carry out tasks such as installing the required services, otherwise click No.
Windows Registry Setting:
The next page (Windows Registry Setting) allows you to confirm the server's registry setting. This setting extends the allowable ephemeral port range to the maximum allowed. This is necessary to allow Entuity to communicate with large numbers of devices. Click Next.
- Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
- Type: REG_DWORD
- Value: 0x000fffe (65534)
Choose Config Folders:
On the next page (Choose Config Folders), set the location of the following folders and then click Next:
Directory | Description |
---|---|
Database directory | folder for the Entuity database. By default this is entuity_home/database/data. |
Database Backup directory | folder for the database backup. By default this is entuity_home/database/backup. |
Log directory | folder to where Entuity writes all of its associated log files. By default this is entuity_home/log. |
Firmware Filepath | From Entuity v20.0 P02 upwards. Folder from where the Firmware Repository will be populated. |
License File Location:
- On the next page (License File Location), you can select the license file to use in the Select the license file to use field. By default, this is the 30 day evaluation license: entuity_home/etc/license.30day.eval.dat. Browse for the name and location of the license file you want to use, and click Next. configure will validate the license file, which may take 30 seconds. If the license does not exist or is invalid, configure will raise an error. Please note, you cannot complete Entuity configuration without a valid Entuity license.
This page also displays the host identifier of the Entuity server, which your Entuity contact requires in order to generate a valid license. Entuity checks the host identifier by running hostident. On Windows environments, this requires the Windows Management Information service to be running. If the service is not running, configure will fail to complete.
Integrated Flow Analyzer:
On the next page (Integrated Flow Analyzer), specify if you want to enable Integrated Flow Analyzer. This enables you to collect and analyze flow records. Note, you do not need to enable Integrated Flow Analyzer to run Entuity, and it can be enabled at a later point. Click Yes or No:
- Yes to configure a server that acts as both a polling and flow collector server, also referred to as an All-in-one server.
- No to configure a server that acts as only a polling server, also referred to as a Standard server. This is the default selection.
Click Next.
Module Selection Panel:
On the next page (Module Selection Panel), select which modules you want to use with Entuity. Please note that a number of modules that, in earlier versions of Entuity, used to be optional are now included in the main body of the Entuity product, i.e. they are enabeld by default. Please see this article for a list of the modules that are enabled by default.
Tick the boxes of the optional modules that you want to enable. Some of these modules require additional licensing. Click Next. The optional modules are as follows:
- Cisco IP SLA.
- Cisco Unified Communications Manager.
- Green IT Support.
- Integration for BMC Atrium CMDB.
- Integration for BMC Remedy Action Request System.
- IP Address Management.
- QoS Module.
Configuration Management:
On the next page (Configuration Management), you can determine the details of the Transfer Server. Please see this article for further help and information on setting and running transfer servers in Entuity. Configuration Management module is enabled by default in Entuity. If you are not going to use Configuration Management in Entuity, you can simply click Next. If you are going to use Configuration Management in Entuity, you will need to use this page to specify the details of the Transfer Server, and then click Next. In Configuration Monitor, your network devices send configurations to the Transfer Server. Ensure that the transfer server IP is an address that your devices are able to route to. The Transfer Server attributes are as follows:
Attribute | Description |
---|---|
Transfer Server IP Address | the dropdown field lists IP addresses on the Entuity server. From this list, select the IP address you want to use with the TFTP and/or FTP servers used in retrieving device configurations. |
Transfer Directory | browse for and select the directory on the Entuity server to which the TFTP and/or FTP server writes retrieved device configurations. By default this is entuity_home/cm_transfer. You must separately configure the TFTP or FTP server to use this directory, for example through the TFTP server initialization file. |
Archive Directory | browse for and select the device-specific sub-directory on the Entuity server to which successfully retrieved device configurations are moved from the Transfer Directory. By default this is entuity_home/cm_archive. |
Note, when Entuity is configured for external authentication, you will need to add the following to the [lcm] section in entuity.cfg, in order to resolve the error 'No permission to execute this task' when running Config Mgmt. The specified user must be a member of the local admins group:
[lcm]
defaultAdminUser=newAdmin
SMTP Server Configuration:
On the next page (SMTP Server Configuration), set up the details for SMTP Server Configuration and then click Next. This configuration enables Entuity to forward events, incidents and reports in an email. Note, your email server admin will need to whitelist the IP address of the Entuity server so that it can send emails.
Note, as of Entuity v21.0 GA and Entuity v20.0 P05, email sender domains are validated for correctness. This means that the ‘emailFrom’ field configured in Entuity must now be valid, and must not contain illegal characters as defined in the RFC 1034.
The SMTP configuration attributes are as follows:
Attribute | Description |
---|---|
SMTP Server Hostname | enter a list of SMTP servers, separated by semi-colons. You can also specify the port number used by servers, e.g: 10.44.2.6;10.44.2.7:25 |
SMTP Username | username used with the server. When you enter a username, you must also enter a password in the SMTP Password field below. If you do not use a username, you can leave the SMTP Username field blank. |
SMTP Password | password used with the username entered in the SMTP Username field above. A password is only required when a username is entered above. |
Show password in plain text | tick the box when you want the SMTP password to be displayed. By default, it is represented by asterisks. |
Sender | default sender email address. You can configure spam filter programs to permit emails from this account. The default account name is Entuity@EntuityServer, where 'Entuity' identifies the product and 'EntuityServer' is the hostname of the Entuity server. |
Subject | default subject line included with any email. When an email is sent, '${eventDescr}' is replaced with the event description and '${eventStr}' is replaced with the object name for the which the event was raised. |
Server Configuration:
On the next page (Server Configuration), set up the Entuity server configuration and then click Next. The server configuration attributes are as follows:
Attribute | Description | |
---|---|---|
Server | Hostname | hostname of the Entuity server. This must be resolvable in DNS. |
SSL Security Options | Use SSL Communication | select to activate SSL to secure sessions between your Entuity server and browsers using TLS v1.2. This is not mandatory, and is only normally required for highly secure environments. Enter the Certificate File, Private Key and optionally the CA Certificate file in the below fields. Your security team will provide these to you. Entuity recommends that these files are installed to entuity_home/etc. |
Certificate File | browse for this file. | |
Key File | browse for this file. | |
CA Certificate File (optional) | browse for this file. | |
Redirect HTTP to HTTPS | select if you want the Entuity web server to automatically redirect wrongly entered HTTP URLs to HTTPS. | |
Database Password | Change Database Root Password | tick to enter a new root password for the database in the field below. You would normally only change the database root password when required by a security team/department. It is recommended to record this setting, because it might be needed by Entuity Support. |
Root Password | enter new root password if the above box is ticked. | |
Re-type Password | reenter new root password. | |
Database Validation | Check and Repair | tick to check and repair the database. This is recommended if you are upgrading or re-running configure. If the Entuity database fails the validation, check that configuration stops. |
Quick Check | default. Select when there is an existing database but no mysql.error.log (this is usually the case when running an Entuity upgrade). With this option, configure runs dbcheck -F to run a fast check for tables that were not properly closed. | |
Full Check | select to run an extended database check. With this option, configure runs dbcheck -E. dbcheck runs a full key lookup for all keys for each row, to ensure that the table is 100% consistent. This check is more thorough and takes longer than the Quick Check. |
Ports Configuration:
On the next page (Ports Configuration), choose whether to use default port numbers or custom TCP ports for a number of services, such as the web server and Tomcat. If you choose to modify the port numbers, configure will display additional pages through which you can amend the default TCP port numbers of Entuity processes. configure will warn you if any of these ports are in use and will allow you to select an alternative. Click Next.
configure will then display the current list of ports if you have selected to modify the default port settings, or if Entuity has identified a port conflict. Port numbers with a green background are valid, but port numbers with a red background indicate a port conflict that requires attention. Enter new port numbers directly into the text field, and click Test to verify the port is available or click Suggest to identify the next available port number. Excluding Web Port, port numbers must be in the range 1025 to 65535. The port settings are as follows, and once you have specified the port settings click Next:
Attribute | Description |
---|---|
Database Port | IP port on which you want the database server mysql to listen. The default is port 3306. |
Web Port | IP port on which you want the web server httpd to listen. The defaults are port 80 for non-secure access and port 443 for SSL. |
Event Request Listener Port | IP port on which you want the event management process to listen for incoming requests to events from subscribed third party integrations. The default is port 19193. |
Event Receiver Port | IP port on which you want the event management process to listen for incoming requests for events, e.g. system events, trap-based events, syslog events. The default is port 19194. |
Ticker Port | IP port on which you want the ticker process to monitor its client ports' activity. The default is port 20202. |
Tomcat Port | IP port used by the application server Tomcat. The default is port 8080. |
Tomcat Admin Port | IP port used to access and manage the application server Tomcat. The default is port 8005. |
Flow Port | IP port on which Entuity Integrated Flow Analyzer receives flow information from devices sending NetFlow, NetStream or JFlow packets. This flow collector port is configurable through configure and flowcfg.properties. Entuity IFA collects IPFIX flow data on port 2055 and sFlow data on port 6343. These collector ports are not configurable. Therefore you must ensure routers using these flow technologies are configured to send data to the appropriate ports, otherwise IFA will not recognize nor collect the data. |
Flow Management Port | IP port used to manage (e.g. stop) the flow collector process. The default is port 12121. |
Summary:
The next page is the Summary page. If you are happy with the configuration settings, click Configure. To abandon the configuration, click Cancel. To move back through the configuration wizard pages and adjust your settings, click Back. Once the configure is complete, you will see a confirmation message at the bottom of the screen. Click Finish to close the configuration program.
Note regarding security recommendations:
Please see this article for security recommendations regarding the default Entuity v19.0 (and below) install configuration.
Comments
0 comments
Please sign in to leave a comment.