• Become a portal pro
• Download
• Print
• My Downloads ()

• Support
• Technical Documentation
• Foglight Experience Monitor 5.8.1
• Foglight Experience Monitor 5.8.1 - Installation and Administration Guide

Foglight Experience Monitor 5.8.1 - Installation and Administration Guide

Table of Contents  

Installing and configuring

Pre-installation considerations

Required hardware and network information Network taps

Installing Foglight Experience Monitor

Installing the appliance on the rack Connecting the appliance Making network connections Setting the appliance clock Entering required network information

Configuring the appliance

Using the web console and setup wizard Entering a permanent license key Configuring the Appliance Type Designating Time Servers Configuring protocols Detecting ports in use Configuring servers Completing the Setup Wizard

Maintaining the appliance Advanced configuration options

Appliance management Data monitoring Foglight Experience Monitor and Ixia Net Tool Optimizers

Multi-appliance clusters

About multi-appliance configurations Setting up High Availability (HA) mode

Configuring Probes for High Availability mode Deleting High Availability configurations

Aggregation of metrics and configuration

Aggregating metrics Configuration settings Storing report sets

Switching from stand-alone to clusters

Creating a cluster from a stand-alone appliance

Configuring the appliance

Network settings

Foglight Mail Network Time Servers (NTP) SNMP Other

User accounts

User account management Global user account options Increasing security for user account management and access privileges

Security settings on the appliance

Configuring the web server to use SSL

Report settings

Email groups Adding email groups Scheduled reports Metric categories Database metrics Baseline calculations Time frames Distribution metrics Percentile metrics Foglight metrics User agent transformations

Database configuration

Viewing the database page Viewing the database details page Resetting a database Resetting the configuration Exporting a configuration Importing a configuration Setting database retention Configuring remote database access Purging existing resources

Appliance integrity

Viewing system information System information in a multi-appliance setup Viewing and changing the license Database repair log

Updating the appliance

Installing an upgrade

Backing up and restoring data

Restoring a backup How backup works About the security of your appliance

Specifying monitored web traffic

Configuration settings Identifying protocols

Manually adding protocols and ports Automatically discovering ports Removing protocols Managing protocols on a Portal

Managing monitored servers

Manually adding a new server Automatically discovering servers Removing servers Editing server details Configuring server options Configuring SSL keys Exporting SSL keys from IIS Managing servers on a Portal

Using filters to exclude traffic Defining subnets

Manually adding subnets Automatically discovering subnets Checking for overlapping subnets Configuring a default subnet Removing subnet definitions Managing subnets on a Portal

Identifying user sessions

How user sessions are identified Configuring user session identification Defining user session options Configuring client IP tags Augmenting user sessions log information Using logout patterns to detect completed sessions

Monitoring instrumented web pages

Instrumenting web pages Configuring instrumentation options and metrics

Transforming monitored URLs

Managing URLs

Encoded and decoded URLs Setting URL encoding in the Resource List Setting URL encoding for user sessions metrics in the All Metrics View Filtering data in the Resource List

Processing and aggregating URLs

Sending URLs to the Foglight Experience Viewer Transforming URLs example using variable rules

Managing URL transformation rules Defining site rules

Declaring site rules Automatically discovering site rules Editing and removing site rules

Defining path rules

Segment rules as path rule components Segment rule actions Managing path rules Editing and removing path rules

Managing variable rules

Transforming query variables Transforming form variables Transforming session identification variables Performing actions on variable names and values

Using hints

Defining page hints Defining hit hints Defining asynchronous page hints Defining asynchronous hit hints Testing hints Deleting hints

Advanced URL options

"Show ports in URLs" option "Show parameters in URLs" option "Show HTTP request methods in URLs" option "POSTs with no content-type should be handled as XML" option Proxy tunneling "Do not strip the "www" prefix from URLs" option "Ignore 401 codes during NTLM authentication" option "Exclude redirections from metric calculations" option "Use HTML parser for page recognition" option Extensions Response codes

Managing applications

Integrating with CA SiteMinder

Communicating with SiteMinder

Integrating with SafeNet Hardware Security Modules (HSMs)

Configuring Foglight Experience Monitor to use SafeNet HSM Associating monitored SSL ports with HSM keys

Managing application components

Defining an application component Editing an application component Deleting an Application Component Defining an instrumented application component Editing an instrumented application component Deleting an instrumented application component

Managing services definitions

Configuring services auto-discovery Configuring synthetic transactions Managing existing service definitions Using alternative methods to define a service

Monitoring Microsoft Office SharePoint Servers

Configuring SharePoint monitoring Configuring how URLs display SharePoint and SOAP

Monitoring PeopleSoft applications

Monitoring PeopleSoft applications Configuring how URLs display

Monitoring Siebel applications

Monitoring Siebel applications Configuring how URLs display

Monitoring SOAP applications

Defining a SOAP application Modifying SOAP application definitions Defining a SOAP transaction Managing existing SOAP transaction definitions Mapping SOAP operations to a web service Adding and removing SOAP tags

Configuring enterprise-wide service levels

Setting enterprise-based service levels

Foglight components and the appliance

Connecting to the Foglight Experience Viewer

How Foglight Experience Monitor and Foglight Experience Viewer work together Connecting the appliance to your network Connecting Foglight Experience Viewer to a Foglight Experience Monitor Configuring monitoring appliances

Foglight Management Server

Ensuring product compatibility Setting up the Cartridge for FxM Configuring the appliance for data communication Exporting metrics to Foglight

Synthetic transaction scripts

Using the console program

Accessing the console program

Logging in using the Dell Remote Access Controller (DRAC) Logging in from Microsoft Windows Logging in from Linux and UNIX

Exploring the main menu Network configuration

Configuring the control device Configuring the auxiliary device settings Displaying information for monitor devices Advanced network settings

System date and time configuration

System date configuration System time configuration System timezone configuration

Database management Account management

Change password Enable and disable SSH access Enable and disable web access

Appliance update

Update from CD Update from PKG file Update from USB flash drive

Advanced options

Configuring the appliance type Configuring Foglight Experience Viewer settings Reset firewall to allow HTTP Add and remove network device Configuring the license More advanced options

System restart Troubleshooting

Sample output for NIC driver

Reporting system status Logging out of the console program

Troubleshooting the appliance

Common issues when installing the appliance

Appliance connection failure through a web browser All reports are empty Verify the network configuration and connectivity Verify the network tap configuration Verify the server configuration

Appliance runtime issues

Foglight Experience Monitor reports Report sets are not updating

Confirming system health

System performance System events Database performance Error rates

Using the appliance support tools

Install log Creating a support bundle Monitor NIC activity test TCP dump

Appendix: Third party software

Using X-Forwarded-For

Enabling the insert X-Forwarded-For in the HTTP profile iRule Configuring the web server to extract the IP address from the HTTP header

Appendix: Dell PowerEdge system appliance

Dell PowerEdge R300 and R310 Dell PowerEdge R610 Dell PowerEdge R710 Dell PowerEdge R720 Dell PowerEdge R730 Updating the Dell system firmware on the appliance

Accessing the drivers and downloads Downloading the ISO images Updating the firmware on the appliance

• Viewing Topics 161 - 164 of 278
•  Previous
• Next 

×

Communicating with SiteMinder

The FxM web console allows you to configure the appliance to communicate with your SiteMinder Policy Server.

To communicate with the SiteMinder Policy Server:

1	On the appliance, navigate to the Configure > Applications > SiteMinder page.

2	Do one of the following:

•	To define a new SiteMinder Policy Server, click Add a SiteMinder Server definition.

•	To modify an existing SiteMinder Policy Server, click Edit beside that server name.

 

NOTE: If your site employs more than one SiteMinder Policy Server repeat this configuration for each server.

3	On the SiteMinder > Edit page, configure the following settings.

 

Table 27. SiteMinder settings

Field	Description
IP Address	IP address of the host on which the SiteMinder Policy Server is installed.
Authorization Port	The default authorization port number for the policy server is 44443. If the default port was changed during the SiteMinder installation, check the port setting in the Policy Server Management Console and enter that port number in this box.
Authentication Port	The default authentication port number for the policy server is 44442. If the default port was changed during the SiteMinder installation, check the port setting in the Policy Server Management Console and enter that port number in this box.
Accounting Port	The default accounting port number for the policy server is 44441. If the default port was changed during the SiteMinder installation, check the port setting in the Policy Server Management Console and enter that port number in this box.
Cookie	The name of the sign-on cookie, either SMSESSION or GMWSESSION that is created when signing into SiteMinder Policy Server. Using the Secure Cookies setting on the SiteMinder web agent tells the browser to send the SMSSESSION or GMWSESSION cookie to the web server.
Agent Name	A name that is used when configuring the SiteMinder Policy Server. This can be any string such as quest_agent.
Shared Secret	A key used for initial connection to the SiteMinder Policy Server. The appliance is assigned a new dynamic shared secret if the SiteMinder Policy Server is configured to provide it with one.
Probes	In a multiple-appliance cluster, a Probe list appears. To constrain the use of this definition to a specific probe, click the Selected probes option button and select the check box beside the probe’s IP address. Otherwise, use the default All option button.

4	To verify the SiteMinder settings defined in Step 3, click Verify settings at the bottom of the SiteMinder Server section.

A dialog box appears, displaying the status of the SiteMinder server.

5	To close the dialog box, click OK.

6	In the Sites section, click Pick a Site to select one or more sites for which this Policy Server provides authentication.

Ensure that this list is complete, otherwise some user sessions may not be correctly identified by the appliance. If your site makes use of site aliases, ensure that those have all been previously configured (navigate to Configure > URLs page).

If your site uses a single SiteMinder Policy Server for all user authentication, then leave the list of Sites empty. By default, the FxM authenticates any user session accessing a site that is not listed, against all the SiteMinder Policy Servers that have been configured, in a specific order, until the authentication is successful.

7	Click OK to save this definition.

8	Navigate to the Configure > Monitoring > User Sessions page.

9	In the Session Identification Variables section, add smsession to the list.

The appliance extracts the user’s sign-on session ID.

10	In the Login Variables section, add smsession to the list.

The appliance extracts the user’s login name from the smsession cookies.

Creating an agent entry on the SiteMinder Policy server

After configuring the appliance to access SiteMinder, you need to create and configure an Agent on the SiteMinder Policy server.

To create an agent entry:

1	Open the SiteMinder Agent Dialog page.

2	In the Name field, type the name of the agent previously defined on the appliance. See Agent Name for more information.

3	Select the Support 4.x agents check box.

4	In the IP address field, type the IP address of the Foglight Experience Monitor.

5	In the Shared Secret area, type the secret that was previously defined on the appliance. See Shared Secret for more information.

6

Click OK.

After you configure the Agent properties, your appliance can identify user sessions in the monitored traffic. The Login Name field for your user sessions should now contain the login name that users enter when they log in to the monitored application.

Integrating with SafeNet Hardware Security Modules (HSMs)

SafeNet Hardware Security Modules (HSMs) store and manage cryptographic keys, providing organizations with secure encryption, decryption, authentication, and digital signing services. When integrated with a SafeNet HSM, Foglight Experience Monitor can use the keys stored within the HSM server to decrypt HTTPS traffic. Foglight Experience Monitor uses the keys in a secure manner consistent with the SafeNet HSM model.

To integrate Foglight Experience Monitor with SafeNet HSM servers and access the HSM private keys, you need to complete the following tasks:

1	Configuring Foglight Experience Monitor to use SafeNet HSM

2	Associating monitored SSL ports with HSM keys

Before starting with the integration, see Before you begin.

For each of your HSM servers, you need the following information:

•	HSM server name

•	HSM server IP address

•	Location of your HSM server certificate

 

TIP: You can request the HSM server certificate from your HSM Administrator. If you are managing your own HSM appliance, see the SafeNet documentation for instructions on how to retrieve the server certificate.

•	A list of your SSL ports with the HSM partition, password, and private key used

For each Foglight Experience Monitor appliance, you need the appliance’s IP address.

Configuring Foglight Experience Monitor to use SafeNet HSM

To configure Foglight Experience Monitor to work with SafeNet HSM servers, you need to complete the following tasks:

1	Adding SafeNet HSM server definitions

2	Creating SafeNet HSM client certificates

3	Uploading HSM client certificates

4	Verifying HSM server definitions

Adding SafeNet HSM server definitions

You need to add an HSM server definition for each HSM server that manages private keys for the ports you want to monitor.

To add an HSM server definition:

1	Navigate to Configure > Applications > SafeNet.

2	Click Add a SafeNet HSM Server definition.

3	In the SafeNet:Edit page, type the name and IP address of your HSM server.

4	Beside the HSM Server Certificate box, click Browse. Navigate to your server certificate and click Open.

The HSM server certificate file name appears in the field.

5

Click OK.

You return to the SafeNet page. The HSM server definition is displayed in the table.

6	Next step: Creating SafeNet HSM client certificates

Creating SafeNet HSM client certificates

The HSM appliance requires client certificates for all applications that need to interact with an HSM server. You need to generate an HSM client certificate for each Foglight Experience Monitor appliance that needs access to an HSM server. The client certificates are created using the IP address of the Foglight Experience Monitor appliance.

To create an HSM client certificate:

1	In the SafeNet page, click Create Client Certificate.

The SafeNet Client Certificate dialog box appears.

2

Click Go.

The SafeNet client certificate is created.

3	Right-click the link and save the client certificate file to a local drive.

4	Click Close.

5	Next step: Uploading HSM client certificates

Uploading HSM client certificates

Contact your HSM Administrator. Your HSM Administrator uploads the client certificates for Foglight Experience Monitor to the HSM appliance, registers it using the IP address of the Foglight Experience Monitor appliance (not the hostname), and assigns access to the partitions containing the required private keys.

Next step: Verifying HSM server definitions

Verifying HSM server definitions

After you have added an HSM server definition, created the client certificate, and uploaded it to the HSM server, you can verify the definition.

 

NOTE: If the verification test fails, try the following solutions: • Ensure that you completed all the prerequisite procedures before verifying the server definition. If any of the procedures were missed, the test will fail. • Ensure that your HSM Administrator registered the client certificate using the Foglight Experience Monitor appliance’s IP address, not its hostname. • Upload the current client certificate. If for any reason another client certificate was generated for an HSM server, the preexisting client certificate becomes invalid.

To verify an HSM definition:

1	Obtain a confirmation from your HSM Administrator that the client certificate is successfully loaded to the HSM Server.

2	To verify that the definition is correct, click Verify Settings.

A message box displays the results of the test.

3	Next steps: Associating monitored SSL ports with HSM keys

Editing HSM server definitions

To edit an HSM server definition:

1	Navigate to Configure > Applications > SafeNet.

2	In the row containing the HSM server definition you want to edit, click Edit.

3	In the SafeNet:Edit page, edit the fields as necessary.

4

Click OK.

You return to the SafeNet page. The HSM server’s details are updated in the table.

Removing HSM server definitions

To remove an HSM server definition:

1	Navigate to Configure > Applications > SafeNet.

2	In the row containing the HSM server definition you want to remove, select the check box.

3	Click Delete.

The HSM server definition is removed from the table. The appliance can no longer access the keys controlled by this HSM server.

Associating monitored SSL ports with HSM keys

For each server handling encrypted traffic that can be decoded using a private key stored in your SafeNet HSM appliance, you need to associate each of the server’s SSL ports with an HSM partition and an HSM key. You need the password for the HSM partition.

To associate a monitored SSL port with an HSM key:

1	From the main menu, click Configure > Monitoring > Servers.

2	In the row containing the server that requires an HSM key, click Configure.

The Configure Secure HTTP page appears.

3	Click Link HSM Key.

The Link HSM Key wizard opens.

4	In the Select Port screen, select an SSL port.

5	In the Select Partition screen, select the HSM server partition and type the password.

6	In the Select Key screen, select the HSM private key to associate with the port.

 

TIP: If the list is empty, you may have entered an incorrect partition password. Click Back and retype your password.

7	In the Confirm screen, review the details.

8	Click Finished.

•  Previous
• Viewing Topics 161 - 164 of 278
• Next 

Search this document Search all documents for this product-version Search all documents for this product Search all documents

×

 Welcome to Quest Support

You can find online support help for Quest *product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy