Pre-Deployment Checklist & Instructions RISC-BP-PDCL-02042015
Contents Pre-Deployment Checklist...3 Pre-Deployment Instructions...4 Advanced Setup (NAT Configuration)...7 TrafficSim Checklist...8 TrafficSim Instructions...9 2
Pre-Deployment Checklist Time to Complete 4-7 Days (typical) Credentials needed Subnets you wish to scan SNMP read only community string Windows Domain/Local Administrator VMware Vcenter or individual ESXi credentials CallManager Administrator account or an AXL user with Perfmon role assigned SSH/Telenet credentials (Optional) Connection SSL (TCP port 443) access to the following: orchestration.riscnetworks.com (107.21.217.24, 54.163.229.17) initial.riscnetworks.com (54.243.221.102) dataup.riscnetworks.com (54.163.224.59, 184.73.214.157) app1.riscnetworks.com (50.17.235.104) backupapi.riscnetworks.com (54.163.226.58, 54.163.224.152, 50.16.213.191) The connection must have access through any firewall or content filter and a proxy is not supported at this time One of the following Hypervisors for appliance deployment VMware ESX or ESXi Server VMware Workstation VMware Player System Resources 4 Gigabytes of memory to allocate to the appliance 50 Gigabytes of Hard Drive Space 3
Pre-Deployment Instructions 1. Download the Virtual Appliance and unpack the zipped file to a folder. 2. Deploy the Virtual Appliance. Deploy on a workstation or laptop with VMware Player (Free) or VMware Workstation OR Deploy to an ESX Server with VMware VSphere Client or VMware Workstation 3. Power on / play the Virtual Machine If you have a DHCP Server in your network and the Virtual Appliance has obtained an IP address, for ease of use, copy the IP address from the Virtual Appliance, open a web browser and type or paste the IP address of the virtual appliance. 4. Accept the Terms and Conditions and log in. 5. Copy assessment code displayed for your assessment on portal.riscnetworks.com. 6. Paste assessment code into the virtual appliance 7. Verify assessment key 8. Key verification will display a green bar at the top Assessment verification will be displayed below the key verification 9. Invite additional users if needed 10. Select the Dashboard button After each section is completed, please return to the Dashboard to continue to the next section. 4
Interfaces 1. Continue with obtained DHCP IP Address OR 2. Manually enter in a static IP address Assessment 1. Invite additional users Subnets 1. Enter network address and subnet mask for each subnet you wish to scan OR 2. Populate from a routing table: Enter IP of known device you wish to test against Enter read only SNMP string versions 1, 2, or 3 Select Populate Select the subnets you wish to include in the assessment and select save Only selected subnets will be scanned. Please ensure you have verified your subnet selection. SNMP 1. Enter read only SNMP string versions 1, 2, or 3 (we only require read-only privileged strings). 2. Enter the IP address of the device you wish to test against (this will be automatically populated with the default gateway address). Windows 1. Enter Domain Name (Optional) 2. Enter Username and Password 3. Select Add 4. Enter IP address of a known server you wish to test against (this will be automatically populated with the default gateway address) VMware 1. Enter the IP address and credentials of each vcenter you wish to include in the assessment 2. If you do not have vcenter you must enter the IP address and credentials for each ESX host you wish to include in the assessment 3. Test each credential 5
Cisco Call Manager 1. Enter the publisher s IP address for the CallManager cluster you wish to include in the assessment 2. Only the publisher s credentials are needed 3. Only one CallManager cluster can be included per assessment 4. Enter either CCM Administrator account credentials or an AXL user account with Perfmon role assigned Cisco Discovery Services 1. On the left side, enter customer information and the CCO username 2. Accept Terms and Conditions 3. Select Save Additional Credentials 1. Select Telnet or SSH for connection type 2. Enter host IP address (for testing access) 3. Enter Username (Optional) 4. Enter the user EXEC password 5. Enter the Enable password (Optional) 6. Select Add 7. Test Telnet/SSH access 8. Return to Dashboard 9. Select Start Assessment 6
Advanced Setup (NAT Configuration) If your SNMP access is restricted to certain IP addresses, and you have a server that is included in that access (IE a physical server running existing monitoring software), you can run the appliance in VMware player or VMware Workstation on that server with NAT configuration so it will be seen as accessing the appliance through that host. Setting the virtual appliance to use NAT with VMware Player & VMware Workstation: VMware Workstation 1. Edit virtual machine settings 2. Highlight Network Adapter 3. Select NAT: Used to share the host s IP addresses 4. Select OK 5. Power on the Virtual Appliance VMware Player 1. Select Player 2. Select Manage 3. Select Virtual Machine Settings... 4. Select Network Adapter 5. Select NAT: Used to share the host s IP addresses 6. Select OK 7. Play the Virtual Appliance 7
TrafficSim Checklist Virtual RN150 Appliance Virtual RN150 bootstrapped and assessment started Required Ports between the RN50 and the RN150 TCP Ports 2500, 22, 123,3306 (all bi-directional) UDP Port 161 ICMP Required Ports between the RN50s TCP ports 9000, 22 (bi-directional) UDP Ports 17000 65535 (bi-directional) ICMP Virtual RN50 Appliances (Requires at least 2) Deploy virtual RN50s to desired location DHCP or static IP set IP of RN150 One of the following Hypervisors for appliance deployment VMware ESX or ESXi Server VMware Workstation VMware Player System Resources 4 Gigabytes of memory to allocate to the appliance 50 Gigabytes of Hard Drive Space 8
TrafficSim Instructions RN50 Setup 1. Create the assessment on our portal: https://portal.riscnetworks.com 2. Complete setup of the virtual RN150 and select Start Assessment. For instructions on setting up the virtual RN150, please visit http://www.riscnetworks.com/virtualappliance-instructions/. 3. Download the virtual RN50 from our portal and unpack the zipped file to a folder. Deploy on a workstation or laptop with VMware Player (Free: my.vmware.com/web/ vmware/downloads) or WMware Workstation OR Deploy to an ESX Server with VMware VSphere Client or VMware Workstation 4. Power on / play the Virtual Machine 5. If you wish to continue with DHCP IP address, continue to step 9. For setting static IP address, select static in dropdown box. Enter IP information and select Save Configuration 6. Select the RN150 tab 7. Select TrafficSim in the dropdown box 8. Enter the IP address of the virtual RN150 appliance 9. Test connectivity from the RN50 to the RN150 virtual appliance 10. RN50 nodes will display in the TrafficSim section of the RISC Networks portal Node registration can take 5 to 10 minutes Setting up the calls 1. Log on to our portal and find the tile for the assessment you wish to perform TrafficSim on. 2. Select TrafficSim at the bottom of the assessment. See illustration to the right. 9
Node Entitlement 1. Select the virtual RN50 nodes to include in the call simulation. Nodes will automatically become enabled as they are added, up to your entitlement. Additional nodes can be added to the assessment by selecting Add Node. Schedule the Simulation 1. Select Add New Operation 2. Select the desired time in UTC for the simulation. Current UTC time is displayed for convenience. 3. Select Get Available Devices for Selected Dates 4. Choose the Source and Destination nodes 5. Select the Codec and QoS Value 6. Select the Get Capacity of Selected Devices 7. Select the number of calls and the duration 8. Enter a description for the call simulation. This will allow for easy identification of the operation in the final report. 9. (Optional) Select Scoring Values to manually set the thresholds. These will default to standards based on the chosen codec. 10. Select Create Operation to begin the simulation. After the call simulation has been created, the assessment will initiate very lightweight test calls between the virtual RN50s to verify communication between the involved devices. Notifications will be sent updating the user on the status of the test including what, if any, required ports were closed, and whether or not DSCP values were maintained. 10