USB Presenter Capture and Administration: Difference between pages
Tom.Wegener (talk | contribs) (describe the time after configuration option.) |
Tom.Wegener (talk | contribs) (fixed the version number for hsts (4.1.1 as minimal to 4.2)) |
||
| Line 1: | Line 1: | ||
The administration page allows the following actions: | |||
{| class="wikitable sortable" | |||
|- | |||
| [[File:Administration.png|800px|none|right]] | |||
|} | |||
=== Power === | |||
Reboot or power off the Allegro Network Multimeter. | |||
After clicking on the buttons, a confirmation dialogue will appear. Most of the time, rebooting is not necessary since it takes a significant time. If packet processing needs to be restarted because some options cannot be changed during runtime, the next option is a better choice since it minimizes downtime. | |||
=== Processing === | |||
Restart the Allegro Network Multimeter processing software. This will reset all measured statistics. | |||
Choosing this option will stop packet processing but the machine and its web interface is still available as the device itself is not rebooted. The packet processing core is restarted with the current settings and will begin processing packets after a few seconds. | |||
=== Configuration === | |||
By clicking on the '''Reset System Configuration''' button a dialog is displayed that allows to reset all settings, including the network configuration, to factory defaults and the system will be restarted. As of version 3.4 the dialog allows to keep certain settings (management interface settings, users and passwords, disk and packet ring buffer cluster settings including optional random device-specific encryption keys) while setting the rest of the system configuration to defaults. | |||
The '''Export System Configuration''' button allows you to export the entire configuration of the *Allegro Network Multimeter*. A zip compressed file can be downloaded and used for import. | |||
The '''Import System Configuration''' button allows you to select several configuration items: | |||
* Core settings: All settings of global settings, module settings, incident settings, user defined names, virtual link groups, ingress (NIC) filter and IP groups, excluding management interface settings, multi-device settings, and user settings. Some core settings (network interfaces, virtual link group and time synchronization) can also be retained during import. Simply uncheck the global core setting checkbox und check the child checkboxes for settings to be imported and overwritten. | |||
* Management interface settings: All settings of the management interface (e.g. Wi-Fi, LAN, hostname). | |||
* Multi device settings: All settings on the configured remote devices. | |||
* User and roles: All users and their passwords. The admin user cannot be changed and cannot be deleted by a configuration import. | |||
* User settings: All user settings (such as search history or dashboard configuration) | |||
It is possible to import the selected settings to all configured remote devices by selecting the last check box. | |||
The button '''Save current system configuration on Multimeter''' will store the current configuration as a file on the device itself (in contrast to the export feature, which will download the file the user's computer). | |||
When there are saved configuration available, any of them can be selected and load onto the system again. It is also possible to delete the configuration. | |||
=== CORS Configuration === | |||
With version 4.1 the option to configure the "Cross-Origin Resource Sharing" (CORS) settings was introduced. | |||
You can learn about CORS on the MDN Web docs[https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS]. | |||
=== Access Control === | |||
Since version 4.1 there is the the option to limit the access to the multimeter to specific subnets. | |||
If you enable the access control, you have the option to specify the subnets from which people are allowed to access the multimeter. | |||
If you want to allow the access for the clients in the subnet in which the multimeter is deployed you are able to allow that with ticking "Allow local access". | |||
=== TLS/SSL certificate === | |||
The appliance comes with a pre-installed generic TLS certificate but a custom certificate can be uploaded, generated (since 3.6) or downloaded from a Certificate Authority (since 3.6). | |||
Depending on your firmware-version there are two to four possibilities: | |||
== | ==== Before 3.6: ==== | ||
There are two options: | |||
* You are able to use the certificates the appliance got delivered with. (You are able to reset to that with the Reset-Button) | |||
* You are able to upload a X.509 certificate file and a key file. Upon successful upload, this certificate will be used to serve the user interface. | |||
==== Since 3.6: ==== | |||
There are four modes: | |||
* Legacy: The default certificates the appliance got shipped with will be used if the appliance got shipped with an older firmware than 3.6. You won't be able to switch back to this option and it will be hidden if it is not selected. | |||
* ACME: The Certificates will be downloaded from the specified Certificate Authority | |||
* Upload: You are able to upload a X.509 certificate file and a key file. Upon successful upload, this certificate will be used to serve the user interface. | |||
* Self-Signed: Self-Signed: Generate self-signed certificates with a custom host-name. They will be valid for 10 years and replace the legacy certificates for devices shipped with firmware version 3.6 or later. | |||
The Default Mode is always the fall-back if the process does not work. | |||
The '''Reset to default SSL certificate''' button will remove any user-provided SSL certificate and the user interface will be served using the default SSL certificate. | |||
==== Since 4.2: ==== | |||
With the version 4.2 the option to enable HTTP Strict Transport Security (HSTS) for the multimeter was added. HSTS stops users from trying to access the multimeter via unencrypted HTTP or ignoring invalid certificates for the multimeter. | |||
If the administrator locked themselves out by enabling HSTS there are multiple options: | |||
* If HSTS was already activated and the certificates were changed on purpose after that, they have to remove information about the site from their browser. | |||
* If HSTS was already activated and the certificates were changed accidental, they are able to connect to the multimeter via a private window or via the ip address. | |||
=== Certificate Authority === | |||
Some features also connect to external SSL services, for instance when sending email notifications via SMTP or when searching for [[Firmware update|firmware updates]]. Usually these SSL connections are verified with the built-in CA certificate pool. It is also possible to upload one or many own CA certificates which are used additionally to the system ones. | |||
The button "Install SSL CA certificates" opens a dialoug where the file can be selected and uploaded. This file must contain certificates in the PEM format. It may contain multiple certificates. | |||
Before version 3.6 uploading new certificates will replace the existing ones. The button "Remove SSL CA certificates" will delete the previously installed custom CA certificates so that only the system CA pool is used again for certificate verification. | |||
With version 3.6 uploading a new certificate adds to the old one. You can delete all by pressing the "Remove all CA certificates" and also remove separate certificates. | |||
Revision as of 09:50, 16 October 2023
The administration page allows the following actions:
 |
Power
Reboot or power off the Allegro Network Multimeter.
After clicking on the buttons, a confirmation dialogue will appear. Most of the time, rebooting is not necessary since it takes a significant time. If packet processing needs to be restarted because some options cannot be changed during runtime, the next option is a better choice since it minimizes downtime.
Processing
Restart the Allegro Network Multimeter processing software. This will reset all measured statistics.
Choosing this option will stop packet processing but the machine and its web interface is still available as the device itself is not rebooted. The packet processing core is restarted with the current settings and will begin processing packets after a few seconds.
Configuration
By clicking on the Reset System Configuration button a dialog is displayed that allows to reset all settings, including the network configuration, to factory defaults and the system will be restarted. As of version 3.4 the dialog allows to keep certain settings (management interface settings, users and passwords, disk and packet ring buffer cluster settings including optional random device-specific encryption keys) while setting the rest of the system configuration to defaults.
The Export System Configuration button allows you to export the entire configuration of the *Allegro Network Multimeter*. A zip compressed file can be downloaded and used for import.
The Import System Configuration button allows you to select several configuration items:
- Core settings: All settings of global settings, module settings, incident settings, user defined names, virtual link groups, ingress (NIC) filter and IP groups, excluding management interface settings, multi-device settings, and user settings. Some core settings (network interfaces, virtual link group and time synchronization) can also be retained during import. Simply uncheck the global core setting checkbox und check the child checkboxes for settings to be imported and overwritten.
- Management interface settings: All settings of the management interface (e.g. Wi-Fi, LAN, hostname).
- Multi device settings: All settings on the configured remote devices.
- User and roles: All users and their passwords. The admin user cannot be changed and cannot be deleted by a configuration import.
- User settings: All user settings (such as search history or dashboard configuration)
It is possible to import the selected settings to all configured remote devices by selecting the last check box.
The button Save current system configuration on Multimeter will store the current configuration as a file on the device itself (in contrast to the export feature, which will download the file the user's computer).
When there are saved configuration available, any of them can be selected and load onto the system again. It is also possible to delete the configuration.
CORS Configuration
With version 4.1 the option to configure the "Cross-Origin Resource Sharing" (CORS) settings was introduced.
You can learn about CORS on the MDN Web docs[1].
Access Control
Since version 4.1 there is the the option to limit the access to the multimeter to specific subnets.
If you enable the access control, you have the option to specify the subnets from which people are allowed to access the multimeter.
If you want to allow the access for the clients in the subnet in which the multimeter is deployed you are able to allow that with ticking "Allow local access".
TLS/SSL certificate
The appliance comes with a pre-installed generic TLS certificate but a custom certificate can be uploaded, generated (since 3.6) or downloaded from a Certificate Authority (since 3.6).
Depending on your firmware-version there are two to four possibilities:
Before 3.6:
There are two options:
- You are able to use the certificates the appliance got delivered with. (You are able to reset to that with the Reset-Button)
- You are able to upload a X.509 certificate file and a key file. Upon successful upload, this certificate will be used to serve the user interface.
Since 3.6:
There are four modes:
- Legacy: The default certificates the appliance got shipped with will be used if the appliance got shipped with an older firmware than 3.6. You won't be able to switch back to this option and it will be hidden if it is not selected.
- ACME: The Certificates will be downloaded from the specified Certificate Authority
- Upload: You are able to upload a X.509 certificate file and a key file. Upon successful upload, this certificate will be used to serve the user interface.
- Self-Signed: Self-Signed: Generate self-signed certificates with a custom host-name. They will be valid for 10 years and replace the legacy certificates for devices shipped with firmware version 3.6 or later.
The Default Mode is always the fall-back if the process does not work. The Reset to default SSL certificate button will remove any user-provided SSL certificate and the user interface will be served using the default SSL certificate.
Since 4.2:
With the version 4.2 the option to enable HTTP Strict Transport Security (HSTS) for the multimeter was added. HSTS stops users from trying to access the multimeter via unencrypted HTTP or ignoring invalid certificates for the multimeter.
If the administrator locked themselves out by enabling HSTS there are multiple options:
- If HSTS was already activated and the certificates were changed on purpose after that, they have to remove information about the site from their browser.
- If HSTS was already activated and the certificates were changed accidental, they are able to connect to the multimeter via a private window or via the ip address.
Certificate Authority
Some features also connect to external SSL services, for instance when sending email notifications via SMTP or when searching for firmware updates. Usually these SSL connections are verified with the built-in CA certificate pool. It is also possible to upload one or many own CA certificates which are used additionally to the system ones.
The button "Install SSL CA certificates" opens a dialoug where the file can be selected and uploaded. This file must contain certificates in the PEM format. It may contain multiple certificates.
Before version 3.6 uploading new certificates will replace the existing ones. The button "Remove SSL CA certificates" will delete the previously installed custom CA certificates so that only the system CA pool is used again for certificate verification.
With version 3.6 uploading a new certificate adds to the old one. You can delete all by pressing the "Remove all CA certificates" and also remove separate certificates.