Console Management Interface (CMI)

Introduction

This is a reference guide for Version 4 of the Swivel Appliance. It describes the function of the Console Management Interface (CMI).

Main Menu

Most items on the Main Menu contain sub-menus which are described in the sections below.

1. Tomcat

   Manage Tomcat services, HTTPS settings, certificates, and SSL protocols.

2. Network

   Configure hostnames, IP addresses, DNS, proxies, and routing.

3. Appliance

   Manage services, SMTP settings, and database modes.

4. Backup and Restore

   Create and restore backups, manage restore points, and configure FTP.

5. Tools and Utilities

   Network diagnostic tools, log collection, and system alerts.

6. Administration

   Admin password management, certificate access, and system updates/power options.

7. High Availability

   Configure Peers, DR, and Virtual IPs. (Note: Not shown on stand-alone appliances).

8. System Status

   Displays current system status.

9. Version Information

   Lists versions of the installed software on this appliance.

0. Exit

   Logs out of the Console. Note that entering 0 in any sub-menu will return you to the previous menu.

Tomcat Menu

1. Start/Stop

   Start or Stop Tomcat as required.

2. Restart

   Stops and immediately restarts the Tomcat service. If Tomcat is not running, it will be started.

3. HTTPS

   Enable or Disable HTTPS on port 8080 or 8443. (Requires a Tomcat restart to take effect).

4. Certificates

   Opens the Certificates management menu.

5. SSL Protocols

   Opens the SSL Protocols menu.

HTTPS Menu

1. Enable/Disable HTTPS on Port 8080

   Enables or disables HTTPS for Swivel Core.

2. Enable/Disable HTTPS on Port 8443

   Enables or disables HTTPS for Sentry and auxiliary applications.

Certificates Menu

1. Create Local Certificate

   Generate a Local Certificate to be signed by a Certificate Authority.

2. Generate CSR

   Generate a Certificate Signing Request from an existing certificate alias.

3. Import to New/Existing Alias

   Import a Certificate Response from a CA (on top of the existing alias used to generate the CSR) or import a trusted root certificate.

4. View Keystore

   View the contents of the Keystore (specific alias or all).

5. Delete Certificate from Keystore

   Delete a certificate by selecting a particular alias name.

6. Generate Self-Signed Certificate

   Generate a Self-Signed Certificate.

7. Clone Certificate

   Clone a certificate to a new alias. Useful for backing up aliases prior to importing responses.

8. Import / Roll Back to Previous Keystore

   Rollback to an automatically created backup (labelled by date/time). Also allows import from an external keystore (Java Keystore or PKCS#12/PFX) which must include the private key.

9. Change Keystore Password

   Change the password for the certificate keystore.

Import Menu (Sub-menu of Certificates)

1. Import to New Alias

   Import a trusted root certificate.

2. Import Response to Existing Alias

   Import a certificate response to an alias previously used to generate a CSR.

Warning

• All trusted root certificates must be imported before the response which they have been used to sign.

• Certificates must be uploaded to /backups/upload prior to using this menu.

SSL Protocols Menu

1. Enable/Disable TLSv1.0

   Toggle TLSv1.0 support.

Note

TLSv1.0 is deprecated and insecure but may be required by some legacy applications. Use this option only under advice from your reseller or Swivel Secure support.

Network Menu

1. Change Hostname

   Set the hostname of the appliance.

2. Change IP address

   Change the IP address of the network interfaces.

3. Change Default Gateway

   Change the default gateway IP address.

4. NIC Settings

   Set bit rate negotiation for network interfaces (Default: Auto-Negotiation).

5. DNS

   Add or remove DNS servers for domain-name resolution.

6. HTTP Proxy

   Configure outbound HTTP proxy settings (IP, Port, Username, Password).

7. NTP Servers

   Edit the list of NTP servers used to keep the Appliance time accurate.

8. Route Configurations

   Create custom static routes.

9. Restart Interfaces

   Restart Network interfaces to apply new settings.

Route Configurations Menu

1. Show Route Table

   Displays default routing rules.

2. Add Route

   Specify exceptions to the default gateway rule.

   Example: To route traffic for 12.19.19.xxx via gateway 172.1.1.1:

   • IP address: 12.19.19.0

   • Netmask: 255.255.255.0

   • Gateway: 172.1.1.1

3. Delete Route

   Delete one or all custom routes (does not affect the default routing table).

Appliance Menu

1. Default running services

   Select which services start automatically on boot. Only enable required services to optimize boot times.

2. Start/Stop Services

   Manually start or stop services immediately.

3. SMTP Server

   Configure an SMTP server for appliance alerts.

4. Set Database to Shipping

   Sets the Swivel Core database to Shipping Mode (default credentials). Requires a Tomcat restart.

Available Services

The following services can be toggled in the Default running services or Start/Stop menus:

Tomcat

Host server for Swivel Applications (Default: ON).

Sendmail

Required to use the Appliance as a mail relay server (Default: ON).

SNMP

For Network Management (Default: OFF).

Database (Appliance)

Appliance Database service (Default: ON).

Webmin

Web-based GUI for appliance management (Default: OFF).

Heartbeat

Used in HA installations to determine the status of peer appliances (Default: OFF).

Database (HA)

Used in HA installations to determine the status of the peer application server (Default: OFF).

SMTP Server Menu

1. Enable/Disable SMTP

   Toggle the sending of email alerts.

2. Change SMTP server

   Enter the hostname or IP address of the SMTP relay server.

3. Enable/Change Authentication

   Enable or update the username and password for SMTP authentication.

4. Disable Authentication

   Disable SMTP authentication.

Backup and Restore

1. Backup

   Opens the Backup submenu.

2. Restore

   Opens the Restore submenu.

3. Purge Old Backups

   Define retention periods (days) and manually purge old backups.

4. Configure FTP

   Define FTP server details and manually send the latest backup to the FTP server.

Backup Menu

1. Full Backup

   Backs up Swivel configuration, database, Tomcat keystore, and Appliance settings.

2. Application Only Backup

   Backs up items necessary to restore the application: Tomcat config/keystore, Swivel home folder, Tomcat webapps, and the database.

3. System Only Backup

   Backs up system-level items (effectively everything in a Full Backup excluding the Application Backup).

4. Create Restore Point

   Creates a named full backup that is never automatically purged.

Restore Menu

1. Full Restore

   Restore from any full backup in /backups/swivel.

2. Application Only Restore

   Restore only application files from any full or appliance backup in /backups/swivel.

3. System Only Restore

   Restore only system files from any full or system backup in /backups/swivel.

4. Restore Point Restore

   Restore from a restore point in /backups/restore.

5. Restore from Older Version

   Restore from v2 backups located in /backups/old.

Configure FTP Menu

1. Modify FTP Server

   Set server address, destination folder, username, and password.

2. Delete FTP Server

   Remove FTP settings and stop sending backups via FTP.

3. Forcibly Send Latest Backup Over FTP

   Manually trigger an FTP upload. Useful for debugging connection errors.

Tools and Utilities

1. Ping Host or IP Address

   Test DNS and network connectivity.

2. NS Lookup

   Perform a DNS lookup on a hostname.

3. Telnet

   Attempt a telnet session to a remote host and port.

4. Trace-Route

   List hops between the appliance and a remote host.

5. Command Line

   Access the shell. (Requires password; contact support@swivelsecure.com).

6. Collect Support logs

   Collect logs and email them to a specified address (Requires SMTP setup).

7. Alerts

   Configure disk space warning alerts.

Alerts Menu

1. SMTP Server Menu

   Access the SMTP configuration settings.

2. Change Alert Email

   Set the destination email for alerts.

3. Change From Address

   Set the sender address for alerts.

4. Send Test Email

   Verify settings.

5. Show Disk Space Menu

   Opens the Disk Space configuration.

Disk Space Menu

1. Status

   Show current usage of disk partitions.

2. Change Disk Space Warning Levels

   Set the capacity threshold for warning alerts.

3. Add New Disk to Check

   Monitor an additional partition.

4. Remove a Disk from Check

   Stop monitoring a partition.

5. Restore to Default

   Reset thresholds to default settings.

Administration

1. Change Admin Password

   Change the CMI access password.

   Warning

   If you change this password, please keep a secure record. If lost, Swivel Secure may not be able to regain access to the appliance.

2. Add Certificates

   Add a certificate for certificate-based authentication to the Appliance.

3. Deauthorize Default Certificates

   Remove access via default certificates stored in /root/.ssh. Ensure you have an alternative login method before doing this.

4. Reboot

   Reboot the appliance.

5. Shutdown

   Shutdown the appliance.

6. Update Appliance

   Opens the Update menu.

Update Menu

1. Settings

   Change update settings (Repositories/Proxy).

2. Update CMI Menu

   Update the appliance CMI menus.

3. Update System

   Update the operating system.

4. Update Swivel Core Products

   Update Swivel products.

5. Install Swivel Sentry

   Install Sentry SSO if not present.

6. Install/Update Package

   Manually install/update a package. Use with care.

7. Flush Cache

   Clear temporary files from previous updates.

Update Settings

1. Enable External Repository Access

   Toggle direct use of Oracle Linux repositories vs. Swivel mirrors.

2. Yum Proxy

   Configure a proxy for access to repo.swivelsecure.net.

High Availability (HA)

Note

This menu is only visible on HA-enabled appliances.

1. Set Peer IP

   Configure the peer appliance for Master-Master replication. You must set:

   • Peer Hostname (Must match the peer’s actual setting).

   • Peer IP addresses for ETH0 and ETH1.

   • Note: Database replication defaults to ETH1.

2. Set DR IP

   Configure a Disaster Recovery (DR) appliance for Master-Slave replication.

   • Changes on the Master are replicated to the DR unit.

   • Changes on the DR unit are not reflected back.

   • You can configure up to 2 DR appliances.

3. Database Replication

   Open the Database Replication menu.

4. Virtual IP

   Configure a shared Virtual IP (VIP). The primary server responds by default; the standby server takes over if the primary fails.

5. Advanced

   Manually change hostnames/IPs for HA. (Rarely required; usually handled by “Set Peer IP”).

Database Replication Menu

1. Status

   View replication status between peers or DR units. Shows if the remote appliance is reading local changes and vice-versa.

2. Start/Stop Reading updates

   Start or stop reading updates from the remote peer (Start/Stop Slave).

3. Database Replication

   (Recursive menu item).

4. Repair Replication

   Re-sync databases if replication fails. Select the authoritative database; it will be copied to the peer, and replication will restart.

Virtual IP Menu

1. Set Email Address

   Set the alert email destination for VIP failover events (Requires SMTP).

2. Change Virtual IP

   Set the Virtual IP address. This must be set on both peer appliances.

3. Add/Remove Ping Nodes

   Add network nodes (e.g., Default Gateway) to test connectivity. The appliance that can ping the most nodes will claim the VIP. Set the same number of nodes on both appliances.

5. Start/Stop Mon

   “Mon” monitors if the Swivel core is running on the peer.

6. Start/Stop Heartbeat

   “Heartbeat” monitors if the peer appliance is contactable via network interfaces.