Appliance Menu ============== Introduction ------------ This is a reference guide for Version 4 of the Swivel Appliance. It describes the function of the Console Menu Interface (CMI). .. image:: images/ApplianceMenu/CMI.png :alt: The Import or Roll Back Keystore menu options Main Menu --------- Most items on the Main Menu contain sub-menus which are described in the sections below. 1. Tomcat Manage Tomcat services, HTTPS settings, certificates, and SSL protocols. 2. Network Configure hostnames, IP addresses, DNS, proxies, and routing. 3. Appliance Manage services, SMTP settings, and database modes. 4. Backup and Restore Create and restore backups, manage restore points, and configure FTP. 5. Tools and Utilities Network diagnostic tools, log collection, and system alerts. 6. Administration Admin password management, certificate access, and system updates/power options. 7. High Availability Configure Peers, DR, and Virtual IPs. (Note: Not shown on stand-alone appliances). 8. System Status Displays current system status. 9. Version Information Lists versions of the installed software on this appliance. 0. Exit Logs out of the Console. Note that entering **0** in any sub-menu will return you to the previous menu. Tomcat Menu ----------- 1. Start/Stop Start or Stop Tomcat as required. 2. Restart Stops and immediately restarts the Tomcat service. If Tomcat is not running, it will be started. 3. HTTPS Enable or Disable HTTPS on port 8080 or 8443. (Requires a Tomcat restart to take effect). 4. Certificates Opens the Certificates management menu. 5. SSL Protocols Opens the SSL Protocols menu. HTTPS Menu ~~~~~~~~~~ 1. Enable/Disable HTTPS on Port 8080 Enables or disables HTTPS for Swivel Core. 2. Enable/Disable HTTPS on Port 8443 Enables or disables HTTPS for Sentry and auxiliary applications. Certificates Menu ~~~~~~~~~~~~~~~~~ 1. Create Local Certificate Generate a Local Certificate to be signed by a Certificate Authority. 2. Generate CSR Generate a Certificate Signing Request from an existing certificate alias. 3. Import to New/Existing Alias Import a Certificate Response from a CA (on top of the existing alias used to generate the CSR) or import a trusted root certificate. 4. View Keystore View the contents of the Keystore (specific alias or all). 5. Delete Certificate from Keystore Delete a certificate by selecting a particular alias name. 6. Generate Self-Signed Certificate Generate a Self-Signed Certificate. 7. Clone Certificate Clone a certificate to a new alias. Useful for backing up aliases prior to importing responses. 8. Import / Roll Back to Previous Keystore Rollback to an automatically created backup (labelled by date/time). Also allows import from an external keystore (Java Keystore or PKCS#12/PFX) which **must** include the private key. 9. Change Keystore Password Change the password for the certificate keystore. Import Menu (Sub-menu of Certificates) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 1. Import to New Alias Import a trusted root certificate. 2. Import Response to Existing Alias Import a certificate response to an alias previously used to generate a CSR. .. warning:: * All trusted root certificates **must** be imported **before** the response which they have been used to sign. * Certificates must be uploaded to ``/backups/upload`` prior to using this menu. SSL Protocols Menu ~~~~~~~~~~~~~~~~~~ 1. Enable/Disable TLSv1.0 Toggle TLSv1.0 support. .. note:: TLSv1.0 is deprecated and insecure but may be required by some legacy applications. Use this option only under advice from your reseller or Swivel Secure support. Network Menu ------------ 1. Change Hostname Set the hostname of the appliance. 2. Change IP address Change the IP address of the network interfaces. 3. Change Default Gateway Change the default gateway IP address. 4. NIC Settings Set bit rate negotiation for network interfaces (Default: Auto-Negotiation). 5. DNS Add or remove DNS servers for domain-name resolution. 6. HTTP Proxy Configure outbound HTTP proxy settings (IP, Port, Username, Password). 7. NTP Servers Edit the list of NTP servers used to keep the Appliance time accurate. 8. Route Configurations Create custom static routes. 9. Restart Interfaces Restart Network interfaces to apply new settings. Route Configurations Menu ~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Show Route Table Displays default routing rules. 2. Add Route Specify exceptions to the default gateway rule. *Example:* To route traffic for ``12.19.19.xxx`` via gateway ``172.1.1.1``: * **IP address:** ``12.19.19.0`` * **Netmask:** ``255.255.255.0`` * **Gateway:** ``172.1.1.1`` 3. Delete Route Delete one or all custom routes (does not affect the default routing table). Appliance Menu -------------- 1. Default running services Select which services start automatically on boot. Only enable required services to optimize boot times. 2. Start/Stop Services Manually start or stop services immediately. 3. SMTP Server Configure an SMTP server for appliance alerts. 4. Set Database to Shipping Sets the Swivel Core database to Shipping Mode (default credentials). **Requires a Tomcat restart.** Available Services ~~~~~~~~~~~~~~~~~~ The following services can be toggled in the **Default running services** or **Start/Stop** menus: Tomcat Host server for Swivel Applications (Default: ON). Sendmail Required to use the Appliance as a mail relay server (Default: ON). SNMP For Network Management (Default: OFF). Database (Appliance) Appliance Database service (Default: ON). Webmin Web-based GUI for appliance management (Default: OFF). Heartbeat Used in HA installations to determine the status of peer appliances (Default: OFF). Database (HA) Used in HA installations to determine the status of the peer application server (Default: OFF). SMTP Server Menu ~~~~~~~~~~~~~~~~ 1. Enable/Disable SMTP Toggle the sending of email alerts. 2. Change SMTP server Enter the hostname or IP address of the SMTP relay server. 3. Enable/Change Authentication Enable or update the username and password for SMTP authentication. 4. Disable Authentication Disable SMTP authentication. Backup and Restore ------------------ 1. Backup Opens the Backup submenu. 2. Restore Opens the Restore submenu. 3. Purge Old Backups Define retention periods (days) and manually purge old backups. 4. Configure FTP Define FTP server details and manually send the latest backup to the FTP server. Backup Menu ~~~~~~~~~~~ 1. Full Backup Backs up Swivel configuration, database, Tomcat keystore, and Appliance settings. 2. Application Only Backup Backs up items necessary to restore the application: Tomcat config/keystore, Swivel home folder, Tomcat webapps, and the database. 3. System Only Backup Backs up system-level items (effectively everything in a Full Backup excluding the Application Backup). 4. Create Restore Point Creates a named full backup that is never automatically purged. Restore Menu ~~~~~~~~~~~~ 1. Full Restore Restore from any full backup in ``/backups/swivel``. 2. Application Only Restore Restore only application files from any full or appliance backup in ``/backups/swivel``. 3. System Only Restore Restore only system files from any full or system backup in ``/backups/swivel``. 4. Restore Point Restore Restore from a restore point in ``/backups/restore``. 5. Restore from Older Version Restore from v2 backups located in ``/backups/old``. Configure FTP Menu ~~~~~~~~~~~~~~~~~~ 1. Modify FTP Server Set server address, destination folder, username, and password. 2. Delete FTP Server Remove FTP settings and stop sending backups via FTP. 3. Forcibly Send Latest Backup Over FTP Manually trigger an FTP upload. Useful for debugging connection errors. Tools and Utilities ------------------- 1. Ping Host or IP Address Test DNS and network connectivity. 2. NS Lookup Perform a DNS lookup on a hostname. 3. Telnet Attempt a telnet session to a remote host and port. 4. Trace-Route List hops between the appliance and a remote host. 5. Command Line Access the shell. (Requires password; contact support@swivelsecure.com). 6. Collect Support logs Collect logs and email them to a specified address (Requires SMTP setup). 7. Alerts Configure disk space warning alerts. Alerts Menu ~~~~~~~~~~~ 1. SMTP Server Menu Access the SMTP configuration settings. 2. Change Alert Email Set the destination email for alerts. 3. Change From Address Set the sender address for alerts. 4. Send Test Email Verify settings. 5. Show Disk Space Menu Opens the Disk Space configuration. Disk Space Menu ^^^^^^^^^^^^^^^ 1. Status Show current usage of disk partitions. 2. Change Disk Space Warning Levels Set the capacity threshold for warning alerts. 3. Add New Disk to Check Monitor an additional partition. 4. Remove a Disk from Check Stop monitoring a partition. 5. Restore to Default Reset thresholds to default settings. Administration -------------- 1. Change Admin Password Change the CMI access password. .. warning:: If you change this password, **please keep a secure record**. If lost, Swivel Secure may not be able to regain access to the appliance. 2. Add Certificates Add a certificate for certificate-based authentication to the Appliance. 3. Deauthorize Default Certificates Remove access via default certificates stored in ``/root/.ssh``. **Ensure you have an alternative login method before doing this.** 4. Reboot Reboot the appliance. 5. Shutdown Shutdown the appliance. 6. Update Appliance Opens the Update menu. Update Menu ~~~~~~~~~~~ 1. Settings Change update settings (Repositories/Proxy). 2. Update CMI Menu Update the appliance CMI menus. 3. Update System Update the operating system. 4. Update Swivel Core Products Update Swivel products. 5. Install Swivel Sentry Install Sentry SSO if not present. 6. Install/Update Package Manually install/update a package. **Use with care.** 7. Flush Cache Clear temporary files from previous updates. Update Settings ^^^^^^^^^^^^^^^ 1. Enable External Repository Access Toggle direct use of Oracle Linux repositories vs. Swivel mirrors. 2. Yum Proxy Configure a proxy for access to ``repo.swivelsecure.net``. High Availability (HA) ---------------------- .. note:: This menu is only visible on HA-enabled appliances. 1. Set Peer IP Configure the peer appliance for Master-Master replication. You must set: * Peer Hostname (Must match the peer's actual setting). * Peer IP addresses for ETH0 and ETH1. * *Note:* Database replication defaults to ETH1. 2. Set DR IP Configure a Disaster Recovery (DR) appliance for Master-Slave replication. * Changes on the Master are replicated to the DR unit. * Changes on the DR unit are **not** reflected back. * You can configure up to 2 DR appliances. 3. Database Replication Open the Database Replication menu. 4. Virtual IP Configure a shared Virtual IP (VIP). The primary server responds by default; the standby server takes over if the primary fails. 5. Advanced Manually change hostnames/IPs for HA. (Rarely required; usually handled by "Set Peer IP"). Database Replication Menu ~~~~~~~~~~~~~~~~~~~~~~~~~ 1. Status View replication status between peers or DR units. Shows if the remote appliance is reading local changes and vice-versa. 2. Start/Stop Reading updates Start or stop reading updates from the remote peer (Start/Stop Slave). 3. Database Replication (Recursive menu item). 4. Repair Replication Re-sync databases if replication fails. Select the authoritative database; it will be copied to the peer, and replication will restart. Virtual IP Menu ~~~~~~~~~~~~~~~ 1. Set Email Address Set the alert email destination for VIP failover events (Requires SMTP). 2. Change Virtual IP Set the Virtual IP address. **This must be set on both peer appliances.** 3. Add/Remove Ping Nodes Add network nodes (e.g., Default Gateway) to test connectivity. The appliance that can ping the most nodes will claim the VIP. **Set the same number of nodes on both appliances.** 5. Start/Stop Mon "Mon" monitors if the Swivel core is running on the peer. 6. Start/Stop Heartbeat "Heartbeat" monitors if the peer appliance is contactable via network interfaces.