The following instructions are used to deploy the PCA into a Softlayer® cloud-based environment.
It is also recommended to verify that your virtual machines can communicate with each other. Contact your network administrator to make sure that all of the necessary network ports are open for the PCA software, packet forwarders, and packet listeners.
Common website installations in the cloud use a virtual load balancer to distribute web traffic to a dynamically provisioned web server tier that consists of multiple web server instances. Each web server instance requires a packet forwarder to be installed to forward the captured web traffic to a centralized PCA that is running on a virtual machine for processing.
The installation process consists of installing the packet forwarders to your web instances and installing the centralized PCA on your hosted virtual machine.
PCA requirements for a Softlayer virtual machine
Before you install the PCA into a Softlayer virtual machine, make sure that the virtual machine meets the hardware and software requirements for the PCA software. The hardware and software requirements are identified in a pre-installation checklist.
The following items are also required:
- Softlayer provisions both dedicated physical machines or virtual servers to provide maximum network infrastructure flexibility. The servers can be configured with dynamic or static network settings. It may be necessary to provide static internal IP addresses to allow for instance-to-instance intra-communication where the assigned IP addresses are maintained if instances are stopped or spun up or down. This is necessary to re-establish network connections between the PCA listener instance and its packet forwarder probe instances.
- Each server that hosts a web server instance, must have one CPU core that is dedicated to running the packet forwarder service. Minimum core speed is 2.0 GHz.
- If the web server application and packet forwarder instances are installed on Linux™ Red Hat, a minimum version of RHEL 6.4 is required.
- It is recommended to disable SELinux. If it is enabled, configure the firewall settings to allow communication on the ports that are used by the packet forwarders and packet listeners.
- If the web server instance is using a 64-bit version of Linux Red Hat, 32-bit versions of
zlibmust be deployed during the installation process.
- On the PCA server, each packet listener service requires four CPU cores. Each CPU core must be 2.0 GHz or higher and have 8 GB of dedicated memory.
- Configure your firewall settings to allow communication on port 1888. The communication ports incrementally increase by one for each additional packet forwarder that is deployed. If five packet forwarders are deployed, then ports 1888-1892 must be open. The ports are used by the packet forwarders to send information to the packet listeners, which process the data at the PCA.
Installing the packet forwarder
Use the installation rpm to install the packet forward on each web
instance. The default installation directory is /usr/local/ctccap. You can use
--prefix option when performing the installation command to install the
software to another directory.
To install the software, run rpm -ivh --prefix=/opt/tealeaf tealeaf-pktfwdr-xxxx-1.RHEL6.i686.rpm where xxxx is the version number of the PCA software.
The packet forwarder requires some additional 32-bit libraries if you are installing the packet forwarder to a 64-bit version of Linux. To install all of the dependent libraries, run the following command:yum -y install tealeaf-pktfwdr-3650-1.RHEL6.i686.rpm
zliblibraries manually using the following commands:
- yum install glibc.i686
- yum install zlib.i686
--prefix option to specify the installation path.
The following files are used to configure and run the packet forwarder.
|/bin/pktfwdr||Packet forwarder daemon|
|/bin/ctcstats||Operational statistics and metrics|
|/etc/fwdr-conf.xml||Packet forwarder configuration file|
|/etc/fwdr-conf-defaults.xml||Default configuration file|
Configure the packet forwarder by editing the /etc/fwdr-conf.xml configuration file.
- Edit the
PrimaryInterfacetag to add the virtual NIC device name that the packet forwarder uses to capture the web server's traffic. In most installations, the NIC device name is
- Locate the
ListenTostag and add any additional ports that you want to capture traffic from to the configuration file. Port 80 and 443 are listed by default.
- Locate the
Deliverytag and edit the
Porttags with the IP address and port number of the virtual machine that is hosting the centralized PCA server.Note: Each packet forwarder and listener pair uses one port. The default port number is 1888. When multiple pairs are used, the port address defines the first port number that is used to define a block of port numbers. For example, if you are capturing traffic from five web servers, then five packet forwarder and packet listener pairs are used to capture the traffic. In this scenario, ports 1888 - 1892 are used.
- Edit the
Porttag to define the port number for the network connection. Each packet forwarder requires a unique port number to identify a unique network connection to the centralized PCA VM instance. The port numbers must be assigned in sequential order. This is required by the PCA's socket receiver when configuring it for the packet forwarders' network connections. If you decide to start with port number 1888 for the first packet forwarder, then defining five of them would be ports 1888 - 1892 explicitly.
- Edit the
MaxRotatePeerstag to define the maximum number of web server instances that are dynamically provisioned. The default value is 1. If you are capturing traffic from five web servers, then set this value to 5.Note: If you are statically assigning a fixed number of web server instances with associated packet forwarders, then the
MaxRotatePeerswould remain set to the default value of 1. Each packet forwarder would need to configured with a unique Port number to identify a unique network connection to the centralized PCA VM instance. The port numbers must be assigned in sequential order. This is required by the PCA's socket receiver when configuring it for the packet forwarders' network connections. If you decide to start with port number 1888 for the first packet forwarder, then defining five of them should be 1888 through 1892 explicitly.
- Save you changes to the /etc/fwdr-conf.xml file.
Installing a centralized PCA in a Softlayer virtual machine
A centralized PCA is used to receive communication from the packet forwarders that are deployed to the web server instances in your cloud environment. Installing the PCA software to a virtual machine is similar to the installation process on a physical server. Use the following process to install the PCA software to a virtual machine.
- Install the PCA software to your virtual machine. Note: You have already installed the packet forwarders to your web server instances.
- Log on to the PCA web console.
- Go to the Delivery tab and edit the delivery settings for your environment.
- Go to the Pipeline tab and edit the Pipeline Instances setting to configure the number of pipeline instances for your configuration.
- Select Save Changes to save your updated configuration settings.Note: Do not restart the PCA server.
- Edit the PCA configuration file by opening /usr/local/ctccap/etc/ctc-conf.xml in a text editor.
- Go to the
Capturetag settings and edit the following settings.
falseNote: If the PCA server is configured to decrypt SSL traffic from the packet forwarders, set
- Go to the
Listenertag settings and edit the following settings.
BasePortto match the port number that is defined in the
ListenTossettings of the packet forward configuration file. The packet forwarder configuration file can be accessed by opening /etc/fwdr-conf.xml on a web server instance.
Instancesto equal the number of packet forwarders that the PCA connects to.
- Save your changes to /usr/local/ctccap/etc/ctc-conf.xml.
- Run tealeaf restart to restart the PCA services.
Starting the PCA server and packet forwarders
It is recommended to start the central PCA server before you start the packet forwarders. If the packet forwarders are started before the PCA server is running, they can experience network timeout conditions that and cause a delay in the time it takes to connect with the PCA server.
To start the PCA server, run tealeaf start all from the virtual machine that is hosting the PCA server.
To start a packet forwarder instance, run service pktfwdr start from each web server instance.
To stop a packet forwarder, run service pktfwdr stop from each web server instance.
To check the operational status of a packet forwarder, run service pktfwdr status from each web server instance.
To view the available metrics of a packet forwarder, run /opt/tealeaf/bin/ctcstats -p from each web server instance.
To test that a packet forwarder is connecting to the PCA server, use the
netstat utility. If the port connection is configured for port 1888, run
netstat -an|grep 1888. The output returns a status of
ESTABLISHED if the packet forwarder is connected to the PCA server. If a connection
is not established, the firewall rules for your network might not be configured to allow
communication between the packet forwarders and the PCA server. Check your network configuration
settings for the packet forwarders and your PCA server, then make sure that your firewall settings
allow communication on those network settings.