Stats Collector Configuration
Orchestrator > Software & Setup > Setup > Stats Collector Configuration
Orchestrator collects statistical data from your appliances to monitor performance, network traffic, and appliance status. Before Orchestrator release 9.1.0, the process of collecting, storing, and retrieving this data impacted performance due to the amount of data stored on and requested from the database.
To improve Orchestrator performance, Orchestrator 9.1.0 includes a new method called the Distributed Stats Collector (simply referred to as Stats Collector) that eliminates the use of Orchestrator resources for monitoring your appliances. This new architecture enables you to scale your network with greater performance.
There are two variations of Distributed Stats Collection:
-
Local Stats Collector: Orchestrator and Stats Collector in a single VM. This is ideal for deployments with less than 100 appliances.
-
Remote Stats Collector: Orchestrator on a separate VM and Stats Collector on a different VM (Orchestrator VM deployed in Stats Collector mode only). HPE Aruba Networking recommends one Remote Stats Collector per 150 appliances.
The Distributed Stats Collector feature collects statistics from appliances and provides the information to Orchestrator. When enabled, the Stats Collector runs in parallel with the Local Stats Collector to collect the necessary historical statistical data. After collecting that data, you can discontinue local stats collection. You will not experience performance improvement until you discontinue legacy stats collection.
If you are running ECOS 9.1 or later and Orchestrator 9.1 or later, HPE Aruba Networking recommends that you set up the Distributed Stats Collector so that you will be able to take advantage of new stats that are introduced in future releases.
Features that Require Distributed Stats Collector
The following features (introduced after ECOS 9.1) require the Distributed Stats Collector method.
-
Protection Profile Top Talkers (9.5.x)
-
Protection Profile Trends (9.5.x)
-
Flow Baseline (9.5.x)
-
Flow Baseline Trends (9.5.x)
-
Availability (ECOS 9.3.0)
-
AppExpress (ECOS 9.4.1) (Reporting and monitoring functions will be limited if Distributed Stats Collector is not enabled.)
-
IP SLA Summary (ECOS 9.3.0)
-
Internet Breakout (ECOS 9.3.0)
-
Application Summary (ECOS 9.3.0)
-
Application Trends (ECOS 9.3.0)
-
User Trends/Bandwidth (ECOS 9.3.0)
Prerequisites
-
Both the Orchestrator and Stats Collector must be on the same release.
-
Upgrade all appliances to version 9.1.0 before enabling the Distributed Stats Collector feature.
-
By default, when you install Orchestrator for the first time, Orchestrator automatically creates a Local Stats Collector. The Local Stats Collector can accommodate a maximum of 100 appliances. If you need to scale beyond 100 appliances, you must use the Remote Stats Collector. (There might be some dependencies based on your deployed topology.) Refer to the following table to determine the number of appliances per Remote Stats Collector you will need for your topology.
Topology | Appliances per Stats Collector |
---|---|
Mesh | Up to 150 |
Hub and Spoke | Up to 300 |
-
Each Stats Collector must meet the following virtual machine minimum requirements:
-
vCPU: 4 (greater than 2 GHz with hyperthreading enabled)
-
RAM: 16 GB
-
Disk usage will vary based on retention policies. Disk estimates are based on 30 days of alarm and audit log retention. See Orchestrator Host System Requirements – Rel 9.1.x and later for detailed information on recommended resources.
NOTE: If you have less than 100 appliances, you can use the predefined Local Stats Collector. You do not need to perform the steps in Before You Begin.
-
Enable Distributed Stats Collector
To enable Distributed Stats Collector on a self-hosted Orchestrator (On-Prem), navigate to Orchestrator > Software & Setup > Setup > Stats Collector Configuration and complete the configuration as explained below.
To enable Distributed Stats Collector on an Orchestrator as a Service (Cloud Orchestrator managed by HPE Aruba Networking), contact Technical Support as this can only be done through the backend system.
Before You Begin
For deployments larger than 100 appliances, you must do the following before you configure the Distributed Stats Collector in Orchestrator:
-
Upgrade the Stats Collector to the Orchestrator release. See Upgrade Orchestrator or Stats Collectors.
-
Create and Install an End Entity Certificate. Skip this step if you are not using a custom HTTPS certificate on Orchestrator or you are using the Local Stats Collector.
Create, configure, and encrypt as many Stats Collectors as needed.
Create a VM for the Stats Collector
To create and set up a Stats Collector, do one of the following:
-
If you have an on-prem Orchestrator deployment, bring up an Orchestrator VM by following the steps explained in “On-Prem Orchestrator - Download, Deploy, and Install” in Install, Upgrade, Move, and Restore SD-WAN Orchestrator.
-
If you have a cloud Orchestrator deployment, bring up an Orchestrator in your selected cloud platform by following the steps explained in “Orchestrator in IaaS - Deploy” in Install, Upgrade, Move, and Restore SD-WAN Orchestrator.
Configure the VM as a Stats Collector
-
Open an SSH session to the Orchestrator you want to use as a Stats Collector.
-
For on-prem Orchestrator deployment: Enter
$ su
-
For cloud Orchestrator deployment: Enter
$ sudo su - root
-
-
If prompted, enter the root password. If you do not know your root password, contact Support.
-
Change to the /home/gms/gms directory:
cd /home/gms/gms
-
To run the Orchestrator setup script, enter
orch-setup -m
, and then press Enter. -
To select the stats collector only mode, at the prompt, enter
s
. -
To proceed, enter
y
.This VM is now a Stats Collector.
NOTE: Orchestrator and EdgeConnect appliances communicate with the Stats Collector over HTTPS (port 443). Orchestrator and EdgeConnect appliances will raise alarm if the Stats Collector is not reachable.
Configure the Stats Collector with a Public Key
After you create and configure a Stats Collector, you must copy the Orchestrator public key and paste it into the same folder on the Stats Collector, as follows. This will establish an HTTPS connection with Orchestrator and the data from the Stats Collector to Orchestrator will be encrypted.
Copy the Public Key File from Orchestrator to the Stats Collector
-
Open an SSH session to the Orchestrator VM.
-
For on-prem Orchestrator deployment: If you are running release 9.1.9, 9.2.10, 9.3.3, 9.4.x, or later, enter the following:
whoami
If the response is not
gms
, enter the following, and then provide the admin password.sudo su - gms
-
For cloud Orchestrator deployment: Enter
sudo su - gms
-
-
Go to:
cd /home/gms/sc/publickeys
-
To list the file that contains the public key, enter
ls
-
Enter the followinig command to determine if you are running Rocky Linux:
cat /etc/redhat-release
-
Do one of the following to copy the public key file to your new Stats Collector.
NOTE: Depending on your underlying OS and security settings, the following SCP steps might not work. If SCP does not work, copy the public key file using another file transfer method, such as FTP, or you can manually copy the file (make sure to copy escape characters) to the new Stats Collector in the /home/gms/sc/publickeys/ directory.
-
If you are running Rocky Linux, enter the following command (you might need to omit
-O
if your operating system does not support this parameter).sudo scp -O <public_key_file_name.pub> admin@<new-Orch-IP>:/home/admin/
-
If you are not running Rocky Linux, enter
scp <public_key_file_name.pub> admin@<remote_stats_collector_ip>:/home/gms/sc/publickeys/
where:
-
public_key_file_name.pub is the name of the file listed in step 3. For example,
d1ab581df8c745b59eec548ef5a2f011.pub
. The public key file name will be different for each case. -
admin is the user name
-
-
Confirm the New Public Key File
-
Open an SSH session to the Stats Collector VM.
-
For on-prem Orchestrator deployment: If you are running release 9.1.9, 9.2.10, 9.3.3, 9.4.x, or later, enter the following:
whoami
If the response is not
gms
, enter the following, and then provide the admin password.sudo su - gms
-
For cloud Orchestrator deployment: Enter
sudo su - gms
-
-
Enter the following command to determine if you are running Rocky Linux:
cat /etc/redhat-release
-
If you are running Rocky Linux, enter the following commands.
NOTE: If you used FTP or manually copied the public key file in step 5 above, skip this step.
sudo mv /home/admin/<public_key_file_name.pub> /home/gms/sc/publickeys/
sudo chown gms.gms /home/gms/sc/publickeys/<public_key_file_name.pub>
-
Go to:
cd /home/gms/sc/publickeys
and executels -l
.Ensure that the new public key file is on the Stats Collector and has the following privileges and ownership.
[gms@silverpeak-gxv:~/sc/publickeys] $ ls -l -rw-r–r– 1 gms gms 451 Oct 7 09:28 d1ab581df8c745b59eec548ef5a2f011.pub
Create and Install an End Entity Certificate
Complete the following tasks to create and install an end entity certificate for each Remote Stats Collector.
NOTE: Skip this procedure if you did not install a custom HTTPS certificate on Orchestrator or you are using the Local Stats Collector.
- Add the Root CA Certificate for the Certificate Authority (CA).
- Create and send the CSR in Orchestrator and upload the signed certificate in Orchestrator.
- Create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector.
Add the Root CA Certificate for the Certificate Authority
In order for your Remote Stats Collectors to establish connectivity with the appliances, you must add the certificate to the Custom CA Certificate Trust Store.
To add the certificate to the Custom CA Certificate Trust Store:
-
In Orchestrator, navigate to Configuration > Overlay & Security > Security > Custom CA Certificate Trust Store.
-
Select Use Custom Certificate Store.
-
Click Add Default Certificates.
-
Click Add Certificate to Custom Trust Store.
The Add/Edit Custom Certificates dialog box displays.
-
Enter a meaningful Alias for the certificate in the Alias field. For example, “ClearPass_CA_Root”.
-
Paste the root certificate into the Certificate field.
-
Click Save.
-
Click Apply Changes.
-
Click Close.
IMPORTANT: After you add a root CA certificate to the Custom Trust Store, you must restart Orchestrator from the CLI.
-
Enter the following commands from the CLI to restart Orchestrator.
ssh admin@xx.xx.xx.xx
su
service gms status
service gms stop
service gms start
where
xx.xx.xx.xx
is the IP address of Orchestrator.Proceed to Create and Send the CSR in Orchestrator and Upload the Signed Certificate in Orchestrator.
Create and Send the CSR in Orchestrator and Upload the Signed Certificate in Orchestrator
-
Create the CSR in Orchestrator. Follow the steps in Create a Certificate Signing Request (CSR).
-
Send the CSR to your Certificate Authority to receive a signed certificate.
-
Obtain the signed certificate from the CA. Follow the steps in Obtain the Signed Certificate From the CA.
-
After you receive the signed certificate, follow the steps in Upload the Signed Certificate to the End Entity Certificate Tab to upload the signed certificate.
Proceed to Create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector.
Create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector
You must create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector.
-
Enter the following commands to log in to the Remote Stats Collector:
ssh admin@xx.xx.xx.xx
cd /home
where
xx.xx.xx.xx
is the IP address of the Remote Stats Collector. -
Create a file called
opensslconf.cnf
. -
Copy the following content and paste it into the file.
[ req ]
default_bits = 1024
distinguished_name = req_distinguished_name
req_extensions = SAN
extensions = SAN
[ req_distinguished_name ]
commonName = xx.xx.xx.xx
countryName = US
stateOrProvinceName = CA
localityName = San Jose
organizationName = HPE
organizationalUnitName = Aruba
[SAN]
#authorityKeyIdentifier=keyid,issuer
#basicConstraints=CA:FALSE
#keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = IP:xx.xx.xx.xx
where
xx.xx.xx.xx
in both commonName and subjectAltName is the IP address of the Remote Stats Collector.NOTE: commonName represents the name of the server. However, commonName can also be a FQDN name if there is a DNS entry in your DNS server.
-
Enter the following command to create a new private key and CSR with the config file you just created:
openssl req -new -newkey rsa:2048 -keyout newkey.key -config opensslconf.cnf -out newSc_serverCrt.csr -nodes
-
Use SCP to copy the new CSR from the Remote Stats Collector to your laptop.
NOTE: If you cannot copy the new CSR via SCP, you can create a new file with the same name on your laptop and copy the contents into the new file.
-
Send the CSR file that you copied in step 5 to your Certificate Authority for signing.
-
Obtain the signed certificate from the CA.
When you receive the signed certificate from the CA, if there are multiple files you need to combine all the files into a single file, which includes the end entity certificate, all intermediate CA certificates, and the root CA certificates. This is necessary because you must upload the entire certificate chain in Orchestrator as a single file. The sequence of certificates in the single-file chain is important and should be as follows:
- End entity certificate (top of file)
- One or more certificates of the intermediate CA(s)
- Self-signed root CA certificate
You now have a signed end entity certificate for the Remote Stats Collector.
-
Rename the downloaded and signed end entity certificate
scSignedCrt.pem
. -
Use SCP or Filezilla to transfer
scSignedCrt.pem
for the Remote Stats Collector from your laptop to the/home
directory on the Remote Stats Collector. -
Log in to the Remote Stats Collector.
ssh admin@xx.xx.xx.xx
cd /home
-
Back up the existing
server.crt
andserver.key
files in/home/gms/gms/properties
.cd /home/gms/gms/properties
mv server.crt server_backup.crt
mv server.key server_backup.key
-
Enter the following command to move the private key you created while generating the CSR from
/home
to/home/gms/gms/properties
.mv /home/newkey.key /home/gms/gms/properties/server.key
-
Enter the following command to move the signed end entity certificate for the Remote Stats Collector from
/home
directory to/home/gms/gms/properties
mv /home/scSignedCrt.pem /home/gms/gms/properties/server.crt
-
Restart the Remote Stats Collector.
service sc restart
-
After you restart the Remote Stats Collector, the new end entity certificate for the Remote Stats Collector will be installed and the private key will be loaded. Run the following command to verify the status of the Remote Stats Collector.
service sc status
The status should be “up and active”.
Configure the Stats Collector Feature
After the Stats Collectors are created, configured, and authenticated, configure the Distributed Stats Collector feature in Orchestrator. Complete the following tasks:
-
Back up Orchestrator. For more information about backing up Orchestrator, see Back Up on Demand.
Before you enable the Distributed Stats Collector feature and discontinue legacy stats collection, it is recommended that you back up the Orchestrator database. Discontinuing legacy stats collection is permanent. To return to your previous configuration, you must restore the Orchestrator configuration backup.
-
Add a Stats Collector. If your network contains less than 200 appliances, you can use the predefined Local Stats Collector.
-
Associate Appliances with a Stats Collector or Associate Appliances with the Predefined Local Stats Collector
-
When the necessary historical data has been collected, Discontinue Legacy Stats Collection.
Add a Stats Collector
To add a stats collector:
-
Navigate to Software & Setup > Setup > Stats Collector Configuration.
The Stats Collector Configuration tab opens.
-
Click Edit Stats Collectors.
The Edit Stats Collectors dialog box opens.
-
Click Add Stats Collector.
The Stats Collector dialog box opens.
-
Configure the following elements as needed:
Field Description Name Name of the stats collector. DNS Name DNS name or IP address of this Stats Collector. Port Port number the Stats Collector is running on. Protocol HTTPS -
Click Save.
Delete a Stats Collector
To delete an existing Remote Stats Collector, click the delete icon (X) in the last column of the entry in the table.
Associate Appliances with a Stats Collector
To associate appliances with a Stats Collector:
-
Navigate to Software & Setup > Setup > Stats Collector Configuration.
The Stats Collector Configuration tab opens.
-
In the Orchestrator appliance tree, select one or more appliances to associate with a specific Stats Collector.
WARNING: The statistics for an appliance are tied to the Distributed Stats Collector it is associated with. If you associate an appliance with a different Distributed Stats Collector, you lose all statistical data associated with that appliance.
-
Select the Add check box next to the Stats Collector you want to associate the selected appliance(s) with.
-
Click Apply.
The Apply Changes dialog box opens.
-
Click Apply Changes.
Associate Appliances with the Predefined Local Stats Collector
If you are installing Orchestrator version 9.1.0 or upgrading to version 9.1.0 or later, Orchestrator provides a default Stats Collector called local. You cannot edit or delete the Local Stats Collector. You can associate up to 200 appliances with the Local Stats Collector.
NOTE: If you are upgrading to Orchestrator 9.1.0, all appliances will be automatically associated with the Local Stats Collector.
NOTE: If you run Orchestrator in Orchestrator Only mode (orch-setup -m o
), the Local Stats Collector will be disconnected.
To associate appliances with the Local Stats Collector:
-
Navigate to Software & Setup > Setup > Stats Collector Configuration.
The Stats Collector Configuration tab opens. This tab displays the Stats Collector configuration for all appliances selected in the appliance tree to the left.
-
In the Orchestrator appliance tree, select one or more appliances to associate with the Local Stats Collector.
-
Select the Add check box next to the Local Stats Collector.
-
Click Apply.
The selected appliances are associated with the Local Stats Collector. The Changes column indicates the Stats Collectors that were added and removed.
Enable the Distributed Stats Collector
After you associate appliances with either the Local Stats Collector or the newly added Stats Collectors, you must enable the Distributed Stats Collector feature to begin collecting data.
NOTE: The legacy Stats Collector continues to collect statistics in parallel with the Distributed Stats Collector feature until you discontinue legacy stats collection. For more information, see Discontinue Legacy Stats Collection.
NOTE: The backslash (\) character is not allowed in any field in the Orchestrator > Software & Setup > Backup > Schedule Stats Collector menu or the Orchestrator > Software & Setup > Backup > Schedule Backup menu.
WARNING: You cannot disable the Distributed Stats Collector after you enable it. It is recommended that you back up Orchestrator before you enable the Distributed Stats Collector. For more information about backing up Orchestrator, see Back Up on Demand.
To enable the Stats Collector:
-
Navigate to Software & Setup > Setup > Stats Collector Configuration.
The Stats Collector Configuration tab opens.
-
Click Enable New Stats Collection.
The Enable New Stats Collection dialog box opens.
Before you can enable the Distributed Stats Collector feature, you must upgrade all appliances to version 9.1.0. The Enable New Stats Collection dialog box lists appliances that must be upgraded to support the distributed stats collection.
-
Click Enable New Stats Collection Now.
Discontinue Legacy Stats Collection
WARNING: Do not discontinue legacy stats collection until you have collected sufficient historical data with the Distributed Stats Collector feature. For example, if you need 30 days of statistical data, enable the Distributed Stats Collector, wait 30 days, and then disable the legacy stats collection.
To verify that data has been collected:
-
Navigate to Support > Technical Assistance > Partition Management.
-
Verify that the Stats Collector table contains sufficient data.
To discontinue legacy stats collection:
-
Navigate to Software & Setup > Setup > Stats Collector Configuration.
The Stats Collector Configuration tab opens.
-
Click Discontinue Legacy Stats Collection.
The Discontinue Legacy Stats Collection dialog box opens.
WARNING: This step permanently disables legacy Stats Collection and deletes all legacy statistics.
-
Click Discontinue Legacy Stats Collection.
Back Up and Restore Stats Collector
Scheduling a Stats Collector backup is a prerequisite to accomplishing Stats Collector recovery/redundancy. If Stats Collector failure occurs, you need the latest backup of that Stats Collector to restore it on a Distributed Stats Collector.
Back Up the Stats Collector
You can schedule a backup or use the CLI to back up Stats Collector on-demand.
-
To schedule a backup of the Stats Collector, see Schedule Stats Collector Backup.
-
To back up the Stats Collector with the CLI, log in to the CLI and run the following commands:
cd /home/gms/sc
./sc_backup.sh
The script creates a
sc.zip
file in the/home/gms/
directory.
Restore the Stats Collector from the CLI
-
Log in to the Stats Collector virtual machine.
-
Copy and paste the backup zip file in the
/home/gms/
directory, and then rename it tosc.zip
-
Log in as root user and run
service sc stop
-
Do one of the following:
-
If you are running Orchestrator release 9.1.9, 9.2.10, 9.3.3, 9.4.x, or later, enter
sudo su - gms
-
If you are running an Orchestrator release earlier than those listed above, enter
su - gms
to log in as gms user.
-
-
Enter the following commands:
bash sc_restore.sh 2>&1 | tee /tmp/restorelog
-
To confirm that the restore process completed successfully, open the
/tmp/sc_restorelog
file and verify the “Restore successful!” message is listed. -
Log out and log in as root user.
-
Enter
service sc start