Link Search Menu Expand Document

Stats Collector Configuration

Orchestrator > Software & Setup > Setup > Stats Collector Configuration

Orchestrator collects statistical data from your appliances to monitor performance, network traffic, and appliance status. Before Orchestrator release 9.1.0, the process of collecting, storing, and retrieving this data impacted performance due to the amount of data stored on and requested from the database.

To improve Orchestrator performance, Orchestrator 9.1.0 includes a new method called the Distributed Stats Collector (simply referred to as Stats Collector) that eliminates the use of Orchestrator resources for monitoring your appliances. This new architecture enables you to scale your network with greater performance.

There are two variations of Distributed Stats Collection:

  • Local Stats Collector: Orchestrator and Stats Collector in a single VM. This is ideal for deployments with less than 150 appliances.

  • Remote Stats Collector: Orchestrator on a separate VM and Stats Collector on a different VM (Orchestrator VM deployed in Stats Collector mode only). HPE Aruba Networking recommends one Remote Stats Collector per 150 appliances.

The Distributed Stats Collector feature collects statistics from appliances and provides the information to Orchestrator. When enabled, the Stats Collector runs in parallel with the Local Stats Collector to collect the necessary historical statistical data. After collecting that data, you can discontinue local stats collection. You will not experience performance improvement until you discontinue legacy stats collection.

If you are running ECOS 9.1 or later and Orchestrator 9.1 or later, Aruba recommends that you set up the Distributed Stats Collector so that you will be able to take advantage of new stats that are introduced in future releases.

Features that Require Distributed Stats Collector

The following features (introduced after ECOS 9.1) require the Distributed Stats Collector method.

  • Availability (ECOS 9.3.0)

  • AppExpress (ECOS 9.4.1) (Reporting and monitoring functions will be limited if Distributed Stats Collector is not enabled.)

  • IP SLA Summary (ECOS 9.3.0)

  • Internet Breakout (ECOS 9.3.0)

  • Application Summary (ECOS 9.3.0)

  • Application Trends (ECOS 9.3.0)

  • User Trends/Bandwidth (ECOS 9.3.0)

Prerequisites

  • Both the Orchestrator and Stats Collector must be on the same release.

  • Upgrade all appliances to version 9.1.0 before enabling the Distributed Stats Collector feature.

  • By default, when you install Orchestrator for the first time, Orchestrator automatically creates a Local Stats Collector. The Local Stats Collector can accomodate a maximum of 200 appliances. If you need to scale beyond 200 appliances, you must use the Remote Stats Collector. (There might be some dependencies based on your deployed topology.) Refer to the following table to determine the number of appliances per Stats Collector you will need for your topology.

Topology Appliances per Stats Collector
Mesh Up to 150
Hub and Spoke Up to 300

Enable Distributed Stats Collector

To enable Distributed Stats Collector on a self-hosted Orchestrator (On-Prem), navigate to Orchestrator > Software & Setup > Setup > Stats Collector Configuration and complete the configuration as explained below.

To enable Distributed Stats Collector on an Orchestrator as a Service (Cloud Orchestrator managed by HPE Aruba Networking), contact Technical Support as this can only be done through the backend system.

Before You Begin

For deployments larger than 200 appliances or in a mesh topology with 150 or more appliances, you must do the following before you configure the Distributed Stats Collector in Orchestrator:

  1. Create a VM for the Stats Collector.

  2. Upgrade the Stats Collector to the Orchestrator release. See Upgrade Orchestrator or Stats Collectors.

  3. Configure the VM as a Stats Collector.

  4. Encrypt the Stats Collector Data.

  5. Create and Install an End Entity Certificate. Skip this step if you are not using a custom HTTPS certificate on Orchestrator or you are using the Local Stats Collector.

Create, configure, and encrypt as many Stats Collectors as needed.

Create a VM for the Stats Collector

To create and set up a Stats Collector, do one of the following:

Configure the VM as a Stats Collector

  1. Open an SSH session to the Orchestrator you want to use as a Stats Collector.

    • For on-prem Orchestrator deployment: Enter $ su

    • For cloud Orchestrator deployment: Enter $ sudo su - root

  2. If prompted, enter the root password. If you do not know your root password, contact Support.

  3. Change to the /home/gms/gms directory:
    cd /home/gms/gms

  4. To run the Orchestrator setup script, enter orch-setup -m, and then press Enter.

  5. To select the stats collector only mode, at the prompt, enter s.

  6. To proceed, enter y.

    This VM is now a Stats Collector.

    NOTE: Orchestrator and EdgeConnect appliances communicate with the Stats Collector over HTTPS (port 443). Orchestrator and EdgeConnect appliances will raise alarm if the Stats Collector is not reachable.

Encrypt the Stats Collector Data

After you create and configure a Stats Collector, you must copy the Orchestrator public key and paste it into the same folder on the Stats Collector, as follows. This will establish an HTTPS connection with Orchestrator and the data from the Stats Collector to Orchestrator will be encrypted.

Copy the Public Key File from Orchestrator to the Stats Collector

  1. Open an SSH session to the Orchestrator VM.

    • For on-prem Orchestrator deployment: No action is required. You are automatically logged in as admin.

    • For cloud Orchestrator deployment: Enter sudo su - gms

  2. Go to: cd /home/gms/sc/publickeys

  3. To list the file that contains the public key, enter ls

  4. Enter scp public_key_file_name.pub admin@<remote_stats_collector_ip>:/home/gms/sc/publickeys/

    where:

    • public_key_file_name.pub is the name of the file listed in step 3. For example, d1ab581df8c745b59eec548ef5a2f011.pub. The public key file name will be different for each case.

    • admin is the user name

Comfirm the New Public Key File

  1. Open an SSH session to the Stats Collector VM.

  2. Go to: cd /home/gms/sc/publickeys and execute ls -l.

    Ensure that the new public key file is on the Stats Collector and has the following privileges and ownership.

    [gms@silverpeak-gxv:~/sc/publickeys] $ ls -l -rw-r–r–  1 gms gms  451 Oct  7 09:28 d1ab581df8c745b59eec548ef5a2f011.pub

Create and Install an End Entity Certificate

Complete the following tasks to create and install an end entity certificate for each Remote Stats Collector.

NOTE: Skip this procedure if you did not install a custom HTTPS certificate on Orchestrator or you are using the Local Stats Collector.

  1. Add the Root CA Certificate for the Certificate Authority (CA).
  2. Create and send the CSR in Orchestrator and upload the signed certificate in Orchestrator.
  3. Create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector.

Add the Root CA Certificate for the Certificate Authority

In order for your Remote Stats Collectors to establish connectivity with the appliances, you must add the certificate to the Custom CA Certificate Trust Store.

To add the certificate to the Custom CA Certificate Trust Store:

  1. In Orchestrator, navigate to Configuration > Overlay & Security > Security > Custom CA Certificate Trust Store.

  2. Select Use Custom Certificate Store.

  3. Click Add Default Certificates.

  4. Click Add Certificate to Custom Trust Store.

    The Add/Edit Custom Certificates dialog box displays.

  5. Enter a meaningful Alias for the certificate in the Alias field. For example, “ClearPass_CA_Root”.

  6. Paste the root certificate into the Certificate field.

  7. Click Save.

  8. Click Apply Changes.

  9. Click Close.

    IMPORTANT: After you add a root CA certificate to the Custom Trust Store, you must restart Orchestrator from the CLI.

  10. Enter the following commands from the CLI to restart Orchestrator.

    ssh admin@xx.xx.xx.xx

    su

    service gms status

    service gms stop

    service gms start

    where xx.xx.xx.xx is the IP address of Orchestrator.

    Proceed to Create and Send the CSR in Orchestrator and Upload the Signed Certificate in Orchestrator.

Create and Send the CSR in Orchestrator and Upload the Signed Certificate in Orchestrator

  1. Create the CSR in Orchestrator. Follow the steps in Create a Certificate Signing Request (CSR).

  2. Send the CSR to your Certificate Authority to receive a signed certificate.

  1. Obtain the signed certificate from the CA. Follow the steps in Obtain the Signed Certificate From the CA.

  2. After you receive the signed certificate, follow the steps in Upload the Signed Certificate to the End Entity Certificate Tab to upload the signed certificate.

Proceed to Create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector.

Create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector

You must create and send the CSR in Stats Collector and upload the signed certificate in Stats Collector.

  1. Enter the following commands to log in to the Remote Stats Collector:

    ssh admin@xx.xx.xx.xx

    cd /home

    where xx.xx.xx.xx is the IP address of the Remote Stats Collector.

  2. Create a file called opensslconf.cnf.

  3. Copy the following content and paste it into the file.

    [ req ]

    default_bits = 1024

    distinguished_name = req_distinguished_name

    req_extensions = SAN

    extensions = SAN

    [ req_distinguished_name ]

    commonName = xx.xx.xx.xx

    countryName = US

    stateOrProvinceName = CA

    localityName = San Jose

    organizationName = HPE

    organizationalUnitName = Aruba

    [SAN]

    #authorityKeyIdentifier=keyid,issuer

    #basicConstraints=CA:FALSE

    #keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment

    subjectAltName = IP:xx.xx.xx.xx

    where xx.xx.xx.xx in both commonName and subjectAltName is the IP address of the Remote Stats Collector.

    NOTE: commonName represents the name of the server. However, commonName can also be a FQDN name if there is a DNS entry in your DNS server.

  4. Enter the following command to create a new private key and CSR with the config file you just created:

    openssl req -new -newkey rsa:2048 -keyout newkey.key -config opensslconf.cnf -out newSc_serverCrt.csr -nodes

  5. Use SCP to copy the new CSR from the Remote Stats Collector to your laptop.

    NOTE: If you cannot copy the new CSR via SCP, you can create a new file with the same name on your laptop and copy the contents into the new file.

  6. Send the CSR file that you copied in step 5 to your Certificate Authority for signing.

  7. Obtain the signed certificate from the CA.

    When you receive the signed certificate from the CA, if there are multiple files you need to combine all the files into a single file, which includes the end entity certificate, all intermediate CA certificates, and the root CA certificates. This is necessary because you must upload the entire certificate chain in Orchestrator as a single file. The sequence of certificates in the single-file chain is important and should be as follows:

    1. End entity certificate (top of file)
    2. One or more certificates of the intermediate CA(s)
    3. Self-signed root CA certificate

    You now have a signed end entity certificate for the Remote Stats Collector.

  8. Rename the downloaded and signed end entity certificate scSignedCrt.pem.

  9. Use SCP or Filezilla to transfer scSignedCrt.pem for the Remote Stats Collector from your laptop to the /home directory on the Remote Stats Collector.

  10. Log in to the Remote Stats Collector.

    ssh admin@xx.xx.xx.xx

    cd /home

  11. Back up the existing server.crt and server.key files in /home/gms/gms/properties.

    cd /home/gms/gms/properties

    mv server.crt server_backup.crt

    mv server.key server_backup.key

  12. Enter the following command to move the private key you created while generating the CSR from /home to /home/gms/gms/properties.

    mv /home/newkey.key /home/gms/gms/properties/server.key

  13. Enter the following command to move the signed end entity certificate for the Remote Stats Collector from /home directory to /home/gms/gms/properties

    mv /home/scSignedCrt.pem /home/gms/gms/properties/server.crt

  14. Restart the Remote Stats Collector.

    service sc restart

  15. After you restart the Remote Stats Collector, the new end entity certificate for the Remote Stats Collector will be installed and the private key will be loaded. Run the following command to verify the status of the Remote Stats Collector.

    service sc status

    The status should be “up and active”.

Configure the Stats Collector Feature

After the Stats Collectors are created, configured, and authenticated, configure the Distributed Stats Collector feature in Orchestrator. Complete the following tasks:

  1. Back up Orchestrator. For more information about backing up Orchestrator, see Back Up on Demand.

    Before you enable the Distributed Stats Collector feature and discontinue legacy stats collection, it is recommended that you back up the Orchestrator database. Discontinuing legacy stats collection is permanent. To return to your previous configuration, you must restore the Orchestrator configuration backup.

  2. Add a Stats Collector. If your network contains less than 200 appliances, you can use the predefined Local Stats Collector.

  3. Associate Appliances with a Stats Collector or Associate Appliances with the Predefined Local Stats Collector

  4. When the necessary historical data has been collected, Discontinue Legacy Stats Collection.

Add a Stats Collector

To add a stats collector:

  1. Navigate to Software & Setup > Setup > Stats Collector Configuration.

    The Stats Collector Configuration tab opens.

  2. Click Edit Stats Collectors.

    The Edit Stats Collectors dialog box opens.

  3. Click Add Stats Collector.

    The Stats Collector dialog box opens.

  4. Configure the following elements as needed:

    Field Description
    Name Name of the stats collector.
    DNS Name DNS name or IP address of this Stats Collector.
    Port Port number the Stats Collector is running on.
    Protocol HTTPS
  5. Click Save.

Delete a Stats Collector

To delete an existing Remote Stats Collector, click the delete icon (X) in the last column of the entry in the table.

Associate Appliances with a Stats Collector

To associate appliances with a Stats Collector:

  1. Navigate to Software & Setup > Setup > Stats Collector Configuration.

    The Stats Collector Configuration tab opens.

  2. In the Orchestrator appliance tree, select one or more appliances to associate with a specific Stats Collector.

    WARNING: The statistics for an appliance are tied to the Distributed Stats Collector it is associated with. If you associate an appliance with a different Distributed Stats Collector, you lose all statistical data associated with that appliance.

  3. Select the Add check box next to the Stats Collector you want to associate the selected appliance(s) with.

  4. Click Apply.

    The Apply Changes dialog box opens.

  5. Click Apply Changes.

Associate Appliances with the Predefined Local Stats Collector

If you are installing Orchestrator version 9.1.0 or upgrading to version 9.1.0 or later, Orchestrator provides a default Stats Collector called local. You cannot edit or delete the Local Stats Collector. You can associate up to 200 appliances with the Local Stats Collector.

NOTE: If you are upgrading to Orchestrator 9.1.0, all appliances will be automatically associated with the Local Stats Collector.

NOTE: If you run Orchestrator in Orchestrator Only mode (orch-setup -m o), the Local Stats Collector will be disconnected.

To associate appliances with the Local Stats Collector:

  1. Navigate to Software & Setup > Setup > Stats Collector Configuration.

    The Stats Collector Configuration tab opens. This tab displays the Stats Collector configuration for all appliances selected in the appliance tree to the left.

  2. In the Orchestrator appliance tree, select one or more appliances to associate with the Local Stats Collector.

  3. Select the Add check box next to the Local Stats Collector.

  4. Click Apply.

    The selected appliances are associated with the Local Stats Collector. The Changes column indicates the Stats Collectors that were added and removed.

Enable the Distributed Stats Collector

After you associate appliances with either the Local Stats Collector or the newly added Stats Collectors, you must enable the Distributed Stats Collector feature to begin collecting data.

NOTE: The legacy Stats Collector continues to collect statistics in parallel with the Distributed Stats Collector feature until you discontinue legacy stats collection. For more information, see Discontinue Legacy Stats Collection.

NOTE: The backslash (\) character is not allowed in any field in the Orchestrator > Software & Setup > Backup > Schedule Stats Collector menu or the Orchestrator > Software & Setup > Backup > Schedule Backup menu.

WARNING: You cannot disable the Distributed Stats Collector after you enable it. It is recommended that you back up Orchestrator before you enable the Distributed Stats Collector. For more information about backing up Orchestrator, see Back Up on Demand.

To enable the Stats Collector:

  1. Navigate to Software & Setup > Setup > Stats Collector Configuration.

    The Stats Collector Configuration tab opens.

  2. Click Enable New Stats Collection.

    The Enable New Stats Collection dialog box opens.

    Before you can enable the Distributed Stats Collector feature, you must upgrade all appliances to version 9.1.0. The Enable New Stats Collection dialog box lists appliances that must be upgraded to support the distributed stats collection.

  3. Click Enable New Stats Collection Now.

Discontinue Legacy Stats Collection

WARNING: Do not discontinue legacy stats collection until you have collected sufficient historical data with the Distributed Stats Collector feature. For example, if you need 30 days of statistical data, enable the Distributed Stats Collector, wait 30 days, and then disable the legacy stats collection.

To verify that data has been collected:

  1. Navigate to Support > Technical Assistance > Partition Management.

  2. Verify that the Stats Collector table contains sufficient data.

To discontinue legacy stats collection:

  1. Navigate to Software & Setup > Setup > Stats Collector Configuration.

    The Stats Collector Configuration tab opens.

  2. Click Discontinue Legacy Stats Collection.

    The Discontinue Legacy Stats Collection dialog box opens.

    WARNING: This step permanently disables legacy Stats Collection and deletes all legacy statistics.

  3. Click Discontinue Legacy Stats Collection.

Back Up and Restore Stats Collector

Scheduling a Stats Collector backup is a prerequisite to accomplishing Stats Collector recovery/redundancy. If Stats Collector failure occurs, you need the latest backup of that Stats Collector to restore it on a Distributed Stats Collector.

Back Up the Stats Collector

You can schedule a backup or use the CLI to back up Stats Collector on-demand.

  • To schedule a backup of the Stats Collector, see Schedule Stats Collector Backup.

  • To back up the Stats Collector with the CLI, log in to the CLI and run the following commands:

    cd /home/gms/sc

    ./sc_backup.sh

    The script creates a sc.zip file in the /home/gms/ directory.

Restore the Stats Collector from the CLI

  1. Log in to the Stats Collector virtual machine.

  2. Copy and paste the backup zip file in the /home/gms/ directory, and then rename it to sc.zip

  3. Log in as root user and run service sc stop

  4. Enter su - gms to log in as gms user.

  1. Enter the following commands:

    cd /home/gms/sc

    bash sc_restore.sh

  2. To confirm that the restore process completed successfully, open the /tmp/restorelog file and verify the “Restore successful!” message is listed.

  3. Log out and log in as root user.

  4. Enter service sc start


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America