Transcript
Secure Access Service Provider Virtual Appliance Management Guide
Release
7.1 Published: 2011-02-15 Part Number: , Revision 1
Copyright © 2011, Juniper Networks, Inc.
Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997, Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no part of them is in the public domain. This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto. This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentation and software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright © 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved. GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed through release 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’s HELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateD software copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D. L. S. Associates. This product includes software developed by Maker Communications, Inc., copyright © 1996, 1997, Maker Communications, Inc. Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312, 6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Secure Access Service Provider Virtual Appliance Management Guide Revision History 2010—Revised for SA release 7.0. The information in this document is current as of the date listed in the revision history.
ii
Copyright © 2011, Juniper Networks, Inc.
END USER LICENSE AGREEMENT READ THIS END USER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, OR USING THE SOFTWARE. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMS CONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TO BIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINED HEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKS REGARDING LICENSE TERMS. 1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) or Juniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referred to herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicable license(s) for use of the Software (“Customer”) (collectively, the “Parties”). 2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, for which Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded by Juniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgrades and new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniper equipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment. 3. License Grant. Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customer a non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to the following use restrictions: a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased by Customer from Juniper or an authorized Juniper reseller. b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing units for which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey Access Client software only, Customer shall use such Software on a single computer containing a single physical random access memory space and containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines (e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a single chassis. c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer may specify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrent users, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase of separate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput, performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the use of the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software. Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses. d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of the Software. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may not extend or create an additional trial period by re-installing the Software after the 30-day trial period. e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’s enterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of the Steel-Belted Radius software to support any commercial network access services. The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchase the applicable license(s) for the Software from Juniper or an authorized Juniper reseller. 4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agrees not to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorized copies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of the Software, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any product in which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniper equipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capability without first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application, operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the
Copyright © 2011, Juniper Networks, Inc.
iii
Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i) use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment that the Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarking of the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expressly provided herein. 5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper, Customer shall furnish such records to Juniper and certify its compliance with this Agreement. 6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper. As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence, which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Software for Customer’s internal business purposes. 7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and to the Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyance of any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copies of the Software. 8. Warranty, Limitation of Liability, Disclaimer of Warranty. The warranty applicable to the Software shall be as set forth in the warranty statement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to support the Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support services agreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA, OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPER BE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANY AND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOES JUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUT ERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’ or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paid by Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid by Customer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement in reliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk between the Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the Parties. 9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic termination of the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and related documentation in Customer’s possession or control. 10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising from the purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdiction shall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. All payments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper in connection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showing Customer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax to be paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply with all applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to any liability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations under this Section shall survive termination or expiration of this Agreement. 11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and any applicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any such restrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of the Software supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software without an export license.
iv
Copyright © 2011, Juniper Networks, Inc.
12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use, duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS 227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable. 13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Juniper makes such information available. 14. Third Party Software. Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose products or technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement, and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third party software may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extent portions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for such portions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniper will make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to three years from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA 94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL at http://www.gnu.org/licenses/lgpl.html . 15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of laws principles. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputes arising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federal courts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customer with respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written (including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by an authorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms contained herein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writing by the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validity of the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and the Parties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention de même que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm that this Agreement and all related documentation is and will be in the English language)).
Copyright © 2011, Juniper Networks, Inc.
v
vi
Copyright © 2011, Juniper Networks, Inc.
Abbreviated Table of Contents Front Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Part 1
License Servers and Virtual Appliances
Chapter 1
Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2
License Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Chapter 3
Disabled Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Part 2
Index Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Copyright © 2011, Juniper Networks, Inc.
vii
Service Provider Virtual Appliance Management Guide
viii
Copyright © 2011, Juniper Networks, Inc.
Table of Contents Front Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Part 1
License Servers and Virtual Appliances
Chapter 1
Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 About Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Virtual Appliance Editions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Hardware and Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Virtual Appliances Supported Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Virtual Appliance Package Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Task Summary: Setting Up and Configuring a Virtual Appliance . . . . . . . . . . . . . . . 6 Importing the Virtual Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Configuring the Initial Network Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Using DMI With Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Chapter 2
License Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 About License Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 About License Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Allocating Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Leasing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Disabled Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Updating Client Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 About Subscription Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Available Subscription Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Importing and Exporting Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Configuring a Device as a License Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 Configuring a Device as a License Server Client . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Licensing Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Chapter 3
Disabled Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Disabled Features on a License Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Part 2
Index Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Copyright © 2011, Juniper Networks, Inc.
ix
Service Provider Virtual Appliance Management Guide
x
Copyright © 2011, Juniper Networks, Inc.
List of Tables Front Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Part 1
License Servers and Virtual Appliances
Chapter 1
Virtual Appliances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Table 2: create-va.exp Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Table 3: init-network-config.exp Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Copyright © 2011, Juniper Networks, Inc.
xi
Service Provider Virtual Appliance Management Guide
xii
Copyright © 2011, Juniper Networks, Inc.
Front Part •
Related Documentation on page xiii
•
Document Conventions on page xiii
•
Requesting Technical Support on page xiv
Related Documentation •
To download a PDF version of the Secure Access Administration Guide, go to the Secure Access/SSL VPN Product Documentation page of the Juniper Networks Customer Support Center.
•
For information about the changes that Secure Access clients make to client computers, including installed files and registry changes, and for information about the rights required to install and run Secure Access clients, refer to the Client-side Changes Guide.
•
For information on how to develop Web applications that are compliant with the Secure Access Content Intermediation Engine, refer to the Content Intermediation Engine Best Practices Guide.
Document Conventions Table 1 on page xiii defines notice icons used in this guide.
Table 1: Notice Icons Icon
Meaning
Description
Informational note
Indicates important features or instructions.
Caution
Indicates a situation that might result in loss of data or hardware damage.
Warning
Alerts you to the risk of personal injury or death.
Laser warning
Alerts you to the risk of personal injury from a laser.
Copyright © 2011, Juniper Networks, Inc.
xiii
Service Provider Virtual Appliance Management Guide
Requesting Technical Support Technical product support is available through the Juniper Networks Technical Assistance Center (JTAC). If you are a customer with an active J-Care or JNASC support contract, or are covered under warranty, and need post-sales technical support, you can access our tools and resources online or open a case with JTAC. •
JTAC policies—For a complete understanding of our JTAC procedures and policies, review the JTAC User Guide located at http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .
•
Product warranties—For product warranty information, visit http://www.juniper.net/support/warranty/ .
•
JTAC hours of operation—The JTAC centers have resources available 24 hours a day, 7 days a week, 365 days a year.
Self-Help Online Tools and Resources For quick and easy problem resolution, Juniper Networks has designed an online self-service portal called the Customer Support Center (CSC) that provides you with the following features: •
Find CSC offerings: http://www.juniper.net/customers/support/
•
Search for known bugs: http://www2.juniper.net/kb/
•
Find product documentation: http://www.juniper.net/techpubs/
•
Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
•
Download the latest versions of software and review release notes: http://www.juniper.net/customers/csc/software/
•
Search technical bulletins for relevant hardware and software notifications: https://www.juniper.net/alerts/
•
Join and participate in the Juniper Networks Community Forum: http://www.juniper.net/company/communities/
•
Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement (SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Case with JTAC You can open a case with JTAC on the Web or by telephone. •
Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
•
Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see http://www.juniper.net/support/requesting-support.html .
xiv
Copyright © 2011, Juniper Networks, Inc.
PART 1
License Servers and Virtual Appliances •
Virtual Appliances on page 3
•
License Management on page 13
•
Disabled Features on page 19
Copyright © 2011, Juniper Networks, Inc.
1
Service Provider Virtual Appliance Management Guide
2
Copyright © 2011, Juniper Networks, Inc.
CHAPTER 1
Virtual Appliances •
About Virtual Appliances on page 3
•
Virtual Appliances Supported Features on page 4
•
Virtual Appliance Package Information on page 4
•
Task Summary: Setting Up and Configuring a Virtual Appliance on page 6
•
Importing the Virtual Appliance on page 7
•
Configuring the Initial Network Settings on page 8
•
Using DMI With Virtual Appliances on page 11
About Virtual Appliances Running Secure Access software in a VMware virtual machine as a Virtual Appliance provides service providers (SPs) with robust scalability and isolation. The ESX server software from VMware supports several virtual machines on a high-end multi-processor platform. Deploying a dedicated virtual appliance for each customer guarantees complete isolation between systems.
Virtual Appliance Editions Two types of Secure Access virtual appliances are available: •
Demonstration and Training Edition (DTE)
•
Service Provider Edition (SPE)
The DTE is targeted for demonstration, initial evaluation and training purposes. DTE is not a supported product; Juniper Networks Technical Support will not assist you with any questions or problems. If you are interested in the DTE, contact your Juniper Networks sales team or reseller for more information. The SPE is targeted for service providers who are interested in provisioning remote access solution for a large number of customers.
Hardware and Software Requirements Juniper Networks virtual appliance was tested with the following products: •
IBM BladeServer H chassis
Copyright © 2011, Juniper Networks, Inc.
3
Service Provider Virtual Appliance Management Guide
•
BladeCenter HS blade server
•
vSphere 4.0
Any blade product compliant with the above should be suitable for use with virtual appliances.
Virtual Appliances Supported Features All features of Secure Access are available on virtual appliances with the exception of the following: •
IVS
•
Clustering
•
User record synchronization
A new option is available for switching between virtual terminal and serial console. Switching between these options requires a restart of the virtual appliance. Virtual appliances do not allow licenses to be installed directly on them. As such, virtual appliances can be only license clients. All virtual appliance licenses are subscription-based.
NOTE: The License summary page displays a number under the Installed column on a virtual appliance SPE edition even though you can not install licenses on a virtual appliance. This number is the “implicit count” available on all devices that do not have installed licenses.
Virtual Appliance Package Information The SPE downloadable zip contains the following files:
4
•
README-SPE.txt—A quick start guide for the SPE virtual appliance.
•
README-scripts.txt—Contains up-to-date information on the contents of the zip file and how to run the scripts.
•
VA-SPE-release-buildnumber-SERIAL-disk1.vmdk—a virtual disk file that contains the SA software. The SERIAL version assumes using a serial port to set up the initial network configuration.
•
VA-SPE-release-buildnumber-SERIAL.ovf—a OVF specification that defines the virtual appliance and contains a reference to the disk image.
•
VA-SPE-release-buildnumber-VT-disk1.vmdk—a virtual disk file that contains the SA software. The VT version assumes using a virtual terminal to set up the initial network configuration.
•
VA-SPE-release-buildnumber-VT.ovf—a OVF specification that defines the virtual appliance and contains a reference to the disk image.
•
init-network-config.exp—Script to configure the initial network settings.
Copyright © 2011, Juniper Networks, Inc.
Chapter 1: Virtual Appliances
•
create-va.exp—Script to import the OVF file into the ESX server and configure the initial network settings (the create-va.exp script is a superset of the init-network-config.exp script.)
•
setupva.conf—Example configuration file for the create-va.exp and init-network-config.exp scripts.
The DTE downloadable zip contains the following files: •
README-DTE.txt—A quick start guide for the SPE virtual appliance.
•
VA-DTE-release-buildnumber-VT-disk1.vmdk—a virtual disk file that contains the SA software. The VT version assumes using a virtual terminal to set up the initial network configuration.
•
VA-DTE-release-buildnumber-VT.ovf—a OVF specification that defines the virtual appliance and contains a reference to the disk image.
The Secure Access virtual appliance is delivered in Open Virtualization Format (OVF) and is preconfigured as follows. •
20G Virtual SCSI disk
•
1 Virtual CPU
•
512M memory
•
Three virtual network interfaces
•
Roughly 400 MB in size
You can change this configuration by editing the OVF prior to importing it or by editing the virtual machine properties once it is created.
NOTE: When customizing the configuration, do not reduce the disk size.
The OVF specification defines three logical networks: •
InternalNetwork
•
ExternalNetwork
•
ManagementNetwork
When importing the OVF file, these three networks must be mapped to the appropriate virtual networks on the ESX server. The OVF file does not include any virtual serial port configuration. If the SERIAL OVF image is used, the virtual machine specification needs to be updated with the desired virtual serial port configuration before the virtual appliance is powered up for the first time. When the virtual appliance is powered on for the first time, it expands the software package and performs the installation. We recommend you export a copy of the fully
Copyright © 2011, Juniper Networks, Inc.
5
Service Provider Virtual Appliance Management Guide
installed SPE virtual appliance and use that to instantiate additional SPE virtual appliances. Once configured, you can use any of the following methods to manage the Secure Access portion of the virtual appliance: •
Juniper Network’s Device Management Interface (DMI)
•
Secure Access administrator console
•
Secure Access serial and virtual terminal console menus
For information on DMI, see the DMI Solution Guide on Juniper Network’s support website.
Task Summary: Setting Up and Configuring a Virtual Appliance To set up and configure a Secure Access virtual appliance, you must: 1.
Import the virtual appliance into the ESX server.
2. Configure the initial network settings.
The remainder of this topic describes the process using the provided create-va.exp and init-network-config.exp scripts. These steps assume that you have already configured a serial console or a virtual terminal to the ESX server. Note that if you have your own custom scripts to perform these tasks or prefer to do the initial network configuration manually, you are not required to use Juniper Networks’ scripts. After configuring your virtual appliance, use VMware’s tools to manage the device, such as starting and stopping the virtual appliance. Using the Juniper Networks Scripts The init-network-config.exp and create-va.exp scripts accept input from command-line arguments or from a configuration file.
NOTE: These scripts can be run only when using the serial console.
On the command-line, parameters are passed using the format: - - paramname paramvalue
The configuration file use the format: paramname: paramvalue
You can specify only one parameter per line in the configuration file. Lines starting with the pound symbol (#) are treated as comments. Please note the following when using these scripts:
6
Copyright © 2011, Juniper Networks, Inc.
Chapter 1: Virtual Appliances
•
If a parameter is defined both in the command-line and in the configuration file, the command-line value is used.
•
If parameters are not given in the command line, the script uses the values defined in the configuration script.
•
If you do not specify a configuration file in the command line, setupva.conf is used as the default configuration file.
•
The scripts do not perform any parameter validation.
•
The scripts do not process any errors returned by the terminal service. It is your responsibility to ensure that no other users or applications are using the terminal server or serial port.
•
You must verify that the serial console of the virtual appliance you are configuring in the ESX server is mapped to the physical serial port and no other virtual appliances are using the serial port. create-va.exp does not perform this verification.
•
You can have as many simultaneously active serial consoles as there are serial ports on the virtual appliance platform.
•
The create-va.exp script is a superset of init-network-config.exp. If you use create-va.exp to import the OVF, it also performs the initial network configuration; you do not need to run init-network-config.exp.
Importing the Virtual Appliance Use the create-va.exp script to import the virtual appliance OVF into the ESX server. This script logs in to the ESX server, imports the OVF source file, registers the virtual appliance and then starts the virtual appliance.
NOTE: ovftool 1.0 must be installed in the ESX and the OVF and VMDK files must be copied to the ESX server before running create-va.exp.
The create-va.exp command syntax is: ./create-va.exp [- -parameter value]
NOTE: When typing the string “- -” do not put a space between the hyphens. The space shown here is for visual purposes only.
Table 2: create-va.exp Parameters ESX Server-Related Parameters - -exadmin
Copyright © 2011, Juniper Networks, Inc.
ESX administrator username. The script uses this username to log in to the ESX server. This user must have super user privileges.
7
Service Provider Virtual Appliance Management Guide
Table 2: create-va.exp Parameters (continued) - -esxhost
DNS name or the IP address of the ESX server where the virtual appliance is to be instantiated.
- -esxpasswd
Administrator password to log in to the ESX server.
Parameters Used to Locate Resources at The ESX Server - -esxserial
The serial console to use for communicating with the ESX server. For example -esxserialtty /dev/ttyS0.
- -netmap
A Mapping of a logical network name in the OVF specification to an actual network on the ESX server. The OVF specification has the following logical networks defined - InternalNetwork, ExternalNetwork and ManagementNetwork.
- -ovfpath
The location of the OVF image at the ESX server.
- -storage
If there are multiple target datastores on the ESX server, this parameter specifies the datastore where the virtual appliance is to be created.
Parameters Specifying Virtual Appliance Properties - -switchconsole
Switches console from serial to terminal service after configuring the virtual appliance. The default is “yes”, meaning switch to terminal service.
- -vaname
Name of the virtual appliance to create.
Example 1: Providing parameters both in the command line and in a configuration file This example lists all parameters and values on the command line. ./create-va.exp - -esxhost as23.juniper.net - -esxadmin admin - --esxpassword passwd - -esxovfpath /root/ovfs/IVE-70-VA.ovf - -esxserial /dev/ttyS0 - -file vadata.conf Example 2: Providing parameters in a configuration file In this example, vadata.conf is the configuration file and is passed to create-va.exp on the command line. ./create-va.exp - -file vadata.conf
Configuring the Initial Network Settings Once the virtual appliance is started in the ESX server, use the init-network-config.exp script to define the administrator login and configure the virtual appliance initial network settings.
NOTE: If you use create-va.exp to import the OVF, it also performs the initial network configuration; you do not need to run init-network-config.exp.
8
Copyright © 2011, Juniper Networks, Inc.
Chapter 1: Virtual Appliances
The init-network-config.exp script interacts with Secure Access through its serial console which is connected to a terminal server or directly to any Unix or Linux system. The init-network-config.exp command syntax is: ./init-network-config.exp [- -parameter value]
NOTE: When typing the string “- -” do not put a space between the hyphens. The space shown here is for visual purposes only.
Table 3: init-network-config.exp Parameters Parameters for Configuration File - -file
The configuration file. If this parameter is not present, setupva.conf is used. Specifying a configuration file is optional.
Parameters for Serial Console Access - -cport
The serial device to open in order to access the virtual appliance serial console. This parameter is valid only when ctype is set to “serial”.
- -ctype
The serial console connection. Valid values are “terminal server” or “serial”. You must place the value in double-quotes. For example, - -ctype “serial”. Use “terminal server” if the virtual appliance serial console is accessed through a telnet connection to a terminal server. Use "serial" if the virtual appliance serial console is accessed by directly opening a serial device at the system running the script.
- -tsip
The terminal service IP address. This parameter is valid only when ctype is set to “terminal server”.
- -tsport
The telnet port at the terminal server used to access the virtual appliance serial console.
Parameters for Secure Access Virtual Appliance Initial Configuration - -adminusr
Administrator user name to be configured at the virtual appliance.
- -adminpwd
Administrator password for the administrator account to be configured at the virtual appliance.
- -ip
IP address to be assigned to the virtual appliance internal port.
- -mask
Virtual appliance internal port netmask.
- -dgw
Default gateway for the virtual appliance internal port.
- -pridns
IP address of the Primary DNS server to be configured at the virtual appliance.
Copyright © 2011, Juniper Networks, Inc.
9
Service Provider Virtual Appliance Management Guide
Table 3: init-network-config.exp Parameters (continued) - -secdns
Optional IP address of the Secondary DNS server to be configured at the virtual appliance.
- -wins
Optional WINS server IP address.
- -cname
Common name for the virtual appliance.
- -domain
Domain name to be configured at the virtual appliance.
- -orgname
Organization name to be configured at the virtual appliance.
- -rtxt
Random text used for generating a self signed certificate at the virtual appliance.
Once the initial network configuration is finished and a machine ID is generated, you must complete the rest of the configuration which includes, but is not limited to, the following (you can also use DMI to perform these tasks): •
Installing device certificates.
•
Configuring which licenses to lease from the license server. Note that virtual appliances are pre-configured with two concurrent user licenses.
•
Configuring the time zone and NTP.
•
Configuring internal, external and optionally the management network interfaces.
•
Advanced network configurations such as virtual ports, VLANs.
•
Configuring the authentication server, syslog server, and so forth.
Example 1: Providing parameters in the command line This example lists all parameters and values on the command line. ./init-network-config.exp - -ip 100.10.11.11 - -mask 255.255.255.0 - -dgw 100.10.11.1 - -pridns 100.50.10.1 - -secdns 100.20.10.1 - -domain company.com - -wins 111.11.1.11 - -cname aaa.company.com - -orgname "Company Inc" - -rtxt "Somerandomtext123" - -adminusr admin - -adminpwd a9827fwe - -ctype "terminal server" - -tsip ts.comp.com - -tsport 9999 Example 2: Providing parameters in a configuration file In this example, vadata.conf is the configuration file and is passed to init-network-config.exp on the command line. ./init-network-config.exp - -file vadata.conf Example 3: Providing parameters from both the command line and in a configuration file In this example, all configuration parameters are defined in vadata.conf. Since IP address is defined on the command line, that value is used regardless of whether it is defined in vadata.conf.
10
Copyright © 2011, Juniper Networks, Inc.
Chapter 1: Virtual Appliances
./init-network-config.exp - -file vadata.conf - -ip 100.10.11.12
Using DMI With Virtual Appliances The Device Management Interface (DMI) is an XML-RPC-based protocol used to manage Juniper devices. This protocol allows administrators and third-party applications to configure and manage Juniper devices bypassing their native interfaces. Virtual Appliances are compliant with DMI. By default, the inbound DMI is enabled in Virtual Appliances. For more information on using DMI with Virtual Appliances, see the DMI Solution Guide available on the Juniper Networks SSL VPN support page.
Copyright © 2011, Juniper Networks, Inc.
11
Service Provider Virtual Appliance Management Guide
12
Copyright © 2011, Juniper Networks, Inc.
CHAPTER 2
License Management •
About License Management on page 13
•
Updating Client Configuration on page 15
•
About Subscription Licenses on page 15
•
Importing and Exporting Configuration Files on page 16
•
Configuring a Device as a License Server on page 17
•
Configuring a Device as a License Server Client on page 18
•
Licensing Virtual Appliances on page 18
About License Management Secure Access 7.0 introduces a new license management system that lets you configure a Secure Access device as a license server to allow administrators to view all configured systems and move those licenses as needed. Other Secure Access devices on the network lease licenses from the central license server. Unused licenses are returned to the license server which can lease them out to other devices that need more capacity. When configuring a device as a license server, that device functions only as a license server. Several Secure Access features are disabled.
About License Server The license server software can be run on any SAx000 and SAx500 Series appliances that can run the 7.0 and later software and has the license server license. You can configure more than one license server however each client is limited to one license server.
NOTE: Only administrators can log in to a license server. Virtual appliances can not be configured as license servers. The license server manages and leases licenses associated with a user count, such as basic concurrent user licenses, EES and RDP licenses. A license server can not lease licenses from another license server.
Copyright © 2011, Juniper Networks, Inc.
13
Service Provider Virtual Appliance Management Guide
Allocating Licenses Before a device can lease licenses from the license server, you must first allocate licenses to that particular device. License allocation information consists of the following: •
License client ID—You must assign a unique ID to each license client to identify that client. The client sends this ID with every message to the license server to identify itself.
•
The following 3-tuple for each type of user count license:
•
•
Reserved user count (RUC)—The number of user count licenses reserved for this client. A license leased to this client can not be less than the RUC number.
•
Maximum user count (MUC)—The maximum number of user count licenses this client is allowed to request. This number must be greater than or equal to the RUC. Requests for licenses greater than the RUC are granted only if the license server has additional licenses available at the time of the request.
•
Incremental Lease Quantum (ILQ)—Clients can request an increase or decrease its user count lease only in multiples of this number. The incremental lease quantum must be at least 25 unless the difference between the MUC and the RUC is less than 25. The incremental lease quantum must also be at least 10% of the difference between the MUC and the RUC. This restriction eases excessive protocol traffic.
Expiration date—The date when the client configuration expires. When the client configuration expires, the server no longer accepts lease requests from the client. You can use this, for example, to define a 2 year service to a customer.
As you allocate licenses, the license server does not allow the sum total of the reserved user count to exceed the total license count installed on the license server.
Leasing Licenses Clients are configured as to which license server to communicate with. The client then requests the licenses (over SSL) that are allocated to it. If the concurrent user count is greater than its leased license limit, it requests the license server to increase its capacity until the maximum lease limit (MUC) is met. When the number of concurrent user drops, the client relinquishes the leases it no longer needs. When the license server receives a license lease requests, it first verifies that the client has been allocated the licenses it is requesting. The license server then checks that it has sufficient licenses before granting the request. Reserved licenses are leased for 5 days at a time. Incremental leases are leased from a configurable time of 24 hours to a maximum of 5 days. Clients can renew their licenses at any time before the lease expires. The reply sent by the license server includes a new lease expiration date which is the minimum of the current time plus the incremental lease time and the license allocation expiration date. If a client does not renew a license before the lease expires, the license server reclaims the license. A lease renewal interval can be configured on the client to renew its licenses leases. The renewal interval can be 4 hours to a maximum of 24 hours.
14
Copyright © 2011, Juniper Networks, Inc.
Chapter 2: License Management
A minimum lease interval of 24 hours is built-in. Once a client acquires an incremental license lease, it is kept for at least 24 hours even if the load diminishes on the client.
Disabled Features Only administrators can log in to a Secure Access device configured as a license server. An error message is displayed to non-administrator users attempting to log in to the license server. All existing end-user sessions are terminated when a Secure Access device is configured as a license server. Some Secure Access features and windows are disabled on a license server as described in the appendix.
Updating Client Configuration With the current release, there is no explicit recall operation. However, you can change a client configuration at any time. This change is communicated to the client when it contacts the license server for the next renewal. If desired, you can click the Pull State from Server button in the client’s admin GUI to register the change immediately. If you reduce the MUC value for a feature at a client, the current leased count is reduced immediately without waiting for the client to contact the server. An increase to the RUC or MUC value does not impact the current leased count until after the client contacts the license server. If you remove all licenses leased to a client, those licenses are available immediately at the license server.
About Subscription Licenses Subscription licenses and renewal licenses (identified by a -R appended to the license name) have a start and end date embedded within them. Customers initially purchase a subscription license that is valid until a specified date. When the license expiration date nears, customers can renew their licenses. When the license is installed, the start and end date are interpreted relative to the local time and time zone on the machine. The start date begins at 12:00 am; the end date ends at midnight of the end date (12:00 am of the following day). If the start date is in the future, the subscription or renewal license is not activated till the start date. A renewal license is automatically activated only if there is a corresponding expired subscription license in the license server. A subscription license can only be renewed by a corresponding renewal license and a renewal can be activated only by the expiration of a corresponding subscription license.
Available Subscription Licenses The following subscription licenses are available (X and Z will be replaced by the appropriate number of user and/or year count): •
ACCESS-EES-XU-ZYR—Enhanced endpoint security
•
ACCESS-RDP-XU-ZYR—Embedded RDP applet
Copyright © 2011, Juniper Networks, Inc.
15
Service Provider Virtual Appliance Management Guide
•
ACCESS-XU-ZYR—Concurrent user count subscription
•
ACCESS-SUB-SVR-ZYR—Allows a device to be a license server
NOTE: With SA Series 7.1 software, you can use either the ACCESS-LICENSE-SVR or the ACCESS-SUB-SVR-ZYR to identify a license server. With SA Series 7.0 software, you must use the ACCESS-SUB-SVR-ZYR.
Both capacity-based licenses (such as ACCESS-EES) and time-base licenses (such as ACCESS-SUB) stack. For example: •
If you purchase two ACCESS-ES-10K-1YR licenses, they stack to 20K for 1 year.
•
If you purchase both a one ACCESS-10K-1YR license and one ACCESS-ESS-10K-2YR license, they stack for 20K for 1 year and 10K for the second year.
•
If you purchase both an ACCESS-SUB-SVR-1YR and an ACCESS-SUB-SVR-2YR licenses, they stack to a three year license.
Note the following:
Related Documentation
•
ACCESS-SUB-SVR licenses have a maximum of 3 years. LMS will reject requests that stack ACCESS-SUB-SVR licenses to more than 3 years.
•
Renewal licenses must match the license being renewed. For example, if your ACCESS-ESS-10K-1YR licenses is about to expire, you can only renew another ACCESS-ESS-10K-1YR license. You can not renew it as an ACCESS-ESS-10K-2YR license.
•
About License Management
•
Importing and Exporting Configuration Files License information will not be imported when importing a configuration file containing the new license scheme on a device running software prior to Secure Access 7.0 or UAC 4.0. Devices will continue to run with their current license scheme. Existing permanent licenses are overwritten for devices running Secure Access 7.0 (and later) and UAC 4.0 (and later) and importing configuration files containing the new license scheme. Time-based licenses are merged with the licenses in the imported configuration file. Related Documentation
16
•
About License Management
Copyright © 2011, Juniper Networks, Inc.
Chapter 2: License Management
Configuring a Device as a License Server The following outlines the steps to configuring a device as a license server. These steps assume that you have already performed the license key generation and activation steps outlined in the Secure Access Administration Guide and Unified Access Controller Administration Guide. After you download or receive your license keys by using email: 1.
In the admin console, choose System > Configuration > Licensing > Licensing Summary.
2. Click on the license agreement link. Read the license agreement and, if you agree to
the terms, continue to the next step. 3. Enter your license key(s) and click Add. 4. Click the Configure Clients tab. 5. Select the Enable Licensing server checkbox. 6. (optional) Click Advanced Settings and enter the following values: •
Incremental Lease Duration
•
Lease Renewal Interval
The following steps describe how to add the Secure Access device that leases licenses from this license server. 1.
In the admin console, choose System > Configuration > Licensing > Configure Clients.
2. Click New Client. 3. Enter the Client ID. The ID is defined on the client device under System > Configuration
> Licensing > Configure Server. 4. Enter the client password and confirm it. The password is defined on the client device
under System > Configuration > Licensing > Configure Server. 5. (optional) Enter the license expiration date. Licenses expire at midnight on the date
you enter. 6. Select the client’s platform from the list. 7. For each feature you want to lease to this client, enter: •
Reserved Count—Enter the number of licenses to reserve for this client. The reserve count must be less than the available amount displayed.
•
Incremental Count—Enter the incremental number of licenses to grant when the client requests more licenses. If the number of licenses on the client plus this incremental value is greater than the maximum count, no additional licenses are granted.
Copyright © 2011, Juniper Networks, Inc.
17
Service Provider Virtual Appliance Management Guide
•
Maximum Count—Enter the maximum number of licenses a client can receive for this feature. This value must be equal to or greater than the reserved count.
8. Click Save Changes.
Configuring a Device as a License Server Client The following outlines the steps to configuring a device as a license server. These steps assume that you have already performed the license key generation and activation steps outlined in the Secure Access Administration Guide and Unified Access Controller Administration Guide. 1.
In the admin console, choose System > Configuration > Licensing > Licensing Summary. The Available Licenses table shows the features and number of licenses enabled for this device.
2. Click the Configure Server tab. 3. Enter the name of the license server. You can specify the IP address or hostname. 4. Enter a unique ID for this client. This ID is used to communicate and verify this client
with the license server. This ID is different from the authentication server name for this device. IDs can contain alphanumeric characters. There is no restriction on the number of characters. You will need to enter this ID on the license server when adding clients. 5. Enter and confirm a password for this client.
You will need to enter this password on the license server when adding clients. 6. Select the preferred network to communicate with the license server from the Preferred
Network menu. By default, the internal network is used. 7. Select the Verify SSL Certificate checkbox if you want the client to verify the server’s
SSL certificate when establishing communication with it.
Licensing Virtual Appliances Virtual appliances do not allow licenses to be installed directly on them. As such, virtual appliances can be only license clients and not license servers. Related Documentation
18
•
About License Management
Copyright © 2011, Juniper Networks, Inc.
CHAPTER 3
Disabled Features •
Disabled Features on a License Server on page 19
Disabled Features on a License Server The following windows and features are disabled in the administrator console when a device is configured as a license server: •
System > Status> Meeting Schedule
•
System > Status > Virtual Desktop Sessions
•
System > Configuration > Secure Meeting
•
System > Configuration > User Record Synchronization
•
System > Configuration > Sensors
•
System > Configuration > Virtual Desktops
•
System > Configuration > NCP
•
System > Network > Network Connect
•
System > Clustering
•
System > Virtual Systems
•
System > IF-MAP Federation
•
System > Log/Monitoring > Sensors
•
System > Log/Monitoring > User Access
•
System > Log/Monitoring > Client Logs
•
Maintenance > Push Config
•
Maintenance > Troubleshooting > Monitoring > Cluster
•
Maintenance > Troubleshooting > User Session
•
Maintenance > Archiving > Secure Meetings
•
Maintenance > Import/Export > IVS
•
UAC (Infranet Controller device only) Users
Copyright © 2011, Juniper Networks, Inc.
19
Service Provider Virtual Appliance Management Guide
In addition, the following services are halted on the license server:
20
•
Mail proxy services
•
Meeting processes
•
Agentman daemon
•
Federation server
•
Federation client
Copyright © 2011, Juniper Networks, Inc.
PART 2
Index •
Index on page 23
Copyright © 2011, Juniper Networks, Inc.
21
Service Provider Virtual Appliance Management Guide
22
Copyright © 2011, Juniper Networks, Inc.
Index C customer support...................................................................xiv contacting JTAC..............................................................xiv
E exporting licenses....................................................................16
I importing licenses...................................................................16
L license server disabled features............................................................19 licenses importing and exporting...............................................16 subscription-based........................................................15 virtual appliances...........................................................18
S support, technical See technical support
T technical support contacting JTAC..............................................................xiv
Copyright © 2011, Juniper Networks, Inc.
23
Service Provider Virtual Appliance Management Guide
24
Copyright © 2011, Juniper Networks, Inc.