Professional Documents
Culture Documents
ing to press. Country-specific and customer-specific differences are possible. Note that
your product may not be licensed with all features described. Therefore, the features of
your licensed product may differ from that in the descriptions and illustrations. Refer to the
original purchase agreement for a list of available features.
All rights reserved. No part of this publication may be reproduced in any manner without
permission.
Version 0b22c3d851354df48ae546dab850f49fb75a00f4
1
If you have problems with any Valid8.com product, or if you have questions about our prod-
ucts and services, you can contact Valid8.com in one of the following ways:
Support
Email: support@valid8.com
Sales
Email: sales@valid8.com
Web: https://valid8.com/contactUs.html
Other inquiries
Email: info@valid8.com
Website: http://www.valid8.com
2
Installation
Valid8.com, Inc.
Contents
1 Important 6
1.1 Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1.1 UPS (Uninterruptible Power Supply) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.1.2 Surge Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.2 System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3 Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3.1 Physical Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.3.2 Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
2 Introduction 6
3 Installation 7
3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.2 Information You Need . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.3 Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3.4 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
4 Setup 8
4.1 Set Up Valid8 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
4.2 Set Up Your Own Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.3 Set Up a Virtual Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.4 Request License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
4.5 ISO Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.5.1 Stage 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.5.2 Stage 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
4.6 Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.6.1 SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.6.2 ngrok . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.6.3 Team Viewer, GotoMeeting or WebEx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.7 Important Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
4.8 Wireshark for Remote Capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
1
CONTENTS CONTENTS
8 Appendix 31
8.1 Writing the ISO image to a USB drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.1.1 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.1.2 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.2 Burning the ISO image to disc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.2.1 Burning discs under Windows operating systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
8.2.2 Burning discs under Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
8.3 Verifying the ISO Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
1 Important
Please carefully read the following notes for the operation and maintenance of the Protocol Engine hardware and/or software.
PLEASE NOTE: The operating system and environment that will be installed is tuned for sole Protocol Engine operation. It should not
be modified by end-users as it may directly/indirectly impact operation of the Protocol Engine.
A UPS with integrated surge protection is strongly recommended to protect the hardware and software during power disturbances.
The system date and time must be set correctly for reliable operation. Please ensure that you enter the correct date and time when
running setup during initial installation.
1.3 Shutdown
Shutting down the Protocol Engine incorrectly can lead to data loss. The following methods may be used:
• Use the Shutdown option within the VM Host software do not Reset or Power Off
• sudo shutdown now in terminal on Protocol Engine
• From the ‘Manage’ page click on the Protocol Engine Manage button and then Shutdown
NOTE: Extra care must be taken when shutting down Virtual Machines because Reset or Power Off may be performed by mistake
which could cause data loss.
2 Introduction
The Protocol Engine is designed to be rackmounted inside test labs and datacenters. It can also be installed in local virtual machines
or in the cloud. Once initial configuration in completed, Protocol Engine is accessed remotely using a web browser.
It is strongly recommended that the Control interface is allocated a dedicated IP address and a separate NIC as this will reduce the
chance of connectivity issues.
3 Installation
3.1 Overview
Before you install a Valid8 software package, your server must have the Valid8 ISO and meet minimum software and hardware
requirements.
• If you are using Valid8 hardware, the Valid8 ISO, license, and software package are pre-installed and ready to use.
• If you are using your own hardware, before obtaining your license and software package, you must first install the Valid8 ISO
on your server.
• If you are evaluating the software before making a purchase, you can use a virtual machine.
• Server IP address
• Netmask
• Gateway address
• DNS address
• An English-language client machine with Google Chrome installed that has access to same network as the Protocol Engine
This section details the minimum and recommended hardware specification configurations for evaluation purposes. Depending on
exact load, feature, and physical interface requirements, specifications may need to be adjusted. This will be discussed during the
evaluation.
Please check with Valid8 if you have compatibility concerns, particularly if you are using customized, non-standard, or unusual
hardware combinations. We will try to make it work given adequate information about the hardware.
3.4.0.2 Recommended
3.4.0.4 RAID
Limited support. Success depends on availablility of drivers in the Linux kernel and compatible RAID configuration in the RAID BIOS.
The following hardware has been tested:
• LSI SAS9260-4I
• LSI SAS9361-8I
4 Setup
1. Log into the machine locally: Connect a keyboard and monitor, and log in with username: protocolEngine and password:
valid8.
2. At the command line, enter sudo setup and follow the prompts to configure the Protocol Engine.
3. Check that the Protocol Engine can ping outside, responds to ping, and is accessible from the Chrome web browser; use the
login with username: protocolEngine and password: valid8.
After you install the Valid8 ISO, a server key that is linked to your server is displayed in the UI. Valid8 uses this server key to create
your license and software package, which you can then download and install.
After you install the Valid8 ISO, a server key that is linked to your server is displayed in the UI. Valid8 uses this server key to create
your license and software package, which you can then download and install.
Once the previous steps are completed, send the server key displayed in the UI to support@valid8.com. The server key is needed to
produce your license and package.
License and package installation is simple so you may install them yourself. Alternatively, providing we have remote access, we can
do this for you.
Setting up remote access is advised in either case because it will make support more efficient. It will also allow us to perform
post-installation checks and verify the configuration.
4.5.1 Stage 1
Once installation has completed, reboot and log in as root with the password root
4.5.2 Stage 2
The stage 2 installer configures the base CentOS system, adds default users and passwords, additional drivers and will install the
firmware.
There are two methods for installing stage 2: network or physical media. The network method is recommended, however the
Protocol Engine must be connected to a LAN with internet access. If this cannot be arranged then use the physical media method.
4.5.2.1 Network
The Protocol Engine needs an IP address so it can connect to the release server and download the latest firmware.
Note that later on during setup the first NIC (when sorted alphanumerically) will be allocated to the Control interface. To simplify the
process it is strongly recommended to use the same NIC now.
To identify this NIC run ip -br l | sort, this will give output similar to this:
If DHCP is available:
dhclient em0 # substitute em0 with the first NIC, when sorted alphanumerically
ip link set up dev em0 # substitute em0 with the first NIC, when sorted alphanumerically
ip addr add 10.10.10.10/24 dev em0 # substitute 10.10.10.10 with the address and subnet to use and em0 with the
NIC
ip route add default via 10.10.10.1 # substitute 10.10.10.1 with the gateway address
echo nameserver 1.1.1.1 > /etc/resolv.conf # substitute 1.1.1.1 with the DNS server to use, though 1.1.1.1 will work
• Once completed the installer will start setup. This is the last step. Answer the series of questions to complete the installation.
• If you make a mistake and need to reconfigure, log in as protocolEngine with the password valid8 and run sudo setup.
You do not need to perform the Stage 2 installation again.
• Check the Protocol Engine has network access e.g. use ping to try and communicate with the gateway or other known
machine on the LAN
• The Protocol Engine should now be accessible via web browser; use the login protocolEngine with the password valid8
• If you have any questions please contact support.
To access the USB drive it must be mounted. To mount the drive, the first step is to identify the device name. To identify the device
name, run dmesg after inserting the USB drive. The id will be listed at the end of the output. It is most likely sdb1.
Next, mount the USB drive using the id and start the second stage installation. For example, if the id is sdb1 :
cp ./stage2/latest.sh . # copy the stage 2 installer from the USB drive to the local directory
bash latest.sh # start the installer
• Once completed the installer will start setup. This is the last step. Answer the series of questions to complete the installation.
• If you make a mistake and need to reconfigure, log in as protocolEngine with the password valid8 and run sudo setup.
You do not need to perform the Stage 2 installation again.
• Check the Protocol Engine has network access. e.g. use ping to try and communicate with the gateway or other known
machine on the LAN
• The Protocol Engine should now be accessible via web browser; use the login protocolEngine with the password valid8
• If you have any questions please contact support
4.6.1 SSH
SSH is preferable for remote access to the PE because it provides direct access. However, it can be difficult to arrange. SSH is
normally accomplished by adding a port forwarding rule in your firewall to port 22 on the Protocol Engine. If you wish to limit
access to our external support IP address use 70.88.221.113.
4.6.2 ngrok
ngrok creates an adhoc tunnel to the Protocol Engine via an intermediate machine like a workstation. The Protocol Engine does not
need internet access. It is very easy to install, requiring a single binary with zero run-time dependencies.
• Windows http://releases.valid8.com/ngrok/ngrok.exe
• Linux http://releases.valid8.com/ngrok/ngrok
## HTTPS
ngrok --proto tcp <Protocol Engine IP>:443
## SSH
ngrok --proto tcp <Protocol Engine IP>:22
e.g.
## HTTPS
ngrok --proto tcp 192.168.74.103:443
## SSH
ngrok --proto tcp 192.168.74.103:22
It will display a URL in the terminal (e.g. tcp://valid8.com:45437) which we can then use to access the Protocol Engine.
If you are unable to provide SSH access, Team Viewer, GotoMeeting, WebEx, or ngrok are suitable alternatives.
• Review the security section of this document especially if the Protocol Engine is publicly accessible
• The operating system and environment that will be installed is tuned for sole Protocol Engine operation. It should not be
modified by end-users as it may directly/indirectly impact operation of the Protocol Engine.
• The protocolEngine user has access to the commands needed for normal operation of the Protocol Engine
• root access is available (e.g. to meet local administrative or security policy requirements) however the responsibility for any
changes lie with the end-user, including the impact they have on the operation of the Protocol Engine. Additionally any
changes made may be automatically removed during firmware updates or may cause compatibility problems with future
releases
• To perform remote capture of the Protocol Engine traffic Wireshark must be installed on the client machine. Wireshark can be
downloaded here https://www.wireshark.org/download.html
• On Windows plink must also be installed. Download it here
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
5.1 Introduction
• Products are delivered in packages (.pkg) that include a license, scripts and configuration files
• Licenses (.lic) contain information about what can run, on which machine, and for how long. They may be provided
separately in case of license extension, or product changes
• Firmware (.fw) contain the platform that runs the product
• PCAP or media files contains captured packets which can be replayed by the Protocol Engine. This is not required for every
application
5.2 Procedure
If the Release Server is reachable (as shown in the screenshot below) you may enter the code or version in the appropriate box.
Click Install to download and install your update. For packages and licenses, the name was provided to you in the email from
support (e.g. ABC123 or ABC.US_ZYX_DEPT.001).
For firmware, the name is the firmware version number provided to you in the email from support in the form x.x.x (e.g. 7.52.0).
You will be prompted to restart the Protocol Engine after installing new firmware.
If the release server is not reachable the textboxes will not appear. Instead, download the appropriate files via the links provided to
you in the release notification email and drag and drop the files on the area labelled Drop File Here.
5.2.2 Media
Drag and drop the media file (.a, .v, .pcap or .zip) to the area labelled Drop File Here.
5.3 Security
Review this carefully especially if the Protocol Engine is connected to an untrusted network. Consult with your IT department to
ensure it is secure.
5.3.1.1 Authentication
The UI and API are authenticated by user name and password. Any existing tools that use the old unauthenticated API must be
updated. This process is explained here
5.3.1.2 HTTPS
HTTPS is used by default. Attempts to connect using HTTP will be redirected to HTTPS.
HTTPS requires that certificates are generated. During installation setup performs this step. If upgrading from an older version of
the firmware these certificates will not exist so HTTPS will be disabled. If HTTPS is not enabled and you wish to enable it run setup
again or run ./bin/generateHttpCertificates.sh <hostname> - and reboot.
When HTTPS is enabled Chrome will complain about the certificate but you can click through this warning. If you wish to eliminate
the certificate warning altogether and have a green padlock then proceed with the following:
5.3.1.2.1 Linux
5.3.1.2.2 Windows
For this to work correctly, the PE must have a resolvable DNS entry. If this cannot be arranged it is also possible to simulate it by
entering a host name and IP address in the operating system hosts file, there is more information in the section below.
In the absence of DNS it is possible to simulate it by adding an entry to the hosts file:
e.g.
192.168.56.101 protocolEngine.local
Windows
Linux
$ su
$ vi /etc/hosts
5.3.2 IPMI
Some chassis may be shipped with IPMI (remote management interfaces). Review the IPMI settings in the BIOS, and if desired
disable it. Some variants cannot be disabled, in which case you should assign a static non-routable IP address such as 169.254.1.1
Note: this facility only presents a risk if the Protocol Engine is connected to an untrusted network.
If the Protocol Engine control interface is connected to an insecure network (public Internet, DMZ) it is highly recommended to run
./bin/secure.sh.
This will change all the terminal passwords and the default UI password to longer more secure variants and disable the FTP server.
This is not a comprehensive security hardening procedure. It is strongly recommended to place the Protocol Engine behind a
Firewall with Access Control or a VPN if security is a concern.
Protocol Port
SSH 22
FTP 21
HTTP 80
HTTPS 443
IPerf 65500
These instructions are for use with VMware Workstation (using version 11 in this example)
1) To begin the setup of the VMware Workstation VM, you will want to launch Workstation and click Create a New Machine.
When prompted to do a typical or custom installation, choose custom.
2) The next screen will prompt you about hardware compatibility. Simply choose the version of Workstation that you are using
and click next.
3) The next screen asks how you wish to install the operating system. It is important that you do not load the ISO here; select
the option to install the operating system later.
4) Next, you will be asked about the type of operating system that will be installed on the VM. Choose Linux, version CentOS
64-bit.
5) The next screen will prompt you to name your VM. Name it whatever you wish.
6) Processor configuration is the next screen. In the example, one processor and two cores were chosen but higher or lower
values may be used. Choose based on your available resources and usage requirements.
7) Allotting memory is the next screen. You will need to assign a minimum of 2 GB (2048 MB) memory.
8) On the next screen, choose the network type. For most uses, bridged networking is the best option. This will connect the VM
to the NICs that are found on the host PC. You can choose another option if it better suits your usage needs.
9) The next two screens are for choosing the I/O controller and disk type. VMware takes many factors into account including
host/guest OS and host hardware, and recommends the best choice for your configuration. Choose the recommended
options.
10) After choosing the disk type, you are asked to select a disk. Choose to create a new virtual disk.
11) On the next screen, give at least 40 GB to the virtual disk and check the option to store the virtual disk as a single file.
12) The next screen asks to name the disk file. Use the suggested name and click next.
13) The next screen is the final screen of the VM setup. If everything has been entered correctly, click Finish.
14) Now, back on the Workstation main page, navigate on the menu bar to VM > Settings. On the Hardware tab, select the
CD/DVD hardware and using the option at the right, have it point to the Protocol Engine ISO.
15) After this, power on the VM. You will be prompted to initialize the installation. Let the installation run and when it is complete,
it will prompt you to press enter. The VM will then reboot and bring you to a login screen.
1) Open VirtualBox and create a new VM. Name it whatever you like, and select Linux for the type and Other Linux (64-bit) for
the Version.
3) On the next screen, confirm to make a new virtual hard drive now.
4) You will then be asked to choose the hard drive file type. Choose the default, VirtualBox Disk Image.
5) The next screen will ask about dynamically allocating the storage on the hard drive. Do not do this. Choose the option for
Fixed size.
7) Once the VM is created, you will find yourself back on the main page. Click the Settings icon at the top and go to the System
tab. Change the boot order so it boots first from the hard disk, second from the CD drive.
8) Now, still on the Settings menu, go to the Storage tab. Use the icon on the right to point the CD drive to the ISO stored on
your computer.
9) Again, still on the Settings menu, navigate to the Network tab. Change the value to Bridged Adapter and then select the NIC
that you will use to connect to the network containing the Protocol Engine (generally Wi-fi or ethernet). If you have another
NIC that you may want to use to connect to a DUT and would like to configure it now, go to the following tab for Adapter 2
and set it to this NIC. For my example, Adapter 1 is set to my Wireless adapter, and Adapter 2 is set to my ethernet adapter.
10) Now you can press the Start button to launch the VM. This will trigger the Protocol Engine installation. When complete, it will
prompt you to press enter to quit. The VM will then reboot and bring you to a login screen.
8 Appendix
8.1.1 Windows
1. Download https://www.netbsd.org/~martin/rawrite32/download.html.
2. Select the source and destination.
3. Verify the checksum. For details, see Verifying the ISO Image.
8.1.2 Linux
Use dd e.g.
For details on how to verify the ISO image, see Verifying the ISO Image.
The DVD burning feature built into Windows XP and Windows Vista cannot burn DVDs from images, and Windows operating
systems before Windows XP did not have any built-in DVD burning capability at all. Therefore, to turn an ISO image files into a DVD
on Windows operating systems prior to Windows 7, you need separate disc burning software that can handle ISO image files.
Although this is true of most disc burning software, exceptions exist.
The steps required to burn ISO images to disks with several popular DVD burning applications are listed below.
1. Obtain and install the ISO Recorder power toy from the ISO Recorder web site.
2. In the file manager Explorer, right click on the Protocol Engine ISO file.
3. In the context menu, select Copy image to DVD.
4. Follow the steps given by the DVD Recording Wizard pop-up.
5. Repeat for the remaining ISO files.
For details on how to verify the ISO image, see Verifying the ISO Image.
To verify the ISO image, verify that the MD5 checksum is fabdc67ff3a1674a489953effa285dfd.