Network Management

Reply

Re: AirWave 8.2.4 NO CLI

Generally, you would use the OVA for demo, and then for a production installation you would install from the ISO and manually configure a CentOS AMP VM with the required settings and resources outlined in the sizing guide. 

Jerrod Howard
Sr. Techical Marketing Engineer

Re: AirWave 8.2.4 NO CLI

To add, the AW installation guide highlights (Table 1) that the OVA is optimized for up to 100 devices. Otheriwse to use the ISO.

 

I wish we would post up multiple OVAs pre-configured, that may happen at some point later on. 

Jerrod Howard
Sr. Techical Marketing Engineer
Occasional Contributor II

Re: AirWave 8.2.4 NO CLI


jhoward wrote:

Re-scaling the disk is usually handled via creating of a new AMP deployment with the proper disk settings and then restoring a nightly backup on to the new platform. While some can properly re-partition and format, most fail and leades to big support efforts and usually loss of data. 


I have resized Airwave disks numerous times via the CLI without any issues whatsoever. Isn't it just a matter of not messing up any of the commands?

These work magic by the way (well right up until 8.2.4 that is):

 

lvm pvcreate /dev/sda#
lvm vgextend "VolGroup00" /dev/sda#
lvm lvresize -l +100%FREE /dev/VolGroup00/LogVol00
resize2fs /dev/VolGroup00/LogVol00

 

MVP

Re: AirWave 8.2.4 NO CLI

I miss being able to see which process are up - especially after a reboot.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
MVP

Re: AirWave 8.2.4 NO CLI

I also periodically use the database CLI to make queries - is there a way to access the database from an external reporting tool?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
MVP

Re: AirWave 8.2.4 NO CLI

As a power user of nearly every system I encounter, I like the ability to get to a shell - I want one in CPPM as well.

The thousand or so times I've needed to have or give shell access to Airwave for TAC, never mind system admin tasks make it seem logical to provide a shell.

You've asked us to justify why we should have it back, but I haven't seen an explanation of why you took it away.

Can you shed some light on it for me?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Moderator

Re: AirWave 8.2.4 NO CLI


msabin wrote:

 

You've asked us to justify why we should have it back, but I haven't seen an explanation of why you took it away.

Can you shed some light on it for me?


PLM should probably be the ones to respond to this.  Fwded to the PLM team.


Rob Gin
Senior QA Engineer - Network Services
Aruba Networks, a Hewlett Packard Enterprise Company

Re: AirWave 8.2.4 NO CLI

Hi Matthew,

 

We removed the root access because our most security-concious customers view this capability as a security vulnerability.  And they're right about this point -- a user (or bot) with root privs can do essentially anything on a server, including malicious activities. 

 

We also recognize that our customers have been able to do a lot of great things with the privileges.

 

In prepping for 8.2.4 I talked with customers, with support and with our account teams to prioritize the most important things that users do at the CLI.  I know that we didn't implement everything.  

 

My plan is to continue adding to the CLI feature set to help you accomplish more of these things.  In reading through this thread and getting feedback through other channels I know that customers want to a bunch of things including: 

 

- Increase disk size

- View/control processes

- Transfer files

- Update files

- Test device connectivity

 

We are looking into doing all of these in 8.2.5.  In the meantime, anybody who wants this or other can request (via the CLI menu + TAC) that we add a custom menu item.  

 

Thanks,

Dan Comfort

Product Manager, AirWave

 

MVP

Re: AirWave 8.2.4 NO CLI

Thanks Dan

I would have liked to be one of the customers you talked to ahead of time, and I would have liked to know before hand what was happening.

I completely agree that root access was a bad thing.

I however think that no visibility under the hood makes the appliance less secure - I'm now completely having to trust Aruba to secure the OS and can't easily check when my PCI assessor asks if we're patched.

I'll learn to live with it as I need the tool more than I need to have full control.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Occasional Contributor I

Re: AirWave 8.2.4 NO CLI

Clearly this is not to address customer security concerns, as we suggested to PLM serveral times that if a customer requires this there is simily an option to turn it on (similar to how FIPS is implemention on ClearPass or on the Controller).  We have serveral customers who use custom routines on the linux shell of the server.  Aruba/HPE clearly wants to shut down this access.  Security is not the answer...

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: