Hub AC UI Reference

This article describes the configuration information and options available through the Admin Console hub configuration UI. The navigation pane organizes hub configuration into the following nodes:
This article describes the configuration information and options available through the Admin Console hub configuration UI. The navigation pane organizes hub configuration into the following nodes:
This article is for probe versions 7.9 or later.
To access the hub configuration interface, select the hub robot in the Admin Console navigation pane. In the
list, click the checkmark for the hub probe, and select
To view information about the hub, and adjust log file settings, use the
  • Probe Information
    contains the probe name, the start time, the installed version, and the vendor
  • Hub Information
    contains the hub name, domain, IP address, hub address,
    /hub, and the length of the up time
  • General Configuration
    is where to modify user tags and log file settings:
    • Identification property User Tag 1
      Identification property User Tag 2 (Optional)
      • User tags
        are optional values that can be attached to probe-generated messages to control access to the data in USM.
      • On a robot system, user tags are specified in
      • As of hub v7.70, user tags on a hub system are specified in
        . User tags that are defined in
        are ignored.
      • Before hub v7.70, user tags on a hub system are read from robot.cfg.
      • Default:
    • Log Level
      specifies the level of alarm information that is saved in the log file.
      • 0 - Fatal
        (default) logs the least information
      • 5 - Trace
        logs all alarms
      • During normal operation, log at a low level to reduce disk usage
      • Increase the logging level during debugging
    • Log Size
      specifies the amount of data that is retained in the log file. Default, 1024 KB
      • Large log files can cause performance issues and can deplete disk space.
  • License Information
    is where to modify the license information for the hub
    • License
      contains the current license string.
      • An invalid license
        • Messages stop flowing from the hub to the subscribers, typically service probes
        • The robot spooler does not upload messages
    • Expire Date
      contains the date that the license expires. The field is populated automatically.
    • Licenses Available
      indicates how many robot licenses are available.
    • Licenses Total
      indicates the total number of robot licenses.
Use the
node to control the hub connectivity.
  • Hub Settings
    controls how the hub communicates
    • Hub Request Timeout
      specifies how long the hub waits for a response from other hubs. Default, 30 seconds
    • Hub Update Interval
      specifies how often the hub sends messages to other hubs. Default, 600 seconds
    • Origin
      identifies the sender for data that is sent from the probes.
      • The origin is used during report generation.
      • The origin is obtained from the
        probe configuration.
      • If the origin is not specified in the controller, the field is blank, and the hub name is used.
    • Disable IP Validation
      turns off the hub IP address validation for servers sending requests to probes. Use IP address validation in a Network Address Translation (NAT) environment.
    • Login Mode
      • Normal
        (default) permits login from any robot that is connected to the hub
      • Local Machine Only
        permits a login only from the server which is hosting the hub
      • No Login
        disables login to the hub
  • Broadcast Configuration
    controls how the hub lets other hubs know it is active:
    Broadcast Configuration
    section is not applicable for secure hub (9.10S).
    • Broadcast On
      (default) enables the hub to broadcast status.
    • Broadcast Address
      is the hub broadcast IP address. Default,
      (the default broadcast address for a local network).
  • Lockout Configuration
    controls the settings for the hub to avoid brute-force password guessing.
    • Login Failure Count
      specifies the number of failed attempts which are allowed from a single IP address.
    • Lockout Time
      specifies the number of seconds that must pass before a user can attempt to log in after a failure.
  • Robot Settings
    controls the alarm settings for events that occur on the robots that are connected to the hub:
    • Inactive Robot Alarm Severity
      specifies the alarm level that is sent when a robot fails to respond.
    • Audit Settings for Robots
      enable or disable auditing for the hub robots. Each robot can be configured to use custom settings. Auditing records important events, such as starting and stopping the robot.
    • Audit Once per User
  • Queue Settings
    specifies the behavior and the size of queues.
    • Reconnect Interval
      the number of seconds between attempts to reconnect a disconnected hub. Default, 180 seconds.
    • Disconnect Passive Queues
      specifies how long a queue can be passive, that is, receive no messages, before disconnection. Default, 180 seconds
    • Post Reply Timeout
      specifies how long a hub waits for a reply to a message.
    • Alarm Queue Size
      the size of the queue file on the hub. If the queue exceeds the threshold, an alarm is sent. Default, 10 MB
Use the
Advanced, SSL
node to specify the communication mode of hub-managed components.
section is not applicable for secure hub (9.10S).
  • SSL mode is used for robot-to-hub communication.
  • When the hubs are
    connected with tunnels, the SSL mode is used for hub-to-hub communication.
  • The hub for a CA UIM component controls the SSL mode that is used by the component.
  • The hub propagates SSL settings to the robots, and robots propagate the SSL settings to the probes.
  • SSL settings are specific to each hub.
  • Set the SSL mode on each hub that requires SSL communications.
  • Mode
    • Normal
      SSL mode 0 — No encryption
      • The
        transport layer is not used.
    • Compatibility mode
      SSL mode 1 — the hub and robot can communicate without encryption or can communicate with
      • Components attempt to communicate with SSL. If the request is not acknowledged, the communication is unencrypted.
    • SSL Only
      SSL mode 2 —
  • Cypher Type
    specifies the cipher suite
  • Hub v7.80 supports the TLS protocol and TLS cipher suites for hub-to-hub tunnels, and hub-to-robot SSL settings.
    • To use TLS cipher suites between tunnel servers and tunnel clients:
      • Upgrade the hubs to v7.80
      • Select a cipher suite that resolves to the TLS protocol
  • Hub v7.71 and before, support cipher suites that resolve to
    TLS and SSLv3. TLS-only cipher suites are not supported.
  • If the tunnel server cipher is changed, restart the tunnel server and tunnel clients.
Tunnel Settings
Use the
Advanced, Tunnel Settings
node to control the behavior of the hub tunnels.
  • Tunnel Advanced Settings
    control how tunnels connect
    • Ignore Controller First Probe Port
      controls how tunnel ports are assigned.
      • Enabled
        the hub uses the
        First Tunnel Port
        setting. If the hub has more than one tunnel server, use this setting.
      • Disabled
        the tunnel uses the
        First Probe Port
        in the
        probe configuration.
    • First Tunnel Port
      specifies the port that is used by the
      tunnel that you set up. The tunnel server increments the port number for each additional tunnel, and assigns that port to the tunnel client. The client keeps that port as long as the hub is running.
      • The server does not manage disconnected clients. If a tunnel client is connected to the server, the number increments. If a previously used port is available, it is ignored. If there are no active clients, the counter is reset.
      • If the field is blank, the operating system assigns random ports.
    • Hang Timeout
      specifies the interval between attempts to restart the tunnel. The tunnel server continuously monitors the status of the tunnels. If a tunnel does not respond, the hub continues to attempt a tunnel restart until the tunnel is active. Default, 120 seconds
  • Tunnel SSL Session Cache
    controls SSL caching
    • Use Client Cache / Use Server Cache
      SSL sessions are cached, and previous session credentials are used. Enable both options to reduce the server-client connection time.
    • Server Cache Timeout
      specifies how long the cached sessions are valid for reuse by the client. Default, 7200 seconds (two hours)
    • Server Cache Size
      Default, 1024 KB
Hub List
Hub List
node lists the hubs in a CA UIM domain, displays the hub information, and monitors the hub status.
  • Hub List
    provides the following information about each hub:
    • Domain
    • Name
    • Status
    • Version
      of the hub probe
    • Last Updated
      date and time when the hub probe was last restarted
    • IP address
    • Port
  • To monitor the status of other hubs:
    • Actions, Alive Check
      monitor the status of the selected hub.
    • Actions, Response Check
      monitor the response time, connect - reconnect and no transfer, between the current hub and the selected hub.
    • Actions, Transfer Check
      transfers data from the current hub to the selected hub, and monitors the transfer rate.
Name Services
Use the
Name Services
node to connect hubs that are separated by firewalls, routers, or that are in a NAT environment.
For secure hub (9.10S), only
Network Aliases
is available in the UI, not
Name Services
  • Static Hub List Entry
    enter information about the static route:
    • Active
      the route is active
    • Synchronize
      the hub sends status information to the static hub
    • Hostname/IP
      the address of the static hub
    • Actions, Create Static Hub
      sets up the static route
  • Static Hub List
    displays the hubs to which there is a static route from the hub being configured:
    • Active
      indicates that the route is active.
    • Synchronize
      indicates that the hub is sending status information to the static hub
    • Name
      , and
      Robot Name
      identify the static hub
    • Actions, Remove Static Hub
      removes the selected static hub
  • Network Aliases
    specifies the return address for requests from remote hubs in a NAT environment
    • From Address
      is the address from which the remote hub sends requests
    • To Address
      is the address to which the responses are sent
Queue List
Use the
Queue List
node to create hub-to-hub queues.
  • Queue List Entry
    add a new queue subject
    • Subject To Add
      specify the new subject
      Some subjects are reserved for use by CA UIM probes. See Reserved UIM Subject IDs.
    • Actions, Add Subject To List
      add a queue subject immediately so that it can be used in a new queue
  • Queue List Configuration
    enter information for new queues, or view the configuration of the existing queues. Some fields are specific to the type of queue.
    • New
      add and delete queues
    • Queue Name
      the name of the new queue
    • Active
      the queue status
    • Type
      the type of queue,
      attach, post, or get
    • Hub Address
      queues) the CA UIM address of the
      queue hub
    • Subject
      queues) the types of the messages to collect in the queue
    • Remote Queue Name
      queues) the name of the corresponding
    • Remote Queue List
      the list of
      queues that are found in the domain
    • Bulk Size
      the number of messages that are transferred in one package
Robot List
Robot List
node lists the hub-controlled robots.
  • Robot List
    displays the following information about each robot:
    • Name
    • Status
    • IP address
    • Version
    • OS
  • Robot commands
    • Actions, Alive Check
      monitor the status of the selected robot
    • Actions, Restart
      restart the selected robot
Use the
node to enable tunneling on a tunnel server or a tunnel client.
  • Select
    Tunnel Active
    , and click
    to enable tunneling.
1 - Tunnel Server
Use the
Tunnel, 1 - Tunnel Server
node to configure a hub as a tunnel server.
  • Certificate Authority (CA) Initialization
    designate a hub as a certificate authority
    Designating a certificate authority is a one-time task. When a certificate authority is specified,
    Tunnel Server CA Is Initialized
    is displayed.
  • Server Settings
    the tunnel server status
    • Active
      the tunnel is running
    • Tunnel Server Status
      whether the tunnel is running or is stopped. Change the status with the
    • Common Name
      the IP address of the tunnel server
    • Expiration Days
      the date the tunnel expires
    • Server Port
      the port the tunnel server uses to transfer data. Default, 48003
    • Security Setting
      the encryption level for tunneled packets
      • NONE
        No encryption, but uses authentication. Fast, and not secure
      • LOW
        Fast, but not secure encryption and authentication
      • MEDIUM
        Slow but secure encryption and authentication
      • HIGH
        Slow but secure encryption and authentication
      • CUSTOM
        Slowest but secure encryption and authentication
    • Custom Cipher *
      available when the security setting is
  • CA Certificates
    create the CA certificates. The hub has the authority to issue client certificates
    • Organization Name
      Organization Unit Name
      , and
      Email Address
      identify the issuing entity
    • Country Name
      State or Province Name
      , and
      Locality Name
      the location of the receiving entity
    • Common Name
      the IPV4 or IPV6 address, in hexadecimal format, of the tunnel server hub
    • Beginning Date
      Ending Date
      when the certificate is valid
  • Client Certificate Configuration
    create the client certificates which are required on every tunnel client that connects with the tunnel server
    • Organization Name
      Organization Unit Name
      , and
      Email Address
      identify the receiving entity
    • Country Name
      State or Province Name
      , and
      Locality Name
      the location of the receiving entity
    • Common Name
      the IPV4 or IPV6 address in hexadecimal format, of the tunnel client hub The tunnel client hub must be active when the certificate is created.
    • Password
      specify the password for the tunnel client hub to access the tunnel server
    • Beginning Date
      Ending Date
      when the certificate is valid
    • Certificate *
      the client certificate text. Copy the text to the tunnel client hub configuration.
    • Actions, Create Tunnel Server Client Certificate
      create the certificate
  • Client Certificate List
    client certificates
    • New
      add and delete certificates
      • Rows in the table display information about the certificates
      • Fields below the table display the details for the selected certificate
    • Certificate *
      displays the certificate text. Copy and paste the certificate text into the tunnel client hub configuration.
2 - Tunnel Client
Use the
Tunnel, 2 - Tunnel Client
node to configure a hub to be a tunnel client.
  • Client Certificate Configuration
    lets you add, delete, and view tunnel client certificate:
    • New
      add and delete tunnel client certificates.
    • Certificate ID
      the number that is assigned to the certificate
    • Active
      the certificate status
    • Server *
      specifies the IP address of the tunnel server hub
    • Server Port *
      the port to use for tunneled data
    • Check Server 'Common Name' Value
      the tunnel server verifies that the tunnel comes from the IP address in the client certificate. Disable the setting in NAT environments. We recommend enabling the setting in other environments.
    • Description
      describes the tunnel
    • Password *
      the password of the tunnel client certificate
    • Keep Alive
      the interval in seconds at which small data packets are sent
    • Certificate *
      paste the client certificate text from the tunnel server hub
3 - Tunnel Access List
Use the
Tunnel, 3 - Tunnel Access List
node to restrict the access privileges for CA UIM users, addresses, and commands.
Use Infrastructure Manager to configure tunnel access lists.
  • Tunnel Access List
    create tunnel access lists
    • New
      create or delete an access list
    • Source IP *
      the IP address of the tunnel server, or the wildcard character (*).
    • Destination Address *
      the address of the target hub, robot, or probe
    • Probe Command
      the specific command to allow or deny. To find the command set, click the checkmark next to the hub probe, and select
      Probe Utility
    • User *
      allow or deny access (a regular expression is allowed)
    • Mode *
      settings specify the access mode:
      • ACCEPT
        access for the specified user, command, or probe
      • DENY
        access for the specified user, command, or probe
      • LOG
        all requests through the tunnel with information recorded when the access list is processed.
        Log is typically used for testing commands against targets. The result is recorded in the hub log file.