How to set up Harmony Controller ?

gokulpokurigokulpokuri Member, Administrator admin
edited April 21 in Tips

In this article, we will look at how to set up Harmony Controller after activating Controller and Thunder licenses. The next steps are to:

1. Check Networking Pre-requisites

2. On-board Thunder to Harmony Controller

3. Viewing Analytics and Insights

Step 1: Check Networking Pre-requisites

Communication between Harmony Controller and Thunder

Harmony Controller provides central management to thunder devices and gets alerts and analytics data from the devices. Harmony Controller can connect to the Thunder device in two ways.

1.  Thunder device reachable via management behind NAT on port 443

2. Through a secure tunnel between Thunder device and Harmony Controller SaaS

Suppose the Thunder device is not reachable from Harmony Controller via management behind NAT. In that case, the Thunder device can connect to Harmony Controller by establishing a secure tunnel.

To allow Thunder devices to connect to the Harmony Controller, allow the following TCP ports.

Port Numbers

1. Access to A10 Harmony Portal

  • TCP Secure: 443

2. Access to Harmony Controller from Thunder

  • API server/Registry server: 443
  • Metrics message broker: 9093
  • SCP: 2222
  • Reverse Secure Tunnel: 25500

Step 2: On-board Thunder to Harmony Controller

Before registration of Thunder devices to Harmony Controller, make sure to set up

1. NTP server config on Thunder device. The time on the Thunder device should be in sync with the NTP server.

2. Network reachability between Harmony Controller and Thunder.

3. Enable Harmony Apps as required.

For detailed instructions on these steps, refer to the documentation.

Register Thunder device from Harmony Controller

Once you log into Harmony Controller GUI, navigate to the Infrastructure tab. The infrastructure tab enables the management of Thunder devices. A cluster is a logical container of one or more Thunder devices. In the Infrastructure tab, you can

1. Create a cluster and add devices

2. Repeat the step1 if you have more Thunder devices service the same service

3. Create a tenant

4. Provision these resources to tenants for the service deployment

Refer to the cluster documentation, tenant documentation on how to add Cluster, devices, and provision cluster to tenants.

(Optional) Register Thunder device to Harmony Controller

Suppose the Thunder device is not reachable from Harmony Controller behind NAT. In that case, you can register the Thunder device from its GUI or CLI by establishing a secure tunnel to Harmony Controller.

Registering using GUI (Use SaaS Tunnel setting - Supported from ACOS version 5.2.1-P3 onwards):

1. Login to Thunder device (ACOS) GUI

2. Navigate to System > Admin > Controller tab

3. Configure the Harmony Controller settings as indicated below

For SaaS trials, enter the hostname as If it’s a self-managed deployment, enter the hostname/IP of the Harmony Controller instance.

4. Click Register Device

Registering through CLI:

Run the following commands on Thunder device CLI on config mode to register.

Thunder(config)#harmony-controller profile
Thunder(config-profile)#host <Hostname/IP of Harmony> port 443 use-mgmt-port
Thunder(config-profile)#provider <Provider name>
Thunder(config-profile)#user-name provider-admin
Thunder(config-profile)#cluster-name <Cluster name created on Harmony>
Thunder(config-profile)#password <provider-admin user password>
Thunder(config-profile)#region <Country name>
Thunder(config-profile)#availability-zone <City name>
Thunder(config-profile)#thunder-mgmt-ip <Thunder device management IP>
Thunder(config-profile)#tunnel enable

For detailed instructions, refer to the documentation.

Once you provision the cluster to tenants, onboarding is complete. Shortly after, you will see Harmony Controller starts populating traffic visibility and service analytics on the Harmony Apps.

Step 3: Viewing Analytics and Insights

Harmony apps help analyze collected data to detect anomalous trends and simplify troubleshooting via access to contextualized data and logs. It provides visibility and actionable insights into the application traffic. Operators can get alerts based on various metrics and customizable fields via email or webhook URL for automated and rapid action. The example below shows the ADC app.

1. Log in to Harmony Controller GUI

2. Expand Harmony apps and click on Thunder ADC

3. Select the tenant from the drop-down menu and click “Proceed.” The ADC app dashboard screen opens on a new tab.

4. The dashboard displays real-time ADC traffic pattern statistics and insights on categories such as the number of requests, request locations, request methods, response codes, deployment locations, WAF events, average end-to-end latency.

5. To gain latency insights on specific sessions, click on HTTP on the bottom left side of the screen. It provides detailed ADC transaction logs with client information (IP, location, device, etc.), ADC service information (e.g., VIP, service port, protocol), and transaction details, including request and response details. Response time distribution representing session latency (RTT) in various phases of request and response transaction assists you in pinpointing possible issues/bottlenecks in both network and application layers.


If you require assistance with the set up process, contact A10 Support Team.

For Harmony Controller and Harmony Apps documentation, refer to the below links:

Harmony Controller License Management

Harmony Controller Overview and Features

Supported Products

Installation of Harmony Controller


A10 Harmony API

Release Notes

Overall Documentation

Sign In or Register to comment.