How to set up Harmony Controller ?
In this article, we will look at how to set up Harmony Controller after activating Controller and Thunder licenses. The next steps are to:
1. Check Networking Pre-requisites
2. On-board Thunder to Harmony Controller
3. Viewing Analytics and Insights
Step 1: Check Networking Pre-requisites
Communication between Harmony Controller and Thunder
Harmony Controller provides central management to thunder devices and gets alerts and analytics data from the devices. Harmony Controller can connect to the Thunder device in two ways.
1. Thunder device reachable via management behind NAT on port 443
2. Through a secure tunnel between Thunder device and Harmony Controller SaaS
Suppose the Thunder device is not reachable from Harmony Controller via management behind NAT. In that case, the Thunder device can connect to Harmony Controller by establishing a secure tunnel.
To allow Thunder devices to connect to the Harmony Controller, allow the following TCP ports.
1. Access to A10 Harmony Portal
- TCP Secure: 443
2. Access to Harmony Controller from Thunder
- API server/Registry server: 443
- Metrics message broker: 9093
- SCP: 2222
- Reverse Secure Tunnel: 25500
Step 2: On-board Thunder to Harmony Controller
Before registration of Thunder devices to Harmony Controller, make sure to set up
1. NTP server config on Thunder device. The time on the Thunder device should be in sync with the NTP server.
2. Network reachability between Harmony Controller and Thunder.
3. Enable Harmony Apps as required.
For detailed instructions on these steps, refer to the documentation.
Register Thunder device from Harmony Controller
Once you log into Harmony Controller GUI, navigate to the Infrastructure tab. The infrastructure tab enables the management of Thunder devices. A cluster is a logical container of one or more Thunder devices. In the Infrastructure tab, you can
1. Create a cluster and add devices
2. Repeat the step1 if you have more Thunder devices service the same service
3. Create a tenant
4. Provision these resources to tenants for the service deployment
(Optional) Register Thunder device to Harmony Controller
Suppose the Thunder device is not reachable from Harmony Controller behind NAT. In that case, you can register the Thunder device from its GUI or CLI by establishing a secure tunnel to Harmony Controller.
Registering using GUI (Use SaaS Tunnel setting - Supported from ACOS version 5.2.1-P3 onwards):
1. Login to Thunder device (ACOS) GUI
2. Navigate to System > Admin > Controller tab
3. Configure the Harmony Controller settings as indicated below
For SaaS trials, enter the hostname as test.hc.a10networks.com. If it’s a self-managed deployment, enter the hostname/IP of the Harmony Controller instance.
4. Click Register Device
Registering through CLI:
Run the following commands on Thunder device CLI on config mode to register.
Thunder(config)#harmony-controller profile Thunder(config-profile)#host <Hostname/IP of Harmony> port 443 use-mgmt-port Thunder(config-profile)#provider <Provider name> Thunder(config-profile)#user-name provider-admin Thunder(config-profile)#cluster-name <Cluster name created on Harmony> Thunder(config-profile)#password <provider-admin user password> Thunder(config-profile)#region <Country name> Thunder(config-profile)#availability-zone <City name> Thunder(config-profile)#thunder-mgmt-ip <Thunder device management IP> Thunder(config-profile)#tunnel enable Thunder(config-profile)#register
For detailed instructions, refer to the documentation.
Once you provision the cluster to tenants, onboarding is complete. Shortly after, you will see Harmony Controller starts populating traffic visibility and service analytics on the Harmony Apps.
Step 3: Viewing Analytics and Insights
Harmony apps help analyze collected data to detect anomalous trends and simplify troubleshooting via access to contextualized data and logs. It provides visibility and actionable insights into the application traffic. Operators can get alerts based on various metrics and customizable fields via email or webhook URL for automated and rapid action. The example below shows the ADC app.
1. Log in to Harmony Controller GUI
2. Expand Harmony apps and click on Thunder ADC
3. Select the tenant from the drop-down menu and click “Proceed.” The ADC app dashboard screen opens on a new tab.
4. The dashboard displays real-time ADC traffic pattern statistics and insights on categories such as the number of requests, request locations, request methods, response codes, deployment locations, WAF events, average end-to-end latency.
5. To gain latency insights on specific sessions, click on HTTP on the bottom left side of the screen. It provides detailed ADC transaction logs with client information (IP, location, device, etc.), ADC service information (e.g., VIP, service port, protocol), and transaction details, including request and response details. Response time distribution representing session latency (RTT) in various phases of request and response transaction assists you in pinpointing possible issues/bottlenecks in both network and application layers.
If you require assistance with the set up process, contact A10 Support Team.
For Harmony Controller and Harmony Apps documentation, refer to the below links: