The Subtab "Service & System Management"
Restart TimeKeeper: You will be asked to confirm this command. A counter will be displayed in the top right corner, stating when the restart will be completed. When completed, you will be asked to log back in.
Stop TimeKeeper: This button can be used to shut down TimeKeeper. It is recommended to use this only if advised by Technical Support, since re-starting TimeKeeper will require the CLI.
Set admin password: You need to login via https to create a new administrator password.
Set readonly password: You need to login via https to create a new readonly user password.
Set loguser password: You need to login via https to create a new loguser password.
Caution: Please do not enable Enable root login, unless asked to by Spectracom Tech Support.
Enable loguser login: You will be asked to confirm that you want to enable loguser login access.
Enable readonly login: You will be asked to confirm that you want to enable readonly login access.
For each server, determine:
- The transport layer protocol: [UDP: User Datagram Protocol], or [TCP: Transmission Control Protocol]
- The host name
- The Port number.
Configure RADIUS: RADIUS authentication provides the means to use an external RADIUS server to authenticate the user accounts when logging in to VelaSync. RADIUS allows the login password for user-created accounts to be stored and maintained in a central RADIUS or server on the network. This function greatly simplifies password management. Instead of having to change the password in many network appliances when a password needs to be changed, if a user password is changed in the RADIUS or RADIUS server, it automatically changes the login password for all of the appliances that are using the RADIUS server to authenticate a user login. In order to use the RADIUS authentication capability of the SecureSync, it needs to first be configured with the appropriate settings in order to be able to communicate with the RADIUS server(s) on the network.
For each server, determine:
- The hostname/IP: Enter either the hostname or IP address of the RADIUS server on the network with which you wish VelaSync to authenticate.
- The secret: Enter the secret key which is shared by VelaSync and the RADIUS server (the key is used to generate an MD5 hash).
- The timeout: Defines the Timeout that VelaSync will wait to communicate with the RADIUS server
Enable RADIUS: Start authenticating
Configure TACACS+: TACACS+ provides centralized authorization and accounting services of user access to VelaSync, and other routers and network access servers. Click Configure TACACS+ to open the window shown below:
Populate the following fields:
- Host: Specify the hostname of the TACACS+ server.
- Secret: Specify the encryption key for encrypting and decrypting all traffic between VelaSync and the TACACS+ daemon.
Enable TACACS+: Start authenticating
Generate HTTPS CSR: HTTPS provides secure/encrypted, web-based management and configuration of VelaSync from a PC. An SSL certificate is required to be stored in VelaSync in order to provide a secure HTTPS connection.
If using only self-signed certificates, you should choose values based on your company’s security policy.
For additional information about HTTPS see HTTPS Support.
Populate the following fields:
- Key bit length: The default key bit length is 2048. It is recommended that the RSA Private Key Bit Length be a power of 2 or multiple of 2. The key bit length chosen is typically 1024, but can range from 512 to 4096. Long key bit lengths of up to 4096 are not recommended because they can take hours to generate. The most common key bit length is the value 1024. Using a lower number may compromise security and is not recommended
- Self-signed certificate validity in days: How many days before the certificate expires. The default is 365.
- Country Name: This two-letter country code should match the ISO-3166-1 value for the country in question.
- State or Province Name: From the address of the organization creating up the certificate
- Locality Name: Locale of the organization creating the certificate
- Organization Name: The name of the organization creating the certificate
- Organizational Unit Name: The applicable subdivision of the organization creating the certificate
- Common Name: This is the name of the host being authenticated. The Common Name field in the X.509 certificate must match the hostname, IP address, or URL used to reach the host via HTTPS.
- Email Address: This is the email address of the organization creating the certificate.
- Challenge password: Valid response password to server challenge.
- Confirm challenge password: Re-enter password.
- Optional company name: An optional name for the organization creating the certificate.
Enter the information, and wait while the request is generated. It may take several minutes for VelaSync to create the certificate request and the private key. The larger the key, the longer amount of time is required. If a system is rebooted during this time, the certificate will not be created.
Once the key has been created, you can submit it to an external or corporate-internal Certificate Authority (CA) for the creation of a verifiable certificate.
Upload HTTPS Certificate: Choose a certificate file previously generated, and click to apply the authentication. (TimeKeeper will be restarted.)
Restart system: Restart TimeKeeper and VelaSync.
Shutdown system: Use this button to gracefully shut down VelaSync. See also Powering OFF VelaSync.
Save GM config: The TimeKeeper Web UI can be used to save an existing configuration (GM = GrandMaster) as a downloadable file. This file can be used as a backup of the configuration, or a means of deploying the same configuration to multiple VelaSync easily.
Note: You need to login via https to utilize this feature.
The configuration file generated represents the VelaSync configuration data only, and does not contain binary state, like the installed TimeKeeper version.
Note: The generated file does contain potentially sensitive contents, like hashed system password files, RADIUS and TACACS+ secrets, etc. Please treat the file with care, and properly secure it.