500-430 Platform Installation and Administration

Platform Installation and Administration Detailed Explanation

Objective:

To properly install, configure, and manage the key components of a wireless network platform, including wireless controllers (WLCs) and access points (APs). This ensures a stable, secure, and efficient network environment.

1. Wireless Controller (WLC) Installation

The wireless controller is the central brain of your wireless network, managing APs, users, and network policies.

1. Hardware Installation:

   • What to do:
     • Physically connect the WLC to the core network switch via Ethernet cables.
     • Ensure proper power supply to the WLC (via power adapters or Power over Ethernet [PoE] if supported).
   • Network Connection:
     • The WLC must be connected to a trunk port on the switch. This allows it to manage multiple VLANs.
   • Tips for success:
     • Place the WLC in a centralized location for optimal network performance.
     • Use redundancy (e.g., a second WLC) to ensure high availability.

2. Basic Configuration:

   • IP Address Configuration:
     • Assign a static IP address to the WLC.
     • Configure the subnet mask, gateway, and DNS server to ensure the WLC can communicate with other devices.
   • VLAN Setup:
     • Assign management traffic to a dedicated VLAN to separate it from user data traffic.
   • Security:
     • Enable HTTPS access for secure WLC management.
     • Change default admin credentials to a strong username and password.
   • Example Settings:
     • IP: 192.168.1.10
     • VLAN: 100 (Management VLAN)

2. Wireless Network Configuration

The WLC’s primary role is to define and manage the behavior of the wireless network.

1. SSID Configuration:

   • What is an SSID?
     • An SSID (Service Set Identifier) is the name of your wireless network, visible to users when they connect.
   • How to configure:
     • Create separate SSIDs for:
       • Employees: Secure with WPA3 and 802.1X authentication.
       • Guests: Use an open network or captive portal for limited access.
       • IoT devices: Restrict access to only necessary network resources.
     • Assign each SSID to a specific VLAN for traffic isolation.
     • Example:
       • Employee SSID → VLAN 200
       • Guest SSID → VLAN 300

2. RF Parameter Tuning:

   • Channel Width:
     • Configure channel width based on the environment:
       • 20 MHz: Use in crowded environments with many networks.
       • 40/80 MHz: Use for higher performance in less congested areas.
   • Dynamic RF Management:
     • Enable automatic adjustment of power and channels to avoid interference.
     • Example: Cisco's RRM (Radio Resource Management) automatically selects the best channel for each AP.

3. Quality of Service (QoS):

   • Purpose:
     • Prioritize critical applications like voice and video traffic over less important data, ensuring a smooth experience.
   • Configuration:
     • Enable QoS profiles for latency-sensitive traffic, such as VoIP and video conferencing.

4. Roaming Configuration:

   • What is roaming?
     • When a device moves between APs, it should maintain a seamless connection.
   • How to enable fast roaming:
     • Configure standards like 802.11r (Fast Transition), 802.11k (Neighbor Reporting), and 802.11v (Network-Assisted Roaming).
     • These features minimize the delay during AP transitions.

3. Platform Security Management

Security is critical to prevent unauthorized access and protect sensitive data.

1. Firewall Rules:

   • Purpose:
     • Block unwanted traffic and limit user access to sensitive resources.
   • Configuration:
     • Define rules to allow or deny traffic based on IP, port, or protocol.
     • Example: Allow only HTTP(S) and DNS traffic for guest SSIDs.

2. RADIUS Server Configuration:

   • What is RADIUS?
     • Remote Authentication Dial-In User Service (RADIUS) centralizes user authentication for secure network access.
   • How to set up:
     • Integrate the WLC with a RADIUS server (e.g., Cisco ISE or Microsoft NPS).
     • Configure user roles (e.g., Employee, Guest) and their permissions.

3. Rogue AP Detection:

   • Purpose:
     • Detect and mitigate unauthorized APs that might compromise the network.
   • Configuration:
     • Enable rogue AP scanning in the WLC.
     • Define a policy to disconnect or block rogue devices automatically.

4. High Availability and Redundancy

Network reliability is essential to avoid disruptions.

1. Primary and Backup WLC:

   • Configuration:
     • Set up a primary WLC for normal operations and a backup WLC for failover.
   • Failover Testing:
     • Test the failover process by simulating a primary WLC failure.

2. AP Failover:

   • What is AP Failover?
     • If an AP loses its connection to the primary WLC, it automatically switches to a backup WLC.
   • Configuration:
     • Enable AP failover in the WLC settings.

5. Logs and Monitoring

Monitoring ensures that the network runs smoothly and issues are detected early.

1. Syslog Configuration:

   • What is Syslog?
     • A system logging protocol that collects logs from WLCs and APs for centralized storage and analysis.
   • Configuration:
     • Set up a Syslog server (e.g., Splunk or Graylog) to receive logs.
     • Define log severity levels to capture critical events (e.g., AP disconnects, security breaches).

2. SNMP Monitoring:

   • What is SNMP?
     • Simple Network Management Protocol (SNMP) collects and monitors performance metrics.
   • Configuration:
     • Enable SNMP in the WLC.
     • Use an SNMP monitoring tool (e.g., SolarWinds, PRTG) to track device health and performance.
   • Key Metrics to Monitor:
     • AP uptime
     • Signal strength
     • Client connection count

Summary

Platform installation and administration focus on setting up the wireless controller, configuring the wireless network, and ensuring security and reliability. By following these steps, you can create a robust and efficient wireless network tailored to your organization's needs. For beginners, focus on understanding the purpose of each feature and gradually explore advanced configurations like QoS and roaming.

Platform Installation and Administration (Additional Content)

1. AppDynamics Controller Installation

Deployment Models:

• SaaS (Cloud-hosted Controller):

  • AppDynamics hosts and maintains the Controller.

  • Suitable for organizations that prefer not to manage infrastructure.

  • Agents report directly to the SaaS Controller over HTTPS (port 443).

• On-Premises Controller:

  • Installed and managed by the organization.

  • Offers more control over data, configuration, and security policies.

System Requirements (for On-Prem):

• CPU: Minimum 8 cores (more for large environments).

• Memory: At least 32 GB RAM (64 GB+ for enterprise).

• Disk Space: High IOPS and storage (e.g., SSDs). Events Service uses a lot of disk.

• Operating System: Linux (CentOS/RHEL/Ubuntu), Java 11 or later.

Installation Steps:

• Use the Enterprise Console to deploy the Controller.

• Follow a GUI or silent installation process.

• After install, configure external access, certificates, and start services.

Default Port Usage:

• 8090: HTTP access to the Controller

• 8181: Internal use for services

• 443: Secure HTTPS access (recommended)

• 3388 / 389: LDAP/Active Directory access

Security Configuration:

• Upload SSL certificates to secure Controller UI.

• Enable two-factor authentication (2FA) or SSO as needed.

• Ensure controller communication uses HTTPS-only mode in production.

2. Enterprise Console Usage

Functions of the Enterprise Console:

• Central management utility to install, configure, and maintain AppDynamics components.

Supported Deployments:

• Multiple Controllers in different environments (e.g., staging, prod)

• Events Service Clusters for analytics and metrics

• EUM Server (End User Monitoring server) for Browser/Mobile RUM

Capabilities:

• Upgrades and Patching: Apply new versions and fixes via GUI or scripts.

• HA (High Availability): Configure primary/secondary Controllers and database mirroring.

• Node Management: View status, restart services, and manage configurations.

• Log Access: Default path: /opt/appdynamics/platform/logs/

• Service Check Commands: Example:

  ./platform-admin.sh show-services --platform-name <name>
  

3. Agent Registration & Verification

How Agents Register:

• Agents (Java, .NET, Machine, etc.) communicate with the Controller over HTTPS or HTTP.

• Required fields:

  • Application name

  • Tier name

  • Node name

  • Controller hostname and port

  • Access key or account credentials

Verification Steps:

• Log into Controller UI → Application Flow Map

• Confirm new Tiers and Nodes appear and metrics are flowing

Business Transactions (BTs):

• Automatically discovered via servlet entry points, URLs, methods, etc.

• Can be manually created or renamed

• BT naming limitations:

  • Max 50 BTs per agent (by default)

  • Custom match rules can help reduce noise

4. Data Retention and Performance Tuning

Retention Settings:

• Configure via Controller Admin UI or config files.

• Example:

  • Metric retention: 8 days

  • Events: 30 days

  • Snapshots: 14 days

Resource Usage Controls:

• Use metric limits to cap number of collected metrics per agent.

• Adjust sampling rate for snapshots or transaction traces.

Performance Monitoring:

• Watch system metrics of the Controller host.

• Monitor GC activity, thread count, DB performance, and disk usage.

• Analyze Controller logs located at:

  • /opt/appdynamics/controller/logs/

  • server.log, controller.log, transaction.log, etc.

5. User Access & Security Configuration

User Management:

• Local users: Created within the Controller UI

• LDAP/SSO users: Integrated via external directories for centralized authentication

RBAC (Role-Based Access Control):

• Assign users to roles such as Administrator, Viewer, Developer

• Granular permissions can restrict access to:

  • Applications

  • Dashboards

  • Alert configurations

SSL and Security Hardening:

• Replace self-signed certificates with enterprise-trusted SSL certs.

• Enforce HTTPS-only access.

• Disable unused ports and services.

API Access Security:

• Use access keys, API clients, and IP whitelisting.

• Avoid embedding plaintext credentials in scripts.

• Rotate access credentials regularly.

6. Backup and Recovery

Backup Strategy:

• Schedule regular backups of:

  • Controller database

  • Configuration files

  • Enterprise Console metadata

Backup Types:

• Manual backup via scripts or file copies

• Automated backup via Enterprise Console or cron jobs

Recovery Process:

• Restore Controller DB (PostgreSQL) from SQL dumps

• Redeploy configuration via saved files or Enterprise Console

• Ensure all services are restarted in the correct order:

  1. Events Service

  2. Controller

  3. EUM Server (if used)

Summary

Platform Installation and Administration ensures that the AppDynamics solution is deployed reliably, performs optimally, and can be maintained over time. Focus areas include:

• Choosing the right deployment model

• Proper Controller installation and resource sizing

• Verifying agent connectivity and business transaction flow

• Configuring access control and SSL security

• Ensuring data retention and scalability

• Establishing a strong backup and recovery strategy