The end of life (EOL) date for this module is: 31 July 2019.

Web Montage - User Guide

Overview

Web Montage is the web-based front end for accessing real-time metrics streamed from Geneos framework. It provides a quick and intuitive way to access Geneos data without requiring the full functionality of, and knowledge of how to use, an Active Console; now backed by our Open Access cluster to provide a more dynamic way to collect core data and a flexible way to visualise data via browser.

Web Montage presents data in a secure and easily shareable format, helping to enhance collaboration across departments, regions and time zones. Built upon our Open Access API framework, it uses HTML 5 and Web Sockets technology to allow data to be published from the Gateways via Open Access cluster. This allows Web Montage to display data from many Gateways, making it a highly scalable solution.

../ImportedGeneosImages/InvestigateView.png../ImportedGeneosImages/Montage2.png

System Requirements

Please refer to the Geneos Compatibility Matrix for the list of supported platforms and web browsers.

There is a single downloadable binary for all supported platforms.

Quick Start Guide

Web Montage is an Open Access client application built on Open Access API to consume and visualise Geneos data. This guide will help you get started with Web Montage.

Step 1: Check prerequisites

  • Make sure you have read about the system requirements. If you don’t have Open Access Cluster installed, please see Open Access Cluster documentation for installation and configuration instructions.
  • If authentication is enabled on your Open Access Cluster configuration, you will need a valid username and password to connect to your Open Access Cluster. On the other hand, if authentication is not enabled, you may use the default admin credentials of admin/admin.
  • Web Montage itself should be connected to the cluster as a user with administrative privileges. Other users can then log in to the Montage web interface and will be shown data based on their own roles.

Step 2: Download and extract

  • Download Web Montage (also called Web Services) from Client Area on our website. Extract the downloaded file into your installation directory.

Step 3: Run Web Montage Server

  • From your installation directory, execute “run”.
  • If “<home>/.geneos” does not exist the first time you execute the run script, it will create a directory structure in “<home>/.geneos/webservices” and copy default configuration files to that location. If you have run a previous version, you may already have “<home>/.geneos”. You can force the ‘installation’ by deleting or renaming this directory.

See Server configuration for different run options like running as service, etc.

Step 4: Add Open Access connection and restart

  • Navigate to “<home>/.geneos/webservices/config” directory and edit the “system.properties” file to add Open Access Cluster connection details.
openaccess.host=<*OPEN ACCESS CLUSTER NODE HOST*>openaccess.port=<*OPEN ACCESS CLUSTER NODE PORT*>openaccess.username=<*OPEN ACCESS MONTAGE USER*>openaccess.password=<*OPEN ACCESS MONTAGE PASSWORD*>webapp.hostname=<*HOSTNAME OR IP OF WEB MONTAGE INSTALLATION MACHINE*>
  • Navigate to “<home>/.geneos/webservices/config” directory and edit the “akka.conf” to include “netty.tcp.hostname”.
netty.tcp {
hostname = "<*HOSTNAME OR IP OF WEB MONTAGE INSTALLATION MACHINE*>"}
								
  • Stop and restart the “run” script. If everything is configured correctly, you will see a log output stating that the Web Server is ready.
2014-11-24 12:58:38 GeneosServices [INFO] Web Server is ready, point your browser at
http://<*HOSTNAME OR IP OF WEB MONTAGE INSTALLATION MACHINE*>:8181

Note: The user used to connect to Open Access (<OPEN ACCESS MONTAGE USER>) should be configured in Open Access Cluster with ROLE_CONFIG role.

Note: By default, Web Montage will be available on port 8181. However, this is configurable in the “system.properties” file.

Step 5: Open Web Montage web interface in browser

  • Open a browser and navigate to “http://<HOSTNAME OR IP OF WEB MONTAGE INSTALLATION MACHINE>:8181”. You will need a valid username and password to access Web Montage web interface.
  • Once you are logged in, you will be presented with the Web Montage Overview page. If everything is configured correctly, you should see the word ‘Connected’ in the navigation bar at the top.

You are now ready to create and share your own view into Geneos data.

Note: Users, roles, Web Montage authentication, data level authorisation and connections to Geneos Gateways are all configured in Open Access Cluster. Please speak to your Open Access Cluster admin or refer to Open Access documentation for more information.

Note: It is important that gateways are unique across clusters. When connecting to multiple clusters where gateways defined have the same names, hosts, ports, and Open Access aliases, the gateway specified on the cluster that responds first will be the only one displayed on Montage gadgets.


Client Interface

Note: To use Web Montage in Internet Explorer 10 and 11, turn off the Compatibility View by navigating to Tools -> “Compatibility View settings” then untick “Display intranet sites in Compatibility View” checkbox.

The following are also not supported in Internet Explorer 11:

  • Creating a Montage page with a name that has spaces (i.e., “My Montage Page”).
  • Opening a managed entity with a name that has spaces in a parameterised montage page through the Treemap gadget or Investigate page.

Overview Page

The Overview page is the first view that any user will see after logging in to Web Montage web interface. Its main purpose is to provide a high-level view of the system. This high-level overview is similar to a Montage view, but it is only configurable for users with “ROLE_SUPERVISOR”. It will appear as read-only for other roles.

Configuration options:
  • Add Gadget: Users with “ROLE_SUPERVISOR” role can add / edit gadgets. See Gadgets for more information.
  • Layout: Users with “ROLE_SUPERVISOR” role can change the layout of this page. Three different layout modes are available: one, two and three column layouts with further alignment options.

Montage Page

The Montage page serves as the placeholder for all montage pages that are created by, or shared with users. Multiple montage pages can be configured with a number of gadgets specific to a data source, along with configurable layout.

Configuration options:
  • Add Montage: Done by clicking the + button found on the upper right corner of the view. Give your montage page a name and click OK.
  • Remove Montage: Done by clicking the x icon on each montage tab. Clicking the icon will display a confirmation message about the montage removal.
  • Configure Montage: Done by clicking the Configure Montage button found beside the Column Layout buttons. Clicking the button will invoke the Configure Montage dialog.
  • Sharing a Montage page: When a montage page is shared with a role, all users having that role will see it on next login. Similarly, when a montage page is unshared, all users having that role will not see it.

Note: Only the owner of the Montage can make any changes, all other users will have read-only permission.

  • Add Gadget: Done by clicking the Add Gadget button and selecting a gadget. See Gadgets for more information.
  • Layout: Three different layout modes are available: one, two and three column layouts with further alignment options.

Parameterising a montage page

A montage page can be parameterised in order to display data based on a selected managed entity from the State Tree gadget or open montage pages from the Investigate page. It is also possible to open montage pages using List View and Treemap gadgets. All gadgets in a parameterised montage page will then be able to show data relevant to a selected managed entity.

Configuration options:
  • Enable parameterised montage: Done by clicking the Configure Montage button found beside the Column Layout buttons. In the Configure Montage dialog, tick the Parameterised montage checkbox.
  • For gadgets in your Montage page to use parameterised display, the path configuration needs to start with a ”.”, followed by a path below the managed entity level (e.g., ./sampler/dataview[@name=”cpu”]). Gadgets that don’t have a ”.” in their path will work as normal, so they will not change display based on a selected managed entity.

To open a managed entity in a parameterised montage page, hover over a managed entity in the Investigate page tree and click the drop-down button. A list of parameterised montage pages will be presented in a pop-up dialog.

../ImportedGeneosImages/param_montage1.png

Investigate Page

The Investigate page is part of the main montage user interface, and it contains the state tree and content of a selected node.

The state tree on the left shows the state of the system and allows users to navigate to different sections. The metrics view which is displayed upon selection of a tree node provides a more detailed view of the selected item. Accordingly, the content title is updated dynamically with the managed entity name of the selected Dataview when navigating from the list. The state tree preserves its structure, which means that if a user comes back from another view, it still shows the previous structure.

Nodes in both navigation and metrics view trees are sorted alphabetically. The path of a node can be copied from the pop-up dialog that is displayed after hovering over a managed entity and clicking the drop-down button. The navigation section can be collapsed using the left double arrows icon on the title bar, and the width of the sections in both main and metrics panels can be adjusted using the splitters.

Configuration options:
  • Show only critical and warning nodes: Done by selecting the Critical and Warning Only checkbox found on the header bar above the state tree.
  • Configure Navigation: Done by clicking the cog icon found on upper right corner of the title bar of the navigation section. Clicking the icon will invoke the Configure Navigation dialog.
  • Path: Geneos XPath used to determine the set of data to display. The path should resolve to a set of directories, probes, managed entities, samplers or dataview dataitems. The gadget will visualise the appropriate level of drill down.
  • Entity attributes: A comma separated list of attributes used to order the logical view of the data.

Executing Commands

Commands can be accessed from Dataview, Metrics View, State Tree and List View gadgets, and in the Investigate page. To show which commands can be executed, right click on an item in one of the supported views. A context menu will be displayed, which contains commands that are associated to the selected item.

../ImportedGeneosImages/command1.png../ImportedGeneosImages/command2.png

Commands with User Prompt

Most commands will prompt a dialog that would require user inputs (e.g., selecting “Snooze -> Until Severity Change OR Time” will prompt a dialog with 5 parameters).

If there are no required user inputs, the command will be executed automatically without prompting the user.

Commands with Displayable Results

There are commands that will display results after executing (e.g., CPU plugin “Top 20 Processes”).

../ImportedGeneosImages/command3.png

Commands History

All executed commands can be revisited and can re-display results using the Commands link on the upper right corner of the window.

Upon clicking the link, it will display a list of executed commands with properties such as command name, target entity, status, description, and date executed. By default, the items will be sorted based on the latest executed command.

../ImportedGeneosImages/command4.png

Double click or right click on an item to view the results of an executed command.

Commands and Authorisation

The commands available through Open Access depend on Gateway level authorisation. On the Gateway side, it is possible to configure each Gateway user with fine-grained permissions on commands. If the Gateway user cannot see or execute the command, the Open Access cluster that connects using the same Gateway username cannot either.

On the Open Access side, it is currently not possible to configure each Open Access user with fine-grained permissions on commands made available by Gateway. As a result, all Open Access users will have the same permissions on commands. However, Open Access allows you to configure data level permissions to control which data is visible to its users.

Note: Commands that are created to run on the client machine are not supported by the Web Montage implementation of commands. If these specific commands are executed, they will be executed on the server where the Open Access Node is running, and the results will not be available in Web Montage.

Gadgets>

There are a number of gadgets available to configure on Montage and Overview pages.

Dataview

The Dataview gadget provides real-time visualisation of a standard Geneos dataview: table and headline values, severities, snooze state, inactive state, and if a user has been assigned to a cell.

The contents of the data tables are specific to the Netprobe plug-in that is the data source.

  • Quick Search: Available using the Quick Search field that can be found on the upper right corner of the gadget. By default, the quick search will filter based on data in any column. If you want to search on a specific column, do a right click on the Quick Search field and select the target column to search against.
  • Copy Data: To copy a single row, select the row and press “CTRL+C”. A comma delimited value of the row data will be copied to the clipboard. Use CTRL or SHIFT key to select multiple rows within the dataview gadget. The order of data displayed in the copied output will depend on the order of the data selected.
Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • Path - A Geneos XPath used to locate the dataview to display. This path must resolve to ‘dataview’. Should the path resolve to more than one dataview, the system will combine the dataviews.

An error icon (with an error message on mouse-over) will be displayed if an invalid path or path that is included in the Open Access blacklist is entered. No error, however, will be shown for misspelled or non-existent entities.

../ImportedGeneosImages/dataview_patherror.png

Note: Significant slowdown or unresponsiveness will be encountered upon reaching the following number of cells displayed in Montage or Overview page:

Browser Number of cells

IE 10

#

1000
IE 11 800
Firefox 17+ 1000
Chrome 24+ 2000

Metrics View

The Metrics View gadget visualises one or more Geneos dataviews in a single gadget. The dataview will visualise table and headline values, severities, snooze state, inactive state, and if a user has been assigned to a cell. The dataview will update in real time.

This gadget consists of two sections; a state tree style selector for choosing the dataview to focus on (left side), and the display when clicking on the dataview (right side).

The contents of the dataview tables are specific to the Netprobe plug-in that is the data source.

Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • Path - A Geneos XPath used to locate the dataview to display. This gadget will visualise all Dataviews that can be found under the specified paths. For example, if a path to a managed entity is supplied, all Dataviews existing under that managed entity will be displayed.

List View

The List View gadget visualises a set of dataitems returned from an XPath query, but is currently non-interactive The gadget will display an appropriate icon for each dataitem that matches the path. The icons reflect severity and snooze state, and update in real time.

This gadget can display a context menu that allows opening a managed entity in a parameterised montage. The menu can be opened by clicking and holding the mouse on a managed entity icon.

Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • Path - A Geneos XPath used to query for dataitems to visualise. This path should evaluate to one or more dataitems.

An error icon (with an error message on mouse-over) will be displayed if an invalid path or path that is included in the Open Access blacklist is entered. No error, however, will be shown for misspelled or non-existent entities.

../ImportedGeneosImages/listview_patherror.png

State Tree

The State Tree gadget provides a tree representation of Geneos dataitems, allowing users to drill down by severity. This gadget is similar to the the navigation tree in the Investigate page.

It is an interactive gadget, and users can expand or collapse sections of the tree to reveal or hide data. The icons’ colors reflect the severity of the underlying nodes.

When added to a parameterised montage, the gadget becomes a “driver” gadget. After selecting a node in the tree, all other gadgets on the Montage page will use the node’s path as a parameter. For other gadgets on the page to use this path, they need to have ”.” in the beginning of their path configuration (e.g., .//dataview).

Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • Path - A Geneos XPath used to determine the set of data to display. The path should resolve to a set of directories, probes, managed entities, samplers or dataview dataitems. The gadget will visualise the appropriate level of drill down.
  • Entity Attributes - A comma separated list of attributes used to order the logical view of the data. By default, the physical view of the data is displayed.

Treemap

The Treemap gadget shows nested managed entity attribute folders similar to the logical view in State Tree. It is an interactive gadget where users can drill up and down the folder hierarchy until the managed entity level.

The tiles’ colors reflect the severity of the underlying nodes, and a blue border around a tile indicates snoozed status. The name of an entity/folder is displayed on the tile if the width of the text is smaller than the width of the tile. When no text is displayed, the name of the managed entity is shown in a tooltip.

Drill down is performed by clicking on a rectangle, and drill up (or going back) is performed by clicking on the breadcrumb link at the top of the gadget. A click on a managed entity will show a context menu that lets users navigate to other montage pages or the Investigate page.

Configuration Options:
  • Title - The string displayed in the title of the gadget.

  • Path - A Geneos XPath used to determine the set of data to display. The path should resolve to a set of managed entities or dataview dataitems. The gadget will visualise the appropriate level of drill down. When the path resolves to a set of dataviews (e.g. //dataview), the gadget will show the Critical and Warning dataview count on each folder/entity.

  • Entity Attributes - A comma separated list of attributes used to order the logical view of the data.

  • Severity Style - Select how severity color is visualised in a treemap. Multiple boxes can be ticked to apply a combination of styles.
    • Text = Color of the text changes to reflect the severity. This is the default behavior.
    • Outline = Outline of the box changes color to reflect the severity. Note that snoozed items will always have an outline, even if this setting is not checked.
    • Fill = Box fill color changes to reflect the severity.

Line Chart

The Line Chart gadget provides a graphical line chart representation of Geneos data, plotting multiple data series on the y-axis against time on the x-axis. The charts are interactive with a zoom feature to scroll back through historic data and selectable data series which add and remove lines from the chart. It is possible to zoom in on an area of the chart by clicking and dragging the mouse.

  • Data Caching: When one user specifies a path that resolves to another series, data for this series will be cached on the server. This means if several users are subscribed to the same data series, the server only maintains one set of data for all of them with little strain on its resources.
  • Database Persistence: If a Gateway is logging a cell to a database, the server will automatically query the database for the historic chart data. Once the data is retrieved, it is cached (See Data Caching above), so subsequent requests for the same cell will not query the database. If MySQL database is used, the MySQL Connector/J JDBC driver needs to be downloaded and placed in the lib/ directory. It needs to be renamed to mysql-connector.jar.
Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • X-Axis - The string displayed along the x-axis of the gadget.
  • Y-Axis - The string displayed along the y-axis of the gadget.
  • Retention Duration - The duration (in minutes) of data to be persisted by the line chart.
  • Show Gridlines - Shows or hides the chart gridlines.
  • Show Legend - Shows or hides the legend from the chart.
  • Legend Position - Position of the legend. This can be combined with the Float Legend.
  • Float Legend - Sets the position of the legend. If checked, the legend will float over the chart. Otherwise, the legend will be rendered above the chart.
  • Series Name - Configures which names can be used as series name. Options include Entity, Dataview, Row and Column name, with corresponding checkboxes.
  • Path - Contains strings specifying the Geneos XPath corresponding to the data series from which the line chart data is taken. This path must resolve to a cell or a path containing multiple numeric cells. If a path resolves to multiple numeric cells, each cell will be represented in its own line. One or more data paths corresponding to a numeric data series can be specified to be displayed in the chart.

Pie Chart

The Pie Chart gadget provides a graphical pie chart representation of Geneos data, displaying the latest values of different data series in a segmented pie chart. The chart is capable of displaying both the latest values of the data series and their relative percentile against other data series included in the chart.

Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • Paths - Contains strings specifying the Geneos XPath corresponding to the data series from which the pie chart segment data is taken. This path must resolve to a cell or a path containing multiple numeric cells. If a path resolves to multiple numeric cells, all of the cells will be used as a segment in the pie chart. Two or more data paths can be specified to be displayed in the chart.

Note: It is recommended to use up to 15 slices only for this gadget. Going above this setting will slow down or crash the application.

Connections

The Connections gadget provides a visualisation of the set of Geneos Gateways to which the Web Montage server (via Open Access) is connected. The gadget visualises the connections as a table with one row per connection.

Table Legend:
  • Severity - The color represents the worst severity of the connected Gateway
  • Name - Gateway Name, as configured in Gateway setup
  • Host - Hostname or IP of machine where Gateway is running
  • Port - Gateway listen port
  • Status - Connection status (Connected, Error, Disabled)

This gadget is not configurable.

URL

The URL gadget allows the user to specify a URL to be rendered in the gadget. This allows a wide range of external web pages and information sources to be integrated with the product.

Configuration Options:
  • URL - A valid Uniform Resource Locator (URL) pointing to a web page or other online resource
  • Height - Height of the gadget in pixels. Note that the width of the gadget is determined by the overall layout configuration of the page.

The following variables can be used in URL gadget:

  • {xpath}
  • {gateway}
  • {probe}
  • {managedEntity}
../ImportedGeneosImages/url_gadget.png

HTML

The HTML gadget allows the user to input HTML to be rendered in the gadget. This allows the gadget to be used for a wide range of purposes (e.g., creating gadgets to be used as titles, fixed text or image-based gadgets of links to other pages).

This gadget does not support Javascript.

Configuration Options:
  • Title - The string displayed in the title of the gadget.
  • HTML - The text of the HTML page or snippet to be rendered. This is rendered directly by your browser, so any valid HTML expression can be used.

The following variables can be used in HTML gadget:

  • {xpath}
  • {gateway}
  • {probe}
  • {managedEntity}
../ImportedGeneosImages/html_gadget.png

Server Configuration

Run script options

Web Montage comes with a couple of scripts to run and maintain your Montage Server.

  • run - this user run script can be used to start Web Montage server. The script defines several variables:
    • GENEOSWS_BIN_HOME - can be modified to contain an absolute path to the web server installation directory. This is useful if you want to start the web server from a different directory.
    • GENEOSWS_HOME - can be set to contain an absolute path to the web server data directory (config/logs/user settings). Defaults to $HOME/.geneos/webservices.
  • geneosws - this script can be used to start Web Montage server as a service. This script would normally be copied to /etc/init.d directory. The following are the variables that must be changed in order for this script to work:
    • USERNAME - username that will own the web server process
    • GENEOSWS_BIN_HOME - absolute path to the directory containing the web server binary
    • GENEOSWS_HOME - absolute path to the web server data directory (config/logs/user settings). Defaults to $HOME/.geneos/webservices if not specified.

The following commands are supported:

service geneosws {start|stop|status|try-restart|restart|force-reload|reload}

start - launches web server in the background
stop - kills web server process
status - checks if web server is running
reload/restart/force-reload/try-restart - restarts web server process
								

This script is only known to work on Red Hat/CentOS version 5 and later.

Users and Roles

Web Montage requires the user to log in for access to Web Montage web interface. All users and their roles are configured in Open Access Cluster. It is also possible to integrate it with an active directory installation. Please see User Authentication.

Moreover, to allow anonymous access, disabling login requirement in Web Montage is done by editing <GENEOSWS_CONFIG_HOME>/security.xml:

<intercept-url pattern="/admin/**" access="hasPermission(request, admin)" /><intercept-url pattern="/favicon.ico" access="permitAll" /><intercept-url pattern="/**" access="permitAll" />

Enable SSL

Note: Gadgets occasionally do not load when using Firefox.

Web Montage can be configured to enable SSL for secure transport. The steps below will help you configure SSL between Web Montage server and your web browser. To enable SSL between Open Access cluster and Web Montage server, please refer to Open Access documentation.

Step 1: Edit config files

Edit <GENEOSWS_CONFIG_HOME>/system.properties and change the following settings:

webapp.ssl.port=8443
webapp.protocol=https

Edit <GENEOSWS_CONFIG_HOME>/http-server.xml and

Comment out section:

<bean id="Connector" class="org.eclipse.jetty.server.nio.SelectChannelConnector">         <property name="port" value="#{ systemProperties['webapp.port'] }" /></bean>
									

Uncomment section:

<bean id="SslConnector" class="org.eclipse.jetty.server.ssl.SslSocketConnector">                <property name="port" value="#{ systemProperties['webapp.ssl.port'] }" />    <property name="keystoreType" value="JCEKS" />    <property name="truststoreType" value="JCEKS" />    <property name="keystore" value="#{ systemProperties['GENEOSWS_CONFIG_HOME'] }/keystore.db" />    <property name="truststore" value="#{ systemProperties['GENEOSWS_CONFIG_HOME'] }/keystore.db" />    <property name="password" value="ab987c" />    <property name="trustPassword" value="ab987c" /></bean>
									

Step 2: Configure SSL Certificates

There are two ways to configure an SSL certificate on the server:

  • Generate a new self-signed certificate
  • Import an existing certificate for your domain name

Generate a self-signed SSL certificate:

Run ./util/ssl_util.sh from GENEOS_BIN_HOME directory and specify the hostname/ip address of the box. This will generate the certificate and add it to a keystore.

cd <GENEOS_BIN_HOME>./util/ssl_util.sh add <hostname_or_ip>

The script assumes that the Web Montage config directory is $HOME/.geneos/webservices/config. If your config is in another location, please update the script.

Restart your Web Montage server and verify that the certificate is being used by opening the following page: https://hostname_or_ip:8443/session. The browser will warn you that the SSL certificate is not trusted - this is expected behavior. Add an exclusion rule (or continue).

If the websocket connection fails in SSL mode, point your browser to https://<hostname_or_ip>:<websocket.port>/session and accept a security exception. Refresh the web application.

Import an existing certificate for your domain:

If the server running Web Montage has an existing SSL certificate issued by a Certificate Authority (CA), you will need to import that certificate and its private key into the server’s keystore.

  1. Convert your existing certificate and private key into PKCS12 format. Your certificate file needs to be called <hostname_or_ip>.cer.
cd <GENEOS_BIN_HOME>./util/ssl_util.sh convert <hostname_or_ip> <private_key_file>
  1. If your CA provides multiple intermediary certificates, you will need to combine them into a single file using the command:
cat my_cert.cer intermedate1.cer intermediate2.cer > hostname_or_ip.cer
  1. Import the newly converted certificate using the command and specify the Export Password from Step 1.
./util/ssl_util.sh import <hostname_or_ip> <export_password>

Windows Single Sign On

It is possible to bypass the login screen and automatically log on to Web Montage using your current Windows credentials. This feature uses Windows Authentication Framework or WAFFLE.

Requirements:

  • Web Montage version 3.0.21 and above.
  • Web Montage server must run on a Windows machine.
  • For existing Web Montage users upgrading to 3.0.21 or newer, they will need to use the security.xml file included in the config-templates folder of the new binary.

Note: You will need to update the security.xml file located in the montage configuration directory found in <USER>/.geneos/webservices/config folder.

Configuration

To enable Windows single sign on, add the entry point reference (entry-point-ref=”negotiateSecurityFilterEntryPoint”) inside the <http> tag in the security.xml file.

Single sign on enabled:

<http use-expressions="true" create-session="always" entry-point-ref="negotiateSecurityFilterEntryPoint">

Single sign on disabled:

<http use-expressions="true" create-session="always">

Browser Configuration

You will need to add the Web Montage’s URL (http://<host>:<port>) as a trusted site in the browser that you are going to use.

Internet Explorer: Ensure that Integrated Windows Authentication is enabled.

  • Go to Tools, Internet Options menu.
  • Click the Advanced tab.
  • Scroll down to Security.
  • Check Enable Integrated Windows Authentication.
  • Restart the browser.

Internet Explorer: The target website must be in the Intranet Zone.

  • Go to Tools, Internet Options menu.
  • Go to the Security tab and click the Local Intranet icon.
  • Click the Sites button.
  • Check Automatically detect intranet network.
  • Click the Advanced button.
  • Add Web Montage server URL to the list.

Chrome:

  • Go to browser settings (via menu or simply type chrome://settings/ in the url).
  • Under Show advanced settings... go to Network and click Change proxy settings...
  • Go to the Security tab and click the Local Intranet icon.
  • Click the Sites button.
  • Check Automatically detect intranet network.
  • Click the Advanced button.
  • Add Web Montage server URL to the list.

Firefox:

  • Type about:config in the address bar and hit enter.
  • Type network.negotiate-auth.trusted-uris in the Filter box.
  • Add Web Montage server URL to the list then click the Ok button.
  • Close the tab.

After setting up the security configuration and configuring the browser, it is time to test if single sign on works. To test, do the following:

  • Login to your Windows machine.
  • Open your configured browser.
  • Go to Web Montage URL.
  • The user should be automatically logged in Web Montage and the login page will not be shown.

Troubleshooting

The following is a list of possible reasons on why single sign on did not work:

  • Web Montage server is running on Linux.
  • User did not enable single sign on by adding the entry-point-ref to the <http> tag in the security.xml file.
  • Windows logged in user that is not within the Web Montage server’s domain.
  • Montage URL is not added to browser’s trusted sites.
  • A login prompt will appear asking for a valid Windows username and password if single sign on did not work.

Adding User Roles

The users and roles will be taken directly from the active directoy. Any users and their respective roles defined in the Open Access configuration file will not be used. This means that you can only add new roles via the active directory.

Migration Notes

User configuration files are located in the <USER>/.geneos/webservices/data/montage folder. All user data (Montage, Investigate and Overview page settings) will be saved here, but when single sign on is enabled, the active directory user’s configuration files will be saved inside another folder named after the domain name. For example, if the domain is MNL, the files will be saved in <USER>/.geneos/webservices/data/montage/mnl.

Therefore, if you are upgrading from an older version of montage and want to reuse existing active directory user’s montage configurations, you will need to copy those files inside the ‘domain’ folder so that they can be reused when enabling single sign on.

Enable JMX monitoring

To enable JMX Monitoring of Web Montage Server, uncomment the line starting with JMX_ARGS in the run script or in the service script.

Note: Default settings allow anonymous access to JMX, however authentication can be enabled as specified in the documentation http://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html

Migrating to Web Montage version 3.1.x

This is a guide on how to migrate to Web Montage version 3.1.x and up.

Note: The steps below are applicable only to Web Montage versions using Open Access (version 3.0.17 to 3.0.22).

Step 1: Backup configuration files

  1. Create a backup of existing .geneos/webservices/data directory.
  2. Delete existing .geneos folder.

Step 2: Download and Run new Montage

  1. Delete installation folder of old Web Montage version.
  2. Download Web Montage version 3.1.x and extract in desired directory.
  3. Run new montage. This will create a new .geneos folder in the home directory.

Step 3: Configure Montage

  1. Edit system.properties in .geneos/webservices/config directory to add the web server and open access connection details.
  2. Copy the contents of the backed up data folder and paste them into the newly created .geneos/webservices/data directory.

Step 4: Restart Montage

Setting up multiple Open Access clusters

To connect Web Montage to multiple open access clusters, comment out or remove openaccess.host and openaccess.port. Then add the clusters following this format: (X is the cluster number and Y is the seed node number. Both counters start at zero.)

openaccess.cluster.X.host.Y=<cluster X node Y host>openaccess.cluster.X.port.Y=<cluster X node Y port>openaccess.cluster.X.username=<cluster X username>openaccess.cluster.X.password=<cluster X password>

Example:

# Default password
openaccess.username=<default username>openaccess.password=<default password># Cluster 1
openaccess.cluster.0.host.0=<cluster 1 node 1 host>openaccess.cluster.0.port.0=<cluster 1 node 1 port>openaccess.cluster.0.host.1=<cluster 1 node 2 host>openaccess.cluster.0.port.1=<cluster 1 node 2 port>openaccess.cluster.0.username=<cluster 1 username>openaccess.cluster.0.password=<cluster 1 password># Cluster 2
openaccess.cluster.1.host.0=<cluster 2 node 1 host>openaccess.cluster.1.port.0=<cluster 2 node 1 port>openaccess.cluster.1.username=<cluster 2 username>openaccess.cluster.1.password=<cluster 2 password># Cluster 3
openaccess.cluster.2.host.0=<cluster 3 node 1 host>openaccess.cluster.2.port.0=<cluster 3 node 1 port>

Note: For multiclusters, the properties openaccess.cluster.X.username and openaccess.cluster.X.password are optional. If no cluster username or password are defined, the system will read the openaccess.username and openaccess.password properties.

Warning

For a user to be able to login to Web Montage that has been connected to multiple clusters, that user should be defined in all the openaccess clusters (Same username, password and role definition in all connected clusters). A user that is not defined in all clusters will not be able to login to Web Montage. This will be changed in future releases.


FAQ

1. Is Open Access Cluster required to run Web Montage?

Yes. All connections to Gateways and user permissions are channeled through Open Access Cluster.

2. Does Web Montage work in all versions of Open Access Cluster?

No. Web Montage will only work in Open Access 2.0.1 and newer.

3. Which platforms are supported?

Web Montage is a pure Java application, but it is supported on selected operating systems. Please see Geneos Compatibility Matrix for more information.

4. How do I authorise commands available to Web Montage users?

All connections to Gateways are channeled through Open Access. The commands available through Open Access depend on Gateway level authorisation. On the Gateway side, it is possible to configure each Gateway user with fine-grained permissions on commands. If the Gateway user cannot see or execute the command, the Open Access cluster that connects using the same Gateway username cannot either.

On the Open Access side, it is currently not possible to configure each Open Access user with fine-grained permissions on commands made available by Gateway. As a result, all Open Access users will have the same permissions on commands. However, Open Access allows you to configure data level permissions to control which data is visible to its users.