Analyzing data with filters from the GigaStor Control Panel...................... 36 Analyzing data by combining GigaStor Control Panel and Observer filters................37 Analyzing multiple GigaStor probe instances from one GigaStor Control Panel..............37 Chapter 7: Stream Reconstruction..........................39 Reconstructing streams of HTTP, VoIP, and more..........................39 Defining what can be recreated in Stream Reconstruction......................39...
Page 3
How to extract VoIP and video calls from your GigaStor......................40 How to analyze 4G LTE traffic from your GigaStor..........................41 Analyzing 4G LTE traffic..................................... 42 Chapter 8: Forensic Analysis............................44 Examining your network traffic with forensic analysis........................44 Importing Snort rules....................................44 Analyzing packets using Snort rules..............................
Page 4
Troubleshooting your GigaStor configuration............................91 GigaStor Control Panel option is grayed out............................ 91 GigaStor is full or does not have the history you expect......................91 TCP applications are not appearing in the GigaStor Control Panel..................91 Loading decodes in the Observer analyzer is slow.........................91 A RAID array drive is failing or has failed............................91...
Follow these steps to get started with your GigaStor. The installation happens in two main parts. The first part is at the GigaStor probe in the server room. The second part continues at a desk using the Observer analyzer to connect to the GigaStor probe.
7. Set the adapter speed for the active instance. See . 8. The purpose of a GigaStor probe is to capture and store large amounts of data. By default the GigaStor is not set to capture any data. It must be enabled. To do that, you must have the GigaStor capture running. See Configuring probes to collect data even when not connected to an analyzer.
Connection Dynamics. After the GigaStor probe is up and running on the network, you can use an Observer analyzer to view captures from the probe. In the Observeryou use a special section of the analyzer called the GigaStor Control Panel. The...
Analysis and decode tools focused on just your area of interest. Non-GigaStor-specific settings The GigaStor Control Panel is a portion of the Observer analyzer. Some settings in the Observer analyzer affect the GigaStor. Some things you may want to configure in Observer include: Discovering host names so that GigaStor resolves and uses host names.
Discovery section in the Observer User Guide. The default settings for the Observer analyzer is to not be aware of TCP connections that were opened after the GigaStor or packet capture started. You can change this default setting. Mine some data from the GigaStor. See Analyzing data without any filters (page 35).
Page 11
MAC Stations, IP Pairs, IP Addresses, TCP Applications, UDP Applications, VLANs, MPLS, and Physical Ports. These options are for controlling statistical display only. All packets that the GigaStor sees are written to disk and is available for analyzing using the “Analyze” button.
GigaStor reports Tip! The reports in the GigaStor Control Panel share the many of the same options and configurations as reports available in Observer Suite. There are several default reports available for you. 1. Choose Capture > GigaStor Control Panel.
Otherwise the conversation is not listed. If you try to analyze data prior to the time that this option was enabled, you will not see this data. Data must be collected with this option enabled for GigaStor reports to present the data correctly using the update reports button.
3. Click the Subnet tab. 4. Use the Add, Delete, Modify, and Delete All buttons to configure the subnet settings for the GigaStor. When you define subnets in the GigaStor Control Panel, the Observer analyzer adds that subnet information to its index files.
Inadequate memory allocation to GigaStor collection can affect performance and result in dropped packets during high load periods. A GigaStor Instance can be as large as the physical memory installed on your system after subtracting the memory dedicated to Windows and other probe instances.
Page 16
Observer analyzer displays captured NetFlow records and what the NetFlow templates format is for that record. See the Cisco documentation for details about the NetFlow records, templates, and formats. Figure 3: NetFlow template and records 16 | GigaStor™ (pub. 25.Apr.2014)
A probe is a hardware device on your network running Network Instruments probe instance software. Each hardware probe has at least one probe instance that captures packets from your network to analyze. The probe hardware device could be an appliance purchased from Network Instruments or you could install the probe software on your own hardware.
What is a probe instance? Observer has only one kind of probe instance: the probe instance. If you have a GigaStor then you have two special probe instance types available to you: the active probe instance and the passive probe instance.
Page 19
You can reserve more memory for passive probe instances if you wish. With a GigaStor you have the option of which NIC to bind the passive probe instance. Do not bind any passive probe instances to the Gen2 adapter if at all possible. A copy of all packets is sent from the adapter to every passive probe instance attached to it.
SPAN/mirror port on a switch. The Observer software can handle fast network speeds (including 40 Gigabit), but it is the network adapter that is the bottleneck on home-grown systems. Network Instruments uses a custom-designed network adapter removing the bottleneck in our probes. These levels of software probes are available: Single probe—Single probes have only one probe instance and it is not user-configurable.
Page 21
Expert probe—Expert probes are the same as a Multi probe except that they have local expert analysis and decode capabilities in the probe that allows for remote decoding and expert analysis in real time. The Expert probe software comes pre-installed on most hardware probes from Network Instruments. Hardware >...
3) Only available on hardware probes from Network Instruments. 4) Decoding and expert analysis are performed by the probe and a summary is sent to the Observer analyzer reducing network bandwidth use. 5) Application Performance Analysis and Application Transaction Analysis. Applications are generally OSI Layer7 applications like HTTP, FTP, RTSP, SMB, and so on.
Chapter 4: Deploying Probes in your Network Deploying probes in your network You need visibility into every corner of the network, from the edge to the core. A distributed analysis solution can provide the coverage you need, but where should you deploy probes for maximum visibility at minimum cost? Because every network is different, the examples shown may not look like your network, but the concepts demonstrated will be applicable to most situations.
It would require placing a TAP on every link to each switch. Fortunately, you need only place probes where the traffic is significant enough to warrant the expense, and a lot of traffic is not that critical. 24 | GigaStor™ (pub. 25.Apr.2014)
Page 25
Ultimately, where to deploy probes depends on the design of your particular network and where you require visibility. A probe only shows your analyzer the data that is visible to that probe. An Ethernet Probe's visibility, for example, is limited to what a particular switch's SPAN/mirror port can deliver. A specialized hardware probe connected through a TAP sees only the traffic traversing that link.
Ports used by Network Instruments products Firewalls are necessary for any network. These specific ports must be open to allow Network Instruments products can communicate with each other. Network Instruments generally recommends that you open inbound and outbound TCP/UDP 25901 through 25905 on your firewalls for its products.
GigaStor probe indexes the data. You use theGigaStor Control Panel within the Observer analyzer to manage the capture, indexing, and storage of large numbers of packets over long periods of time. While the GigaStor Control Panel is active, standard packet captures are unavailable for that probe instance. You cannot run the two types of captures simultaneously.
Multiple time intervals are configurable, per day, if the times do not conflict. 5. In the Reserve scheduling for section, select GigaStor and click OK. You may receive a notice about scheduling reservation. If you do, click Yes to change the scheduling.
If, for example, you have the ratio set to 1, you are telling the GigaStor to sample every single packet that it sees. This has a potential negative side effect—especially in very high traffic conditions—because there could be a significant impact on...
Page 30
Indexing is an important part of how the GigaStor is able to be as efficient as it is. A brief synopsis of indexing in the GigaStor is this: All captured packets are written to disk. None of the settings in the GigaStor Control Panel control what is written to disk in any way.
If a packet is being analyzed by Network Trending at the time the GigaStor wants to analyze the packet, the GigaStor skips the packet and goes to the next packet. The packet is written to disk, it is just not indexed.
Mining data from your GigaStor Retrieving data from GigaStor and analyzing it is a primary function of the GigaStor Control Panel. You can use the information in the packet capture to identify numerous network conditions. By using filters and a specific analysis type, you can hone in on the exact information you want.
Page 33
This option… Allow you to do this… IP Stations, IP Pairs or any of the other tabs in the GigaStor Control Panel. See Analyzing data by combining GigaStor Control Panel and Observer filters (page 4G LTE Device by IMSI Takes all packets in the selected time from on the Detail Chart and allows you to choose the Device IMSI and whether control plane and user plane packets are included in the analysis.
Page 34
Analyzes the selected time frame for any microbursts (as defined in the Microburst Analysis Settings dialog) and displays the results in the Microburst Analysis tab of the GigaStor Control Panel. This is an easier way to find microbursts across a much longer time frame than using the Detail Chart where the longest time frame that can be analyzed is 15 minutes.
Selecting a time frame to analyze The GigaStor Control Panel has two graphs along the top: a Detail Chart and below it a Outline Chart. The Detail chart shows a shorter time frame. The Outline Chart shows a longer time frame with the Detail Chart being a portion of time from within Outline Chart.
You may want to filter the data that is shown on the Detail Graph. You can do so with the filters section of the GigaStor Control Panel. You can filter data from MAC Stations tab, IP Stations tab, IP Pairs tab, and more.
Analyzing data by combining GigaStor Control Panel and Observer filters If you chose “Create analysis filter using checked GigaStor entries” and do not have any data or do not have the data you expected, it may be because you applied too many filters. Try the “Analyze all traffic in the analysis interval”...
Page 38
3. Click Select GigaStors for Combined Indexing. 4. Choose two or more probe instances and click Apply. If a particular GigaStor probe instance is not listed, ensure the GigaStor Control Panel for that instance is open and try again. 5. Click Update Reports to start combining index data.
Stream reconstruction (including VoIP) is illegal in some jurisdictions and may be disabled by Network Instrumentsto comply with those laws. For security or privacy reasons or because of company policy, you may need to limit what the GigaStor probe can recreate through its stream reconstruction feature.
5. Choose whether to limit stream reconstruction by specific subnets. How to extract VoIP and video calls from your GigaStor VoIP and videoconferencing calls can be extracted from a GigaStor if you know the approximate time the events occurred. Prerequisite(s): ...
Your LTE environment likely has hundreds or thousands of matrix switches. It is impractical to monitor all of them simultaneously. Most likely, you are likely using the GigaStor as a reactive tool to subscriber complaints. After connecting the matrix switch to the GigaStor and collecting LTE traffic, you can analyze it to determine the problem.
Adds the date to the analysis output. 6. Click OK to save your settings. 7. Click OK to search the GigaStor for the 4G LTE traffic. Analyzing 4G LTE traffic By viewing the link between signaling and sessions on the data and user planes or by viewing detailed information on each session, including subscriber, service area, cell site, network element, handset type, error codes and session status, you will have excellent insight into your LTE network status.
Page 43
Figure 8: Basic LTE infrastructure A GigaStor probe can capture and track all of a device's network traffic in your LTE environment after the device connects to an eNodeB. You can get comprehensive subscriber analysis as well as have a logical workflow for problem resolution.
Network forensics is the idea of being able to resolve network problems through captured network traffic. Previous methods of network forensics required you to be able to recreate the problem. Using the GigaStor you do not have to recreate the problem — you already have the captured packets. Instead of reacting to a problem, you can use network forensics to proactively solve problems.
(page 44). 1. In Observer, choose Capture > GigaStor Control Panel > Forensic Analysis. 2. Right-click anywhere on the Forensic Analysis tab and choose Analyze from the menu. applies the rules and filters to the capture data and displays the results in the Forensics Summary tab. A new tab is also opened that contains the decode.
Page 46
Forensic Analysis Summary window. If logging is enabled, all reassembly activity is displayed in the Forensics Log (but not displayed in the Forensic Analysis Summary). 1. In Observer, choose Capture > GigaStor Control Panel > Forensic Analysis tab. 2. Right-click anywhere on the Forensic Analysis tab and choose Forensic Settings from the menu. The Select Forensic Analysis Profile window opens.
Page 47
Field Description BSD=AIX, FreeBSD, HP-UX B.10.20, IRIX, IRIX64, NCD Thin Clients, OpenVMS, OS/2, OSF1, SunOS 4.1.4, Tru64 Unix, VAX/VMS Last data in=Cisco IOS BSD-right=HP JetDirect (printer) First data in=HP-UX 11.00, MacOS, SunOS 5.5.1 through 5.8 Linux=Linux, OpenBSD Solaris=Solaris Windows=Windows (95/98/NT4/W2K/XP) Refer to http://www.snort.org for more detailed version-specific information.
Page 48
(and a common hacker trick), logging occurrences of this is recommended. Normalize UTF-8 encodings—Convert UTF-8 encoded characters to standard format. The second check box allows you to enable logging when such encoding 48 | GigaStor™ (pub. 25.Apr.2014)
Page 49
Field Description is encountered during preprocessing. Because Apache uses this standard, enable this option when monitoring Apache servers. Although you might be interested in logging UTF-8 encoded URIs, doing so can result in a lot of noise because this type of encoding is common. Lookup Unicode in code page—Enables Unicode codepoint mapping during pre- processing to handle non-ASCII codepoints that the IIS server accepts.
1. Isolate the time frame over the weekend where you noticed the attacks against your DMZ. Collect all of the internal activity over the next few days. Select the time in the Detail Chart of the GigaStor Control Panel from where you noticed the attacks and the next few days.
Page 51
5. Analyze the data using one of the options described in Mining data from your GigaStor. This opens your data in the Decode tab in the Observer analyzer. 6. Assuming the data is HTTP, select a packet in the Decode tab and right-click. Choose TCP Dump (HTTP) from the menu.
(perhaps millisecond). Adding additional switches or load-balancers to your network are a couple of possible solutions. This way the link will never be 1) Information Week, April 21, 2007. 52 | GigaStor™ (pub. 25.Apr.2014)
1. Select the probe instance and then choose Capture > GigaStor Control Panel. 2. Click the Microburst Analysis tab. 3. Highlight the data in the Detail Chart you want to analyze for microbursts and click Analyze. The GigaStor Analysis Options screen opens.
5. Define what a microburst is for your network and click OK. The results appear in the Microburst Analysis tab. For details, see Duration, Utilization threshold, and Full duplex. It may take a moment for the GigaStor Control Panel to process the data and display the results.
Page 55
many chunks of time are theoretically possible. See Table 5 (page 56) for examples of how changing the interval may affect the Detail Chart. Duration: The duration is length of time over which the burst is calculated. It must contain two or more packets (or partial packets) to be counted as a microburst.
Page 56
Frame size is 1514, Frame bits are 12,304, Capture adapter speed is 1 Gb, and Network utilization is 50%. 2) Duration is 1 millisecond. 3) Microburst Utilization threshold is 50%. 4) Interval is 10 milliseconds. 5) Microburst Utilization. 56 | GigaStor™ (pub. 25.Apr.2014)
GigaStor Outline This tab lets you choose the appearance, colors, and scale of the Outline Chart. The Outline chart is the bottom graph in the upper portion of the GigaStor Control Panel. 1. Choose Capture > GigaStor Control Panel. 2. Click the Settings button.
Observer tracks and makes many statistics available to you. You can control how those statistics are displayed for your GigaStor. This tab lets you customize how MAC address, IP address, IP Pair, and port information are displayed in the various constraint tab statistical listings.
Chapter 11: GigaStor in a Financial Firm Using Observer in financial firms In an environment where even nanoseconds matter, a GigaStor allows you to identify when an anomaly in your network occurs and alerts you to it so that you can resolve it quickly.
The GigaStor probe provides you access to it. Use the FIX Analysis tab in the GigaStor Control Panel to highlight only FIX data and to select of the timeframe in question. The capability to filter on a trade by order ID for further analysis or to validate a specific transaction can be accomplished from this point.
Figure 10: FIX Analysis Outside of the GigaStor Control Panel, these other areas may be valuable for you when you are analyzing FIX transactions: Decode and Analysis in Observer—Allows you to decode and analyze the raw FIX information and presents it in an easy to read format. In the Decode and Analysis tab you can use filters and do post- capture analysis on specific FIX transactions that have issues.
Page 62
Use this button to rename, add a new, or delete a profile. If you have numerous GigaStor probes where you want to use the same FIX analysis options, modify or create the profiles on one system, export them, and import them into the other GigaStor probes.
There is very little that must be done with the RAID other than to install the drives and, if you wish, monitor the drives in the RAID array. Note: If your GigaStor RAID has more than 256 TB, see for information about improving the performance of the array. To maintain your GigaStor, you may want to Get e-mail notifications if a drive in the RAID array is failing.
Page 64
4. Along the left, click System Controls to expand the list and click Alert By Mail Config. This opens the page for you to add your contact information. 5. Complete the page with the details for your SMTP server and users to be notified. 64 | GigaStor™ (pub. 25.Apr.2014)
As the GigaStor RAID array is filled and refilled, disk fragmentation can occur over time. Rather than running a time-consuming system-level disk fragmentation utility, you can automatically delete all of the data files that store probe instance data.
Page 66
To clean the GigaStor RAID array: 1. Select the active probe instance and then choose Capture > GigaStor Control Panel. You cannot clean the array from a passive probe instance. 2. Choose Tools > Delete All Instance Capture Data. Figure 13: Delete All Instance Capture Data...
Chapter 13: Understanding how a Probe Uses RAM How a probe uses RAM A Windows computer uses Random Access Memory (RAM) as a form of temporary data storage. Windows separates all available memory into three sections: protected memory, user memory, and reserved memory. An Observer probe, depending on how it is configured, uses these types of memory differently.
There are two kinds of buffers that a probe uses to store data in real-time: capture buffers and statistical buffers. The capture buffer stores the raw data captured from the network while the statistical buffer stores data entries that are snapshots of a given statistical data point. 68 | GigaStor™ (pub. 25.Apr.2014)
RAM to reserve for the probe instance when doing a packet capture. (This formula does not apply when doing a GigaStor capture to disk. It is only for probe instances doing packet captures.)
Page 70
Observer to be configured for your system. This section does not apply to the GigaStor or other hardware products from Network Instruments. They are properly configured at the factory.
Caution! Never change the reserved memory settings of Network Instruments hardware unless Network Instruments instructs you do so. Reserved memory settings should only be modified on non-Network Instruments hardware, such as a desktop computer running an Observer analyzer. Although your requirements are unique, there are some general recommendations where the system is dedicated to Observer :For 64-bit, reserve all memory above 4 GB for Observer and for 32-bit, reserve all memory above 400 MB for Observer.
The Network Trending Files receive data from the statistics queue buffer through the NI trending service, where they are written to disk. The following steps occur only if you are writing the data to disk through a packet capture to disk or a GigaStor capture.
These are just recommendations and may be changed or modified for your circumstances. If you are using a GigaStor, read this section, but also be sure to consider the information Recommendations for the Gen2 capture cards (page 74).
Tweaking the statistics memory configuration There are two kinds of buffers that a probe instance uses to store data in real-time: a capture buffer and a statistical buffer. The capture buffer stores raw data captured from the network; the statistical buffer stores statistical entries and nothing more.
Gen2 capture card The Gen2 card is designed and manufactured by Network Instruments and is optimized for the GigaStor probe. The Gen2 card comes in two, four, eight, and twelve port models for 1 Gb and 10 Gb speeds. The 40 Gb Gen2...
Note: All packets captured by the probe are time stamped immediately as it is seen by the capture card interface and then passed to the capture buffer. This ensures the most accurate timestamp. Installing the Gen2 card’s SFP, QSFP or XFP interfaces To connect the probe to a monitoring interface (TAP or SPAN/mirror) different from that shipped with the unit, simply obtain the necessary SFP for your application, remove the installed SFPs, and insert the desired interface.
Page 78
1. Right-click the Gen2-equipped probe from Observer’s probe list and choose Probe or Device Properties from the menu. You can tell the probe is a GigaStor probe because (Gigabit) appears after the probe name. 2. Click the Virtual Adapters tab and click Edit Adapter. By default all of the ports are assigned to the adapter.
(such as SFP activity, link spee, autonegotiation) actually is happening. To retrieve the board’s ID or view the Gen2 card’s properties: 1. On the GigaStor system, choose Start > All Programs > Accessories > Windows Explorer. Choose My Computer and right-click and choose Manage. The Computer Management window opens.
Setting the cable length for the GPS System For GigaStor probes with the Gen2 card, you must define the length of cable between the GPS System and the GigaStor probe. Adjustments are made to the timings based on cable length.
8. Click the Advanced Settings tab. Select your GPS Cable Length. This is the cable length from the GPS Synchronization System to your GigaStor probe. It is not the cable length for the GPS antenna. Click OK. Your GigaStor probe will now use GPS accurate timing for its captures.
Observer on a different system and see if you experience the same problem. This does not mean that you will not be able to use Observer on the desired system. It may give you some insight into the problem that you are having. 84 | GigaStor™ (pub. 25.Apr.2014)
Ports firewall and the traffic is actually passing through it. Observer uses these ports to communicate with the probe. See Ports used by Network Instruments products (page 26). Check any local system firewall as well as any network firewall. See also the information in Suspected NAT or VPN issues (page 89).
Causes: Default driver settings for the card are incorrect. You must update the driver and then disable the “Offload Transmit TCP Checksum” option. Solutions: Upgrade the driver for the integrated network adapter to the Network Instruments/Intel Pro 1000 adapter driver. This driver is located in the:\<Observer installation directory>\Drivers \IntelPro1000 directory.
“No VLAN” shown while using a Gigabit NIC Symptoms: “No VLAN” is displayed in VLAN Statistics and/or no 802.1Q tag information is shown in your decode. The network adapter you use to capture traffic is a Gigabit NIC. Causes: Observer is not seeing the 802.1Q tag on packets being captured. This is sometimes caused by your switch not sending tagged packets to Observer.
“SwitchPort1.“ The IP based statistical modes (Internet Observer, Top Talkers – IP (by IP Address) still show you statistics calculated from individual stations by their IP address. But MAC-based statistical modes (Pairs Statistics Matrix, 88 | GigaStor™ (pub. 25.Apr.2014)
If you use network address translation (NAT) in your environment, you must make some configuration changes in Observer. Using the TCP/IP port information in Ports used by Network Instruments products (page 26), you should be able to set up the NAT properly.
Console(config-if)# no speed nonegotiate Ports used by Network Instruments products Firewalls are necessary for any network. These specific ports must be open to allow Network Instruments products can communicate with each other. Network Instruments generally recommends that you open inbound and outbound TCP/UDP 25901 through 25905 on your firewalls for its products.
TCP applications are not appearing in the GigaStor Control Panel If the GigaStor Control Panel is not displaying all of the applications you expect to see, ensure the “Limit to ports defined in Protocol Definitions” in Settings >General is unchecked.
Page 92
If a second drive fails during the rebuild, the array is broken and must be recreated. Your packet captures are available on a GigaStor running in a degraded mode, but are lost on a GigaStor with two bad drives at the same time (and also if the second drive fails during the time the first drive is rebuilding).
Use this button to rename, add a new, or delete a profile. If you have numerous GigaStor probes where you want to use the same FIX analysis options, modify or create the profiles on one system, export them, and import them into the other GigaStor probes.
Observer to export the data. Part of what makes the GigaStor searches so quick is that the data is indexed. Any data that is exported to a file is saved, but unindexed. The data remains in the indexed GigaStor file until it is overwritten. The exported data is always available and means you will still have access to the saved packet data, but you must load the capture file into the analyzer before you can search it.
How to restore a GigaStor probe to factory settings Restoring a GigaStor to factory settings is usually a last resort when all other methods to correct the issue have failed and should only be done under the direction of Network Instruments Technical Support.
Page 96
GigaStor Restore USB drive to the serial number of the GigaStor. You can locate a GigaStor serial number on the back of each unit or on the door. If you have more than one GigaStor, you must ensure each GigaStor is restored only with the GigaStor Restore USB drive having a matching serial number for that GigaStor.
Page 97
The system restore is complete. Both the GigaStor probe software and Window operating system are already licensed. That information was included on the USB drive. You can begin using the probe. Type your login credentials after the system boots. The default password is admin.
1. Take the probe and all other components out of their packing materials. 2. Install the rail kits. See How to install the Network Instruments rail kits. 3. Attach the rail to the rack in your cabinet. Instructions for installing the rail kits are provided in the rail kit box.
Page 99
6. Install the drives into your GigaStor Upgradeable 5U probe. The RAID is pre-built and each drive must be installed in a very specific location. To install a drive, slide the drive in until it clicks firmly in place. See Installing the drives in your GigaStor for details.
6. Insert the empty appliance, then install any hard drives. Caution! GigaStor appliances can be very heavy (up to 120 pounds/55 kg)! For your safety, do not install a fully loaded GigaStor system into your cabinet. Instead, install the appliance in the rails while it is empty and then insert any RAID hard drives.
Page 101
Caution! Do not lean or put any extra weight on a GigaStor while it is in the cabinet! There are locking mechanisms along both sides of the appliance that prevent it from inadvertantly sliding out. Pull the appliance towards you, then press down on each locking mechanism to release. Be very careful! ...
Stickers on each drive identify which slot it should be installed in. The drive labeled A1 must be installed in the upper left slot of the GigaStor. 1. Make sure that the GigaStor is turned off. 2. Locate the drives that comprise the array. The drives are labeled to show you where they should be installed in the drive cage.
Figure 27: GigaStor 5U front 3. To install a drive, slide the drive in until it clicks firmly in place. Repeat until all of the drives are firmly installed as labeled. To install the bottom row of drives, the door may need be hanging down or completely level.
IP address is 192.168.1.10. 2. Turn on the system. For some probes, such as the GigaStor Upgradeable 5U, you may need to ensure the power switch is in the “on” position on the back of the probe. Then on the front of the probe, press the power button until the system starts to turn on.
Page 105
Figure 28: Default TCP/IP settings 6. Set the IP address, subnet mask, gateway, and DNS server for your environment and click OK. Click OK again to close the Local Area Connection Properties dialog. Close the Network Connections window. 7. Right-click the Probe Service Configuration Applet in the system tray and choose Open Probe Configuration. Figure 29: Probe Service Configuration Applet 8.
1. Ensure the Lights out Management port is connected to your network using a straight-through Ethernet cable. A crossover cable will not work. 2. When starting your probe, press Delete during POST to enter the BIOS setup. If you are using a GigaStor, wait for the RAID to initialize, which may take a moment.
Lockable security panel that prevents access to the media drives and system controls. Two keys are provided. Contact Network Instruments for additional keys, which are available for a small charge. Front panel LED Temperature alarms that warn you when temperatures inside the case are reaching levels that may damage the probe hardware.
Page 108
USB slot for USB key (dongle). Operating System Drive Removable hard drive with the operating system. Power, OS, and drive The Power light is on whenever the GigaStor unit is on. lights The operating system light blinks whenever there is activity on the OS drive.
Page 109
Web-based management Graceful power shutdown, startup, and reboot Pager and email alerts Lights Out Capability Manage, monitor and control the GigaStor remotely using an intuitive web-based interface via the IPMI (Intelligent Platform Management Interface) v1.5 / 2.0 with KVM support. Dimensions 5U 19-inch rack-mountable appliance 16.84 in (W) x 8.72 in (H) x 26.08 in (mounting depth)