Versions Compared

Old Version 78

changes.mady.by.user Naiming Shen

Saved on

compared with

New Version Current

changes.mady.by.user Naiming Shen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Yes if the controller policy allows it. EVE software has the 'ConfigItem' configuration for installing user's SSH public key, the 'sshd' currently listens on '0.0.0.0:22'; but later on it can be changed to listen only on '127.0.0.1:22' and dynamically sets up a non-root user to be more secure. Assume the user's laptop has the SSH private key, the user sets up the EdgeView command 'tcp/localhost:22' in one terminal, and opens another terminal to enter the SSH session by issuing "ssh -i <my-ssh-private-key> root@localhost -p 9001".

16) How to use WireShark on remote EVE device interfaces

You can run WireShark application on your laptop and capture packets through it to remote EVE devices. Need to run later versions of WireShark, version 3+.

First SSH needs to be enabled on your remote EVE device (upload through the EVE configure items with your SSH public key).

Launch the EdgeView with command 'tcp/localhost:22', which normally maps the channel into port 9001 locally.

In WireShark user interface (taking example of macOS), in the 'Capture' section, there is a pull-down menu, to select 'External Capture'. The page should have a list underneath with a 'setup' icon and 'SSH remote capture: sshdump' line. Click on this 'setup' icon at the left of the line. The 'Wireshark - Interface Options: SSH remote capture: sshdump' window is popped up. Configure three items:

  • Server: Remote SSH server address: 127.0.0.1; Remote SSH server port: 9001
  • Authentication: Remote SSH server username: root; Path to SSH private Key: browse and select your private key file, or do nothing if the private key is your laptop's '~/.ssh/rsa_id' file.
  • Capture: Remote interface: type in the name of the remote EVE device interface name, e.g. 'eth0', 'bn1' or 'nbu3x2'.

You can hit the 'Capture' button on the WireShark to start collect packets, optionally define the filters you need.

17) How to log into a remote application

Before the user tries to log into the application, some application related information needs to be gathered, for instance the VNC port number, application IP address and service port numbers. Edgeview 'tcp' command can be entered for different cases. For VNC, it will be 'tcp/localhost:<590x>' which the 'x' is the VNC display number for the application. Then launch a VNC client application on the laptop with "localhost:9001' as the VNC server endpoint; for SSH (assume the application has the SSH daemon running), the command will be 'tcp/<application-intf-ip>:22'. Then open another terminal window, and issue e.g. "ssh username@localhost -i 9001". In both examples, we assume the local port for TCP is 9001.

...

18) Can I use VNC or RDP

Yes. For using VNC to application console, see above section 'How to log into a remote application'. For RDP, enable the RDP service on the window application and find the application's interface IP address, using the EdgeView command 'tcp/<app-intf-ip>:3389' in one terminal, then launch the window RDP client to "localhost:9001" to connect.

...

19) Can web browser be used over EdgeView

Yes, the EdgeView TCP channel can be used to bridge the browser application on the user's laptop and the remote applications on the device side. For instance, an application with an interface IP address of 10.1.0.135 has a service on port 8080, EdgeView command can specify: 'tcp/10.1.0.135:8080' to launch the channel, and use the browser to point to url 'http://localhost:9001/<path-to-service>'.

...

20) Will EdgeView work for HTTPs or TLS services with remote applications

The normal EdgeView TCP relay will have problems supporting HTTPs or TLS protocols, since the source and destination IP addresses are changed and the Certificate content will not find a match. EdgeView supports the special TCP channel method using the proxy mechanism which can be used to support the HTTPs or TLS. EdgeView treats the user laptop and remote EVE device as a combined 'virtual proxy server'. The client application points to the proxy IP and port to the laptop (e.g. localhost:9001) and the proxy conversion is performed at the remote EVE device, since the device has access to the remote application's routing domain. To start EdgeView proxy, run the 'tcp/proxy' command on the laptop, then another client application (for instance a web browser) points to the laptop as its proxy server just as in a normal proxy service setting. For the details of proxy operation, see Proxy Command.

...

21) Does remote application need to be on EVE devices for EdgeView access

TBD

...

22) Why log-search if device log is already uploaded to the controller

Some logs are only present on the device and not uploaded to the controller side. For example, if the application on the device has the setting of 'not send logs'. Even if the logs are sent to the controller, the users of the enterprise may not have direct access to them. EdgeView offers the users some simple queries for the log entries on the device.

...

23) Is application port mapping still needed

If the device applications have the need of internal connection (not on the Internet) for machine-to-machine communication, then the port mapping is still needed.

...

24) How to get 'Show TechSupport' while the device fails to onboard

Yes, it is possible to get a compressed 'techsupport' file while the device has not onboarded yet. For the detailed steps, see Show TechSupport before Device Onboarding.

...

25) Does the EdgeView Client script run on MacOS and Window

Yes. The generated EdgeView client script will run on MacOS, assuming the docker client has been installed on the MacOS. It will run also on Windows OS if the Docker Desktop for Windows and WSL 2 is installed (e.g. with Ubuntu distro).

If the user laptop only runs WSL 1, then the EdgeView Client script needs to be simply converted into Window style script.

...

26) Is EdgeView Container built into EVE image

Yes, in current EVE OS releases. In future, EVE OS may decide to decouple the EVE image and some of the containers. The EdgeView container can then be dynamically downloaded into the EVE device when the EdgeView session is provisioned from the controller. In some cases it can have the chicken and egg situation, for example in order to troubleshoot the problem on the EVE device we need to use Edgeview, and due to those issues the EdgeView container can not be downloaded dynamically.

...

27) What does Multi-Instance EdgeView do

It allows multiple users to access the same remote EVE device or for different applications simultaneously. In the multi-instance case, the users share the same client script for EdgeView but supply an unique 'instance-id' when issuing the EdgeView commands.