The System Menu

The System menu provides several information about the Connect Switchboard and its status, and allows to define the network setup and some access modalities (e.g., via SSH or for the Endian support).

The sub-menu on the left-hand side contains the following items, which allow for some basic administration tasks and to monitor the running activities of the Connect Switchboard.

  • Settings–various settings related to common items used throughout the GUI

  • Event Notifications–set up of notification via e-mail or SMS

  • Support–support request form

  • Updates–management of system updates

  • Endian Network–Endian Network registration information

  • Users–add GUI users

  • Web console–a console shell on the browser

  • SSH access–enable/configure SSH access to the Connect Switchboard

  • Backup–backup or restore Connect Switchboard settings as well as reset to factory defaults

  • Shutdown–shutdown or reboot the Connect Switchboard

  • License Agreement–a copy of the User License Agreement

The remainder of this section will describe the various parts that compose the System menu items.

Settings

This page contains settings that are used in other parts of EMI. The configuration options available here were spread across different other pages in the GUI.

Device name

Here it is possible to modify the name of the Connect Switchboard.

Hostname

The hostname of the Connect Switchboard.

Display hostname in window title.

When activated by ticking the checkbox, this option displays the hostname of the Connect Switchboard in the browser’s window title,

Hint

The hostname is set during the Configuration Wizard and can be changed by either a factory reset, of from the CLI using the netwizard command.

Domain name

The name of the local domain of which the Connect Switchboard will be part.

Localization

This page contains options about the language and the time zone.

Select your language

Select from the drop-down menu which language to be used for the web interface (including section names, labels, and so on).

Hint

Supported languages are: English, German, Italian, Simplified Chinese, Japanese, Portuguese, Russian, Spanish, and Turkish.

Timezone

The timezone is normally selected during the initial setup, but it can be changed by choosing a new one from the drop-down menu.

Adjust time manually

In this panel there is the possibility to manually change the system time. While this is usually not recommended or not necessary, this action is the only possibility to synchronise the system clock when it is way off the real time.

Indeed, automatic synchronisation using time servers is not done instantly, but the clock is slowed down or sped up a bit to recover and align to the correct time. If however the discrepancy between the system clock and the time servers is significantly large, the ntp daemon will not be able to recover. Therefore, manual synchronisation represents the only solution to immediately correct and synchronise the time of the Connect Switchboard's clock to the correct time.

Note

Some service (for example, the connection to an external LDAP server to authenticate VPN users) might not work if the clock is not synchronised.

To manually change the time and date, provide In the textfields that appear in this box the correct Year, Month, Day, Hours, and Minutes, then click on the Set time button.

Do not mind about the seconds: After the manual set up of the time, the ntp daemon will take charge of aligning the system’s time to the time server’s time.

Outgoing mail server

Here it is possible to configure a SMTP mail server that will deliver the e-mails sent by the Connect Switchboard, typically from the notification service. The following options are available.

Email sender address

The address that will appear as the sender of the e-mail.

Email recipient address for notifications

The address to which the e-mail will be sent.

SMTP address

The IP address or domain name of the SMTP server.

SMTP port

The port on which the SMTP server runs.

Connection security

Choose from the drop-down menu which type of security is required by the connection, either STARTTLS or SSL/TLS.

SMTP server required authentication

Tick the checkbox if authentication is required on the server side. The next three options appear


Username

The username needed to authenticate on the SMTP server.

Password

The password needed to authenticate on the SMTP server.

Authentication method

The authentication methods required by the SMTP server: PLAIN, LOGIN, CRAM-MD5, and DIGEST-MD5 are supported. Multiple methods can be chosen by ticking the checkboxes in the multiselect drop-down menu.


Test email recipient address

After values for the above options have been provided, verify their correctness by providing a valid e-mail address to which a test e-mail will be sent. Click on Send test email when done. If the test e-mail is delivered correctly, it is possible to save the settings.

Upstream proxy support

The settings in this box concern the upstream proxy, if there is one between the Connect Switchboard and the Internet: in this case, click on the Disabled switch to activate the functionality, then fill in the next options accordingly.

Address

The IP address of the upstream proxy server.

Port

The port on which the proxy service runs on the server.

Proxy server requires authentication

Tick the checkbox if authentication is needed on the the upstream proxy. The next two options will appear.


Username

The username to connect to the proxy server, if needed.

Password

The password to connect to the proxy server, if needed.


Management interface certificate

Here it will possible to manage the HTTPS certificate used to access EMI, the web interface of the Connect Switchboard.

Certificate configuration

This drop-down menu is used to select the method of creation of a new certificate. The available options are:

Select one certificate from those available, shown on the right-hand side of the drop-down menu. It is possible to see the full details of this certificate by clicking on the View details hyperlink.

When a certificate has been chosen, below the Certificate configuration drop-down menu appear the name of the currently used certificate and the View details link. The latter will show all information about the certificate when clicked.

Event notifications

Whenever some critical event takes place on the Connect Switchboard (e.g., a partition is filling up, someone accesses it via SSH or HTTPS, or there are updates available), the event notification functionality allows to be immediately informed by e-mail or SMS. It is also possible to associate a python script to each event, to take immediate actions as a consequence of the event.

The configuration options for this functionality are grouped into four pages: Settings, Events, SMS, and Scripts.

Settings

This page contains the basic options to configure the E-mail and SMS settings to send the notifications.

To start the event notification functionality, click on the grey switch Disabled and wait a few seconds.

The options available are the following, grouped in Email settings and SMS settings.

email settings

Use default email settings

Tick the checkbox to use the default e-mail address, otherwise a few more options to configure the SMTP server options will appear.


Email sender address

The e-mail address that appear as the sender of the e-mail.

Email recipient address

The e-mail address to which the e-mail will be delivered.

Use smarthost for email delivery

Tick the checkbox to configure the smarthost to be used for delivering the notification e-mail.

Note

While the SMTP proxy supports encryption, when an external smarthost is used as SMTP Proxy, neither the SSL/TLS nor the STARTTLS protocols can be used.

Smarthost address

The URL or IP address of the smarthost.

Smarthost port

The port on which the smarthost listens to.

Connection security

Choose from the drop-down menu which type of security can be used: None, STARTTLS, or SSL/TLS.

Smarthost requires authentication

Tick the checkbox if the smarthost requires credentials to send email. The next two option will appear.

Smarthost username

The username to be used to authenticate with the smarthost.

Smarthost password

The password associated with the username supplied in the previous option. A click on the checkbox on the right-hand side will show the password.

Authentication method

Select which method the smart host shall use to authenticate the user.


sms settings

The next two options are used to configure notification by SMS. SMS bundles can be added in the SMS section, System ‣ Event notification ‣ SMS.

Destination phone number country prefix

The country code to which the phone number belongs to.

Destination phone number

The actual phone number to which the SMS will be sent..

Events

This page shows a list of all the events that can produce a notification message and allows to configure the actions to be done when each of the events takes place. Right above the list there is a small navigation bar and a search field: The latter can be used to filter only the relevant items.

Warning

If SMS notification is active and the hostname of the Connect Switchboard is very long, it can happen that the SMS will not be able to report the entire notification message, because the message will be trimmed to ca. 157-159 characters. If this is the case, we suggest to also activate e-mail notification.

The list contains six columns:

Event ID

The 8-digit ID ABBCCCCD code of the event. See ref:below <eventid> for more information about the IDs.

Description

A short description of the event.

Email

A ticked checkbox means that an e-mail is sent when the event takes place.

SMS

A ticked checkbox means that an SMS is sent when the event takes place.

Script

The script that is executed when the event occurs.

Actions

The only action available is to modify the corresponding event.

When modifying an event, a new panel appears above the list with the following configuration options displayed.

Event ID and Description

These are the identifier of the event and are automatically generated by the system, so they can not be modified.

Send email for this event

By ticking this checkbox, an e-mail will be sent upon the occurrence of the event.

Send SMS for this event

By ticking this checkbox, an SMS will be sent upon the occurrence of the event.

Run custom script for this event

By choosing this option, a custom script will be executed when the event takes palce, rather than sending an SMS or an e-mail. The script must have already been uploaded to the Connect Switchboard -see the Scripts page for more information. By ticking the checkbox, a drop-down menu appears on the right-hand side.


Custom script to run

Choose the script to be associated to the event from this drop-down-menu.

Note

At least one script must have been uploaded in order to be able to associate it to the event. See section Scripts below.


Event ID explained

Each event that takes place on the Connect Switchboard is assigned a unique, 8-digit code, A-BB-CCCC-D built from the following four fields:

  • A represents the layer number, i.e., the system’s component in which the event has taken place:

    • 1 = kernel

    • 2 = system

    • 3 = services

    • 4 = configuration

    • 5 = GUI

  • BB is the module number

  • CCCC is a sequential number assigned to the event

  • D is the severity of the event, i.e., the degree of badness of the event. The lower the number, the worst the severity:

    • 0 : critical event

    • 1 : an error

    • 4 : a warning

    • 6 : a recovery from a bad state

    • 8 : an informational message.

The following table shows the list of all the IDs that correspond to an event. Note that, depending on the type of appliance, some event may not be occur on the Connect Switchboard (e.g., on appliances without RAID controllers, events 10100011, 10100026, and 10100038 will never occur).

Event ID

Description

10100011

One device of the RAID array failed.

10100026

The rebuild of RAID array has completed.

10100038

Start recovery of RAID array.

20100016

One uplink has gone online.

20100024

One uplink has gone offline.

20100036

The system has started.

20100044

The system has shut down.

20100054

The system is rebooting.

20110030

All uplinks have gone offline.

20110046

All uplinks are online.

20110054

An uplink is dead.

20110066

An uplink turned back alive.

20200018

An SSH user has successfully logged in from a remote location.

20200024

An SSH user failed to log in from a remote location.

20300014

A disk is getting full.

20400014

An user has failed to log in to the management interface.

20500018

The number of available SMS is low

20500028

There is no SMS left

20600018

Digital Input Rising Trigger on an input

20600028

Digital Input Falling Trigger on an input

20700018

OpenVPN client opened tunnel on an interface

20700218

OpenVPN client closed tunnel on an interface

20800014

An OpenVPN user failed a login failed

20800024

An IPsec/Xauth use failed to login

20800034

An L2TP user failed to login

20800048

An Open VPN user has logged in successfully

20800058

An IPsec/Xauth user has logged in successfully

20800068

An L2TP user has logged in successfully

20800078

An Openvpn user has logged out

20800088

An IPsec/Xauth user has logged out

30100018

The system upgrade has completed successfully.

30100021

The system upgrade has failed.

30100038

There are system updates available.

40100016

The remote access to support user has been revoked.

40100024

The remote access to support users has been granted.

40100034

The access for support user has been extended until …

SMS

Besides using emails, also SMS can be used for event notifications; they need to be purchased in bundles from Endian S.r.l., Italy and then added to the Connect Switchboard using this page.

This box is divided into two parts: at the top there it is possible to add SMS bundles, while at the bottom some information about the SMS contingent is displayed.

Enter Activation Code …

To add a new SMS bundle, it must be first purchased on the Endian Network, after which an activation code will be generated. This activation code must be supplied in this textbox.

Activate

After supplying a valid activation code, clicking on this button will add an SMS contingent that will be used for sending the notifications.

Available SMS

The number of SMS that are at disposal.

Reserved SMS

The number of SMS that have already been used, but not yet delivered to the recipient. This event may occur for example if the recipient was not reachable.

Scripts

Besides sending an e-mail or an SMS, a third option allows to upload and execute a Python scripts right after an event occurs on the Connect Switchboard. In this page it is possible to upload and to associate Python scripts to the various events, more precisely, to each event can be assigned one Python script.

At the bottom appears a table of the scripts already uploaded, which is initially empty and shows about each script the name, description and the available actions.

On top of the table, a click on the Add new script button allows to upload a Python script on the Connect Switchboard. Uploaded script must follow some guidelines, see below for more.

Add script

The following options are available for every uploaded script.

Name

The name given to the script.

Description

An optional description of the script, like e.g., its purpose.

Actions

The available actions for each script.

Requirements for the Python scripts.

Python scripts that shall run on the Connect Switchboard must follow a few design guidelines to ensure the proper interaction with the system, which can be summarised as follows.

  1. The script must be importable. In other words, the script can use other Python modules installed on the system, but can not rely on Python modules which are not present on the system

  2. The script must implement a class called ScriptEvent.

  3. A method called process must be implemented in the ScriptEvent Class. This method is the one that will be invoked when the event to which it is associated to takes place.

  4. The process method must accept the **kwargs parameter, that is, it must accept a dictionary of key : value parameters.

An example script that satisfies the above requirements -and therefore can be uploaded to the Connect Switchboard is the following one.

import time

class ScriptEvent(object):
  def __init__(self):
    self.filename = "/tmp/fubar"

  def process(self, **kwargs):
    open(self.filename, "a").write("Hello world, it is now %s\n" %
    time.time())

See also

The Endian code documentation, useful to write own scripts will soon be available.

Support

In this page it is possible to submit support requests for assistance to the Endian support, provided that the system has a valid and maintenance subscription and is registered to the Endian Network.

The page is divided in two boxes with different purposes: The first one contains a link to open the support’s home page, while in the second one it is possible to allow the support team to access to the Connect Switchboard using SSH and HTTPS.

Visit Support Web Site

If the Connect Switchboard has not been registered to Endian Network, or its maintenance has expired, no support can be supplied by Endian, and this box will display the following message:

Currently no running maintenance available.

To access support, register with Endian Network first

Note

If the system is not registered, support request can be made to one of the several forums or mailing lists mentioned in the Endian web sites section.

With a valid maintenance subscription, this box contains one option.

Please visit our Support Web Site

By clicking on this link, a new tab in the browser will open, where it is possible to find directions on how to fill in an assistance request to the support team.

Access for the Endian Support Team

Optionally, access to the firewall can be grant via SSH, a secure, encrypted connection that allows a member of the support staff to log in to the Connect Switchboard, verify its configuration and inspect it to find out where the problem lies. The box contains an informative message, the status of the access, which is either DENIED or a date like Mon, 20 May 2019 12:12:18. When the status is DENIED a button appears at the bottom of the box:

Allow access

Clicked on this button to grant 4 days of access to the Connect Switchboard to the support team.

When the support team access is allowed, a new message appears under the status message: Access allowed until: followed by the date and time when access to the Connect Switchboard will be revoked. Moreover, there are two buttons at the bottom of the box.

Deny access

Immediately revoke the grant to access the Connect Switchboard.

Extend access for 4 more days

If the support team needs more time to inspect the Connect Switchboard, a click on this button extends the access grant by four more days.

Note

When enabled, the support team’s public SSH key is copied to the system and access is granted to them via that key. The support team will not authenticate with username/password to the Connect Switchboard. The root password of the Connect Switchboard is never disclosed in any way to the support team.

Updates

The management of the software updates is done from here. It is possible at any time to manually check for available updated packages, or to schedule a periodic check.

In this page there are two boxes: One with the current status of the system and one to schedule a routine check for updates.

Available updates

The Status box informs whether the system needs updates or not. In the former case, a list of available packages is presented, while in the latter a message like the following one is shown.

Your Endian Firewall is up to date
Last upgrade on 10.03.2017, 15:22:50
Last checked for updates on 25.05.2017, 11:04:58

These options are available:

Check for new updates

A manual check for updated packages is started, and any upgradable package found is listed here. Individual packages can be chosen from the list and installed.

Note

In order to check for updates, a valid maintenance is required, otherwise no update will show up, even if available.

Start update process NOW

The update process is launched: The system downloads the updated packages which are then installed, replacing the old ones.

Warning

When an upgrade process ends, there is the possibility that the Connect Switchboard needs to be rebooted, for example when a new kernel is installed; this will be shown by a message dialog that appears on the GUI, and with a text message shown upon logging in from either the serial console or SSH.

When this message appears, please reboot the appliance as soon as possible, to avoid possible malfunctioning.

Endian Network

IP addresses and ports needed to communicate with Endian Network

While connected to the internet, the Connect Switchboard needs access to the Endian Network, to carry out several tasks and provide additional services:

  • To synchronise the system’s information with Endian Network.

  • To allow remote access to the owner, to the reseller, or to the support team for configuration of services, troubleshooting, and problem resolution.

  • To allow the purchase of SMS, that can be used for example with the Event notifications.

Special firewall rules allow traffic to flow to the required IP addresses; however, if there is another device in front of the Connect Switchboard that blocks traffic, also on this device the access to those IP addresses must be allowed. The updated list of Endian Network IPs can be seen under Firewall ‣ Outgoing traffic ‣ System rules.

If the Connect Switchboard has been purchased with a maintenance package, it can be registered and connected to the Endian Network, the Endian solution that allows a company an easy and centralised monitoring, managing, and upgrading of all its registered systems.

Many functionalities of the Connect Switchboard (e.g., access for the support team, SMS notification, and so on) require that the appliance be registered to the Endian Network.

If the system has not yet been registered or if the maintenance has expired, this page shows only a form that must be filled in order to register the appliance.

Why is the registration to Endian Network important?

A system must be registered within twenty (20) days from the purchase of the activation code, otherwise no support can be supplied.

If case thirty days have passed, while the Connect Switchboard will continue to work and offer the services that have already been configured, access from Endian Network, GUI, SSH and serial console will be forbidden. This means that no support can be provided on the Connect Switchboard, since the support team has no possibilities to connect to it. Moreover, updated can no longer be installed.

To regain complete access to the Connect Switchboard, a new activation code or maintenance renewal must be purchased.

Available options for Endian Network are organised into two page, namely Subscription and Remote Access.

Subscriptions

This page shows a summary of all the information about the registration status of the Connect Switchboard. If the firewall has not yet been registered to the Endian Network, the registration form is shown, that must be filled in before submitting the request for registration. After the registration has been completed, the page will contain three boxes.

Register your Endian Connect Switchboard

In order to subscribe the Connect Switchboard, it is necessary to have a valid account on Endian Network, that can be created by clicking on the link at the beginning of the box.

The following options are available.

Account and system information

Username

The username on Endian Network to register the Connect Switchboard.

Password

The password associated to the username.

Activation Code

The activation code required to register the Connect Switchboard.

Hint

On hardware appliance, the activation code is printed on either the box or the appliance itself, or both.

System name

The name given to the system, that will appear on Endian Network as well.

Customer information

Company

The name of the company which owns the Connect Switchboard.

Email address

The e-mail of the registrant.

Country

The country in which the Connect Switchboard is located

License Agreement

This section contains the license agreement, that must be accepted for a successful registration.

The following boxes appear only after a successful registration of the Connect Switchboard.

System information

Here are shown basic information about the Connect Switchboard: Serial number, activation code, model of the appliance, and the maintenance package chosen.

This product is registered

A summary of the system information recorded on Endian Network: the System name, the organisation for which the Connect Switchboard is registered, system ID, and the date of the last update, that is, the date when the Connect Switchboard was registered.

Your Activation Keys

To receive updates from and to participate in the Endian Network, at least one valid, not expired activation key is required. There is a key for each channel, but typically just one or two, shown with its expiry date and the days of maintenance left.

An expired key is shown by its channel name stricken-through and by the expired string in the corresponding Days left column. This happens usually for optional channels.

Remote Access

The Remote Access page allows to choose whether the Connect Switchboard can be reached through the Endian Network and by which protocol. To allow access, click on the Disabled button on the top of the page, that will turn green, and two access options will appear.

Access Options

Enable HTTPS access …

Allow the Connect Switchboard to be reached via the web interface.

Enable SSH Access …

Allow to login via a secure shell to the Connect Switchboard. Activating this option automatically activates the SSH access.

See also

A step-by-step lesson to register the Connect Switchboard to the Endian Network is available in this article.

Users

Changed in version 6.5.3: Updated to include the new Viewer user role.

In this page it is possible to create new users that can access EMI and initially contains a table which lists the admin user (by default). If additional users are added, then they will be displayed here. The default admin user is the only one that can neither be disabled, nor deleted.

New accounts for web users can be created by clicking on the Add web frontend user link above the table. In the panel that opens, the following options can be configured.

Username

The username of the account, which is case-sensitive and must be unique.

Remark

A description of the user.

Password, Confirm Password

The password assigned to the user.

Hint

Passwords need to be at least 8 characters long; good passwords should include letters, numbers, and special characters like e.g., $ % @ !.

GUI Profile

Choose from the drop-down menu which Profile to assign to the new user. There is currently only one profile available, which gives access to all the GUI.

User role

Here you can choose from the following options:

  • Administrator. This user role has full administrative permission to make changes on the Web UI of the Connect Switchboard.

  • Viewer. This user role has view (only) permission and cannot make any changes on the Web UI of the Connect Switchboard.

  • Hotspot Administrator. This user role is currently not used as the Hotspot is not available.

  • Hotspot Account Editor. This user role is currently not used as the Hotspot is not available.

Enabled

Tick the checkbox to enable the web user account (enabled by default).

Web Console

The web console provides an applet which emulates a terminal within the browser window, that serves as a CLI to carry out administrative tasks.

The functionalities of the web console are the same found upon logging in via serial console or SSH. On the bottom left of the applet, a message shows the status of the console: Connected or Disconnected. It is possible to exit at any time by typing exit in the console and then pressing Enter on the keyboard, like in any normal console.

When disconnected, click again on the Web console sub-menu item to reconnect. On the bottom right of the applet, two hyperlinks show up:

Enable virtual keyboard

When clicking on this link, a keyboard applet appears below the console, that can be used to type and execute commands by clicking the mouse on the various keys.

Note

When the web console status is disconnected (i.e., when you issue the exit command), this applet does not communicate with the console.

Disable input

This link toggles the possibility to send input from the keyboard to the web console.

Hint

This option has no effect on the virtual keyboard.

SSH access

This screens allows to enable remote SSH access to the Connect Switchboard, which is disabled by default. Access using SSH proves useful in several scenarios: necessity to control log files, troubleshooting, manual editing of configuration files, and in general is reserved for advanced tasks, like the customisation of services or the implementation of a workaround for an existing bug, and so on.

If it is the first time that the SSH service is activated, it will take a few moment before the start of the SSH server, since new SSH host keys must be generated.

SSH config

This page is initially empty, after the SSH access is activated by clicking on the grey switch, two boxes are shown in the page: Secure Shell Options and SSH host keys.

When the SSH service is started, the following configuration options are displayed:

Secure Shell Options

Allow password based authentication

Permit logins using password authentication.

Allow TCP forwarding

When this option is ticked, other protocols can be tunneled through SSH. See Example SYS-1 for a sample use case.

Allow public key based authentication

Logins with public keys are allowed. The public keys of the clients that can login using key authentication must be added to the file /root/.ssh/authorized_keys.

Note

The SSH access is automatically activated when at least one of the following options is true:

  • Endian support team access is allowed in Menubar ‣ System ‣ Support.

  • SSH access from Endian Network is enabled in Menubar ‣ System ‣ Endian Network ‣ Remote Access.

SSH host keys

At the bottom of the page, a table shows the three host keys that were generated at the first start. For each key, it is shown the file that contains it, its fingerprint, and its size in bits.

SSH password

SSH root password

In this page it is possible to modify the password of the root user, used for console and SSH access.

Password, Confirm Password

Enter the new password in both fields. A tick on the checkbox on the right-hand side of the textfield will show the password in clear text.

Backup

In this section it is possible to create new backups of the current Connect Switchboard status and configuration or restore an existing backup when needed. Backups are saved locally on the Connect Switchboard or on a USB stick, and can be downloaded to a workstation. Optionally, especially if confidential information is stored on the Connect Switchboard (like e.g., personal data or certificates used in VPN), the backup archive can be encrypted using a GPG key.

Hint

It is suggested to keep a copy of the backups in a safe location.

Whenever an USB stick is plugged in into the Connect Switchboard, it is automatically detected and mounted. In this case, a few additional USB-related options are displayed throughout the page.

Here it is also possible to reset the configuration to factory defaults, to create fully automated backups, and to carry out various other backups-related tasks.

This section is organised into two pages, Backup and Scheduled backups: The former is used to manage manual backups, while the latter to set up automatic backups.

Backup

In the Backup page there are three boxes: Backups, Encrypt backup archives, and Factory defaults.

Backups

In the first box, a table shows the backups stored on the Connect Switchboard, both manually and scheduled ones. If a USB stick is connected to the Connect Switchboard, also backups stored on it are displayed.

For each item it is shown:

  • The creation date

  • The content included in the backup. Each letter correspond to a different element of the, see below for more details.

  • A remark. The string “Auto - backup before upgrade” means that an automatic backup has been made before a package or system upgrade.

  • The available actions, which include the Import backup functionality

Contents of the backups

The content of each backup is marked by at least one of the following letters or symbols, corresponding to the option(s) specified during its creation:

  • Archive. The backup contains archived log files.

  • Cron. The backup has been created automatically by a scheduled backup job.

  • Database dumps. The backup contains a database dump.

  • Encrypted. The backup file is encrypted.

  • Hardware. Information about the appliance’s hardware is included.

  • Log files. The backup contains today’s log files.

  • Settings. The backup contains the configurations and settings.

  • USB. The backup has been saved to a USB stick.

  • ! (Error). Something did not succeed while sending the backup file by email.

Above the table, a click on one of the two buttons Create a new backup and Upload a backup will allow to carry out these two tasks.

Create new backup

Note

This section appears after a click on the Create a new backup button.

In this box it is possible to select which data to include in the backup: The letter in parenthesis corresponds to those listed above.

Include configuration (S)

The backup contains all the configuration settings, including all the changes and customisation done so far, or, in other words, all the content of the /var/efw directory.

Include database dumps (D)

The content of the database will also be backed up.

Warning

The database dumps may contain sensitive data, so whenever a backup contains a database dump, make sure that it is stored in a safe place and possibly GPG-encrypted.

Include log files (L)

Include the current log files (e.g., /var/log/messages), but not log files of the previous days.

Include log archives (A)

Include also older log files that have been rotated, and are stored under the /var/log/archive/ directory. Backups created with this option may become very big after some time.

Remark

A comment about the backup, that will appear in the Remark column of the table. Hence, it should be meaningful enough to allow a quick recall of the content.

Create backup on USB Stick

Store the backup on the plugged in USB stick.

Note

This option is only available if an USB stick is plugged in the Connect Switchboard and it has been correctly mounted.

Backup on USB sticks are stored under the /mnt/usbstick/efw-backups directory. For any backup stored on the USB stick, a symlink will be created under the /var/backups/ directory. If the USB stick containing the backups is removed from the Connect Switchboard, they will still show up in the list, but will not be accessible.

At least one of the checkboxes must be ticked to create a new backup. After clicking on the Create backup button, the files required by the backup are gathered and assembled into the archive. After a few minutes, depending on what has been included in the backup, the new backup appears in the list. The end of the backup process is marked by a yellow callout that appears above the box, showing the message Backup archive created successfully.

The format and name of the backup files.

Backup files are created as tar.gz archives, using standard Linux’s tools tar and gzip. The files stored in the archive can be extracted using the tar zxf archivename.tar.gz or tar vzxf archivename.tar.gz to see all the file processed and extracted and see some informative message on the screen the v option meaning verbose. The name of the backup file is created to be unique and it conveys the maximum information possible about its content, therefore it can become quite a long string, like e.g., backup-20130208093337-myappliance.mydomain-settings-db-logs-logarchive.tar.gz, in which 20130208093337 is the timestamp of the backup’s creation, in the form YYYYMMDDHHMMSS -in this example, 8th of February 2013 at 9:33:37 AM. This choice allows the backups to be lexicographically ordered from the oldest one to the most recent one; myappliance.mydomain are the Connect Switchboard's hostname and domainname as set in the Configuration Wizard, and settings-db-logs-logarchive represent the content of the backup. In this case it is a full backup, since all four parts appear in the name. For example, a backup containing only settings and logs will be identified by the string settings-logs.

Import a backup Archive

Note

This section appears after a click on the Upload a backup button.

In order to import a backup on the Connect Switchboard, it is necessary to supply the following information.

Remark

A comment that will appear alongside

File:

Click on the Choose File button to upload a file containing the backup.

A click on the Upload will start the upload process.

Note

It is not possible to import encrypted backups on the Connect Switchboard: Any encrypted backup must be decrypted before being uploaded.

Encrypt backup archives

The second box in the page allows to encrypt all the future backups by providing a GPG public key. Click on the Disabled button to activate the functionality. The first time it is started, only one option shows up:

Import GPG public key:

Select the GPG public key by clicking on Choose file to upload the key file from the local file system, then click on the Upload button underneath.

Encrypt backup archives

Tick the checkbox if the archives should be encrypted. This option applies to both manual and scheduled backups.

Once a key has been uploaded and the Encrypt backup archives option is ticked, information about the key will be shown above the options, like in the following example:

The following GPG public key will be used to encrypt the backup archives:

pub   1024R/00000000 2010-10-10 [expires: 2020-10-09]
      Key fingerprint = 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
uid                  Jane Doe <j.doe@example.org>
sub   1024R/00000001 2010-10-10 [expires: 2020-10-10]

Hint

It is a good practice to encrypt a backup archive whenever it contains sensible data, like for example the hotspot’s users data and billing information.

Factory defaults

The fourth box allows to wipe out all configurations and settings done so far and reboot the system with the default configuration. This result is achieved by clicking on the only option available:

Factory defaults

A click on this button will start the factory default process: A backup copy of the current settings is created and immediately after the Connect Switchboard is rebooted and brought back to the factory defaults, including its default IP address, 192.168.0.15.

Note

Since this potentially is a quite dangerous option, a pop-up window will ask for confirmation before starting the process. After clicking on OK, the process starts and can not be interrupted.

Scheduled backups

Here it is possible to configure automated backups of the system

Settings

scheduled automatic backups

To enable automatic backups, click on the disabled: button. The following options will appear.

Keep # of archives

Choose from the drop-down how many backups to keep on the Connect Switchboard (from 2 up to 10, but they can be exported to save space).

Schedule for automatic backups

The frequency between backups, either hourly, daily, weekly, or monthly.

Include …

A check on each of these option will include in the scheduled backup the corresponding configuration or data. These are the same seen in the Backups box

Note

Scheduled backups will always be stored on the Connect Switchboard.

Send backups via email

In this box the system can be configured to send the backups by e-mail. To enable the functionality, click on the Disabled button. The following options will appear.

Note

Backups sent by e-mail will not contain the log archives, because their size might be so large to prevent a correct delivery of the email.

The following otpions are available.

Recipient email address

The e-mail address to which to send the e-mail with the backup.

Sender email address

The e-mail address that will appear as the sender’s e-mail address, which proves useful when backups should appear to have been sent from a special address (say, backups@myappliance.mydomain), and must be provided if the domain or hostname are not resolvable by the DNS.

Smarthost address

The address of a smarthost to be used to send the e-mails, which is needed in case the outgoing e-mails should not be sent directly by the Connect Switchboard, but from a different SMTP server.

See also

A guide to create a backup on a USB stick.

Shutdown

In this page it is possible to either reboot or shutdown the Connect Switchboard, by clicking on the Reboot or the Shutdown button respectively.

When clicking either of the buttons, a dialog will open, asking for confirmation. Click on Confirm to really reboot or shutdown the appliance or on Cancel to close the dialog.

During a reboot, the message Reboot in progress will be shown and after a short period (usually under a minute), it will be possible to continue to use the GUI without a new authentication.

License Agreement

This section displays the license agreement between Endian and the owner of the Connect Switchboard.

Note

After an upgrade, if the license agreement changes, at the first login it is necessary to accept the new license agreement before accessing the upgraded system and being allowed to use the Connect Switchboard