ñâÿçè ñ ïðîáëåìàìè áåçîïàñíîñòè â ïðîòîêîëå TLSv1.0 îðãàíèçàöèè PCI (èíäóñòðèÿ ïëàòåæíûõ êàðò) è BSI ïðåäëîæèëè âíåäðèòü è âêëþ÷èòü ïðîòîêîëû TLSv1.1 èëè TLSv1.2, à, òàêæå, êàê ìîæíî ñêîðåå îòîéòè îò èñïîëüçîâàíèÿ TLSv1.0.  ýòîé ñòàòüå ìû ïðåäñòàâëÿåì òåêóùåå ñîñòîÿíèå ýòîé ðåàëèçàöèè â ñîîòâåòñòâóþùèõ ïðîäóêòàõ VMware. Îòêàç îò îòâåòñòâåííîñòè 1.Íåêîòîðûå ïðîäóêòû èëè áîëåå ñòàðûå âåðñèè íåêîòîðûõ ïðîäóêòîâ ìîãóò îòñóòñòâîâàòü â ýòîì ñïèñêå, ïîñêîëüêó, ëèáî íåò ïëàíîâ ðåàëèçàöèè áîëåå íîâûõ ïðîòîêîëîâ TLS, ëèáî èçìåíåíèÿ TLS íå ïðèìåíèìû. Âîçìîæíî, ýòè ïðîäóêòû óæå äîñòèãëè èëè ïðèáëèæàþòñÿ ê èñòå÷åíèþ ñðîêà äåéñòâèÿ (EOA) èëè êîíöó ñðîêà ñëóæáû (EOS). Ðåçîëþöèÿ Ñ òî÷êè çðåíèÿ ðåàëèçàöèè, âêëþ÷åíèå ïðîòîêîëîâ TLSv1.1/1.2 âñåãäà âûïîëíÿåòñÿ ïî óìîë÷àíèþ, â òî âðåìÿ êàê îòêëþ÷åíèå TLSv1.0 ìîãëî áûòü ëèáî ïî óìîë÷àíèþ (îòêëþ÷åíî ïî óìîë÷àíèþ), ëèáî ÷åðåç ïàðàìåòð (ìîæåò áûòü îòêëþ÷åíî ÷åðåç ïàðàìåòð). Ïî óìîë÷àíèþ êîìïàíèÿ VMware ñòðåìèòñÿ ê âçàèìîäåéñòâèþ âñåõ ïðîäóêòîâ ïî ñàìûì âûñîêîóðîâíåâûì ñòàíäàðòàì, äîñòóïíûì â ïðîãðàììàõ è ìåæäó íèìè. Çàìå÷àíèå: Äëÿ îáðàòíîãî ðàññìîòðåíèÿ îáåñïå÷åíèÿ ñîâìåñòèìîñòè è èíòåðîïåðàáåëüíîñòè â íåêîòîðûõ ïðîäóêòàõ, õîòÿ îòêëþ÷åíèå TLSv1.0 è ðåàëèçîâàíî ïî óìîë÷àíèþ, åñòü âîçìîæíîñòü âåðíóòü ýòî èçìåíåíèå. Ïî ìåðå íåîáõîäèìîñòè, îçíàêîìüòåñü ñ ïðèëàãàåìîé äîêóìåíòàöèåé, ÷òîáû óçíàòü ïîäðîáíîñòè. Ïðîãðàììû è èõ ñòàòóñ ïåðå÷èñëåíû â 3-õ òàáëèöàõ íèæå. Ïðîãðàììû, â êîòîðûõ îáå ðåàëèçàöèè, âêëþ÷åíèå TLSv1.1/1.2 è îòêëþ÷åíèå TLSv1.0 - ðåàëèçîâàíû. Ïðîãðàììû, äëÿ êîòîðûõ çàâåðøåíà òîëüêî ðåàëèçàöèÿ TLSv1.1/1.2, íî îæèäàåòñÿ îòêëþ÷åíèå TLSv1.0. Ïðîãðàììû, â êîòîðûõ îáå ðåàëèçàöèè, âêëþ÷åíèå TLSv1.1/1.2 è îòêëþ÷åíèå TLSv1.0, îæèäàþò ðàçðàáîòêè. Ïðèìå÷àíèÿ Âåðñèÿ ñ îòêëþ÷åíèåì ïðîòîêîëà TLSv.1.0 ÿâëÿåòñÿ åãî ïåðâûì ðåëèçîì, âî âñåõ ïîñëåäóþùèõ ðåëèçàõ ýòà ôóíêöèÿ áóäåò îòêëþ÷åíà ïî óìîë÷àíèþ. Âåðñèÿ ñ âêëþ÷åííûì ïî óìîë÷àíèþ ïðîòîêîëîì TLSv1.1/1.2 ÿâëÿåòñÿ åãî ïåðâûì ðåëèçîì, âî âñåõ ïîñëåäóþùèõ ðåëèçàõ ýòà îïöèÿ áóäåò îòêëþ÷åíà ïî óìîë÷àíèþ. Ïðîãðàììû, â êîòîðûõ îáå ðåàëèçàöèè, âêëþ÷åíèå TLSv1.1/1.2 è îòêëþ÷åíèå TLSv1.0, çàâåðøåíû Ïðîäóêò Âêëþ÷åíèå (âñåãäà ïî óìîë÷àíèþ) TLSv1.1/1.2 Âåðñèÿ Îòêëþ÷åíèå TLSv1.0 - âåðñèÿ Îòêëþ÷åíèå TLSv1.0 - òèï ðåàëèçàöèè Äîêóìåíòàöèÿ VMware Platform Services Controller (External) 6.xVMware Platform Services Controller Appliance (External) 6.x 6.7 6.7 Ïî óìîë÷àíèþ Managing TLS Protocol Configuration with the TLS Configurator UtilityRelease Notes for Platform Services Controller 6.7 6.5 6.5 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.5 (2147469)Release Notes for Platform Services Controller 6.5 6.0 Update 3 6.0 Update 3 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.0 Update 3 (2148819) Release Notes for vCenter Server 6.0 U3 VMware Identity Manager 2.x 2.6 2.6 Ïî óìîë÷àíèþ Enabling TLS 1.0 protocol in VMware Identity Manager 2.6 (2144805)Release Notes for VMware Identity Manager 2.6 VMware Integrated OpenStack 3.x 3.0 3.0 ×åðåç ïàðàìåòð Release Notes for VMware Integrated OpenStack 3.0 VMware vCloud Director for Service Providers 8.x 8.10 8.10 ×åðåç ïàðàìåòð Managing the List of Allowed SSL Protocols in the vCloud Director Administrator's GuideRelease Notes for VMware vCloud Director for Service Providers 8.10 VMware vCloud Availability for vCloud Director 1.x 1.0.1 1.0.1 ×åðåç ïàðàìåòð Configuring vCloud Director for Installation in the vvCloud Availability for vCloud Director Installation and Configuration GuideRelease Notes for vCloud Availability for vCloud Director 1.0.1 VMware vCloud Usage Meter 3.5 3.5 3.5 Ïî óìîë÷àíèþ Release Notes for VMware vCloud Usage Meter 3.5 VMware vCloud Usage Meter 3.6 3.6 3.6 Ïî óìîë÷àíèþ Release Notes for VMware vCloud Usage Meter 3.6 VMware vCloud Air Hybrid Cloud Manager 2.x 2.0 2.0 ×åðåç ïàðàìåòð Hybrid Cloud Manager Security Protocol (2146900)Release Notes for VMware vCloud Air Hybrid Cloud Manager 2.0 VMware vRealize Business Advanced and Enterprise 8.x 8.2.4 8.2.4 Ïî óìîë÷àíèþ Release Notes for vRealize Business Advanced and Enterprise 8.2.4 VMware vRealize Business Standard for Cloud 7.x 7.1.0 7.1.0 Ïî óìîë÷àíèþ Enable or Disable TLS in the vRealize Business for Cloud Install GuideRelease Notes for vRealize Business Standard for Cloud 7.1.0 VMware vRealize Configuration Manager 5.x 5.8.2 5.8.3 Ïî óìîë÷àíèþ Release Notes for VMware vRealize Configuration Manager 5.8.3Release Notes for VMware vRealize Configuration Manager 5.8.2 VMware NSX for vSphere 6.xIncludes: Manager, Controller, Endpoint, Edge. 6.2.4 6.2.4 ×åðåç ïàðàìåòð Disabling Transport Layer Security (TLS) 1.0 on NSX (2145749)Release Notes for VMware NSX for vSphere 6.2.4 VMware vCenter Server 6.xVMware vCenter Server Appliance 6.x 6.7 6.7 Ïî óìîë÷àíèþ Managing TLS Protocol Configuration with the TLS Configurator UtilityRelease Notes for vCenter Server 6.7 6.5 6.5 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.5 (2147469)Release Notes for vCenter Server 6.5 6.0 Update 3 6.0 Update 3 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.0 Update 3 (2148819) Release Notes for vCenter Server 6.0 U3 vCenter Server Heartbeat 6.6.x 6.6 Update 2 6.6 Update 2 ×åðåç ïàðàìåòð Configuring VMware vCenter Server Heartbeat to use only TLS2v1.1 and TLSv1.2 (2146352)Release Notes for vCenter Server Heartbeat 6.6 Update 2 VMware vRealize Automation 7.x 7.0.1 7.1.0 ×åðåç ïàðàìåòð Disabling TLS 1.0 in vRealize Automation (2146570)Release Notes for VMware vRealize Automation 7.1.0Release Notes for VMware vRealize Automation 7.0.1 VMware vRealize Orchestrator 7.x 7.0.0 7.0.1 Ïî óìîë÷àíèþ Enable SSLv3 and TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (2144318)Release Notes for vRealize Orchestrator 7.0.0Release Notes for vRealize Orchestrator 7.0.1 VMware vSphere Update Manager 6.x 6.5 6.5 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.5 (2147469)Release Notes for vSphere Update Manager 6.5 6.0 Update 3 6.0 Update 3 ×åðåç ïàðàìåòð Configuring the TLS protocol for Update Manager 6.0 Update 3 (2149136) Release Notes for vSphere Update manager 6.0 U3 VMware vRealize Infrastructure Navigator 5.8.x 5.8.5 5.8.5 ×åðåç ïàðàìåòð Disabling TLSv1 Support in vRealize Infrastructure Navigator (2139941)Release Notes for vRealize Infrastructure Navigator 5.8.5 VMware vCenter Support Assistant 6.x 6.0.2 6.0.2 Ïî óìîë÷àíèþ TLS protocol configuration options for vCenter Support Assistant (2146079)Release Notes for vCenter Support Assistant 6.0.2 VMware vRealize Operations 6.2.x 6.2.0 6.2.x ×åðåç ïàðàìåòð Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)Release Notes for vRealize Operations Manager 6.2.0 VMware vRealize Operations Management pack for MEDITECH 1.0 6.2.0 6.2.x ×åðåç ïàðàìåòð Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)Release Notes for vRealize Operations Manager 6.2.0 VMware vRealize Operations Management pack for Epic 1.0 6.2.0 6.2.x ×åðåç ïàðàìåòð Disable TLS 1.0 in vRealize Operations Manager 6.2 (2138007)Release Notes for vRealize Operations Manager 6.2.0 VMware vRealize Operations Management pack for Published Applications 6.x 6.1.1 6.1.1 Ïî óìîë÷àíèþ Release Notes for VMware vRealize Operations for Published Applications 6.1.1 VMware vRealize Hyperic 5.x 5.8.6 5.8.6 Ïî óìîë÷àíèþ Release Notes for vRealize Hyperic 5.8.6 VMware vRealize Log Insight 4.x 4.0 4.0 ×åðåç ïàðàìåòð How to disable TLS 1.0 in vRealize Log Insight (2146305)Release Note for vRealize Log Insight 4.0 VMware vRealize Log Insight 3.x 3.0 3.0 ×åðåç ïàðàìåòð Log Insight 2.5 and 3.0 cannot establish connection to remote TLSv1.1 or TLSv1.2 servers (2144162)How to disable TLS 1.0 in vRealize Log Insight (2146305)Release Note for vRealize Log Insight 3.6Release Note for vRealize Log Insight 3.3Release Note for vRealize Log Insight 3.0 VMware Site Recovery Manager 6.x 6.5 6.5 Ïî óìîë÷àíèþ Release Notes for Site Recovery Manager 6.5 6.1 6.1.1 ×åðåç ïàðàìåòð  TLS Configuration Options For Site Recovery Manager 6.1.1 (2145910)Release Notes for Site Recovery Manager 6.1Release Notes for Site Recovery Manager 6.1.1 VMware vSphere Replication 6.x 6.5 6.5 Ïî óìîë÷àíèþ Release Notes for vSphere Replication 6.5 6.1.1 6.1.1 ×åðåç ïàðàìåòð TLS protocol configuration options for vSphere Replication 6.1.1 (2145893)Release Notes for vSphere Replication 6.1.1 VMware ESXi 6.x 6.7 6.7 ×åðåç ïàðàìåòð Managing TLS Protocol Configuration with the TLS Configurator UtilityRelease Notes for vSphere ESXi 6.7 6.5 6.5 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.5 (2147469)Release Notes for vSphere ESXi 6.5 6.0 Update 3 6.0 Update 3 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.0 Update 3 (2148819) Release Notes for vSphere ESXi 6.0 U3 VMware Tools 10.x 10.0.0 10.1.0 Ïî óìîë÷àíèþ Release Note for VMware Tools 10.1.0Release Note for VMware Tools 10.0.12Note: TLSv1.2 is leveraged for internal communications only as VMware Tools does not use SSL based communication to other components. VMware vSAN 6.x 6.7 6.7 ×åðåç ïàðàìåòð Release Notes for VMware vSAN 6.7 6.6 6.6 ×åðåç ïàðàìåòð Release Notes for VMware vSAN 6.6 6.5 6.5 ×åðåç ïàðàìåòð Managing TLS protocol configuration for vSphere 6.5 (2147469)Release Notes for VMware vSAN 6.5 6.2 6.2 ×åðåç ïàðàìåòð Release Notes for VMware vSAN 6.2 VMware AppVolumes 2.x 2.11.0 2.11.0 ×åðåç ïàðàìåòð Release Notes for VMware App Volumes 2.11.0Patch required VMware AppVolumes 3.x 3.0 3.0 Ïî óìîë÷àíèþ VMware AppVolumes 3.0 Installation and Administration GuideRelease Notes for VMware App Volumes 3.0 VMware vRealize Code Stream 2.x 2.1.0 2.1.0 ×åðåç ïàðàìåòð Disabling TLS 1.0 in vRealize Automation (2146570)Release Notes for VMware vRealize Code Stream 2.1 VMware Remote Console 8.x 8.0 8.0 Ïî óìîë÷àíèþ Release Notes for VMware Remote Console 8.0 VMware vFabric tc Server 2.9.x 2.9.13 2.9.13 ×åðåç ïàðàìåòð Release Notes for vFabric tc Server 2.9 VMware Horizon for Linux 6.2.x 6.2.1 6.2.1 Ïî óìîë÷àíèþ Setting Options in Configuration Files on Linux Desktop in the Horizon 6 Version 6.2 GuideRelease Notes for VMware Horizon 6 version 6.2.1 VMware Horizon Client 4.x 4.0.1 4.0.1 ×åðåç ïàðàìåòð Configure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for iOSConfigure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for AndroidConfigure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for Mac OS XConfigure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for LinuxConfigure Advanced TLS/SSL Options in the VMware Horizon Client Admin Guide for WindowsRelease Notes for VMware Horizon Client 4.1 for iOSRelease Notes for VMware Horizon Client 4.1 for AndroidRelease Notes for VMware Horizon Client 4.1 for Mac OS XRelease Notes for VMware Horizon Client 4.1 for LinuxRelease Notes for VMware Horizon Client 4.1 for Windows VMware Horizon View 7.x 7.0 7.0 Ïî óìîë÷àíèþ Configuring security protocols on components to connect the View Client with desktops (2130798)Release Notes for VMware Horizon View 7.0 VMware Horizon View 6.x 6.2.1 6.2.1 Ïî óìîë÷àíèþ Configuring security protocols on components to connect the View Client with desktops (2130798)Release Notes for VMware Horizon View 6.2.1 VMware Horizon Air 16.x 16.6.0 16.6.0 ×åðåç ïàðàìåòð Disabling TLS 1.0 in Horizon Air Appliances (2146781)Release Notes for VMware Horizon Air 16.6 Horizon Daas 7.0 7.0.0 7.0.0 Ïî óìîë÷àíèþ Release Notes for VMware Horizon DaaS 7.0 VMware Mirage 5.7 5.7 ×åðåç ïàðàìåòð Disabling TLS 1.0 on Windows systems (2145606)Release Notes for VMware Mirage 5.7 VMware Horizon Air Hybrid-mode 1.x 1.0 1.0 Ïî óìîë÷àíèþ Change the Security Protocols and Cipher Suites Used for TLS or SSL Communication in VMware Horizon Air Hybrid-Mode 1.0 Administration GuideConfiguration Settings for System Settings and Server Certificates in VMware Horizon Air Hybrid-Mode 1.0 Administration GuideRelease Notes for VMware Horizon Air Hybrid-mode 1.0 VMware Software Manager - Download Server 1.3 1.3 Ïî óìîë÷àíèþ Enable SSLv3 or TLSv1 in the VMware Software Manager - Download Service User Guide.Release Notes for VMware Software Manager 1.3 VMware Photon OS 1.0 1.0 ×åðåç ïàðàìåòð Disabling TLS 1.0 to Improve Transport Layer Security in the Photon OS Administration Guide VMware Continuent 5.xIncludes: Analytics and Big Data, Cluster, Disaster Recovery, Replication 5.0 5.0 Ïî óìîë÷àíèþ Release Notes for VMware Software Manager 5.0 VMware vSphere Big Data Extension 2.3.x 2.3.2 2.3.2 ×åðåç ïàðàìåòð Release Notes for vSphere Big Data Extension 2.3 NSX-T 1.1 1.1 Ïî óìîë÷àíèþ Release Notes for NSX-T 1.1 vCenter Chargeback Manager 2.7.2 2.7.1 Ïî óìîë÷àíèþ Release Notes for Chargeback Manager 2.7.2 VMware Network Insight 3.x 3.3 3.3 Ïî óìîë÷àíèþ Release Notes for VMware Network Insight 3.3 Ïðîäóêòû, äëÿ êîòîðûõ çàâåðøåíà òîëüêî ðåàëèçàöèÿ TLSv1.1/1.2, íî îæèäàåòñÿ îòêëþ÷åíèå TLSv1.0 Ïî ìåðå âûïóñêà ñîôòà ñ îáåèìè ðåàëèçàöèÿìè îíè áóäóò ïåðåìåùàòüñÿ èç ýòîãî ðàçäåëà â âåðõíþþ òàáëèöó; îäíàêî, ïðîãðàììû è èõ äîñòóïíîñòü ìîãóò èçìåíÿòüñÿ è îñòàâàòüñÿ â ýòîé òàáëèöå. Ïðîäóêò Âêëþ÷åíèå (âñåãäà ïî óìîë÷àíèþ) TLSv 1.1/1.2 Âåðñèÿ Îòêëþ÷åíèå TLSv1.0 Ïëàíîâàÿ âåðñèÿ Äîêóìåíòàöèÿ VMware vCenter Converter Standalone 6.x 6.1.1 (Îæèäàþùèé) VMware vCenter Converter Standalone User's Guide (Ñòðàíèöà 40)Release Notes for VMware vCenter Converter Standalone 6.1.1 VMware Fusion 8.x 8.0.0 (Îæèäàþùèé) Release Notes for VMware Fusion 8 VMware Workstation Pro/Player 12.x 12.0.0 (Îæèäàþùèé) Release Notes for VMware Workstation 12 ProRelease Notes for VMware Workstation 12 Player VMware vSphere Data Protection 6.1.x 6.14 (Îæèäàþùèé) Release Notes for Data Protection 6.1.4 Ïðîäóêòû, â êîòîðûõ îáå ðåàëèçàöèè, âêëþ÷åíèå TLSv1.1/1.2 è îòêëþ÷åíèå TLSv1.0, îæèäàþò îáðàáîòêè Ïî ìåðå âûïóñêà ñîôòà ñ îáåèìè ðåàëèçàöèÿìè îíè áóäóò ïåðåìåùàòüñÿ èç ýòîãî ðàçäåëà â âåðõíþþ òàáëèöó; îäíàêî, ïðîãðàììû è èõ äîñòóïíîñòü ìîãóò èçìåíÿòüñÿ è îñòàâàòüñÿ â ýòîé òàáëèöå. Ïðîäóêò Âêëþ÷åíèå (âñåãäà ïî óìîë÷àíèþ) TLSv 1.1/1.2 Ïëàíîâàÿ âåðñèÿ Îòêëþ÷åíèå TLSv1.0 Ïëàíîâàÿ âåðñèÿ Äîêóìåíòàöèÿ VMware Photon Controller 1.x (Îæèäàþùèé) (Îæèäàþùèé) (Îæèäàþùèé)

 ñåãîäíÿøíåé ñòàòüå ïîêàæåì ïðèìåð íàñòðîéêè DMVPN – Dynamic Multipoint VPN, ÷òî ÿâëÿåòñÿ VPN ðåøåíèåì êîìïàíèè Cisco. Äàííîå ðåøåíèå èñïîëüçóåòñÿ, êîãäà òðåáóåòñÿ âûñîêàÿ ìàñøòàáèðóåìîñòü è ëåãêîñòü íàñòðîéêè ïðè ïîäêëþ÷åíèè ôèëèàëîâ ê ãîëîâíîìó îôèñó. DMPVN îäíî èç ñàìûõ ìàñøòàáèðóåìûõ è ýôôåêòèâíûõ ðåøåíèé VPN ïîääåðæèâàåìûõ êîìïàíèåé Cisco.  îñíîâíîì îíî èñïîëüçóåòñÿ ïðè òîïîëîãèè Hub-and-Spoke, ãäå âû õîòåëè áû âèäåòü ïðÿìûå VPN òóííåëè Spoke-to-Spoke â äîïîëíåíèå ê îáû÷íûì Spoke-to-Hub òóííåëÿì. Ýòî îçíà÷àåò, ÷òî ôèëèàëû ñìîãóò îáùàòüñÿ ñ äðóã äðóãîì íàïðÿìóþ, áåç íåîáõîäèìîñòè ïðîõîæäåíèå òðàôèêà ÷åðåç HQ. Êàê óæå óïîìèíàëè, ýòà òåõíîëîãèÿ ÿâëÿåòñÿ ïðîïðèåòàðíîé òåõíîëîãèåé Cisco. Åñëè âàì íåîáõîäèìî ïîäêëþ÷èòü áîëåå äåñÿòè ñàéòîâ ê ãîëîâíîìó îôèñó, òî DMPVN áóäåò èäåàëüíûì âûáîðîì. Êðîìå òîãî, DMPVN ïîääåðæèâàåò íå òîëüêî Hub-and-Spoke, íî è Full-Mesh òîïîëîãèþ, òàê êàê âñå ñàéòû èìåþò ìåæäó ñîáîé ñâÿçíîñòü áåç íåîáõîäèìîñòè íàñòðîéêè ñòàòè÷åñêèõ VPN òóííåëåé ìåæäó ñàéòàìè. Íåêîòîðûå õàðàêòåðèñòèêè DMVPN Äëÿ íà÷àëà ïåðå÷èñëèì âàæíûå õàðàêòåðèñòèêè äàííîãî ñïîñîáà îðãàíèçàöèè Site-to-Site VPN äëÿ ëó÷øåãî ïîíèìàíèÿ: Öåíòðàëüíûé ìàðøðóòèçàòîð (HUB) - äàííûé ðîóòåð ðàáîòàåò êàê DMVPN ñåðâåð, è Spoke ìàðøðóòèçàòîðû ðàáîòàþò êàê DMVPN êëèåíòû; Ó äàííîãî ìàðøðóòèçàòîðà åñòü ïóáëè÷íûé ñòàòè÷åñêèé IP-àäðåñ íà WAN èíòåðôåéñå; Ó Spoke ìàðøðóòèçàòîðîâ íà WAN èíòåðôåéñàõ ìîæåò êàê ñòàòè÷åñêèé, òàê è äèíàìè÷åñêèé ïóáëè÷íûé IP-àäðåñ; Ó êàæäîãî ôèëèàëà (Spoke) åñòü IPSEC òóííåëü ê ãîëîâíîìó îôèñó (Hub); Spoke-to-Spoke - òóííåëè óñòàíàâëèâàþòñÿ ïðè âîçíèêíîâåíèè íåîáõîäèìîñòè, êîãäà åñòü äâèæåíèå òðàôèêà ìåæäó ôèëèàëàìè. Òàêèì îáðàçîì, òðàôèê ìîæåò íå õîäèòü ÷åðåç ãîëîâíîé îôèñ, à èñïîëüçîâàòü ïðÿìûå òóííåëè ìåæäó ôèëèàëàìè; Âñå òóííåëè èñïîëüçóþò Multipoint GRE c IPSEC; NHRP (Next Hop Resolution Protocol) - äàííûé ïðîòîêîë èñïîëüçóåòñÿ äëÿ óñòàíîâëåíèÿ ñîîòâåòñòâèé ìåæäó ïðèâàòíûìè IP òóííåëüíûõ èíòåðôåéñîâ ñ ïóáëè÷íûìè WAN àäðåñàìè Îïèñàííûå âûøå NHRP ñîîòâåòñòâèÿ áóäóò õðàíèòüñÿ íà NHRP ñåðâåðå, ÷åì â íàøåì ñëó÷àå ÿâëÿåòñÿ HUB ðîóòåð. Êàæäûé ôèëèàë óñòàíàâëèâàåò ñîåäèíåíèå ñ ãîëîâíûì îôèñîì è ðåãèñòðèðóåò ñâîé ïóáëè÷íûé IP-àäðåñ è åãî ïðèâàòíûé IP-àäðåñ òóíåëÿ; Êîãäà ôèëèàëó íåîáõîäèìî îòïðàâèòü ïàêåòû â ïîäñåòü äðóãîãî ôèëèàëà, îí çàïðàøèâàåò NHRP ñåðâåð äëÿ ïîëó÷åíèÿ èíôîðìàöèè î âíåøíåì ïóáëè÷íîì àäðåñå öåëåâîãî ôèëèàëà; Äëÿ ëó÷øåé ìàñøòàáèðóåìîñòè ñîâåòóåì èñïîëüçîâàòü îäèí èç ïðîòîêîëîâ äèíàìè÷åñêèé ìàðøðóòèçàöèè ìåæäó âñåìè ðîóòåðàìè – íàïðèìåð, EIGRP; Åùå ðàç êðàòêî î òåõíîëîãèÿõ, êîòîðûå èñïîëüçóåò DMVPN: Multipoint GRE; IPSEC; NHRP – Next Hop Resolution Protocol; Ñòàòè÷åñêàÿ èëè äèíàìè÷åñêàÿ ìàðøðóòèçàöèÿ; Íàñòðîéêà ìàðøðóòèçàòîðà Êîíêðåòíî â íàøåì ïðèìåðå ó íàñ áóäåò HUB ìàðøðóòèçàòîð è äâà ôèëèàëà. È, êàê áûëî îïèñàíî ðàíåå, HUB – ýòî DMVPN cåðâåð, à ôèëèàëû – DMPVN êëèåíòû.  íàøåì ïðèìåðå â êà÷åñòâå ìàðøðóòèçàòîðà èñïîëüçóåòñÿ CISCO1921/K9 Ñíà÷àëà íàñòðàèâàåì HUB ìàðøðóòèçàòîð – åìó íåîáõîäèìî ïðèñâîèòü ñòàòè÷åñêèé IP – àäðåñ íà âíåøíåì WAN-èíòåðôåéñå: ! Íàñòðàèâàåì èíòåðôåéñû interface GigabitEthernet0/0 description to Internet-WAN ip address 10.10.10.1 255.255.255.252 ! interface GigabitEthernet0/1 description to LAN ip address 192.168.160.1 255.255.255.0 duplex auto ! Íàñòðàèâàåì òóííåëüíûé èíòåðôåéñ, êîòîðûé ÿâëÿåòñÿ óëó÷øåííûì GRE (Multipoint GRE) interface Tunnel1 description DMVPN Tunnel ip address 172.16.1.1 255.255.255.0 // âûáèðàåì ïðèâàòíóþ ïîäñåòü äëÿ òóííåëåé no ip redirects ip nhrp authentication nhrp1234 // àóòåíòèôèêàöèÿ ìåæäó ìàðøðóòèçàòîðàìè ip nhrp network-id 1 // ñåòåâîé èäåíòèôèêàòîð, êîòîðûé äîëæåí áûòü îäèíàêîâûì íà âñåõ ìàðøðóòèçàòîðàõ load-interval 30 keepalive 5 10 tunnel source GigabitEthernet0/0 // íàçíà÷àåì èñòî÷íèêîì òóííåëÿ WAN èíòåðôåéñ tunnel mode gre multipoint // îïðåäåëÿåì òóííåëü êàê mGRE tunnel protection ipsec profile protect-gre // øèôðóåì òðàôèê â òóííåëå ñ ïîìîùüþ IPSEC ip mtu 1440 // óìåíüøàåì MTU äëÿ òîãî, ÷òîáû ðàçðåøèòü îâåðõåä íà mGRE è IPSEC ip nhrp map multicast dynamic // ðàçðåøàåì ôîðâàðäèòü ìóëüòèêàñò òðàôèê ìåæäó òóííåëÿìè. ! Íàñòðàèâàåì IPSEC íà ãëàâíîì ðîóòåðå crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key isakmp1234 address 0.0.0.0 0.0.0.0 // ïðèíèìàòü ñîåäèíåíèÿ îò ëþáîãî èñòî÷íèêà ïðè íàëè÷èè äèíàìè÷åñêèõ ôèëèàëîâ ! crypto ipsec transform-set TS esp-3des esp-md5-hmac mode tunnel ! ! crypto ipsec profile protect-gre // ïðîôèëü äîáàâëåííûé ê mGRE òóííåëþ äëÿ øèôðîâàíèÿ set security-association lifetime seconds 86400 set transform-set TS ! Íàñòðàèâàåì ñòàòè÷åñêóþ ìàðøðóòèçàöèþ íà HUB ìàðøðóòèçàòîðå ip route 192.168.164.0 255.255.255.0 172.16.1.2 // óäàëåííûå ïîäñåòè äîñòóïíû ÷åðåç IP óäàëåííîãî òóííåëÿ ip route 192.168.161.0 255.255.255.0 172.16.1.3 // óäàëåííûå ïîäñåòè äîñòóïíû ÷åðåç IP óäàëåííîãî òóííåëÿ Çàòåì íàñòðàèâàåì ìàðøðóòèçàòîðû â ôèëèàëàõ (Spoke ðîóòåðû) - ó îäíîãî ìàðøðóòèçàòîðà ñòàòè÷åñêèé àéïèøíèê íà WAN èíòåðôåéñå, è ó äðóãîãî äèíàìè÷åñêèé, ïîëó÷àåìûé ïî DHCP. Ïåðâûé ìàðøðóòèçàòîð â ôèëèàëå, ñ äèíàìè÷åñêèì IP: interface GigabitEthernet0/0 description WAN to Internet ip address dhcp duplex auto speed auto interface GigabitEthernet0/1 description To LAN ip address 192.168.164.1 255.255.255.0 duplex auto speed auto interface Tunnel1 ip address 172.16.1.2 255.255.255.0 // ïîìåùàåì â òó æå ïîäñåòü ÷òî è äðóãèå òóííåëè no ip redirects ip nhrp map multicast dynamic // ðàçðåøàåì ôîðâàðäèòü ìóëüòèêàñò òðàôèê ìåæäó òóííåëÿìè tunnel source GigabitEthernet0/0 // “source”- WAN èíòåðôåéñ tunnel mode gre multipoint tunnel protection ipsec profile protect-gre ip nhrp authentication nhrp1234 ip nhrp map 172.16.1.1 10.10.10.1 // ñîîòâåòñòâèå HUB àäðåñà òóííåëÿ ñ HUB àäðåñîì WAN ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 // íàñòðîéêà NHRP ip nhrp registration no-unique // åñëè NHRP ïðîöåññ çàâåðøèëñÿ (ïîèñê ñîîòâåòñòâèÿ) äëÿ îïðåäåëåííîãî IP, òî áîëüøå äàííûé ïðîöåññ íå çàïóñòèòñÿ ip nhrp map multicast 10.10.10.1 // Îòïðàâêà milticast òðàôèêà òîëüêî â Hub. Ãîëîâíîé ìàðøðóòèçàòîð áóäåò ïîëó÷àòü âåñü ìóëüòèêàñò òðàôèê (íàïðèìåð, îáíîâëåíèÿ ïðîòîêîëà ìàðøðóòèçàöèè) è îòïðàâëÿòü åãî âñåì Spoke ìàðøðóòèçàòîðàì ip mtu 1440 load-interval 30 keepalive 5 10 crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key isakmp1234 address 0.0.0.0 0.0.0.0 // Ôèëèàëû äîëæíû ðàçðåøàòü ïîäêëþåíèÿ ñ ëþáîãî àäðåñà äëÿ ôîðìèðîâàíèÿ IPSEC VPN òóííåëåé ñ äðóãèìè ôèëèàëàìè ! ! crypto ipsec transform-set TS esp-3des esp-md5-hmac mode tunnel ! crypto ipsec profile protect-gre set security-association lifetime seconds 86400 set transform-set TS ip route 192.168.160.0 255.255.255.0 172.16.1.1 // Ìàðøðóò äëÿ HUB ip route 192.168.161.0 255.255.255.0 172.16.1.3 // Ìàðøðóò äëÿ äðóãîãî ôèëèàëà Spoke site Âòîðîé ôèëèàëüíûé ìàðøðóòèçàòîð, ñî ñòàòè÷åñêèì IP: interface GigabitEthernet0/0 description TO Internet ip address 10.10.10.9 255.255.255.252 duplex auto speed auto interface GigabitEthernet0/1 description To: LAN ip address 192.168.161.1 255.255.255.0 duplex auto speed auto interface Tunnel1 ip address 172.16.1.3 255.255.255.0 // äîëæåí áûòü â òîé æå ïîäñåòè ÷òî è äðóãèå òóííåëè no ip redirects ip nhrp map multicast dynamic // ðàçðåøàåì ôîðâàðä ìóëüòêàñòîâ ìåæäó òóííåëÿìè. tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel protection ipsec profile protect-gre ip nhrp authentication nhrp1234 ip nhrp map 172.16.1.1 10.10.10.1 // ìàïèðóåì àäðåñ HUB òóíåëÿ ê WAN àäðåñó ip nhrp network-id 1 ip nhrp nhs 172.16.1.1 // íàñòðàèâàåì NHRP êëèåíò ñ óêàçàíèåì àäðåñà ñåðâåðà ip nhrp registration no-unique ip nhrp map multicast 10.10.10.1 ip mtu 1440 load-interval 30 keepalive 5 10 crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 crypto isakmp key isakmp1234 address 0.0.0.0 0.0.0.0 ! crypto ipsec transform-set TS esp-3des esp-md5-hmac mode tunnel ! !crypto ipsec profile protect-gre set security-association lifetime seconds 86400 set transform-set TS ip route 192.168.160.0 255.255.255.0 172.16.1.1 // ìàðøðóò äî ãîëîâíîãî ìàðøðóòèçàòîð ip route 192.168.164.0 255.255.255.0 172.16.1.2 // ìàðøðóò äî äðóãîãî ôèëèàëà Ïåðåõîäèì ê òåñòèðîâàíèþ: show dmvpn // ïðîâåðÿåì ñòàòóñ DMVPN è NHRP show crypto isakmp sa // ïðîâåðÿåì IPSEC câÿçíîñòü ìåæäó ìàðøðóòèçàòîðàìè ping 192.168.164.1 // ïèíãóåì äëÿ ïðîâåðêè ping 192.168.1.1  íàøåì ïðèìåðå èñïîëüçîâàëàñü ñòàòè÷åñêàÿ ìàðøðóòèçàöèÿ, íî ïðè áîëüøîì êîëè÷åñòâå ôèëèàëîâ íåîáõîäèìî èñïîëüçîâàòü ïðîòîêîëû äèíàìè÷åñêèé ìàðøðóòèçàöèè äëÿ óìåíüøåíèÿ ðó÷íîãî òðóäà è ðèñêà îøèáêè.

Icinga - ýòî áåñïëàòíîå ñðåäñòâî ìîíèòîðèíãà ñ îòêðûòûì èñõîäíûì êîäîì äëÿ âàøåãî äàòà-öåíòðà. Ýòî ïðèëîæåíèå äëÿ ìîíèòîðèíãà êîìïüþòåðíûõ ñèñòåì è ðàáîòû ñåòè, êîòîðîå ïðîâåðÿåò ñîñòîÿíèå ãîòîâíîñòè âàøåé ñåòè è êîìïüþòåðíûõ ðåñóðñîâ, óâåäîìëÿåò î ïåðåáîÿõ â ðàáîòå ñèñòåìû, ãåíåðèðóåò äàííûå î ïðîèçâîäèòåëüíîñòè âàøèõ ðåñóðñîâ, à òàêæå îáåñïå÷èâàåò âûñîêóþ ñòåïåíü ðàáîòîñïîñîáíîñòè è âîçìîæíîñòü íàñòðîéêè ìîíèòîðèíãà ðàñïðåäåë¸ííûõ ñèñòåì ñî âñòðîåííîé ôóíêöèåé êëàñòåðà. Icinga áûëà ñîçäàíà â 2009 ãîäó â êà÷åñòâå ðàçâåòâëåíèÿ ñðåäñòâà ìîíèòîðèíãà Nagios. Íî ïîòîì áûëà çàíîâî ïåðåïèñàíà íà Ñ++ è ñòàëà îäíèì èç ñàìûõ ïîïóëÿðíûõ èíñòðóìåíòîâ ìîíèòîðèíãà â èíòåðíåòå. Ñëîâî "Èöèíãà" - ýòî Çóëóññêîå ñëîâî, îçíà÷àþùåå "îíî èùåò", èëè "îíî îáîçðåâàåò", èëè "îíî èññëåäóåò".  ýòîì ó÷åáíîì ïîñîáèè ìû ïîêàæåì âàì, êàê óñòàíîâèòü è íàñòðîèòü èíñòðóìåíò ìîíèòîðèíãà Icinga 2 íà ñåðâåðå LTS Ubuntu 20.04. Ìû óñòàíîâèì Icinga 2 èç îôèöèàëüíîãî ðåïîçèòîðèÿ, à çàòåì íàñòðîèì icingaweb2, îáëåã÷åííûé è ðàñøèðÿåìûé âåá-èíòåðôåéñ äëÿ ñèñòåìû ìîíèòîðèíãà icinga2. Ïðåäïîñûëêè Äëÿ ýòîãî ðóêîâîäñòâà ìû óñòàíîâèì icinga2 è icingaweb2, èñïîëüçóÿ ñåðâåð Ubuntu 20.04 ñ 2 ÃÁ îïåðàòèâíîé ïàìÿòè. Íî ýòè äàííûå ìåíÿþòñÿ â çàâèñèìîñòè îò ðàçìåðà âàøåé ÈÒ-èíôðàñòðóêòóðû. ×òî ìû áóäåì äåëàòü? Óñòàíîâêà Icinga2 è Nagios Monitoring Plugins; Óñòàíîâêà è íàñòðîéêà áàçû äàííûõ MySQL; Óñòàíîâêà è íàñòðîéêà ìîäóëÿ Icinga MySQL; Óñòàíîâêà Apache2 è PHP-ïàêåòîâ; Óñòàíîâêà è íàñòðîéêà Icingaweb2; Óñòàíîâêà Icinga2 Stack Post. Øàã 1 - Óñòàíîâêà Icinga2 è ñèñòåìû ìîíèòîðèíãà Nagios Ñïåðâà ìû äîáàâèì ðåïîçèòîðèé icinga2 äëÿ Ubuntu 20.04 è óñòàíîâèì ïàêåòû icinga2 è ïëàãèíû ìîíèòîðèíãà Nagios. Äîáàâüòå GPG êëþ÷ Icinga2 â âàøó ñèñòåìó. curl https://packages.icinga.com/icinga.key | apt-key add - Òåïåðü ïåðåéäèòå â äèðåêòîðèþ '/etc/apt/sources.list.d' è ñîçäàéòå íîâûé ðåïîçèòîðèé 'icinga-focal.list'. cd /etc/apt/sources.list.d/ vim icinga-focal.list Âñòàâüòå ñëåäóþùóþ êîíôèãóðàöèþ ðåïîçèòîðèÿ. deb http://packages.icinga.com/ubuntu icinga-focal main deb-src http://packages.icinga.com/ubuntu icinga-focal main Íàæìèòå ñîõðàíèòü è çàêðîéòå. Çàòåì îáíîâèòå âñå äîñòóïíûå ðåïîçèòîðèè è óñòàíîâèòå ïîäêëþ÷àåìûå ìîäóëè Icinga2 è Nagios Monitoring ñ ïîìîùüþ êîìàíäû apt íèæå. sudo apt update sudo apt install icinga2 monitoring-plugins Ïîñëå çàâåðøåíèÿ óñòàíîâêè çàïóñòèòå ñëóæáó Icinga2 è äîáàâüòå ñåðâèñ â àâòîçàãðóçêó. systemctl start icinga2 systemctl enable icinga2 Ïîñëå ýòîãî ïðîâåðüòå ñëóæáó icinga2, èñïîëüçóÿ ïðèâåäåííóþ íèæå êîìàíäó. systemctl status icinga2 Íèæå ïðèâåäåí ðåçóëüòàò, êîòîðûé âû ïîëó÷èòå.  ðåçóëüòàòå ñåðâèñ icinga2 çàïóùåí è ðàáîòàåò íà Ubuntu 20.04 FocalFossa. Øàã 2 - Óñòàíîâêà è íàñòðîéêà áàçû äàííûõ MySQL Íà ýòîì ýòàïå ìû óñòàíîâèì ïîñëåäíþþ âåðñèþ ñåðâåðà MySQL íà íàøåì Ubuntu 20.04 è óñòàíîâèì ïàðîëü ïî óìîë÷àíèþ äëÿ ïîëüçîâàòåëÿ MySQL ñ root ïðàâàìè. Óñòàíîâèòå MySQL ñåðâåð ñ ïîìîùüþ êîìàíäû apt, ïðèâåäåííîé íèæå. sudo apt install mysql-server mysql-client Ïîñëå ýòîãî çàïóñòèòå ñëóæáó MySQL è äîáàâüòå å¸ â àâòîçàãðóçêó. systemctl start mysql systemctl enable mysql È ñåðâèñ MySQL ãîòîâ è çàïóùåí. Äàëåå ìû çàäàäèì ïàðîëü äëÿ root - ïîëüçîâàòåëÿ MySQL ñ ïîìîùüþ êîìàíäíîé ñòðîêè 'mysql_secure_installation', êîòîðûå ïðåäîñòàâëåíû MySQL-ïàêåòàìè. Çàïóñòèòå êîìàíäó 'mysql_secure_installation', êîòîðàÿ ïðåäñòàâëåíà íèæå. mysql_secure_installation Òåïåðü âàì áóäåò ïðåäëîæåíî íàñòðîèòü íîâûé ïàðîëü äëÿ ïîëüçîâàòåëÿ root, ââåäèòå íàäåæíûé ïàðîëü, à çàòåì ââåäèòå "Y" äëÿ ïðî÷èõ êîíôèãóðàöèé. Press y|Y for Yes, any other key for No: Please set the password for root here. New password: Re-enter new password: Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y  ðåçóëüòàòå çàâåðøåíà óñòàíîâêà ñåðâåðà MySQL è ñêîíôèãóðèðîâàí êîðíåâîé ïàðîëü ïî óìîë÷àíèþ. Øàã 3 - Óñòàíîâêà è íàñòðîéêà ìîäóëÿ Icinga MySQL Ïîñëå óñòàíîâêè ñåðâåðà MySQL ìû óñòàíîâèì ìîäóëü icinga2 äëÿ ïîääåðæêè MySQL ïîä íàçâàíèåì 'icinga2-ido-mysql'. Óñòàíîâêà 'icinga2-ido-mysql' âîçìîæíà ñ ïîìîùüþ êîìàíäû apt, ïðèâåäåííîé íèæå. sudo apt install icinga2-ido-mysql Òåïåðü âàì áóäåò ïðåäëîæåíî âêëþ÷èòü ôóíêöèþ icinga2 ido-mysql, âûáåðèòå "Äà", ÷òîáû ïðîäîëæèòü. Ñêîíôèãóðèðóéòå 'icinga2-ido-mysql'ñ ïîìîùüþ êîìàíäû dbconfig, çàòåì âûáåðèòå "Yes" äëÿ ïðîäîëæåíèÿ. Ââåäèòå ñâîé ïàðîëü äëÿ 'icinga2-ido-mysql'. Ïîâòîðèòå ïàðîëü äëÿ 'icinga2-ido-mysql'.  ðåçóëüòàòå óñòàíîâêà ïàêåòà 'icinga2-ido-mysql' áûëà çàâåðøåíà, è áûë ñîçäàí íîâûé ïîëüçîâàòåëü MySQL 'icinga2'. Çàòåì, ÷òîáû Icinga ðàáîòàëà ñ íîâîé âåðñèåé MySQL, ìû íàñòðîèì MySQL ïîëüçîâàòåëÿ 'icinga2' ñ àóòåíòèôèêàöèåé ïî âñòðîåííîìó ïàðîëþ MySQL. Âîéäèòå â êîìàíäíóþ ñòðîêó MySQL, èñïîëüçóÿ íèæåïðèâåäåííóþ êîìàíäó. mysql -u root -p Òåïåðü èçìåíèòå àóòåíòèôèêàöèþ ïîëüçîâàòåëÿ 'icinga2@localhost' ñ ïîìîùüþ ñîáñòâåííîãî ïëàãèíà àóòåíòèôèêàöèè MySQL, èñïîëüçóÿ ñëåäóþùèé çàïðîñ. ALTER USER icinga2@localhost IDENTIFIED WITH mysql_native_password BY 'aqwe123@#$'; flush privileges; Ââåäèòå 'exit', ÷òîáû âûéòè èç êîìàíäíîé ñòðîêè MySQL, à ïîëüçîâàòåëü MySQL 'icinga2' òåïåðü áóäåò èñïîëüçîâàòü ðîäíîé ïëàãèí àóòåíòèôèêàöèè. Äàëåå, âêëþ÷èòå ôóíêöèþ 'ido-mysql' è ïðîâåðüòå âñå âêëþ÷åííûå ïëàãèíû, èñïîëüçóÿ ñëåäóþùóþ êîìàíäó. icinga2 feature enable ido-mysql icinga2 feature list Ôóíêöèÿ 'ido-mysql' áóäåò âêëþ÷åíà, ÷òîáû ïðèìåíèòü íîâóþ êîíôèãóðàöèþ, ïåðåçàïóñòèòå ñëóæáó icinga2. systemctl restart icinga2 Òàêèì îáðàçîì, óñòàíîâêà è íàñòðîéêà 'icinga2-ido-mysql' áûëà çàâåðøåíà. Øàã 4 - Óñòàíîâêà Apache2 è PHP-ïàêåòîâ Íà ýòîì øàãå, ìû óñòàíîâèì ïàêåòû Apache è PHP äëÿ icingaweb2 è ìû áóäåì èñïîëüçîâàòü PHP 7.3, êîòîðûé äîñòóïåí â ðåïîçèòîðèè PPA, ïîòîìó ÷òî íà äàííûé ìîìåíò icingaweb2 åùå íå ïîääåðæèâàåòñÿ â íîâîé âåðñèè PHP 7.4. Ñíà÷àëà óñòàíîâèòå ïàêåò 'python3-software-properties' è äîáàâüòå ðåïîçèòîðèé PHP PPA, èñïîëüçóÿ ñëåäóþùóþ êîìàíäó. sudo apt install python3-software-properties sudo add-apt-repository ppa:ondrej/php Äàëåå óñòàíîâèòå Apache è PHP ïàêåòû ñ ïîìîùüþ êîìàíäû apt, îïèñàííîé íèæå. sudo apt install apache2 php7.3 php7.3-common php7.3-gd php7.3-ldap php7.3-intl php7.3-curl libapache2-mod-php7.3 php7.3-mysql php7.3-pgsql php7.3-xml Ïîñëå òîãî, êàê âñÿ óñòàíîâêà áóäåò çàâåðøåíà, îòðåäàêòèðóéòå êîíôèãóðàöèþ 'php.ini' ñ ïîìîùüþ vim-ðåäàêòîðà. vim /etc/php/7.3/apache2/php.ini Ñíèìèòå êîììåíòàðèé ñ îïöèè 'date.timezone' è ââåäèòå ñâîé ÷àñîâîé ïîÿñ. date.timezone = Asia/Singapore Ðàñêîììåíòèðóéòå êîíôèãóðàöèþ 'cgi.fix_pathinfo' è èçìåíèòå çíà÷åíèå íà '0'. cgi.fix_pathinfo=0 Ñîõðàíèòå è çàêðîéòå. Äàëåå ïåðåçàïóñòèòå ñëóæáó Apache2 è äîáàâüòå åå â àâòîçàãðóçêó. systemctl restart apache2 systemctl enable apache2 Ñëóæáà Apache2 çàïóùåíà è ðàáîòàåò, ïðîâåðüòå å¸, èñïîëüçóÿ ñëåäóþùóþ êîìàíäó. systemctl status apache2 Íèæå ïðèâåäåí ðåçóëüòàò, êîòîðûé âû ïîëó÷èòå.  ðåçóëüòàòå áûëà çàâåðøåíà óñòàíîâêà Apache è PHP ïàêåòîâ äëÿ icingaweb2. Øàã 5 - Óñòàíîâêà è íàñòðîéêà Icingaweb2 Ïîñëå óñòàíîâêè Apache è PHP-ïàêåòîâ ìû óñòàíîâèì ïàêåò icingaweb2 è ñîçäàäèì íîâóþ áàçó äàííûõ MySQL äëÿ icingaweb2. Íà÷íèòå óñòàíîâêó ïàêåòîâ icingaweb2 è icingacli ñ ïîìîùüþ êîìàíäû apt. sudo apt install icingaweb2 icingacli Ïîñëå çàâåðøåíèÿ óñòàíîâêè ñãåíåðèðóéòå òîêåí icingaweb2 äëÿ óñòàíîâêè ñ ïîìîùüþ ïðèâåäåííîé íèæå êîìàíäû. icingacli setup token create Íèæå ïðèâåäåí ðåçóëüòàò, êîòîðûé âû ïîëó÷èòå. The newly generated setup token is: 9b871ead0a60c94f Òåïåðü ñêîïèðóéòå êîä òîêåíà â íàä¸æíîå ìåñòî, îí áóäåò èñïîëüçîâàí äëÿ óñòàíîâêè icingaweb2. Äàëåå âîéäèòå â êîìàíäíóþ ñòðîêó MySQL, èñïîëüçóÿ íèæåïðèâåäåííóþ êîìàíäó mysql. mysql -u root -p Òåïåðü ñîçäàéòå íîâóþ áàçó äàííûõ è ïîëüçîâàòåëÿ, èñïîëüçóÿ ñëåäóþùèå çàïðîñû. create database icingaweb2; create user icingaweb2@localhost identified with mysql_native_password by "icingaweb2pass"; grant all privileges on icingaweb2.* to icingaweb2@localhost with grant option; flush privileges; Ââåäèòå 'exit', ÷òîáû âûéòè èç êîìàíäíîé ñòðîêè MySQL.  ðåçóëüòàòå ýòîãî óñòàíîâêà icingaweb2 çàâåðøåíà è ñîçäàíà íîâàÿ áàçà äàííûõ icingaweb2. Øàã 6 - Óñòàíîâêà Icinga2 è Icinga Stack Post Îòêðîéòå âåá-áðàóçåð è ââåäèòå IP-àäðåñ ñåðâåðà, êàê ïîêàçàíî íèæå. Çàìåíèòå IP-àäðåñ íà IP-àäðåñ ñâîåãî ñåðâåðà. http://IP_àäðåñ/icingaweb2/setup Âñòàâüòå êîä òîêåíà óñòàíîâêè â ïîëå è íàæìèòå êíîïêó 'Äàëåå'. Òåïåðü âàì íóæíî âûáðàòü ìîäóëü Icinga äëÿ óñòàíîâêè, îñòàâèòü ìîäóëü 'Monitoring' è íàæàòü 'Äàëåå'. Ïîñëå ýòîãî Icinga ïðîâåðèò ñîñòîÿíèå ñðåäû äëÿ åãî óñòàíîâêè. Óáåäèòåñü, ÷òî âñå íåîáõîäèìûå ìîäóëè íàõîäÿòñÿ â çåëåíîì ñîñòîÿíèè, çà èñêëþ÷åíèåì 'Ìîäóëåé PostgreSQL', çàòåì íàæìèòå 'Äàëåå'. Òåïåðü âàì íóæíî âûáðàòü Àóòåíòèôèêàöèþ äëÿ äîñòóïà ê icingaweb2, âûáðàòü 'Database ' (Áàçà äàííûõ) è íàæàòü 'Next ' (Äàëåå). Ââåäèòå âñå äàííûå áàçû äàííûõ äëÿ 'icingaweb2' è íàæìèòå 'Validate Configuration' (Ïðîâåðèòü êîíôèãóðàöèþ) äëÿ òåñòèðîâàíèÿ. Ïîñëå òîãî, êàê âñå ïðîøëî óñïåøíî, íàæìèòå êíîïêó 'Next ' (Äàëåå). Òåïåðü äëÿ àóòåíòèôèêàöèè Backend Authentication âûáåðèòå 'icingaweb2' è íàæìèòå 'Next ' (Äàëåå). Ââåäèòå ëîãèí è ïàðîëü àäìèíèñòðàòîðà äëÿ icingaweb2 è íàæìèòå 'Äàëåå' åùå ðàç.  ðàçäåëå Application Configuration (Êîíôèãóðàöèÿ ïðèëîæåíèÿ) îñòàâüòå âñ¸ ïî óìîë÷àíèþ è íàæìèòå 'Äàëåå'. Ïîäòâåðäèòå âñå íàñòðîéêè è íàæìèòå "Äàëåå". È âû ïîëó÷èòå ñòðàíèöó ïðèâåòñòâèÿ íà icingaweb2. Ñíîâà íàæìèòå "Äàëåå", ÷òîáû íàñòðîèòü backend ìîíèòîðèíãà. Óñòàíîâèòå èìÿ Backend êàê 'icinga2' ñ òèïîì 'IDO', çàòåì íàæìèòå 'Äàëåå'. Òåïåðü âàì íóæíî íàñòðîèòü MySQL IDO backend ðåñóðñ äëÿ ïðèëîæåíèÿ icinga2. Ââåäèòå äàííûå áàçû äàííûõ äëÿ icinga2 è íàæìèòå êíîïêó 'Validate Configuration'. Ïîñëå óñïåøíîãî çàâåðøåíèÿ íàæìèòå êíîïêó 'Äàëåå'. Äëÿ 'Command Transport' âûáåðèòå 'Local Command File' è îñòàâüòå åãî ïî óìîë÷àíèþ. Çàòåì íàæìèòå 'Äàëåå'. Äëÿ ñëóæáû Monitoring Security îñòàâüòå âñ¸ ïî óìîë÷àíèþ è íàæìèòå 'Äàëåå'. Ïîäòâåðäèòå âñå íàñòðîéêè è íàæìèòå êíîïêó 'Ãîòîâî'. Òåïåðü óñòàíîâêà Icinga 2 è Icinga web 2 çàâåðøåíà, íàæìèòå êíîïêó 'Login to Icinga Web 2', è âû áóäåòå ïåðåíàïðàâëåíû íà ñòðàíèöó âõîäà. Ââåäèòå ïîëüçîâàòåëÿ, êîòîðîãî âû íàñòðîèëè â ñàìîì íà÷àëå è íàæìèòå êíîïêó "Âîéòè". È, íàêîíåö, óñòàíîâêà è íàñòðîéêà icinga2 è icingaweb2 íà ñåðâåðå Ubuntu 20.04 óñïåøíî çàâåðøåíà.