Skip to main content

DOMOS6 WebUI

The DOMOS6 WebUI allows you to configure all necessary settings of your appliance and execute system maintenance tasks.

Login​

Virtual Machine​

To login to the DOMOS6 WebUI, open https://DHCP-IP:10000 in your web browser (default). The default username is admin and the password is admin. It is recommended to change the password after first log in.

TypeDetail
Default URLhttps://DHCP-IP:10000
Default Loginadmin
Default Passwordadmin

DOMOS6 Login

Configure your workstation to an IP address in the same network as the IP address given to your virtual machine to be able to connect to the DOMOS6 WebUI.

Hardware-Appliance​

To login to the DOMOS6 WebUI, open https://192.168.2.1:10000 in your web browser (default). The default username is admin and the password is admin. It is recommended to change the password after first log in.

TypeDetail
Default URLhttps://192.168.2.1:10000
Default Loginadmin
Default Passwordadmin

DOMOS6 Login

Configure your workstation to IP 192.168.2.2(for example) with netmask 255.255.255.0 to be able to connect to the DOMOS6 WebUI.

Default Password Warning​

When logging into the DOMOS6 WebUI, you will be informed when default passwords are in enforced. We highly recommend you to change your passwords to more secure passphrases, as default passwords can impend a severe security risk to your system and network.

General Information​

In the upper right corner you are able to see who is currently logged in via WebUI. To log out hit Logout.

After changing any configuration, click the Save button which is displayed everywhere you are allowed to make changes. To apply your changes hit Activate Settings. This may take a while. Restarting services return success or failure messages. If you have changed the IP of the appliance you will not receive any response, because your browser will wait for the WebUI to return from the old IP. You will have to log in again on the appliance by directing your browser to the new IP.

Overview​

After logging in using the WebUI you will see the overview screen. This screen provides information about hostname, uptime, average CPU load, system time, DOMOS6 version and software as you can see in the following figure.

DOMOS6 Overview

Version Details​

The Version Details button can be used to view additional version information. The version for the initial installation is also displayed.

The Create System Report button can be used to create a system report of the system. When clicked, a .tgz file is created that contains all the log files necessary for analysis. After compilation, the .tgz file is offered for download in the browser.

danger

Depending on the number of logs, the creation may take some time. Please keep the page open during the creation.

DOMOS6 Version Details

Network​

By clicking on ”Network” in the menu on the left side an overview of the network configuration appears. This overview shows a basic summary of the network settings of your appliance, namely the network ports with their configuration such as IP and netmask, DHCP and an indicator if the interface is up or down.

DOMOS6 Network Overview

Interfaces​

This screen shows nearly the same information as the network overview, but here you are able to edit your configuration by selecting Edit of the interface.

DOMOS6 Network Interfaces

Modifying Network Configuration​

By selecting Edit in the interfaces overview you are lead to the configuration menu of a specific interface. At first basic information about the interface is given: The name. By activating DHCP the interface obtains its IP from a DHCP-Server. Otherwise configure the IP and the netmask manually. If you want to set the Maximum Transfer Unit (MTU) just edit the field beside MTU. The default setting is 1500. You can add multiple IPv4 addresses to an interface by clicking on the Add new IPv4 address button.

note

If you have restored an old DOMOS configuration file (DOMOS5 and older) the Virtual Interface configuration will be converted automatically to additional IPv4 address configuration.

DOMOS6 Edit Network Interfaces

VLAN (IEEE 802.1Q)​

DOMOS6 provides the option to add VLAN interfaces to your network. To add a new VLAN interface, click Add new VLAN. You will be presented with a dialogue in which you will be requested to specify which device the VLAN is to be attached to, what VLAN ID the interface is to be configured to, the IP Address, Netmask and MTU. To have the VLAN device brought up at boot, please check the Activate on boot checkbox. Once completed, click save to complete the configuration of the VLAN. Should you like to edit the configuration of an existing VLAN interface, click the Edit button in the β€œInterfaces” overview. To delete a VLAN interface, click the Del button. Once you have made changes to the interfaces, please click Activate Settings to apply the changes.

note

Your network may need configuration to incorporate VLAN traffic.

DOMOS6 VLAN Network Interfaces

Bonding​

DOMOS6 allows you to bond interfaces using the Link Aggregation Control Protocol (LACP). This means that you can bind two interfaces together to operate as one. To add a new bond click on Add new bonding interface. You will be prompted to enter a Name - which will later be used to refer to this interface. The Bonding Mode defines the strategy used to run the bond.

Here you can choose between one of the following:

balance-rr - Round-robin policy: Transmit packets in sequential order from the first available slave through the last. This mode provides load balancing and fault tolerance.

active-backup - Active-backup policy: Only one slave in the bond is active. A different slave becomes active if, and only if, the active slave fails. This mode provides fault tolerance.

balance-xor - XOR policy: Transmit based on the selected transmit hash policy. This mode provides load balancing and fault tolerance.

broadcast - Broadcast policy: transmits everything on all slave interfaces. This mode provides fault tolerance.

802.3ad IEEE - 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.

balance-tlb - Adaptive transmit load balancing: channel bonding that does not require any special switch support. The outgoing traffic is distributed according to the current load (computed relative to the speed) on each slave. Incoming traffic is received by the current slave. If the receiving slave fails, another slave takes over the MAC address of the failed receiving slave.

balance-alb - Adaptive load balancing: includes balance-tlb plus receive load balancing (rlb) for IPV4 traffic and does not require any special switch support. The receive load balancing is achieved by ARP negotiation.

Furthermore you will have to specify a value for MiiMon.

miimon - specifies the MII link monitoring frequency in milliseconds. This determines how often the link state of each slave is inspected for link failures. A value of zero disables MII link monitoring. A value of 100 is a good starting point. The default value is 0.

Finally, you will have to select the interfaces you wish to bond. Clicking on Save will conclude the configuration. Click on Activate Settings to apply the changes.

DOMOS6 Bonding Network Interfaces

Routing​

In the routing screen you can change your default gateway and static routes for IPv4 and IPv6. All routing is disabled by default.

DOMOS6 Network Interfaces Routing

Default Gateway​

In order to configure a default gateway enter the IP of your gateway.

Enable routing​

To enable or disable routing press the Toggle button next to the option Enable routing.

Autoconfiguration (IPv6)​

By default Autoconfiguration is disabled. If this is enabled and your network supports it, your network will provide a configuration for the routing which will be automatically applied.

Static Routes​

To add a static route click Add new static route. If you like to Edit or Delete a static route click the according button next to the static route.

DOMOS6 Network Interfaces New Route

Hosts​

Here you can define custom hostnames. This is especially useful, if you like to address hosts not covered by DNS. The overview titled β€œHost addresses” will display all locally defined hostnames. You can Edit existing hostnames or click Del to remove them one by one. By clicking Add a new host address you can add new hostnames. You will be requested to fill in the IP address, an FQDN (Fully Qualified Domain Name) and an Alias. Clicking on Save will add the new hostname. To apply the changes, please click Activate Settings.

DNS​

Here you can configure the hostname of your appliance and the DNS server(s) that will be used. You have to configure at least one working DNS server to allow the appliance to resolve domain names to IP addresses. Add a β€œSearch Domain” to automatically append it to hostnames that are not addressed by its FQDN, which would otherwise fail to resolve.

Ping​

You can use Ping to verify that a host is reachable. To do so, please enter the IPv4, IPv6 address or hostname of the target you like to verify the connection to. Optionally you can enter the amount of Ping packets you like to send. The default for this value is 10 packets. To start the ping command, click the Ping button.

DOMOS6 Network Ping

The response will take a moment. Your browser will automatically refresh to update the displayed results. In our sample output we have sent four ping packets to a host.

DOMOS6 Network Ping Sample

Traceroute​

Traceroute is a networking diagnosis tool used to show the route taken by packets across an Internet Protocol (IP) network. To initiate a traceroute, open the Traceroute dialogue, enter a IPv4, IPv6 address or hostname of a target into the Destination field. If you want, you can adjust the Maximum TTL to a desired value. Clicking Traceroute will initiate the traceroute. The response will take a moment. Your browser will automatically refresh to update the displayed results.

DOMOS6 Network Traceroute DOMOS6 Network Tracroute Sample

Date and Time​

Time​

This menu section displays information about the system timezone, time and date. If you have specified NTP servers, the button Synchronize now will trigger an NTP time synchronisation.

note

You can only synchronize the time if NTP is enabled

Timezone​

Select your timezone here. To apply the changes in the timezone, you will have to click on Save followed by Activate Settings to apply the changes.

note

Changes to the timezone will also affect the current set time.

Clock​

Set the time and date on your appliance. Clicking Save will instantly apply the changes. You do not need to click Activate Settings to apply this change.

NTP Client​

If you want to synchronize the time and date via Network Time Protocol (NTP) you can select your NTP Servers here. By default, NTP is deactivated. For simplicity, the default time server pool pool.ntp.org is included in the list of time servers. To add or remove an timeserver from the list, click on Edit timeserver list. There you can delete the selected timeserver from the list or add a new timeserver by inserting its hostname into the textbox.

DOMOS6 NTP

User​

System User​

Here you can change the passwords for the root and admin users. You will be prompted to enter the current password and the required new password.

note

With DOMOS6 the old WebUI user was removed and the login on the WebUI uses the password of the system admin user.

SSH Keys​

You can enable SSH key authentication for the admin user. These can allow a more secure authentication against the SSH deamon. By clicking on Add new SSH key, you will be prompted to provide a name for the SSH key and to specify the path to the according public SSH key file by clicking on Browse. Upload the key by clicking save. To enable SSH keys, check the β€œenable SSH key authentification for user admin” checkbox and Save the configuration. Clicking on Activate Settings the configuration will be applied.

caution

It is unwise to use SSH keys without a passphrase. If somebody achieves to obtain a copy of the keyfile, he/she will have access to all accounts that grant access to that key. Please avoid exposure of the private key.

LDAP​

This section allows to configure to get authentification data from an LDAP server. So additional users can login into the DOMOS system without having an account on the DOMOS system itself. Next to a normal password even a public SSHKey can be retrieved from LDAP to use passwordless pubkey authentification. After login on the commandline users can use the command sudo to gain root permissions. Users, identified by this way, can login into the DOMOS WebUI using own credentials.

The configuration is splitted into a dialog with the most useful settings and a page for advanced configuration settings.

Settings​

Here the basic configuration can be done. DOMOS6 User LDAP Configuration

You can find the following configuration settings on this page.

LDAP Authentification - Switch this on to use LDAP authentification

WebUI Login - Allow LDAP users to login into DOMOS WebUI

SSH Login - Allow LDAP users to login via SSH

SSH Login using key authentification - Allow SSH pubkey authentification

Sudo - Allow LDAP users to gain root permissions using sudo

LDAP URI- URI of LDAP server (e.g. ldaps://FQDN:Port)

LDAP Schema - Select LDAP scheme to use. Currently the following are available: rfc2307, rfc2307bis and IPA

LDAP Check TLS Certificate - Select checking mode of TLS certificate

TLS CA Certificate - If needed an own CA certificate can be uploaded here. A short info of an already uploaded CA certificate will displayed here. The Upload New Certificate button allows to upload a new certificate and the Remove button deletes the certificate.

LDAP Search Base - The default base DN to use for performing LDAP user operations

LDAP Default Bind DN - Bind DN to access LDAP server

LDAP Default Authentication Token - Password for Bind DN

LDAP User Search Base - Optional base DN and Filter for users

LDAP Group Search Base - Optional base DN and Filter for groups

LDAP Sudo Search Base - Optional base DN and Filter for sudo access

LDAP Access Order - Access control options

LDAP AccessFilter - Search filter for users (needed if Access Order is set to filter)

The button Configuration leads you the the advanced configuration page.

Advanced Configuration​

While the settings page allows a quick configuration of the most important settings, this page can be used to configure the access to the LDAP server in more detail.

tip

Please refer to the manual pages of SSSD (sssd, sssd-ldap, sssd-ssh, sssd-nss, sssd-sudo, sssd-pam) for information about the offered configuration settings.

DOMOS6 User LDAP Advanced Configuration

The page is divided into some sections. Each section shows a table of configuration. The first column shows the name of the option, the next column shows the value. The Del buttons removes the option from the configuration und the Edit opens a dialog to change the value of the option.

DOMOS6 User LDAP Advanced Configuration Section

Below each table you can find the button Add new Option. Pressing this button opens a dialog to select a new option and add a value to it.

DOMOS6 User LDAP Advanced Configuration Add new Option

Reset SSSD Cache​

Sometimes it is needed to reset the SSSD cache. Use the sss_cache tool (using the -E flag for all or -u User), DOMOS will flush the cache if it finds the file /run/domos/sssd_clean_cache on Activate Settings.

SNMP WebUI​

The SNMP WebUI allows you to configure the SNMP settings on your appliance. Clicking on the SNMP menu shows the status of the SNMP daemon.

DOMOS6 SNMP

General​

On the General page you can enable the SNMP daemon in the SNMP service section. You can decide if you want to activate the version 1/2c and/or version 3 features of SNMP.

DOMOS6 SNMP General

In the Common section a location description and a contact can be configured. The last section allows to change the network protocol (tcp or udp) and to bind the SNMP server on an arbitrary network interface. The default is to listen on any interface using the UDP protocol on port 161. The port number is fixed.

Communities​

The β€œCommunities” page allows the user to configure SNMP v1/v2c communities. This page has a table of defined SNMP communities, a link to add new SNMP communities and links to edit or delete SNMP communities. SNMP community name and access mode can be specified on this page.

DOMOS6 SNMP Communities

Users​

The SNMPv3 users on DOMOS6 are limitated to readonly. Also accessing has to happen using authentication and encryption. Therefore the β€œUsers” page allows you to create SNMPv3 users in one manner. To create a new user click on the Add new SNMPv3 user button and fill in the user data in to the formular. After saving the data using the Save button the new created user will be displayed in the SNMP v3 Users table.

DOMOS6 SNMP Create User DOMOS6 SNMP Users

Backup/Restore NG​

Last Configuration Backup​

Latest Configuration Backup displays the time when the last backup of the system configuration files was done. Below the timestamp of the Latest Data Backup is shown. Below you can find a checkbox. If this is marked (default), the warning Backup is not configured. will be shown in the messages section of the page. The warning disappears if a backup job is configured. If you don’t want to configure a backup job you can disable the warning by unchecking the Display backup warning checkbox.

DOMOS6 BackupNG Overview

Config Backup​

You can create a backup of your system configuration here by clicking on Create new configuration backup. Your browser will show a download dialog to copy the configuration to your workstation.

DOMOS Backup Config

Config Restore​

Select a configuration backup file from your workstation and upload it to the appliance to restore it. Once Restore is clicked, you will be shown Message: Restore done in the status bar.

DOMOS Backup Restore Config

Data Backup​

This shows an overview of the configured backup jobs. At each backup you will see the following:

Name - a descriptive name for a backup.

Type - type of backup in question.

Target - a name for the backup target.

Furthermore will be displayed three Buttons for every configured Backup Job:

Start Backup - initiates a backup to the according target.

Del - deletes a configured target.

Edit - will let you modify the configuration of a target.

DOMOS6 BackupNG Confjob

By clicking on Manage Targets, you can manage the configured backup targets. Add Backup Job will allow you to create a new backup procedure, which can be triggered manually or scheduled.

To create a new backup job, you will have to fill out the following:

  • Create a new backup job

    Job name - a name for the backup job.

    Description - a short description.

    Type - select if you want to backup the configuration or data or a software partner.

    Target - select the required backup target.

  • Scheduling

    Scheduling enabled - if enabled, this task will run at the selected interval

    Hour - selects the hour of a day at which this task is running.

    Minute - selects the minute of a day at which this task is running.

    Day of month - selects the day of a month at which this task is running.

    Month - selects which month this task is running.

    Day of week - selects which week day this task is running

By clicking Save the backup job is saved.

DOMOS6 BackupNG Confjob

Data Restore​

The Data Restore tab gives you an overview of all available backup targets. To see which backups are available on a target start a scan of the target.

Name - displays the target name.

Type - the type of target.

Host - IP or hostname of the target.

Scan - this button starts a scan of the target for available backups.

The result of the scan is displayed as table below the targets table.

Target - displays the target name.

Backup - name of the backup

Restore - this button starts the restore of the backup.

DOMOS6 BackupNG Data Restore

Targets​

Here you can configure your targets to be used in the DOMOS6 backup system. The Targets table lists all currently configured targets:

Name - a descriptive name for a Target.

Type - indicates the type of transport used for the backup. This can be:

  • FTPS - File Transfer Protocol using SSL

Host - hostname of the server used to backup to.

Test - this button tests if the backup server is available and the selected resource can be written to.

Edit - by clicking this button you can modify the configuration of a backup target.

Del - deletes a selected backup target.

DOMOS6 BackupNG Configure Target

Adding a Target - To add a Target, please click one of the following:

Add FTPs target - to add a FTPs target.

note

Currently just FTPs targets are possible. Other types will follow in future releases.

Add a target Depending on which type of target you are adding you will have to provide the following details:

Name - a name for the backup.

Description - a short description for personal reference.

Remote host - the remote host to be used for the backup.

TLS Connection - Check the box if certifcate check should be skipped.

TLS Version - If checked TLS v1.2 will be used. Default is to use latest available TLS version (currently TLS 1.3).

Port - Port number to connect to the target service.

Username - a username used to authenticate against the remote host.

Password - a password used to authenticate against the remote host.

Directory - select the directory used to store the backups to. If you backup to a FTP target please keep the following in mind: If no directory is specified, the user directory on the FTP server will be considered. If a directory is specified, the relative path as configured in the ftp server will be used. This could also be influenced by any enforced chroots. The directory must exist on the target server and will not be created by the backup software.

DOMOS6 BackupNG New FTPS Target

BackupClient​

The DOMOS6 backup client, available for Windows and Linux, enables easy pulling of a backup from the DOMOS6 system and writing of a restore to the DOMOS6 system. The backup client must be started on an external system and automatically connects to the DOMOS6 system. The backupclient program is designed to use in batch scripting or running by a backup system automatically.

The backupclient connects to a service on the DOMOS6 system. This service is only available if a corresponding client job is configured. The used default port is 9877, but this can be changed in the DOMOS6 WebUI.

The overview page shows if the Backup service is running.

DOMOS6 BackupNG Backup Client Overview

Server​

This page shows the current server configuration. It is important, that the right hostname is used. The hostname is automatically imported from the network settings, so that manual entry is normally not necessary.

Next you can limit the interfaces on which the server is listening. Per default it is listening on all interfaces.

The last option on this page is the port number. Default is port 9877 (TCP).

Please have in mind, that after changing the hostname/IP or the port number all clientconfiguration files must be downloaded again. Otherwise it will not be possible to access the backup server.

DOMOS6 BackupNG Backup Client Server Conf

Jobs​

Before a connect is possible via the backup client, a job must be configured first. This configuration job should be created for each individual backup client, even if they all work with the same data. Each client has its own login credentials inside the configuration file. If each client has its own configuration, then it is easy to revoke the access of a particular client by removing its configuration job.

The jobs table lists all configured client jobs:

Name - name of a job.

Type - type of backup.

Client configuration - Button to download the client configuration.

Del - Delete this job entry.

Edit - Edit this job entry.

The client configuration contains automatically generated login credentials (per client) and the server connection details. The information about the data to backup/restore are just stored on DOMOS6 itself.

To add a new job, please click on the button below the table.

DOMOS6 BackupNG Backup Client Job

Adding a new Job​

The form shows the following fields:

Name name of a job.

Description desciption of the job.

Type type of backup (e.g. DOMOS6 configuration backup).

Click on the Save button to create the new job.

Restore​

To prevent unwanted restores from the backup client, the restore process is initially deactivated. The current status of the restore status is shown on this page. Changing the status can be done by clicking on the Toggle button.

After a restore or a system reboot the restore status is set to disabled.

DOMOS6 BackupNG Backup Client Not Allowed

Downloads​

On this page you can download the backupclient (currently for MSWindows and Linux (64bit architecture)). Also a short documentation of using the backupclient can be found here.

DOMOS6 BackupNG Backup Client BC Download

Usage of backupclient​

The backupclient application is a commandline tool, which can be used on all operating systems in the same way. After downloading the right version for the used OS and the configuration file, the backup can be started with the following command:

bakresclient -config PATH-TO-CONFIGFILE -bakdir BACKUP-DIRECTORY

Normally a logfile bakresngclient.log is created in the same directory. Please check it if backup process was finished successfully.

In the same manner you can perform a restore of your DOMOS6 System using the backupclient. Please note, that restore must be enabled in the WebUI first.

bakresclient -config PATH-TO-CONFIGFILE -resdir DIRECTORY-TO-RESTORE

The backupclient has some options to configure the backup or restore process. All options are starting with one single dash.

-config - Path and name of job configuration, downloaded from DOMOS6 WebUI

-bakdir - Path where the backup should be written. Will be created if needed.

-resdir - Path of a backup directory, which should be restored. Restore must be enabled in the DOMOS6 WebUI.

-logfile - Path and name of client logfile.

-loglevel - Level from 0 (no logs) to 7 (all logs). Default is 4.

System​

System will show you an overview of the disk usage and indicates when the last backup of the system was done.

DOMOS6 System Overview

System E-Mails​

DOMOS6 provides the option of keeping you up to date on the system state by E-Mail. Depending on your configuration, DOMOS6 will send you E-Mails informing you about potentially occurred alerts, errors, warnings and notices.

Overview​

Once you click on System E-Mails an overview of the E-Mail configuration will be shown. Please fill in the fields of configuration according to the environment you want to send E-Mails with.

SMTP Relay - specify the IP address or hostname of the E-Mail server you want to use.

Connection - a dropdown menu which lets you select between β€œSMTP” or β€œSTARTTLS”.

Use different Port - fill in the portnumber into this field, if you like to use a port other than the default port (25 for SMTP).

Sender Name - name of the DOMOS6 system.

Sender E-Mail address - sender address of the DOMOS6 system.

Authentication method - choose the Authentication method needed for the SMTP Relay. Can be None, Login or Outlook

Once you have entered the appropriate configuration, please click on Save and Activate Settings to have your settings applied.

DOMOS6 System Emails

Authentication method "Login"​

After you have selected the desired authentication method, click Save. After that the button Configure Login appears. Click on it to configure the credentials for the SMTP relay.

DOMOS6 System Emails

User Name - fill in the username, that you want to authenticate against your mail server

Password - fill in the password, that is needed to authenticate at the target mail server. Please retype the password into the field below as well.

DOMOS6 System Emails

Once you have entered the appropriate configuration, please click on Save and Activate Settings to have your settings applied.

Authentication method "Outlook"​

After you have selected the desired authentication method, click Save. After that the button Configure Login appears. Click on it to configure the credentials for the SMTP relay.

DOMOS6 System Emails

Follow Microsoft's instructions to register an application.

Use any name you like. Under "Platform configurations", add a native-client redirect URI for mobile/desktop applications: https://FQDN/page/sys_mail_authoutlooktoken.

Then, add API permissions for SMTP.Send:

  • click on API permissions and add a new permission by Add a permission
  • choose Microsoft APIs -> Microsoft Graph
  • select Delegated permissions
  • from there enter SMTP in the search box. Expand the SMTP permission, then check the SMTP.Send checkbox
  • click on Add permissions

DOMOS6 System Emails

All necessary details to configure the client in DOMOS, you get in the Overview of your App in Azure.

DOMOS6 System Emails

Use the Client ID, Tenant ID and Token Endpoint from your Azure App and paste the information into the form in DOMOS as seen. The username is the one used for sending mail. Click on Save

DOMOS6 System Emails

tip

If required, a proxy can be optionally defined.

After the form has been successfully saved, you can retrieve the initial token on the following page. To do this, you need to click on the Get Token button.

danger

Please note that SSO by Microsoft is possible here. So if you are logged in to the browser with an SSO enabled account, this will be used to collect the token. If this is not desired, please open a new browser or use the "InPrivate" functionality. From there, a fresh login to Microsoft can be performed with a different user.

DOMOS6 System Emails

Once the authentication is successfully completed, you will be redirected back to the DOMOS system. The Got Tokens message appears. Now click on Activate Settings to have your settings applied.

DOMOS6 System Emails

Group of Recipients​

Groups of Recipients - Here you can define groups of recipients, add new users to the lists and remove outdated lists. The Name of the recipient list will be shown in theOverview. Recipients will enumerate the recipients assigned to the lists.

Add New Group of Recipients - Here you can setup a new list of recipients. In the Name field you can specify a name for the recipient list. Please fill out the Recipients field with the users you like to add to this recipient list. Please separate the E-Mail addresses with a comma (Example: person1@example.com,person2@example.com). Once all recipients are added to the list, click on Save to keep the new list added.

Delete an existing Group of Recipients - To delete an existing group of Recipients, please click the Del button in the Groups of Recipients overview.

Edit an existing Group of Recipients - To edit an existing group of Recipients, please click on the Edit button. This will show you a list of recipients in the selected list. Edit the list of recipients accordingly and click Save to get your modifications submitted.

Outgoing Queues​

This will give you an overview of the currently configured E-Mail notifications. You will be shown a table with the following fields:

Sending Module - This indicates the module used to send E-Mail.

E-mail Types - Describes what E-Mails the specified module will send.

Recipients - Lists the recipients for that E-Mail queue.

Add New Outgoing Queue - To add a new Outgoing Queue of E-Mail notifications, please click on Add New Outgoing Queue. You will be prompted to fill in the following details:

  • Sending Module - Please specify which module you want to receive E-Mail notifications from

  • E-Mail Types - Specify which E-Mail types you want to have sent in the new Outgoing Queue.

  • Recipients List - of recipients When specifying the list of recipients, you can either add groups of recipients by checking the according checkbox in front of the group. You can also add recipients individually. This is especially useful if you like to add custom recipients not added to any specific group.

Delete an existing Queue - To delete an existing Outgoing Queue, click the Del button in the respective column.

Edit an existing Queue - To modify an existing Queue, click on Edit. Here you can modify the recipients of a specific queue as well as change which notifications should be send to the members of the queue.

Testing - To test the configuration of a queue, you can click on Test. As a result a sample E-Mail will be send to all the recipients defined in the Outgoing Queue. This button can be used to verify, that an Outgoing Queue is correctly configured and that DOMOS6 is able to communicate correctly with the E-Mail server.

Update​

Here you can update your DOMOS6 installation. There are two options to keep your DOMOS6 system updated - automatically off the Internet or by manually updating.

caution

Updates are only available if a valid license is installed.

DOMOS6 System Update

Updates from DOMOS6 repository​

If your appliance has access to the Internet, you can download DOMOS6 updates directly from SECUDOS. The DOMOS6 repositories are listening on port 443 and 10000. The list of available DOMOS6 repositories is requested from https://www.secudos.de. Please ensure that the appliance can access www.secudos.de on port 443 and the update server on port 443 or 10000. To verify the availability of new updates, click Check for new Updates. After a few seconds the list of available packages is loaded and you will be informed if there are new applicable updates. The count of available packages is displayed and, if available, information about the installable package can be shown by clicking on the Show Changes button. On a new page information about changes are displayed. At the top a box informs you about a needed reboot. Below you can find information about the updates to install sorted by categories. If available special hints will be shown to assist you to finish the update properly.

To trigger an update click Install Updates. DOMOS6 will then proceed to download the updates and install them.

DOMOS6 System Updates available

DOMOS6 System Updates Changes

Update Settings​

Should you need to use a HTTP-proxy to access the Internet, this can be configured under the Proxy Configuration section.

DOMOS6 System Updates Settings

Use HTTP-Proxy - enables or disables the use of a HTTP proxy

Server IP - IP address of the proxy

Server Port - the port to be used

Proxy-Authentication - enables or disables authentication for the proxy

User Name - the user name used to authenticate with

Password - the password used for authentication

You can configure your automatic updates in the Settings for automatic updates section.

Check for updates - Enables automatic checking or installing for updates.

Update mode - If check is selected, the system will automatically check for updates and if configured will inform by email for new updates. If install is selected, the downloaded packages will also automatically be updated.

Update Log​

Clicking on Show Last Update Log will show you a log of the last update process. This log persists and can be reviewed at any time.

WebUI Certificate​

caution

During the initial boot sequence, a self-signed SSL certificate is generated. It will expire within 1 year. We recommend that you replace this certificate in a timely manner.

DOMOS6 SSL Certificate

You can change the server certificate which is used to ensure that communication between the WebUI and the client browser is secure. Use this feature to deploy a custom SSL certificate. To change the SSL certificate in use, click on Change WebUI SSL Certificate to upload your own SSL certificate.

Change WebUI SSL Certificate​

Here you can replace the SSL Certificate used in the DOMOS6 WebUI. You will be prompted to provide a private Certificate, a public Certificate Key as well as Certificate Chain file (optional).

The provided keys must be presented in the PEM format. To select each, click on the according Browse keys. Once you have selected the desired SSL certificate and key file, click on Upload. Click Activate Settings once you have uploaded the desired SSL certificate and key.

DOMOS6 SSL Certificate Upload

You can also create a certificate signing request (CSR) by clicking on Create WebUI SSL Certificate Request. The following details are required to fulfill such a request:

  • Country Name - 2 letter code
  • State or Province Name
  • Locality Name - eg. city
  • Organization Name - eg. company
  • Organizational Unit Name - eg. section
  • Common Name - server name
  • E-Mail address
  • Key length - 1024, 2048 or 4096 bit

After clicking Create, you can download it under the Last Created Certificate Request section by clicking on Certificate Request and Certificate Key.

Client SSL CACertificate​

DOMOS6 offers the possibility to secure the WebUI by ensuring that the browser accessing the WebUI is allowed to do so. The browser will have to present a valid SSL client certificate to be granted access to the WebUI. To do this, you will have to add a CA-Certificate by clicking on New Client SSL CA-Certificate. Click on Browse to select the CA-Certificate file and Upload to have it sent to the server. Once the file is uploaded, the WebUI will inform you whether the upload was successful and presents you an acknowledgment.

Message: New CAcertificate uploaded
Message: Issuer: C=DE, ST=NRW, L=Dortmund, O=Secudos GmbH,
CN=Secudos Root CA, emailAddress=support@secudos.de
Message: Valid: Jan 5 03:44:54 2010 GMT to Jan 3 03:44:54 2020 GMT
Message: CACertificate accepted

To enforce client certificates, check the enable using client SSL certificates checkbox, click on save and finally Activate Settings to complete the configuration. Your browser will also need to be configured for this setup. You will need to import a valid client certificate. Please refer to the documentation of your browser to obtain instructions on how to import a certificate.

WebUI Configuration​

This section is used for making adjustments to the WebUI.

Login Autocompletion - This option lets you toggle the autocompletion for the DOMOS6 WebUI. This is useful if you work on multiple workstations and want to avoid accidentally loss of your login credentials.

Set button - Decide whether you would like to save your configuration automatically or not

Session timeout - Set a time value (in minutes) for the session timeout

WebUI Interface - Set the network interface(s) on which the WebUI should be available

By clicking on Bind WebUI on Interface you can add a network interface to the list of interfaces on which the WebUI should be available. To delete an entry you can use the Delete button in the table next to the entry.

DOMOS6 WebUI Configuration

SSH Configuration​

Here you can configure the SSH Server installed on DOMOS6. By default SSH is enabled and is bound to all configured interfaces. You can limit SSH to listen on specific interfaces. This is achieved by clicking on Bind SSH on interface. Select the interface you wish to use and click Save. To remove an interface click the Delete button accordingly.

DOMOS6 SSH Configuration

License​

DOMOS6 uses licenses which are necessary for the operation and the update of the system. The overview will give you a brief overview of the currently installed license as well as the features it has. A license is comprised of the following data:

Name - The full name of the entity the license was issued to.

UID - A unique identifier for the license.

StartDate - The date the license validity begins.

EndDate - The date a license validity expires.

Features - The features incorporated in the license.

To update your license, you can upload a new license file using the Import new license file selector. Once a valid file has been selected, click Upload to have the file uploaded to the appliance.

There are two different types of DOMOS licenses:

Abo license​

A abo license is not limited in its duration, but rather ends only after an explicit termination request. This license can be deactivated at shorter intervals. The advantage of a abo license is that after import it is automatically checked whether a Qiata license is available on the license server.

caution

In order for the abo license to check for possible Qiata licenses, please make sure that the network configuration is complete and that the system reaches the host ls3.secudos.de.

DOMOS6 Abo License

If one is available, it will be installed automatically, so that a manual import of a Qiata license is not necessary. If there are changes within the license, these can be imported automatically after a certain time.

Normal license​

A normal license is limited in its duration and cannot be extended. After expiration, a new license with corresponding validity must be imported. In addition to the DOMOS license, a Qiata license must also be imported manually in this way. There is no automatic process here.

DOMOS6 License

Misc​

Choose your preferred key mapping for direkt console access (like consoles for virtual machines).

DOMOS6 License

Shutdown​

Shut down your appliance using the WebUI. Unsaved data will be lost. Never remove the power from your appliance before shutdown is complete.

Reboot​

Reboot your appliance using the WebUI. Unsaved data will be lost.

Logs​

DOMOS6 includes a log viewer to inspect the system log files directly from the WebUI. You can download the log files by selecting the Download button or click on the Show button to view a specific log. While viewing a log file you can let the WebUI automatically reload the contents of the log file, allowing a continuous view of the log output.

Remote​

Logs of the services can be sent to an external syslog server. The configuration dialog contains the following items:

Remote logging - enables the logging to an external server

IP address - IP address of syslog server

Port - port on external server (default is 514)

User TCP - use TCP protocol instead of UDP. This allows a reliable logging to the external server. The syslog server has to support this protocol too.

Retry Count (TCP) - set count of tries to send a log to the external server if TCP is in use. The default value of -1 means infinite retries.

DOMOS6 Syslog

Settings​

Here you will find an option to enable logging of all performed commands on the system. The logged commands are written into the secure log.

DOMOS6 Syslog

DOMOS6 Console​

There are two ways to connect to the DOMOS6 Console: Using SSH or a serial console. The default passwords are the following:

DescriptionUsernamePassword
Super-Userrootsecudos
Normal Useradminadmin
caution

Please note that a direct login as root user is not possible.

SSH login / VM​

For logging into the DOMOS6 system via SSH you need an SSH client on your workstation. For Windows users we recommend using PuTTY. Most Linux or other Unix-like systems have an SSH client installed by default. If you did not change the IP of the appliance you will be able to connect using the IP DHCP-IP.

For example on Linux:

ssh admin@DHCP-IP

Using the default configuration it is not possible to use the root account directly. To get root access you have to connect to the appliance as user admin first and obtain super user rights by using the command su -. To change the password of the user admin or root use the WebUI or change them directly by using the commandline tool passwd.

SSH login / Hardware-Appliance​

For logging into the DOMOS6 system via SSH you need an SSH client on your workstation. For Windows users we recommend using PuTTY. Most Linux or other Unix-like systems have an SSH client installed by default. If you did not change the IP of the appliance you will be able to connect using the IP 192.168.2.1.

For example on Linux:

ssh admin@192.168.2.1

Using the default configuration it is not possible to use the root account directly. To get root access you have to connect to the appliance as user admin first and obtain super user rights by using the command su -. To change the password of the user admin or root use the WebUI or change them directly by using the commandline tool passwd.

Serial console​

For logging into the DOMOS6 system via the serial console you need a terminal program on your workstation. For Windows users we recommend hyperterminal and for Linux minicom. Configure your terminal programm to use the following settings:

Speed115200bps
ParityNone
Data8
Stopbits1
tip

These settings are often predefined as 115200, 8N1.