Setting Up Devices

When you take possession of your Roving Edge Infrastructure device, your device is updated to Customer received status in the Oracle Cloud Infrastructure Console for your tenancy.

Perform the following tasks when you first receive your Roving Edge Infrastructure devices, including inspecting the device and ensuring there has been no tampering.

1. Visually inspect the Roving Edge Infrastructure device shipping container for any damage, tampering, or missing ties before opening it.

2. Unpack and visually inspect each Roving Edge Infrastructure device for any tampering or damage.

   Report any damage or concerns to Oracle using a Service Request ticket.

Use the following guidance for setting up your terminal emulation.

Oracle recommends the following terminal emulation software depending on your host operating system:

Configure the following terminal emulator software settings:

After you receive your Roving Edge Infrastructure devices and they have passed inspection, connect them to your local network through the 10GBaseT RJ-45 Ethernet port. The intra-node network runs over the 100GbE QSFP28 ports connected to the internal switch.

You need a controlling host computer, such as a laptop, running terminal emulation software such as PuTTY to perform this task. See Setting Up Terminal Emulation.

1. Connect the provided USB-to-DB-9 Ethernet cable from the Roving Edge Infrastructure device serial port to a controlling host using terminal emulation.

2. Power up the device.

The Roving Edge Infrastructure device Serial Console contains the following commands:

• Unlock Device: Use to unlock the device using an unlock passphrase obtained from the device's node resource in Oracle Cloud Infrastructure. See Unlocking Devices.

• Change Passphrase: Use to update the device's unlocking passphrase. This passphrase is listed in the Details section of your node in the OCI Console.

• Configure Networking: Use to configure IP address, subnet, and gateway for the device. You can also configure DNS, NTP, and the public IP pool range for Compute VM instances through this command. See Configuring Networking.

• Show Status: Use to display the device software version, lock or unlock status, and other device information.

• Show System Diagnostics: Use to display diagnostic information regarding the device's system attributes.

• Shutdown Device: Use to shut down the device.

• Reboot Device: Use the reboot the device.

• Enter Safe-Mode: Contact support before using Safe-Mode, use when the storage is full resulting in write and/or read errors. At this storage capacity level the Compute service and other device operations are suspended. While in safe mode, you can remove items from object storage until the capacity is lower, preferably at 80% or less. See Avoiding Storage Overages Using Safe Mode.

• Exit Safe-Mode: Use to take the device out of safe mode after you have lowered the device's storage capacity level. See Avoiding Storage Overages Using Safe Mode

• Shred Key: Use to destroy or "shred" the master key of your device. Run this command if you believe the device's has been compromised or is unsafe and is likely to be compromised. See Shredding the Master Key

• Recover Key: Use to recover a device whose key has been shredded and return it to service. See Recovering Your Device after Shredding the Master Key.

• Reset Device: Use to reset the device, either to factory level (objects in object storage are deleted) or service level (objects in the object storage retained.). See Resetting Devices.

• Advance Menu: Use to access additional menu commands:

  • Banner Management: Use to run various banner tasks. The banner is the default message that appears when you attempt to log into the device. See Managing the Banner.

  • Network Management: Use to display the status various network-related topics. See Managing the Network.

  • Password Management: Use to specify the number of user login attempts allowed. See Managing Your Password.

  • Storage Management: Use to enable and configure Linux logical volume management (LVM). See Configuring Linux Logical Volume Management.

• Node Health: Use to monitor the storage health in Roving Edge Infrastructure device nodes. Storage health covers following components:

  • Block storage health

  • Object storage health

  • Storage backend services health

  • Disk health

  The health of a service on a device node is determined by the following classifications:

  • AVAILABLE: The service is available, and all components are functional.

  • WARNING: The service is still functional, but some minor issue is happening and we may need to pay attention.

  • DEGRADED: The service is partially functional and some components have issues.

  • UNAVAILABLE: The service is not responding or some components have critical issues which make the service not functional.

• Diagnostics: Use to run tasks related to collecting diagnostics data related to Roving Edge Infrastructure device performance. You can collect the diagnostics data and forward it to Oracle for analysis. See Collecting Device Diagnosis Information.

• Help: Use to display the online help for the Serial Console.

You can configure Linux logical volume management (LVM) for block storage on a Roving Edge Infrastructure device. See Understand And Use The Logical Volume Manager (LVM) On Oracle Linux for more information on LVM using Oracle Linux. See Overview of Block Volume for general information on how you can manage your block volumes.

When you enable LVM on a Roving Edge Infrastructure device, 400 GB of storage space on the device is automatically reserved for use by the block storage imaging service. Your total available storage space for block storage is reduced by 400GB.

After you have entered your unlock passphrase and have full access to the Roving Edge Infrastructure device, configure its networking settings through your controlling host.

1. Using terminal emulation, select the Configure the Network menu option. The following options appear:

   • Set Node IP Settings (Current Node Only): Use to set the node IP address, subnet mask, and default gateway.

   • Display Settings: Use to show the current network settings.

   • Set Public IP Pool Range for Compute Instances: Use to set the external IP address pool for Compute instances. IP addresses are being allocated from this pool when an instance is created with public IP address assigned to it. This operation removes current external IP address pool and replaces it with the ranges from the new input.

   • Display Public IP Pool Status: Use to show the current public IP pool range.

   • Control Network Ports: Use to enable or disable network ports.

   • Configure DNS: Use to configure the DNS servers for the current node control plane. Reboot the device for the DNS configurations you make take effect if device is already unlocked.

   • Configure Subnet Gateway: Use to configure the gateway for a given subnet. The destination can be the default IGW or a private IP Address. You can perform the following tasks:

     • Show Configuration: Use to show the current subnet gateway configuration. The output shows whether the destination is IGW or a private IP address for each subnet.

     • Update Configuration: Use to update the current subnet gateway configuration. For example:

       ---------------------------------------------------------------------------------------------
       Idx  Subnet CIDR      DNS Label     Gateway
       ---------------------------------------------------------------------------------------------
       1    10.0.1.0/24      Subnet-1      10.0.2.2
       2    10.0.2.0/24      Subnet-2      IGW
       3    10.0.3.0/24      Subnet-3      IGW
                                           
       Enter Subnet Index: 1
       Enter the gateway (IGW or private IP address) for this subnet:

   • Configure NTP: Use to perform the following NTP configuration tasks:

     • Display NTP Configuration: Use to configure external NTP servers. For example:

       Local Time and RTC
       Local time: Fri 2022-05-13 04:26:41 UTC
       Universal time: Fri 2022-05-13 04:26:41 UTC
       RTC time: Fri 2022-05-13 04:26:43
       Time zone: UTC (UTC, +0000)
       NTP enabled: n/a
       NTP synchronized: no
       RTC in local TZ: no
       DST active: n/a

     • Update NTP configuration: Use to identify the primary and secondary servers that set up the NTP configuration for the device.

   • Reset Network: Use to reset the network by erasing all the network configurations such as Node IP, Public pool, DNS, NTP, and Gateway.

   • Help: Use to display online help for the Network Configuration menu options.

   • Go Back: Use to return to the main Serial Console menu.

By default, a Roving Edge Infrastructure device arrives in a locked state. After you have connected the device to your network, you must unlock the device using an unlock passphrase obtained from the device's node resource in Oracle Cloud Infrastructure. Also, anytime you reboot the device, it reverts to a locked state. Receiving a "Device is locked" message after trying to connect to an API endpoint is indicative that the device is in a locked state. Unlock the device to proceed.

Your device must be running and connected to your controlling host running terminal emulation software such as PuTTY to unlock the device. See Setting Up Terminal Emulation.

1. Connect to the Oracle Cloud Infrastructure Console for your tenancy.

2. Access the node request within the Roving Edge Infrastructure service.

3. Locate the unlock passphrase, which is listed in the Details section of your node resource.

4. Access the device using terminal emulation. See Setting Up Terminal Emulation for more information.

   You are prompted to provide the unlock passphrase.

5. Enter the unlock passphrase.

   The device now accepts your commands.

You can reset your Roving Edge Infrastructure device to various levels. Use this feature if your device is not functioning correctly and you cannot recover it using regular troubleshooting operations such as rebooting.

Resetting your device affects its on-device services. If a service has been modified by a system upgrade, resetting the device reverts the service to its original version. All virtual machine (VM) instances, block and boot volumes, network configurations are deleted by resetting your device. The state of IAM service is also removed. The system prompts you for a new root password, and after that the IAM is reinitialized to the blank state with only the root user active.

Object storage contents are not automatically deleted in the same manner as the other services. When you perform a factory reset, you are prompted to select one of the following object storage options:

Your device must be running and connected to your controlling host running terminal emulation software such as PuTTY to reset the device. See Setting Up Terminal Emulation for more information.

1. Using terminal emulation, select the Reset Device menu option. The following options appear:

   • Factory Reset: This option deletes all VM instances, boot volumes and block volumes on the device. All system upgrades are rolled back. All user information is deleted and a single root user is created. All objects in the object storage are deleted, including VM images and audit logs.

   • Service Reset: This option deletes all VM instances, boot volumes and block volumes on the device. All user information is deleted and a single root user is created. Objects in the object storage remain untouched.

   • Network Reset: This option resets the network configuration values to the factory default for items such as DNS servers. User-configured values, such as IP addresses are removed. See Configuring Networking after you reset the network to reestablish your networking.

2. The following options appear:

3. Enter the device passphrase when prompted. See Unlocking Devices for more information.

4. Enter the new user root password when prompted.

Object storage contents are not automatically deleted in the same manner as the other services. When you perform a factory reset, you are prompted to select one of the following object storage options:

• Preserve objects: Deletes all VM instances, boot volumes and block volumes on this device. All system upgrades are rolled back. All user information is deleted and a single root user is created. All objects in object storage remain untouched.

• Do not preserve objects: Deletes all VM instances, boot volumes and block volumes on this device. All system upgrades are rolled back. All user information is deleted and a single root user is created. All objects in object storage are deleted.

Oracle recommends keeping the total storage capacity (object storage + block volume storage) on your Roving Edge Infrastructure devices at 80% or less if LVM is enabled. If LVM is not enabled, then keep the object storage capacity at 80% or less. See Using Logical Volume Management for more information.

When the storage is full, read and write errors can occur and storage operations cease. If this occurs, place your device in Safe Mode and remove items from object storage until the capacity is lower, preferably at 80% or less.

Your device must be running and connected to your controlling host running terminal emulation software such as PuTTY to place the device in Safe Mode. See Setting Up Terminal Emulation and Operating the Serial Console for more information.

1. Using terminal emulation, select the Enter Safe-Mode menu option.

2. Remove items from object storage. Oracle recommends keeping object storage levels at 80% or less.

3. Select Exit Safe-Mode. After the Roving Edge Infrastructure device determines that its object storage capacity is below the 95% level, it returns to normal operation.

See Performance and Usage Thresholds for more information about monitoring and calculating object storage capacity on yourRoving Edge Infrastructure devices.

You are accessing a U.S. Government (USG) Information System (IS) that is
provided for USG-authorized use only. By using this IS (which includes any
device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing, COMSEC monitoring,
network operations and defense, personnel misconduct (PM), law enforcement
(LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject
to routine monitoring, interception, and search, and may be disclosed or used
for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls)
to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE
or CI investigative searching or monitoring of the content of privileged
communications, or work product, related to personal representation or services
by attorneys, psychotherapists, or clergy, and their assistants. Such
communications and work product are private and confidential. See User
Agreement for details.

You can run different commands regarding the device banner, including changing the message.

1. Using terminal emulation, select the Advanced Menu > Banner Management menu option. The following options appear:

   • Display Banner: Use to display the current banner information.

   • Update Banner: Use the create a new banner message. Enter the message you want to replace the current banner.

   • Disable/Enable Banner: Use to disable the banner, or re-enable the banner if it is currently disabled. If the banner is disabled, you are promoted to enter your password when you attempt to log into the device with no banner message appearing.

   • Reset Banner: Use to revert the existing banner message to the default one that came with the device.

2. Enter you option choice and continue.

You can manage various device network capabilities from the Serial Console.

1. Using terminal emulation, select the Advanced Menu > Network Management menu option. The following options appear:

   • MACsec Status: Use to show the current status of the network connection over MACsec. If the status isn't OK, the device attempts to repair the MACsec connection by flapping the interface.

   • Internet Gateway Status: Use to show which internet gateways (IGWs) are active and how the connection from on-premises flows for instances on nodes without an IGW.

   • VNIC Information Table: Use to show detailed information (IP, DNS Name, Attachment information) about all the VNICs that have been created on the system.

   • Diagnostic Commands: Use to run diagnostics commands from the Serial Console to help troubleshoot network connectivity issues. Currently, Roving Edge Infrastructure supports the Ping and Traceroute commands.

2. Enter you option choice and continue.

You can manage the number of password attempts allowed in the Serial Console.

1. Using terminal emulation, select the Advanced Menu > Network Management menu option. The following option appears:

   No. of attempts before key is shredded (Default:10)

2. Select this option. The following option appears:

   Enter number of unlock attempt allowed (between 3 and 100)

3. Enter the number of attempts the user can try to unlock the device before they are prevented from any further tries. The number of attempts can be between 3 and 100. If you do not provide a value, the default number 10 is used.

Enter the passphrase to unlock the screen: ****
*** 1 failed attempt out of 4 allowed attempts. Once failed attempt reach 4, data access will be lost. ***
Error: The passphrase is incorrect!

*** Next failed attempt will shred the unlock key and data access to this device will be lost. Used 3 attempts out 4 allowed attempts. ***
Error: The passphrase is incorrect!

You can disable your Roving Edge Infrastructure device's ability to have its system upgraded in a disconnected environment using the Serial Console. Disable the disconnected upgrade by discarding the signing public key. You can also display the device's signing public key.

1. Using terminal emulation, select the Advanced Menu > System Upgrade Management menu option. The following options appear:

   • Disable Disconnected Upgrade: Use to disable the disconnected upgrade feature by discarding the public signing key. See Device Software Management for general information.

     Note
     
     

     This is an irreversible action. You cannot perform a disconnected upgrade until the key is restored by connecting back to Oracle Cloud Infrastructure. Do not perform this operation unless advised by Oracle to discard the upgrade bundle signing public key.

   • Display Signing Public Key: Use to display the public key corresponding to the private key that was used to sign the disconnected upgrade bundle.

2. Enter you option choice and continue.

You can view and management your Roving Edge Infrastructure device's storage capabilities.

1. Using terminal emulation, select the Advanced Menu > Storage Management menu option. The following options appear:

   • Display LVM Configuration: Use to view whether LVM is enabled (true) or not (false) for the block volumes.

2. Select this option and continue.

There are times when you need to access the encryption key from the Roving Edge Infrastructure device through the Serial Console. For example, if you are encrypting a downloaded diagnosis bundle that you are preparing to forward to Oracle for analysis.