Retrieve Hardware Status Using the SuperDoctor5 (SD5) Tool
Secure Web Gateway Secure Web Gateway version 12.2 or later version supports the Supermicro SuperDoctor5 (SD5) tool to retrieve the appliance status for F models.
If SD5 is enabled, hardware status information is available under the SNMP protocol. For SNMP setup details, click here.
An overview of the available information is then provided in Management Information Base (MIB) files, which are located in the file system of the monitored appliance. The path to these files is /opt/supermicro/sd5/mibs.
To enable the SD5 tool:
-
Log in to the appliance using the SSH console.
-
Run the
sd-enablecommand.
SuperDoctor5 (SD5) is enabled.
You can disable the tool with thesd-disablecommand.
When running SD5, you cannot use the Remote Management Module (RMM) to retrieve hardware status information simultaneously.
NOTE: It is recommended to add a timeout of two minutes in the SNMP client browser to access Supermicro Object IDs (OIDs) using the SD5 tool.
Terminating SuperDoctor5 before Running the RMM
If you enter the rmm-show command to start the Remote Management Module (RMM) while SuperDoctor5 (SD5) is running, you are prompted to terminate SD5 first.
If you select yes after the prompt, SD5 is stopped. RMM commands are then executed. SD5 restarts when execution of the RMM commands is completed. If you select no, SD5 keeps running, RMM commands are not executed, and RMM exits.
Output after selecting yes:
[root@mwgappl sum]# [root@mwgappl sum]# rmm-show SuperDoctor5 service must be stopped to configure RMM Please confirm that SuperDoctor5 can be stopped temporarily. [yes] yes Redirecting to /bin/systemctl stop sd5.service LAN Channel : rmm (1) IP Address Source : Static Address IP Address : 10.213.231.18 Subnet Mask : 255.255.255.0 Default Gateway IP : 10.213.231.252 Enabled users channel 1 : 2
Output after selecting no:
[root@mwgappl sum]# [root@mwgappl sum]# rmm-show SuperDoctor5 service must be stopped to configure RMM Please confirm that SuperDoctor5 can be stopped temporarily. [yes] no Exiting on user request. [root@mwgappl mibs]#
Accessing SD5 Web Interface
SD5 is Supermicro's proprietary tool and an agent system that runs on SWG hosts designed by Supermicro to provide local system health and information. SD5 supports a web-based interface program and a command line interface program for server management and monitoring.
Web interface for SD5 can be accessed on SWG using https://<SWG IP>:8444, with the default credentials root/webgateway.
When SD5 is enabled using sd-enable, it opens up the following ports on all interfaces that are required to run the SD5 service:
- Binds TCP port 8444 for HTTPS UI access of SD5
- Binds TCP ports 5333, 5666, and 5999 for NRPE
- Binds for internal communications TCP port 7777 and a free TCP port between 31000-32999
- SNMP GET sent on UDP 161
- SNMP Trap sent on UDP 162
NOTE: Since SD5 cannot be configured to listen to specific IPs, it is recommended to use IP tables or firewalls to block designated IPs and eliminate packets directed towards the SD5 service port.
SD5 UI is accessed using https://<SWG IP>:8444 with default credentials root/webgateway. Additionally, the passwords can be changed from the SD5 UI.
To change the password:
- Access the SD5 UI using https://<SWG IP>:8444 with default credentials.
- Navigate to Configuration > Account Setting.
- Change the password.
Users can also disable the UI access for SD5.
To enable or disable the UI access for SD5:
- Stop the SD5 service using
sd-disable. - Add the line
enableHttps=false/truein the file /opt/supermicro/sd5/config/agentweb.properties to disable/enable the UI access. - Start the SD5 service using the
sd-enablecommand.
NOTE: To ensure that the SD5 responds with Supermicro OIDs (1.3.6.1.4.1.10876) and the SNMP query works, the user must add the community string in the SWG SNMP configuration tab that will be used to query the OIDs. This is necessary because the SNMP query must be routed through the SWG agent (SNMPD) to reach the SD5, as there is no independent listener on the SD5 for direct access.