000026608 - How to perform Spectrum Cloud Server and Software Update Server connectivity tests

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000026608
Applies ToRSA NetWitness NextGen
RSA NetWitness Spectrum
RSA NetWitness Spectrum 1.1.5.1
RSA NetWitness Spectrum 1.1.5.2
RSA NetWitness Spectrum 1.1.5.5
IssueHow to perform Spectrum Cloud Server and Software Update Server connectivity tests.
Resolution

The following is a list of connectivity tests that can be run from spectrum appliance to confirm a spectrum appliance's connectivity to the cloud and software updates servers.
Test Spectrum Appliance Connectivity to Spectrum Cloud Server:



There are 2 ways a spectrum appliance can connect to the Spectrum Cloud Server: connect directly on port 50007 or though a SOCKS4/5 proxy server.


Note: use of Web/HTTP proxy to connect to the cloud server is not supported.


1) Use this command if connect directly:


     curl http://cloud.netwitness.com:50007 -v 


Here is a sample output of proper connection to the cloud server from your spectrum appliance:


[root@spectrum ~]# curl http://cloud.netwitness.com:50007 -v
* About to connect() to cloud.netwitness.com port 50007
* Trying 216.200.20.150... connected
* Connected to cloud.netwitness.com (216.200.20.150) port 50007
> GET / HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: cloud.netwitness.com:50007
> Accept: */*
>
* Connection #0 to host cloud.netwitness.com left intact
* Closing connection #0
[root@spectrum ~]#


 2) If SOCKS5 proxy is employed, use this command instead:
    curl --socks5 socks5proxyip:port http://cloud.netwitness.com:50007-v -U proxyusername:proxypassword


Here is a sample output of proper connectivity using SOCKS5 proxy server 10.25.53.175 at port 1080 with no user credentials required from spectrum appliance:


[root@spectrum ~]# curl --socks5 10.25.53.175:1080 http://cloud.netwitness.com:50007-v
* About to connect() to proxy 10.25.53.175 port 1080
*   Trying 10.25.53.175... connected
* Connected to cloud.netwitness.com (10.25.53.175) port 1080
> GET / HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: cloud.netwitness.com:50007
> Accept: */*
>


* Connection #0 to host cloud.netwitness.com left intact
* Closing connection #0
[root@spectrum ~]#


 


Test Spectrum Connectivity to Spectrum Software Updates Server - Amazon Web Services (AWS)


Spectrum appliance connects to AWS for software updates using HTTPS. There are 2 ways a spectrum appliance can connect AWS: direct connection or through a Web/HTTP proxy. 


 1) Direct connection:


       curl https://s3.amazonaws.com-v


Here is a sample output of proper connectivity from the spectrum appliance:


[root@spectrum ~]# curl https://S3.amazonaws.com -v
* About to connect() to S3.amazonaws.com port 443
*   Trying 207.171.163.141... connected
* Connected to S3.amazonaws.com (207.171.163.141) port 443
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using RC4-MD5
* Server certificate:
*        subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com
*        start date: 2010-10-08 00:00:00 GMT
*        expire date: 2013-10-07 23:59:59 GMT
*        common name: s3.amazonaws.com (matched)
*        issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: S3.amazonaws.com
> Accept: */*


< HTTP/1.1 307 Temporary Redirect
< x-amz-id-2: nsDBWsgdAdP3nKxVcsRnaeiCIdyDdR0QOz4Ptutb86T7N8z8exrufE+TdOc+PeKV
< x-amz-request-id: 78737D1F8749CD26
< Date: Tue, 25 Sep 2012 12:46:31 GMT
< Location: http://aws.amazon.com/s3
< Content-Length: 0
< Server: AmazonS3
* Connection #0 to host S3.amazonaws.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
[root@spectrum ~]#


2) Through a Web/HTTP proxy server:


    curl -x webproxy:port https://s3.amazonaws.com -v -U proxyusername:proxypassword


 Here is a sample output of proper connectivity using Web/HTTP proxy 10.25.53.175 on port 8080 with no user credentials required from the spectrum appliance:


[root@spectrum ~]# curl -x 10.25.53.175:8080 https://s3.amazonaws.com -v
* About to connect() to proxy 10.25.53.175 port 8080
* Trying 10.25.53.175... connected
* Connected to 10.25.53.175 (10.25.53.175) port 8080
* Establish HTTP proxy tunnel to s3.amazonaws.com:443
> CONNECT s3.amazonaws.com:443 HTTP/1.0
> Host: s3.amazonaws.com:443
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using RC4-MD5
* Server certificate:
* subject: /C=US/ST=Washington/L=Seattle/O=Amazon.com Inc./CN=s3.amazonaws.com


Inc./CN=s3.amazonaws.com
* start date: 2010-10-08 00:00:00 GMT
* expire date: 2013-10-07 23:59:59 GMT
* common name: s3.amazonaws.com (matched)
* issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)09/CN=VeriSign Class 3 Secure Server CA - G2
* SSL certificate verify ok.
> GET / HTTP/1.1
> User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: s3.amazonaws.com
> Accept: */*
>
< HTTP/1.1 307 Temporary Redirect
< x-amz-id-2: RgaFtFI6zHT9vaPIb+yABwHNoCnlRksOJJ8Jm9uvFuCgOWaaIXEikWXdneopPjq2
< x-amz-request-id: EC1DDE53EC549100
< Date: Mon, 17 Sep 2012 19:46:54 GMT
< Location: http://aws.amazon.com/s3
< Content-Length: 0
< Server: AmazonS3
* Connection #0 to host 10.25.53.175 left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
[root@spectrum ~]#

Legacy Article IDa59827

Attachments

    Outcomes