Administering Devices

The Roving Edge Infrastructure device Serial Console contains the following commands:

• Unlock Device: Use to unlock the device using an unlock passphrase obtained from the device's node resource in Oracle Cloud Infrastructure. See Unlock the Device.

• Change Passphrase: Use to update the device's unlocking passphrase. This passphrase is listed in the Details section of your node in the OCI Console.

• Configure Networking: Use to configure IP address, subnet, and gateway for the device. You can also configure DNS, NTP, and the public IP pool range for Compute VM instances through this command. See Configure Network Parameters.

• Show Status: Use to display the device software version, lock or unlock status, and other device information.

• Show System Diagnostics: Use to display diagnostic information regarding the device's system attributes.

• Shutdown Device: Use to shut down the device.

• Reboot Device: Use the reboot the device.

• Enter Safe-Mode: Contact support before using Safe-Mode, use when the storage is full resulting in write and/or read errors. At this storage capacity level the Compute service and other device operations are suspended. While in safe mode, you can remove items from object storage until the capacity is lower, preferably at 80% or less. See Avoiding Storage Overages Using Safe Mode.

• Exit Safe-Mode: Use to take the device out of safe mode after you have lowered the device's storage capacity level. See Avoiding Storage Overages Using Safe Mode

• Shred Key: Use to destroy or "shred" the master key of your device. Run this command if you believe the device's has been compromised or is unsafe and is likely to be compromised. See Shredding the Master Key

• Recover Key: Use to recover a device whose key has been shredded and return it to service. See Recovering Your Device after Shredding the Master Key.

• Reset Device: Use to reset the device, either to factory level (objects in object storage are deleted) or service level (objects in the object storage retained.). See Resetting Devices.

• Advance Menu: Use to access additional menu commands:

  • Banner Management: Use to run various banner tasks. The banner is the default message that appears when you attempt to log into the device. See Managing the Banner.

  • Network Management: Use to display the status various network-related topics. See Managing the Network.

  • Password Management: Use to specify the number of user login attempts allowed. See Managing Your Password.

• Node Health: Use to monitor the storage health in Roving Edge Infrastructure device nodes. Storage health covers following components:

  • Block storage health

  • Object storage health

  • Storage backend services health

  • Disk health

  The health of a service on a device node is determined by the following classifications:

  • AVAILABLE: The service is available, and all components are functional.

  • WARNING: The service is still functional, but some minor issue is happening and we may need to pay attention.

  • DEGRADED: The service is partially functional and some components have issues.

  • UNAVAILABLE: The service is not responding or some components have critical issues which make the service not functional.

• Diagnostics: Use to run tasks related to collecting diagnostics data related to Roving Edge Infrastructure device performance. You can collect the diagnostics data and forward it to Oracle for analysis. See Collecting Device Diagnosis Information.

• Help: Use to display the online help for the Serial Console.

You can reset your Roving Edge Infrastructure device to various levels. Use this feature if your device is not functioning correctly and you cannot recover it using regular troubleshooting operations such as rebooting.

Resetting your device affects its on-device services. If a service has been modified by a system upgrade, resetting the device reverts the service to its original version. All virtual machine (VM) instances, block and boot volumes, network configurations are deleted by resetting your device. The state of IAM service is also removed. The system prompts you for a new root password, and after that the IAM is reinitialized to the blank state with only the root user active.

Object storage contents are not automatically deleted in the same manner as the other services. When you perform a factory reset, you are prompted to select one of the following object storage options:

Your device must be running and connected to your controlling host running terminal emulation software such as PuTTY to reset the device. See Set Up Terminal Emulation for more information.

1. Using terminal emulation, select the Reset Device menu option. The following options appear:

   • Factory Reset: This option deletes all VM instances, boot volumes and block volumes on the device. All system upgrades are rolled back. All user information is deleted and a single root user is created. All objects in the object storage are deleted, including VM images and audit logs.

   • Service Reset: This option deletes all VM instances, boot volumes and block volumes on the device. All user information is deleted and a single root user is created. Objects in the object storage remain untouched.

   • Network Reset: This option resets the network configuration values to the factory default for items such as DNS servers. User-configured values, such as IP addresses are removed. See Configure Network Parameters after you reset the network to reestablish your networking.

2. The following options appear:

3. Enter the device passphrase when prompted. See Unlock the Device for more information.

4. Enter the new user root password when prompted.

Object storage contents are not automatically deleted in the same manner as the other services. When you perform a factory reset, you are prompted to select one of the following object storage options:

• Preserve objects: Deletes all VM instances, boot volumes and block volumes on this device. All system upgrades are rolled back. All user information is deleted and a single root user is created. All objects in object storage remain untouched.

• Do not preserve objects: Deletes all VM instances, boot volumes and block volumes on this device. All system upgrades are rolled back. All user information is deleted and a single root user is created. All objects in object storage are deleted.

We recommend keeping the object storage capacity on your Roving Edge Infrastructure devices at 80% or less.

When the storage is full, read and write errors can occur and storage operations cease. If this occurs, place your device in Safe Mode and remove items from object storage until the capacity is lower, preferably at 80% or less.

Your device must be running and connected to your controlling host running terminal emulation software such as PuTTY to place the device in Safe Mode. See Set Up Terminal Emulation and Operating the Serial Console for more information.

1. Using terminal emulation, select the Enter Safe-Mode menu option.

2. Remove items from object storage. Oracle recommends keeping object storage levels at 80% or less.

3. Select Exit Safe-Mode. After the Roving Edge Infrastructure device determines that its object storage capacity is below the 95% level, it returns to normal operation.

See Performance and Usage Thresholds for more information about monitoring and calculating object storage capacity on yourRoving Edge Infrastructure devices.

You are accessing a U.S. Government (USG) Information System (IS) that is
provided for USG-authorized use only. By using this IS (which includes any
device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing, COMSEC monitoring,
network operations and defense, personnel misconduct (PM), law enforcement
(LE), and counterintelligence (CI) investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private, are subject
to routine monitoring, interception, and search, and may be disclosed or used
for any USG-authorized purpose.
-This IS includes security measures (e.g., authentication and access controls)
to protect USG interests--not for your personal benefit or privacy.
-Notwithstanding the above, using this IS does not constitute consent to PM, LE
or CI investigative searching or monitoring of the content of privileged
communications, or work product, related to personal representation or services
by attorneys, psychotherapists, or clergy, and their assistants. Such
communications and work product are private and confidential. See User
Agreement for details.

You can run different commands regarding the device banner, including changing the message.

1. Using terminal emulation, select the Advanced Menu > Banner Management menu option. The following options appear:

   • Display Banner: Use to display the current banner information.

   • Update Banner: Use the create a new banner message. Enter the message you want to replace the current banner.

   • Disable/Enable Banner: Use to disable the banner, or re-enable the banner if it is currently disabled. If the banner is disabled, you are promoted to enter your password when you attempt to log into the device with no banner message appearing.

   • Reset Banner: Use to revert the existing banner message to the default one that came with the device.

2. Enter you option choice and continue.

You can manage various device network capabilities from the Serial Console.

1. Using terminal emulation, select the Advanced Menu > Network Management menu option. The following options appear:

   • MACsec Status: Use to show the current status of the network connection over MACsec. If the status isn't OK, the device attempts to repair the MACsec connection by flapping the interface.

   • Internet Gateway Status: Use to show which internet gateways (IGWs) are active and how the connection from on-premises flows for instances on nodes without an IGW.

   • VNIC Information Table: Use to show detailed information (IP, DNS Name, Attachment information) about all the VNICs that have been created on the system.

   • Diagnostic Commands: Use to run diagnostics commands from the Serial Console to help troubleshoot network connectivity issues. Currently, Roving Edge Infrastructure supports the Ping and Traceroute commands.

2. Enter you option choice and continue.

You can manage the number of password attempts allowed in the Serial Console.

1. Using terminal emulation, select the Advanced Menu > Network Management menu option. The following option appears:

   No. of attempts before key is shredded (Default:10)

2. Select this option. The following option appears:

   Enter number of unlock attempt allowed (between 3 and 100)

3. Enter the number of attempts the user can try to unlock the device before they are prevented from any further tries. The number of attempts can be between 3 and 100. If you do not provide a value, the default number 10 is used.

Enter the passphrase to unlock the screen: ****
*** 1 failed attempt out of 4 allowed attempts. Once failed attempt reach 4, data access will be lost. ***
Error: The passphrase is incorrect!

*** Next failed attempt will shred the unlock key and data access to this device will be lost. Used 3 attempts out 4 allowed attempts. ***
Error: The passphrase is incorrect!

You can disable your Roving Edge Infrastructure device's ability to have its system upgraded in a disconnected environment using the Serial Console. Disable the disconnected upgrade by discarding the signing public key. You can also display the device's signing public key.

1. Using terminal emulation, select the Advanced Menu > System Upgrade Management menu option. The following options appear:

   • Disable Disconnected Upgrade: Use to disable the disconnected upgrade feature by discarding the public signing key. See Device Software Management for general information.

     Note
     
     

     This is an irreversible action. You cannot perform a disconnected upgrade until the key is restored by connecting back to Oracle Cloud Infrastructure. Do not perform this operation unless advised by Oracle to discard the upgrade bundle signing public key.

   • Display Signing Public Key: Use to display the public key corresponding to the private key that was used to sign the disconnected upgrade bundle.

2. Enter you option choice and continue.

There are times when you need to access the encryption key from the Roving Edge Infrastructure device through the Serial Console. For example, if you are encrypting a downloaded diagnosis bundle that you are preparing to forward to Oracle for analysis.