Once APM-Private Cloud is running, either on the Private Cloud Server or on your own hardware, there are some additional steps required to complete the initial system setup:

  1. If you are not already logged in, login to APM-Private Cloud.
  2. Configure firewall rules to allow inbound connections to, and outbound connections from, the APM-Private Cloud server.
  3. Configure an email server in order to receive email notifications.
  4. Configure TACACS+ authentication (optional) to authenticate users using a TACACS+ authentication server.
  5. Configure branding to have your company’s branding appear on APM-Private Cloud.
  6. (optional) Make additional configuration changes if required.
  7. Proceed to Getting Started for the remainder of the setup steps.

Logging in to APM-Private Cloud

Log into your APM-Private Cloud system:

  1. From a browser, log into your APM-Private Cloud.
    • Use the IP address or login URL provided at the end of the initial setup procedure.
      • For example: or https://my-vpca.mydomain.org/pvc/login.html
    • Use the email address and password you provided in the setup procedure as login credentials.

Configuring firewall rules

The table below shows the ports and protocols that must be permitted through your firewall for access to the APM-Private Cloud server.

Use Direction Protocol Port Domain Reason
External user access Inbound TCP 80 or 443 Allow inbound connections to APM-Private Cloud on port 80 or 443 so that users outside your network can connect. APM-Private Cloud is pre-configured to listen on one of these ports (configured during initial setup by AppNeta Support).
Remote access to AppNeta Monitoring Points Inbound TCP 10443 Allow inbound connections to APM-Private Cloud on port 10443 to manage your Monitoring Points remotely (via the “Manage Monitoring Points” page). This can be used for Monitoring Point configuration changes such as configuring wireless interfaces, DNS, etc.
AppNeta Monitoring Point access Inbound TCP 443 Allow inbound connections to the APM-Private Cloud on port 443 so that Monitoring Points outside your network can connect.
Maintenance server access Outbound TCP 443 pca-maint.pathviewcloud.com Allow outbound connections to the AppNeta maintenance server so that your APM-Private Cloud system can receive software updates and AppNeta Support can provide remote assistance.
NTP server access Outbound UDP 123 pool.ntp.org Unless you have your own NTP server, APM-Private Cloud needs an outbound connection for NTP to ensure precise time stamping.

Configuring an email server

APM-Private Cloud can send users event notifications via email. To enable this ability, specify the email server through which APM-Private Cloud will send emails.

To specify an email server for sending event notifications:

  1. Navigate to > Configure Email Server.
  2. Configure the fields as follows:
    • Enable Email - Select to send event notifications via email.
    • SMTP Mail Host - The hostname of your email server.
    • From Address - The “From address” that will appear on the notification email (e.g. Private_Cloud_APM@yourcompany.com).
    • Port - The port number your email server is listening on.
    • Host Requires Authentication - Select if APM-Private Cloud needs to log on to the email server to send emails.
    • User Name - The user name to log in with.
    • Password - The password to use when logging in.
    • Enable SSL - Select to use SSL for secure communications with the email server.
  3. Click Test Email.
  4. Click Apply.

Configuring TACACS+ authentication

By default, users are authenticated by APM-Private Cloud. Alternatively, APM-Private Cloud can be configured to authenticate users using an external TACACS+ authentication server.

A secondary TACACS+ server can also be configured. The secondary server is used when the primary server is unavailable or if a login fails.

Limitations include:

  • TACACS+ authentication is only available for the APM-Private Cloud web interface.
  • Only the Cisco Secure ACS 4.2 TACACS+ server is supported.
  • Only TACACS+ authentication is supported. Authorization and accounting are not supported.
  • Only pap, chap, and ascii authentication methods are supported.

TACACS+ authentication can also be used for Web admin access of AppNeta Monitoring Points. See TACACS+.

To enable TACACS+ user authentication for the APM-Private Cloud web interface:

  1. Navigate to > Configure TACACS+.
  2. Click Enable TACACS+.
  3. Click Primary Server.
  4. Configure the fields as follows:
    • Server Address (IP/Hostname) - IP address or hostname of the TACACS+ server.
    • Server Port - Port the TACACS+ server listens on (default: 49).
      • This port must also be open on any firewalls between the APM-Private Cloud server and the TACACS+ server.
    • Shared Secret - Secret used by the TACACS+ server.
    • Authentication Method - Authentication method used by the TACACS+ server (default: ASCII).
    • Timeout (secs) - The amount of time, in seconds, to wait for a response from the TACACS+ server before timing out (default: 15).
  5. (Optional) Click Secondary Server.
  6. Configure the fields as follows:
    • Server Address (IP/Hostname) - IP address or hostname of the secondary TACACS+ server.
    • Server Port - Port the secondary TACACS+ server listens on (default: 49).
      • This port must also be open on any firewalls between the APM-Private Cloud server and the secondary TACACS+ server.
    • Shared Secret - Secret used by the secondary TACACS+ server.
  7. Click Save.

Every user that will be authenticated by the TACACS+ server must also have a user account in APM-Private Cloud (see Users). In the account profiles for those users, the Authenticate Using field must be set to TACACS+. The Authenticate Using field is only shown if TACACS+ is enabled.

Configuring branding

APM-Private Cloud provides organization-level branding capabilities for customizing the look of the user interface, reports, notification emails, etc.

To configure branding:

  1. Navigate to > Manage Organizations.
  2. For the organization you are configuring, choose > Branding.
  3. Select Apply custom branding for <organization name> to apply organization-level branding.
  4. Specify the branding elements.
  5. Click Apply.

Configuring settings using the API

Once APM-Private Cloud has been set up, there are a few settings that can be configured using the API. These include:

  • Hostname
  • Network
  • NTP
  • SNMP
  • Maintenance tunnel
  • Health check

To use the interactive API interface to access these settings:

  1. Access the interactive API interface at: https://<APM-Private Cloud hostname>/admin
  2. Drill down to the appropriate section.
  3. Fill in any parameters (if required).
  4. Click Try it out!.

Note: To access the API interface, you need to use a user ID that has the System Config add-on privilege. See Add-on privileges for more information.