ExtremeCloud™ IQ Site Engine

v24.10.13 Installation Guide:

Deployment, System Requirements, and Data Migration

01/2025
24.10.13
PN: 9039111-03 Rev AA
Subject to Change Without Notice
Copyright © 2025 Extreme Networks, Inc. All Rights Reserved.

Legal Notices
Extreme Networks, Inc., on behalf of or through its wholly-owned subsidiary, Enterasys
Networks, Inc., reserves the right to make changes in specifications and other information
contained in this document and its website without prior notice. The reader should in all cases
consult representatives of Extreme Networks to determine whether any such changes have
been made.

The hardware, firmware, software or any specifications described or referred to in this

document are subject to change without notice.

Trademarks
Extreme Networks and the Extreme Networks logo are trademarks or registered trademarks of
Extreme Networks, Inc. in the United States and/or other countries.

All other names (including any product names) mentioned in this document are the property of
their respective owners and may be trademarks or registered trademarks of their respective
companies/owners.

For additional information on Extreme Networks trademarks, please see:

www.extremenetworks.com/company/legal/trademarks/

Contact
If you require assistance, contact Extreme Networks using one of the following methods.
l Global Technical Assistance Center (GTAC) for Immediate Support
l Phone: 1-800-998-2408 (toll-free in U.S. and Canada) or 1-603-952-5000. For the Extreme
Networks support phone number in your country, visit:
www.extremenetworks.com/support/contact
l Email: support@extremenetworks.com. To expedite your message, enter the product name or
model number in the subject line.
l GTAC Knowledge — Get on-demand and tested resolutions from the GTAC Knowledgebase, or create a
help case if you need more guidance.
l The Hub — A forum for Extreme customers to connect with one another, get questions answered, share
ideas and feedback, and get problems solved. This community is monitored by Extreme Networks
employees, but is not intended to replace specific guidance from GTAC.
l Support Portal — Manage cases, downloads, service contracts, product licensing, and training and
certifications.

2 of 58
 Extreme Networks® Software License Agreement

This Extreme Networks Software License Agreement is an agreement ("Agreement") between You, the end user,
and Extreme Networks, Inc. ("Extreme"), on behalf of itself and its Affiliates (as hereinafter defined and including its
wholly owned subsidiary, Enterasys Networks, Inc. as well as its other subsidiaries). This Agreement sets forth Your
rights and obligations with respect to the Licensed Software and Licensed Materials. BY INSTALLING THE
LICENSE KEY FOR THE SOFTWARE ("License Key"), COPYING, OR OTHERWISE USING THE LICENSED
SOFTWARE, YOU ARE AGREEING TO BE BOUND BY THE TERMS OF THIS AGREEMENT, WHICH INCLUDES THE
LICENSE AND THE LIMITATION OF WARRANTY AND DISCLAIMER OF LIABILITY. IF YOU DO NOT AGREE TO
THE TERMS OF THIS AGREEMENT, RETURN THE LICENSE KEY TO EXTREME OR YOUR DEALER, IF ANY, OR DO
NOT USE THE LICENSED SOFTWARE AND CONTACT EXTREME OR YOUR DEALER WITHIN TEN (10) DAYS
FOLLOWING THE DATE OF RECEIPT FOR A REFUND. IF YOU HAVE ANY QUESTIONS ABOUT THIS
AGREEMENT, CONTACT EXTREME, Attn: LegalTeam@extremenetworks.com.

1. DEFINITIONS. "Affiliates" means any person, partnership, corporation, limited liability company, or other form of enterprise that
directly or indirectly through one or more intermediaries, controls, or is controlled by, or is under common control with the party
specified. "Server Application" shall refer to the License Key for software installed on one or more of Your servers. "Client
Application" shall refer to the application to access the Server Application. "Licensed Materials" shall collectively refer to the
licensed software (including the Server Application and Client Application), Firmware, media embodying the software, and the
documentation. "Concurrent User" shall refer to any of Your individual employees who You provide access to the Server
Application at any one time. "Firmware" refers to any software program or code imbedded in chips or other media. "Licensed
Software" refers to the Software and Firmware collectively.
2. TERM. This Agreement is effective from the date on which You install the License Key, use the Licensed Software, or a Concurrent
User accesses the Server Application. You may terminate the Agreement at any time by destroying the Licensed Materials,
together with all copies, modifications and merged portions in any form. The Agreement and Your license to use the Licensed
Materials will also terminate if You fail to comply with any term of condition herein.
3. GRANT OF SOFTWARE LICENSE. Extreme will grant You a non-transferable, non-exclusive license to use the machine-readable
form of the Licensed Software and the accompanying documentation if You agree to the terms and conditions of this Agreement.
You may install and use the Licensed Software as permitted by the license type purchased as described below in License Types.
The license type purchased is specified on the invoice issued to You by Extreme or Your dealer, if any. YOU MAY NOT USE, COPY,
OR MODIFY THE LICENSED MATERIALS, IN WHOLE OR IN PART, EXCEPT AS EXPRESSLY PROVIDED IN THIS AGREEMENT.
4. LICENSE TYPES.
l Single User, Single Computer. Under the terms of the Single User, Single Computer license, the license granted to You by
Extreme when You install the License Key authorizes You to use the Licensed Software on any one, single computer only, or
any replacement for that computer, for internal use only. A separate license, under a separate Software License Agreement,
 is required for any other computer on which You or another individual or employee intend to use the Licensed Software. A
separate license under a separate Software License Agreement is also required if You wish to use a Client license (as
described below).
l Client. Under the terms of the Client license, the license granted to You by Extreme will authorize You to install the License
Key for the Licensed Software on your server and allow the specific number of Concurrent Users shown on the relevant
invoice issued to You for each Concurrent User that You order from Extreme or Your dealer, if any, to access the Server
Application. A separate license is required for each additional Concurrent User.
5. AUDIT RIGHTS. You agree that Extreme may audit Your use of the Licensed Materials for compliance with these terms and Your
License Type at any time, upon reasonable notice. In the event that such audit reveals any use of the Licensed Materials by You
other than in full compliance with the license granted and the terms of this Agreement, You shall reimburse Extreme for all
reasonable expenses related to such audit in addition to any other liabilities You may incur as a result of such non-compliance,
including but not limited to additional fees for Concurrent Users over and above those specifically granted to You. From time to
time, the Licensed Software will upload information about the Licensed Software and the associated devices to Extreme. This is to
verify the Licensed Software is being used with a valid license. By using the Licensed Software, you consent to the transmission of
this information. Under no circumstances, however, would Extreme employ any such measure to interfere with your normal and
permitted operation of the Products, even in the event of a contractual dispute.
6. RESTRICTION AGAINST COPYING OR MODIFYING LICENSED MATERIALS. Except as expressly permitted in this Agreement, You
may not copy or otherwise reproduce the Licensed Materials. In no event does the limited copying or reproduction permitted
under this Agreement include the right to decompile, disassemble, electronically transfer, or reverse engineer the Licensed
Software, or to translate the Licensed Software into another computer language.
The media embodying the Licensed Software may be copied by You, in whole or in part, into printed or machine readable form,
in sufficient numbers only for backup or archival purposes, or to replace a worn or defective copy. However, You agree not to
have more than two (2) copies of the Licensed Software in whole or in part, including the original media, in your possession for
said purposes without Extreme’s prior written consent, and in no event shall You operate more copies of the Licensed Software
than the specific licenses granted to You. You may not copy or reproduce the documentation. You agree to maintain appropriate
records of the location of the original media and all copies of the Licensed Software, in whole or in part, made by You. You may
modify the machine-readable form of the Licensed Software for (1) your own internal use or (2) to merge the Licensed Software
into other program material to form a modular work for your own use, provided that such work remains modular, but on
termination of this Agreement, You are required to completely remove the Licensed Software from any such modular work. Any
portion of the Licensed Software included in any such modular work shall be used only on a single computer for internal purposes
and shall remain subject to all the terms and conditions of this Agreement. You agree to include any copyright or other proprietary
notice set forth on the label of the media embodying the Licensed Software on any copy of the Licensed Software in any form, in
whole or in part, or on any modification of the Licensed Software or any such modular work containing the Licensed Software or
any part thereof.
7. TITLE AND PROPRIETARY RIGHTS
a. The Licensed Materials are copyrighted works and are the sole and exclusive property of Extreme, any company or a division
thereof which Extreme controls or is controlled by, or which may result from the merger or consolidation with Extreme (its
"Affiliates"), and/or their suppliers. This Agreement conveys a limited right to operate the Licensed Materials and shall not be
construed to convey title to the Licensed Materials to You. There are no implied rights. You shall not sell, lease, transfer,
sublicense, dispose of, or otherwise make available the Licensed Materials or any portion thereof, to any other party.
b. You further acknowledge that in the event of a breach of this Agreement, Extreme shall suffer severe and irreparable
damages for which monetary compensation alone will be inadequate. You therefore agree that in the event of a breach of
 this Agreement, Extreme shall be entitled to monetary damages and its reasonable attorney’s fees and costs in enforcing this
Agreement, as well as injunctive relief to restrain such breach, in addition to any other remedies available to Extreme.
8. PROTECTION AND SECURITY. In the performance of this Agreement or in contemplation thereof, You and your employees and
agents may have access to private or confidential information owned or controlled by Extreme relating to the Licensed Materials
supplied hereunder including, but not limited to, product specifications and schematics, and such information may contain
proprietary details and disclosures. All information and data so acquired by You or your employees or agents under this
Agreement or in contemplation hereof shall be and shall remain Extreme’s exclusive property, and You shall use your best efforts
(which in any event shall not be less than the efforts You take to ensure the confidentiality of your own proprietary and other
confidential information) to keep, and have your employees and agents keep, any and all such information and data confidential,
and shall not copy, publish, or disclose it to others, without Extreme’s prior written approval, and shall return such information and
data to Extreme at its request. Nothing herein shall limit your use or dissemination of information not actually derived from
Extreme or of information which has been or subsequently is made public by Extreme, or a third party having authority to do so.
You agree not to deliver or otherwise make available the Licensed Materials or any part thereof, including without limitation the
object or source code (if provided) of the Licensed Software, to any party other than Extreme or its employees, except for
purposes specifically related to your use of the Licensed Software on a single computer as expressly provided in this Agreement,
without the prior written consent of Extreme. You agree to use your best efforts and take all reasonable steps to safeguard the
Licensed Materials to ensure that no unauthorized personnel shall have access thereto and that no unauthorized copy, publication,
disclosure, or distribution, in whole or in part, in any form shall be made, and You agree to notify Extreme of any unauthorized use
thereof. You acknowledge that the Licensed Materials contain valuable confidential information and trade secrets, and that
unauthorized use, copying and/or disclosure thereof are harmful to Extreme or its Affiliates and/or its/their software suppliers.
9. MAINTENANCE AND UPDATES. Updates and certain maintenance and support services, if any, shall be provided to You pursuant
to the terms of an Extreme Service and Maintenance Agreement, if Extreme and You enter into such an agreement. Except as
specifically set forth in such agreement, Extreme shall not be under any obligation to provide Software Updates, modifications, or
enhancements, or Software maintenance and support services to You.
10. DEFAULT AND TERMINATION. In the event that You shall fail to keep, observe, or perform any obligation under this Agreement,
including a failure to pay any sums due to Extreme, or in the event that you become insolvent or seek protection, voluntarily or
involuntarily, under any bankruptcy law, Extreme may, in addition to any other remedies it may have under law, terminate the
License and any other agreements between Extreme and You.
a. Immediately after any termination of the Agreement or if You have for any reason discontinued use of Software, You shall
return to Extreme the original and any copies of the Licensed Materials and remove the Licensed Software from any modular
works made pursuant to Section 3, and certify in writing that through your best efforts and to the best of your knowledge the
original and all copies of the terminated or discontinued Licensed Materials have been returned to Extreme.
b. Sections 1, 7, 8, 10, 11, 12, 13, 14 and 15 shall survive termination of this Agreement for any reason.
11. EXPORT REQUIREMENTS. You are advised that the Software is of United States origin and subject to United States Export
Administration Regulations; diversion contrary to United States law and regulation is prohibited. You agree not to directly or
indirectly export, import or transmit the Software to any country, end user or for any Use that is prohibited by applicable United
States regulation or statute (including but not limited to those countries embargoed from time to time by the United States
government); or contrary to the laws or regulations of any other governmental entity that has jurisdiction over such export,
import, transmission or Use.
12. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The Licensed Materials (i) were developed solely at private expense; (ii)
contain "restricted computer software" submitted with restricted rights in accordance with section 52.227-19 (a) through (d) of the
Commercial Computer Software-Restricted Rights Clause and its successors, and (iii) in all respects is proprietary data belonging
 to Extreme and/or its suppliers. For Department of Defense units, the Licensed Materials are considered commercial computer
software in accordance with DFARS section 227.7202-3 and its successors, and use, duplication, or disclosure by the U.S.
Government is subject to restrictions set forth herein.
13. LIMITED WARRANTY AND LIMITATION OF LIABILITY. The only warranty that Extreme makes to You in connection with this
license of the Licensed Materials is that if the media on which the Licensed Software is recorded is defective, it will be replaced
without charge, if Extreme in good faith determines that the media and proof of payment of the license fee are returned to
Extreme or the dealer from whom it was obtained within ninety (90) days of the date of payment of the license fee.
NEITHER EXTREME NOR ITS AFFILIATES MAKE ANY OTHER WARRANTY OR REPRESENTATION, EXPRESS OR IMPLIED, WITH
RESPECT TO THE LICENSED MATERIALS, WHICH ARE LICENSED "AS IS". THE LIMITED WARRANTY AND REMEDY PROVIDED
ABOVE ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE, WHICH ARE EXPRESSLY DISCLAIMED, AND STATEMENTS OR REPRESENTATIONS
MADE BY ANY OTHER PERSON OR FIRM ARE VOID. ONLY TO THE EXTENT SUCH EXCLUSION OF ANY IMPLIED WARRANTY IS
NOT PERMITTED BY LAW, THE DURATION OF SUCH IMPLIED WARRANTY IS LIMITED TO THE DURATION OF THE LIMITED
WARRANTY SET FORTH ABOVE. YOU ASSUME ALL RISK AS TO THE QUALITY, FUNCTION AND PERFORMANCE OF THE
LICENSED MATERIALS. IN NO EVENT WILL EXTREME OR ANY OTHER PARTY WHO HAS BEEN INVOLVED IN THE CREATION,
PRODUCTION OR DELIVERY OF THE LICENSED MATERIALS BE LIABLE FOR SPECIAL, DIRECT, INDIRECT, RELIANCE,
INCIDENTAL OR CONSEQUENTIAL DAMAGES, INCLUDING LOSS OF DATA OR PROFITS OR FOR INABILITY TO USE THE
LICENSED MATERIALS, TO ANY PARTY EVEN IF EXTREME OR SUCH OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. IN NO EVENT SHALL EXTREME OR SUCH OTHER PARTY'S LIABILITY FOR ANY DAMAGES OR LOSS TO
YOU OR ANY OTHER PARTY EXCEED THE LICENSE FEE YOU PAID FOR THE LICENSED MATERIALS.
Some states do not allow limitations on how long an implied warranty lasts and some states do not allow the exclusion or
limitation of incidental or consequential damages, so the above limitation and exclusion may not apply to You. This limited
warranty gives You specific legal rights, and You may also have other rights which vary from state to state.
14. JURISDICTION. The rights and obligations of the parties to this Agreement shall be governed and construed in accordance with
the laws and in the State and Federal courts of the State of California, without regard to its rules with respect to choice of law. You
waive any objections to the personal jurisdiction and venue of such courts. None of the 1980 United Nations Convention on the
Limitation Period in the International Sale of Goods, and the Uniform Computer Information Transactions Act shall apply to this
Agreement.
15. GENERAL.
a. This Agreement is the entire agreement between Extreme and You regarding the Licensed Materials, and all prior
agreements, representations, statements, and undertakings, oral or written, are hereby expressly superseded and canceled.
b. This Agreement may not be changed or amended except in writing signed by both parties hereto.
c. You represent that You have full right and/or authorization to enter into this Agreement.
d. This Agreement shall not be assignable by You without the express written consent of Extreme. The rights of Extreme and
Your obligations under this Agreement shall inure to the benefit of Extreme’s assignees, licensors, and licensees.
e. Section headings are for convenience only and shall not be considered in the interpretation of this Agreement.
f. The provisions of the Agreement are severable and if any one or more of the provisions hereof are judicially determined to be
illegal or otherwise unenforceable, in whole or in part, the remaining provisions of this Agreement shall nevertheless be
binding on and enforceable by and between the parties hereto.
g. Extreme’s waiver of any right shall not constitute waiver of that right in future. This Agreement constitutes the entire
understanding between the parties with respect to the subject matter hereof, and all prior agreements, representations,
 statements and undertakings, oral or written, are hereby expressly superseded and canceled. No purchase order shall
supersede this Agreement.
h. Should You have any questions regarding this Agreement, You may contact Extreme at the address set forth below. Any
notice or other communication to be sent to Extreme must be mailed by certified mail to the following address:

Extreme Networks, Inc.

145 Rio Robles
San Jose, CA 95134 United States
ATTN: General Counsel
 Table of Contents
ExtremeCloud™ IQ Site Engine v24.10.13 Installation Guide: 1

Deployment, System Requirements, and Data Migration 1

Extreme Networks® Software License Agreement 3

Table of Contents 8

Abstract 11

ExtremeCloud IQ Site Engine Suite Installation 12

General Information 12

Operating System Requirements 12

ExtremeCloud IQ Site Engine Server Requirements 12

ExtremeCloud IQ Site Engine Client Requirements 13

ExtremeCloud IQ Site Engine Server and Client Hardware Requirements 13

ExtremeCloud IQ Site Engine Server 13

ExtremeCloud IQ Site Engine Client 14

ExtremeControl Engine Version Requirements 14

Screen Resolution 14

ExtremeCloud IQ Site Engine Services 14

Important Upgrade Information 15

Important Upgrade Considerations 17

License Renewal 17

Free Space Consideration 17

Site Discover Consideration 18

ExtremeAnalytics Upgrade Information 18

ExtremeControl Version 8.0 and later 18

Other Upgrade Information 19

Upgrading ExtremeControl Engine to Version 24.10.13 19

General Upgrade Information 19

Agent Version for NAC Agent-Based Assessment - Legacy 19

LDAPS servers with FQDN 20

8 of 58
 Upgrading to Policy Manager 24.10.13 20

Pre-Installation Checklist 20
ExtremeCloud IQ Site Engine Installation 21

Installing ExtremeCloud IQ Site Engine 21

Preparing for CD Installation 21

Installation on Red Hat Enterprise Linux (RHEL) 22

Installing RHEL Operating System 22

Register Subscription with Red Hat 22

Configuring RHEL for ExtremeCloud IQ Site Engine 22

Installing ExtremeCloud IQ Site Engine on RHEL 24

Upgrading ExtremeCloud IQ Site Engine on RHEL 25

Known Limitations of ExtremeCloud IQ Site Engine on RHEL 25

Performing a Silent Install 25

Select the deployment mode and licensing for ExtremeCloud IQ Site Engine 26

Restoring a Database from a Windows Server to a Linux Server 26

Console 26

Syslog 26

Traps 26

Inventory Manager 27

Systems with Multiple NICs 27

Binding to One Interface 27

Uninstalling ExtremeCloud IQ Site Engine 28

Extreme Networks Support 28

ExtremeCloud IQ Site Engine Licensing 29

Licensing for Devices in Connected Mode 30

Licensing for Devices in Air Gap Mode 31
Revoke Air Gap License 32
License Limits and Violations 33

Devices Marked as Unmanaged 34

Licensing for ExtremeControl (Network Access Control) 35

9 of 58
 After Upgrading from Extreme Management Center 35

Upon Initial Installation 35

Logging into ExtremeCloud IQ Site Engine 36

Post upgrade from Extreme Management Center Version 8.5.5 or newer 36

Initial installation of ExtremeCloud IQ Site Engine or upgrading from Extreme Management Center 36
Onboarding Devices (Connected mode only) 40
XIQ Onboarded Status for Devices (Connected mode only) 40

Convert from Connected to Air Gap deployment 43

Convert from Air Gap to Connected deployment 45

MySQL to PostgreSQL Data Migration (For Upgrades from ExtremeCloud IQ Site Engine
24.2 to 24.7 and later) 47

Migration Steps 47

Notes: 51

Post-Migration Known Issues 52

Migration for Hardware Appliances 53

Option 1 - Migrate to a Temporary ExtremeCloud IQ Site Engine then Move 53

Option 2 - Move to a Temporary ExtremeCloud IQ Site Engine then Migrate 54

Data Migration to Rehost a Matched Version Instance of ExtremeCloud IQ Site Engine 56

Migration Steps: 56

10 of 58
 Abstract
The ExtremeCloud IQ Site Engine version 24.10.13 Installation Guide provides detailed technical
procedures for deploying and upgrading ExtremeCloud IQ Site Engine. This installation guide
outlines system requirements for server and client components, focusing on configurations for
Red Hat Enterprise Linux (RHEL) and VMware virtual environments. Key tasks include
configuring server, client, and network settings, performing a MySQL-to-PostgreSQL data
migration, and upgrading ExtremeControl and ExtremeAnalytics engines. Critical upgrade
considerations such as disk space allocation, license management for both connected and air
gap deployment modes, and advanced troubleshooting for post-upgrade issues are addressed.
Additionally, instructions cover system backup, firewall configuration, and enabling key services
such as SNMP and TFTP.

11 of 58
 ExtremeCloud IQ Site Engine Suite Installation
A special MySQL to PostgreSQL Data Migration (For Upgrades from ExtremeCloud IQ Site
Engine 24.2 to 24.7 and later) is required to upgrade ExtremeCloud IQ Site Engine from versions
older than 24.7 due to a MySQL to PostgreSQL database change. The minimum version to
upgrade Analytics Engines and Access Control Engines is 24.2.13.

IMPORTANT: Backup the database prior to performing the upgrade and save it to a safe location. Use the
Administration > Backup/Restore tab.

General Information
Before you install ExtremeCloud IQ Site Engine, read the ExtremeCloud IQ Site Engine Release
Notes. The most recent version of the release notes can be found at the ExtremeCloud IQ Site
Engine Documentation site. Select Release Notes at the top of the page.

For instructions to deploy a ExtremeCloud IQ Site Engine, ExtremeControl, or ExtremeAnalytics

virtual engine on a VMware® ESXi server, a Microsoft® Hyper-V server, or a Nutanix server, see

®
the ExtremeCloud™ IQ Site Engine, ExtremeControl , and ExtremeAnalytics Virtual Engine ®
Installation Guide. The most recent version of the document can be found at the ExtremeCloud
IQ Site Engine Documentation site. Select Installation Guide > Virtual Engine Installation Guide
at the top of the page.

NOTE: The terms engine, gateway, and appliance are used interchangeably throughout ExtremeCloud IQ
Site Engine documentation.

Operating System Requirements

ExtremeCloud IQ Site Engine Server Requirements

These are the operating system requirements for the ExtremeCloud IQ Site Engine server.

Manufacturer Operating System

Linux Red Hat Enterprise Linux 9.4
VMware® (ExtremeCloud IQ Site Engine Virtual Engine) VMware ESXi™ 6.0 server
VMware ESXi™ 6.5 server
VMware ESXi™ 6.7 server
VMware ESXi™ 7.0 server
VMware ESXi™ 8.0 server
vSphere (client only)™
Microsoft® Hyper-V (ExtremeCloud IQ Site Engine Virtual Engine) Windows® Server 2016
Windows® Server 2019

12 of 58
 General Information

Manufacturer Operating System

Nutanix (ExtremeCloud IQ Site Engine Virtual Engine) AHV: 20230302.101026
AOS: 6.8.1
Prism Central: 2024.2
Extreme Networks Universal Compute Platform 2130C version 5.09.01

ExtremeCloud IQ Site Engine Client Requirements

These are the operating system requirements for remote ExtremeCloud IQ Site Engine client
machines.

Manufacturer Operating System

Windows (qualified on the English version of the operating systems) Windows® 10 and 11
Linux Red Hat Enterprise Linux 9.4
Mac OS X® Monterey, Sonoma

ExtremeCloud IQ Site Engine Server and Client Hardware

Requirements
These are the hardware requirements for the ExtremeCloud IQ Site Engine server and
ExtremeCloud IQ Site Engine client machines:

ExtremeCloud IQ Site Engine Server

Small Medium Enterprise Large Enterprise
Total CPUs 1 2 2 2
Total CPU Cores 8 16 24 24
Memory 16 GB 32 GB 64 GB 64 GB
Disk Size 240 GB 480 GB 960 GB 1.92 TB
IOPS 200 200 10,000 10,000

Recommended scale based on server configuration:

Maximum APs 250 2,500 25,000 25,000
Maximum Wireless MUs 2,500 25,000 100,000 100,000
Maximum Managed 100 1,000 10,000 air gap 10,000 air gap
Devices 8,000 connected 8,000 connected
Maximum Concurrent 5 15 50 50
Management Sessions
ExtremeControl End- N/A 50,000 200,000 200,000
Systems
Statistics Retention 90 180 180 360
(Days)
ExtremeAnalytics No Yes Yes Yes
MU Events No Yes Yes Yes

13 of 58
 General Information

ExtremeCloud IQ Site Engine Client

Requirements
CPU Speed Dual Core Processor
Memory 8 GB
Disk Size 300 MB (User's home directory requires 50 MB for file storage)
Java Runtime Environment (JRE) (Oracle Java only) Version 8 (for FlexView Editor / MIB Tools)
Browser1 (Enable JavaScript and Cookies) Microsoft Edge
Mozilla Firefox
Google Chrome

1Browsers set to a zoom ratio of less than 100% might not display ExtremeCloud IQ Site Engine
properly (for example, missing borders around windows). Setting your browser to a zoom ratio
of 100% corrects this issue.

ExtremeControl Engine Version Requirements

For complete information on ExtremeControl engine version requirements, see Important
Upgrade Information.

Screen Resolution
For optimum display of ExtremeCloud IQ Site Engine windows and tables, the recommended
minimum screen resolution setting for ExtremeCloud IQ Site Engine clients is 1024 by 768 pixels.
For optimum display of graphs and tables, the recommended minimum screen resolution
setting is 1280 by 1024 pixels.

ExtremeCloud IQ Site Engine Services

During the ExtremeCloud IQ Site Engine installation, you can enable the ExtremeCloud IQ Site
Engine Services, allowing it to run in the background on the ExtremeCloud IQ Site Engine server.
The service starts automatically by default, and if you shut down and restart the machine, the
service is restarted automatically.

You can also restart the services manually or disable a service so it does not start automatically
when you restart the server.
l SNMPTrap Service - Enables SNMP trap messages to be received and logged when problems or
irregularities are detected on network devices. Only one trap service may be running at a time on a
server. If you are also running a network management system on the server, you may wish to use the
network management trap service.
l TFTP - Enables you to upload and download configuration files, and download firmware to devices. Only
one TFTP service may be running at a time on a machine.

NOTE: The ExtremeCloud IQ Site Engine TFTP Service does not support IPv6.

Typically, the TFTP service that exists in Linux is disabled; however, if it is enabled, you may wish to

14 of 58
 General Information

disable it and enable the ExtremeCloud IQ Site Engine version of TFTP which provides additional
features for ExtremeCloud IQ Site Engine. If you elect to enable the ExtremeCloud IQ Site Engine version
on the Linux platform, you must first disable the Linux TFTP service and perform some configuration as
follows:
1. Using a text editor, edit the file /etc/xinetd.d/tftp
2. Set disable = yes
Sample file:
service tftp
{ flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.tftp
disable = yes
}
3. Then run: /etc/rc3.d/S56xinetd restart

Important Upgrade Information

A special Data Migration Procedure is required to upgrade ExtremeCloud IQ Site Engine from
versions older than 24.7. The minimum version to upgrade Analytics Engines and Access
Control Engines is 24.2.13.

ExtremeCloud IQ Site Engine Version 24.10.13 contains an OS upgrade. Internet connectivity is

required to download custom packages.

The installer prompts "Do you want to use the Internet to perform the OS upgrade?". The offline
upgrade path is supported when no custom packages are installed (answer N). The online
upgrade is required when custom packages are manually installed (answer Y). An online
NOTE:
upgrade is recommended when an online upgrade was used previously, however there is a risk
of session timeout due to 15 minutes of screen inactivity.

To upgrade Access Control Engines and Application Analytics Engines you can use the directive
--keepalive to decrease the chance of a session expiry timeout from 15 minutes of no screen
activity.

To Version (next
step in upgrade
From Version (currently running) path)
ExtremeCloud IQ Site Engine 24.7.x, 24.10.x ExtremeCloud IQ
Site Engine 24.10

15 of 58
 General Information

To Version (next
step in upgrade
From Version (currently running) path)
ExtremeCloud IQ Site Engine 24.2.x Fresh installation
of ExtremeCloud
IQ Site Engine
24.10 and follow
the Data
Migration
Procedure
Application Analytics Engine, Access Control Engine 24.2.15 Application
Analytics Engine,
Access Control
Engine 24.10
ExtremeCloud IQ Site Engine 23.4.12, 23.7.x, 23.11.x, 24.2.x ExtremeCloud IQ
Site Engine
24.2.15
ExtremeCloud IQ Site Engine 21.x, 22.x, 23.2.x 23.4.10, 23.4.11 ExtremeCloud IQ
Site Engine
23.4.12
Extreme Management Center version 8.5.7 ExtremeCloud IQ
Site Engine
24.2.15
Extreme Management Center version 8.2.x to 8.5.6 Extreme
Management
Center 8.5.7
Extreme Management Center version 8.0.x to 8.1.x Extreme
Management
Center 8.3.3.11
NetSight version 7.1.4.1 Extreme
Management
Center 8.3.3.11
NetSight version 7.x NetSight 7.1.4.1
NetSight version 6.3.0.186 NetSight 7.1.4.1
NetSight version 6.x NetSight
6.3.0.186

A backup (Administration > Backup/Restore) of the database must be performed

IMPORTANT:
prior to the upgrade and saved to a safe location.

If you use LDAPS with a Fully Qualified Domain Name (FQDN) in the URL to authorize a user to
the OneView, then ExtremeCloud IQ Site Engine presents the Server Certificate (located in

16 of 58
 General Information

Administration > Certificates > Server Certificate Information) to the LDAPS server. If the
LDAPS server presents a certificate that does not match the LDAPS URL, then the certificate is
rejected with the error “Certificate Unknown”.

The best practice is to use a trusted certificate if the LDAPS URL is defined with FQDN,
otherwise the LDAPS server might not accept the LDAPs connection. The alternative option is
to use an IP address in the LDAPS URL instead of FQDN.

Important Upgrade Considerations

l If your network is using ExtremeAnalytics or ExtremeControl engines, or another add-on feature, you
must first perform the ExtremeCloud IQ Site Engine upgrade to version 24.10.13 and then upgrade the
feature.
l To upgrade Traffic Sensor from version 21.x, a fresh installation is recommended. If the fresh installation
cannot be used, then please check Knowledge Base for a special procedure.
l If the online upgrade fails due to an Internet connectivity issue, fix the connectivity issue and rerun the
upgrade.

When performing an upgrade, be sure to back up the database prior to performing

IMPORTANT: the upgrade, and save it to a safe location. Use the Administration > Backup/Restore
tab to perform the backup.

l When upgrading the ExtremeCloud IQ Site Engine server, ExtremeAnalyticsengine, or

ExtremeControlengine to version 24.10.13, ensure the DNS server IP address is correctly configured.
l When upgrading to ExtremeCloud IQ Site Engine version 24.10.13, if you adjusted the ExtremeCloud IQ
Site Engine memory settings and want them to be saved on upgrade, a flag (-DcustomMemory) needs
to be added to the /usr/local/Extreme_Networks/NetSight/services/nsserver.cfg
file.

For example:
-Xms12g -Xmx24g -XX:HeapDumpPath=../../nsdump.hprof -
XX:+HeapDumpOnOutOfMemoryError -XX:MetaspaceSize=128m -DcustomMemory

License Renewal
Upgrading to ExtremeCloud IQ Site Engine version 24.10.13 requires you to transition from
perpetual to subscription-based license model. Existing NMS licenses do not provide access to
ExtremeCloud IQ Site Engine. If your perpetual licenses were not transitioned to subscription-
based licenses, contact your Extreme Networks Representative for assistance.

Free Space Consideration

When upgrading to ExtremeCloud IQ Site Engine version 24.10.13, a minimum of 15 GB of free
disk space is required on the ExtremeCloud IQ Site Engine server

17 of 58
 General Information

To increase the amount of free disk space on the ExtremeCloud IQ Site Engine server, perform
the following:
l Decrease the number of ExtremeCloud IQ Site Engine backups (by default, saved in the
/usr/local/Extreme_Networks/NetSight/backup directory).
l Decrease the Data Persistence settings (Administration > Options > Access Control > Data Persistence).
l Remove unnecessary archives (Network > Archives).
l Delete the files in the <installation directory>/NetSight/.installer directory.

Site Discover Consideration

Discovering devices via the Site tab using a Range, Subnet, or Seed discover might not
successfully add all expected devices. To correct the issue, increase the Length of SNMP
Timeout value on the Administration > Options > Site tab in the Discover First SNMP Request
section.

ExtremeAnalytics Upgrade Information

Enabling or disabling the disk flow export feature might cause enforce operations to time out.
Enforcing again resolves the issue.

When you delete an ExtremeXOS/Switch Engine device that is configured as a flow source via
the Flow Sources table of the Analytics > Configuration > Engines > Configuration tab from the
Devices list on the Network > Devices tab, an error message is generated in the server.log.
The message does not warn you that the device is in use as a flow source. Adding the device
back in the Devices list on the Network > Devices tab or removing the device from the Flow
Source table fixes the issue.

The Flow Sources table on the Analytics > Configuration > engine > Configuration tab may take
a few minutes to load.

ExtremeControl Version 8.0 and later

Beginning in version 8.0, ExtremeControl may fail to join Active Directory when accessing as a
Standard Domain User with Descendant Computer Objects ("Reset password" permissions
only) group member.

To allow this functionality, add the following permissions:

l Reset Password
l Validated write to DNS host name
l Validated write to service principal
l Read and write account restrictions
l Read and write DNS host name attributes
l Write servicePrincipalName

18 of 58
 General Information

Other Upgrade Information

Immediately after you install version 24.10.13 on the ExtremeControlengine, the date and time
does not properly synchronize and the following error message displays:
WARNING: Unable to synchronize to a NTP server. The time might not be
correctly set on this device.

Ignore the error message and the date and time automatically synchronize after a short delay.

Additionally, the following message might display during the ExtremeControl upgrade to
version 24.10.13:

No domain specified

To stop domain-specific winbindd process, run /etc/init.d/winbindd stop {example-

domain.com}

Upgrading ExtremeControl Engine to Version 24.10.13

General Upgrade Information

The EAP-TLS Certificates with SHA1 are considered weak and are not accepted anymore. The
radius server fails to start with the SHA1 certificate. You can use a more secure certificate, such
as SHA256.

You are not required to upgrade your ExtremeControl engine version to 24.10.13 when
upgrading to ExtremeCloud IQ Site Engine version 24.10.13. However, both ExtremeCloud IQ
Site Engine and ExtremeControl engine must be at version 24.10.13 in order to take advantage of
the new ExtremeControl version 24.10.13 features. ExtremeCloud IQ Site Engine version 24.10.13
supports managing ExtremeControl engine versions 23.x and up to 24.10.13.

In addition, if your ExtremeControl solution utilizes a Nessus assessment server, you should also
upgrade your assessment agent adapter to version 24.10.13 if you upgrade to ExtremeControl
version 24.10.13.

You can download the latest ExtremeControl engine version at the Extreme Portal.

Agent Version for NAC Agent-Based Assessment - Legacy

If you are using onboard agent-based assessment, be aware that the agent version is upgraded
during the ExtremeControl engine software upgrade. If you would like end-systems to update
their agent to the new version, you must configure your assessment test set to test for the new
agent version. Refer to the Important Upgrade Information section in the ExtremeCloud IQ Site
Engine Release Notes or the agent version included in the ExtremeControlengine software.

19 of 58
 Pre-Installation Checklist

LDAPS servers with FQDN

If the LDAPS server URL uses a Fully Qualified Domain Name (FQDN), then the LDAPS client of
Access Control Engine presents the internal Communication Certificate to the LDAPS server. If
the LDAPS server URL uses a FQDN then the LDAPS client of ExtremeCloud IQ Site Engine
presents the Server Certificate (located in Administration > Certificates > Server Certificate
Information) to the LDAPS server. If the LDAPS server presents a certificate that does not
match the LDAPS URL, then the certificate is rejected with the error “Certificate Unknown”

The best practice is to use trusted certificates if the LDAPS URL is defined with FQDN,
otherwise the LDAPS server might not accept the LDAPS connection. If the LDAPS server URL
uses an IP address then the LDAPS client (of both Access Control Engine and ExtremeCloud IQ
Site Engine) does not present the Certificate to the LDAPS server.

Upgrading to Policy Manager 24.10.13

l Policy Manager 24.10.13 only supports ExtremeWireless Controller version 10.51. If you upgrade to
ExtremeCloud IQ Site Engine 24.10.13 prior to upgrading your controllers, then Policy Manager does not
allow you to open a domain where the controllers already exist or add them to a domain. A dialog is
displayed indicating your controllers do not meet minimum version requirements and that they must be
upgraded before they can be in a domain.
l Following an upgrade to Wireless Controller version 8.31 and higher, a Policy Manager enforce fails if it
includes changes to the default access control or any rules that are set to contain. To allow Policy
Manager to modify the default access control or set rules to contain, you must disable the "Allow" action
in policy rules contains to the VLAN assigned by the role checkbox accessed from the Wireless
Controller's web interface on the Roles > Policy Rules tab. This will allow the enforce operation to
succeed.

Pre-Installation Checklist
Please review the following checklist prior to performing an ExtremeCloud IQ Site Engine
software installation or upgrade.

Backup database. If performing an upgrade, be sure to backup the ExtremeCloud IQ Site Engine
database prior to performing the upgrade. Use the Backup/Restore tab to perform the backup
(Administration > Backup/Restore tab).

If you are an existing Extreme Management Center customer, contact your representative to
have your Extreme Management Center license migrated to an ExtremeCloud IQ Site Engine
license. The ExtremeCloud IQ Site Engine license also includes licensing for ExtremeAnalytics.

20 of 58
 ExtremeCloud IQ Site Engine Installation

l For upgrade and installation requirements, as well as configuration considerations, see

ExtremeCloud IQ Site Engine Configuration and Requirements.

IMPORTANT:
l ExtremeCloud IQ Site Engine version 24.10.13 receives the licenses from ExtremeCloud
IQ. ExtremeCloud IQ Site Engine is a subscription-based -only licensing model.
Existing NMS licenses do not provide access to ExtremeCloud IQ Site Engine. You can
view the status of your license by accessing Administration > Licenses.

ExtremeCloud IQ Site Engine Installation

If you are an existing Extreme Management Center customer, contact your representative to
have your Extreme Management Center license migrated to an ExtremeCloud IQ Site Engine
license. The ExtremeCloud IQ Site Engine license also includes licensing for ExtremeAnalytics.

Installing ExtremeCloud IQ Site Engine

Use the following instructions to install ExtremeCloud IQ Site Engine. Please read through the
following items before beginning the installation.
l The user performing the installation must be the root user. During the installation process you can
specify another user to launch and run the server, if desired.
l If you are installing ExtremeCloud IQ Site Engine on a Linux system not provided by Extreme Networks,
see Performing a Silent Install for information on installing ExtremeCloud IQ Site Engine without using
its GUI Installation wizard.
l If you are installing ExtremeCloud IQ Site Engine on a Linux system that requires an operating system
upgrade, you are prompted to upgrade using either an internet connection or locally if no additional
Ubuntu packages need to be installed.
l Prior to beginning installation, verify that your /etc/hosts file has the local host name specified. It should
have an entry that looks like:
127.0.0.1 localhost

Preparing for CD Installation

Perform the following steps if you will be installing the ExtremeCloud IQ Site Engine software
from a CD. The following procedures assume that the CD drive from which you are installing is
physically attached to the system where ExtremeCloud IQ Site Engine is being installed.

1. Insert the ExtremeCloud IQ Site Engine CD into the CD drive.

2. Use an xterm where you are logged in as root.
3. Using the cd command, cd to the /mnt/cdrom directory.
4. Using the ls command, check to see if the CD drive is mounted. If no files are listed, issue the following
commands:
mount /mnt/cdrom

21 of 58
 ExtremeCloud IQ Site Engine Installation

Installation on Red Hat Enterprise Linux (RHEL)

ExtremeCloud IQ Site Engine only requires standard basic OS support, the GUI for RHEL is not
required. The following services must be installed with the RHEL OS:
l Syslog
l Time
l VMware tools (if running on VMware)
l IPv4
l IPv6 (if IPv6 will be used)
l DNS

The following services are included in ExtremeCloud IQ Site Engine, do not install with the RHEL
OS:
l PSQL
l TFTP

Installing RHEL Operating System

1. Run the RHEL installation wizard, select Software Selection > Minimal Install > Standard
environment.

2. Configure your system networking including the hostname in Network & Host Name

3. Configure your localization time and date with timezone in Time & Date.

The best practice is to use a non-root user account for the ExtremeCloud IQ Site Engine
application to run. The RHEL OS installation wizard allows the creation of a user account.
Running the ExtremeCloud IQ Site Engine application on root account will function but is not
recommended.

NOTE: The following installation and upgrade procedure commands use the user account "netsight".

Register Subscription with Red Hat

To download RPM packages a Red Hat subscription is required. See Red Hat documentation for
more details about subscriptions and how to register Red Hat Subscriptions.

Configuring RHEL for ExtremeCloud IQ Site Engine

1. Install the following additional packages:
sudo yum install net-snmp-utils
sudo yum install net-snmp

22 of 58
 ExtremeCloud IQ Site Engine Installation

2. Enable and configure SNMPd:

systemctl enable snmpd
sudo nano /etc/snmp/snmpd.conf

a. Edit the snmpd.conf file by adding the following line:

sysobjectid .1.3.6.1.4.1.1916.2.417

NOTE: The DES protocol is deprecated by Red Hat, the local SNMPd will not accept the
SNMPv3 communication with DES encryption.

3. Start SNMPd:
systemctl start snmpd

4. Install initscripts:
sudo yum install initscripts

5. Enable syslog service to receive messages by editing the config file:

sudo nano /etc/rsyslog.conf

a. Comment out the following line:

#module(load="builtin:omfile" Template="RSYSLOG_
TraditionalFileFormat")

b. Add the following two lines at the same section:

$template mcdefault,"<%syslogpriority%>%timegenerated% %HOSTNAME%
%fromhost-ip% %syslogtag%%msg%\n"
module(load="builtin:omfile" Template="mcdefault")

c. Uncomment the following lines:

module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")

6. Restart the service:

sudo systemctl restart rsyslog

7. Modify the firewall settings:

sudo firewall-cmd --zone=public --add-port=8080/tcp
sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --zone=public --add-port=8443/tcp
sudo firewall-cmd --zone=public --permanent --add-port=8443/tcp
sudo firewall-cmd --zone=public --add-port=162/udp
sudo firewall-cmd --zone=public --permanent --add-port=162/udp
sudo firewall-cmd --zone=public --add-port=514/udp

23 of 58
 ExtremeCloud IQ Site Engine Installation

sudo firewall-cmd --zone=public --permanent --add-port=514/udp

sudo firewall-cmd --zone=public --add-port=514/tcp
sudo firewall-cmd --zone=public --permanent --add-port=514/tcp
sudo firewall-cmd --zone=public --add-service=tftp
sudo firewall-cmd --zone=public --add-service=tftp –permanent

8. Configure the IP address resolution to resolve the IPv4 address from the hostname.
sudo nano /etc/hosts

9. Verify the IP address resolution by the following command and check if the IP is resolved.
ping `hostname`

10. Disable the SELinux feature by editing the config file:

sudo nano /etc/selinux/config

a. Change the line SELINUX=enforcing to SELINUX=disabled

11. Verify the SELinux status (a reboot might be required to disable):

sestatus
SELinux status: disabled

12. Install the following packages for generating PDF reports:

sudo yum install libpng15
sudo yum install xorg-x11-fonts-Type1
sudo yum install xorg-x11-fonts-75dpi
wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-
2/wkhtmltox-0.12.6.1-2.almalinux9.x86_64.rpm
sudo rpm -ivh wkhtmltox-0.12.6.1-2.almalinux9.x86_64.rpm

13. Install the following packages for the migration process:

sudo yum install python3-pip
sudo pip3 install paramiko
sudo pip3 install scp

Installing ExtremeCloud IQ Site Engine on RHEL

1. Change the attributes of the install file:
chmod 700 ExtremeCloudIQSiteEngine_<version>_64bit_install.bin

2. Run the install file without GUI support (use --user to define an existing user for the main
process):
sudo ./ExtremeCloudIQSiteEngine_<version>_install.bin --cli --user
netsight

3. Monitor the installation progress, and answer any questions that might occur during the
installation.
The install process finishes, and a prompt returns with the following messages:

24 of 58
 ExtremeCloud IQ Site Engine Installation

WARN BaseInstallUninstall.java:337 - Exiting. Process completed normally.

WARN BaseInstallUninstall.java:347 - Finished in 7 minutes.

Upgrading ExtremeCloud IQ Site Engine on RHEL

1. Stop the nsserver and nsdatabase:
sudo /usr/local/Extreme_Networks/NetSight/scripts/stopserver.sh

2. Change the attributes of the install file:

chmod 700 ExtremeCloudIQSiteEngine_<version>_64bit_install.bin

3. Run the install file without GUI support:

sudo ./ExtremeCloudIQSiteEngine_<version>_install.bin --cli --user
netsight

Known Limitations of ExtremeCloud IQ Site Engine on RHEL

l SNMPv3 traps and informs with MD5 and DES encryption are not decrypted, displaying an
error message: “Authentication failed”.
l DES protocol is deprecated by current Red Hat versions, the SNMPd running on Red Hat
does not accept the SNMPv3 communication with DES encryption.
l The option to Manage SSH configuration in Administration > Users > is disabled.

For more information on RHEL limitations with SNMPv3, see the following Red Hat article:
Considerations in Adopting RHEL 9.

For more information on memory settings, see the following knowledge base article: Customize
Memory Allocation.

Performing a Silent Install

If you are installing ExtremeCloud IQ Site Engine on a Linux system that doesn't support a GUI,
you must add the cli flag (--cli) to the install command, in order to allow the ExtremeCloud IQ
Site Engine installer to prompt for any required input.

Start the installation with the following command:

./ExtremeCloudIQSiteEngine_<version>_64bit_install.bin --cli

If you are installing as a user other than root, you must use the --user command to specify the
different user. The user must already be configured on the machine before you install. For
example:

./ExtremeCloudIQSiteEngine_<version>_64bit_install.bin --cli --user

<username>

To perform the install and create a new local "netsight" user (where netsight is the user name),
use the --password command to set the password for the new "netsight" user. For example:

25 of 58
 ExtremeCloud IQ Site Engine Installation

./ExtremeCloudIQSiteEngine_<version>_64bit_install.bin --cli --password

<password>

Select the deployment mode and licensing for ExtremeCloud IQ

Site Engine
After installing or upgrading to ExtremeCloud IQ Site Engine, you need to select your
deployment mode and licensing for ExtremeCloud IQ Site Engine. Refer to First log in to
ExtremeCloud IQ - Site Engine for the procedure.

Restoring a Database from a Windows Server to a Linux Server

This section describes several ExtremeCloud IQ Site Engine configuration changes required if
you are moving your ExtremeCloud IQ Site Engine installation from a Windows platform system
to a Linux platform system. The steps are performed after restoring your database to the new
server.

In addition, there are two changes that must be made in the legacy Console java application and
one change in the legacy Inventory Manager application.

Console
Use the following instructions to change the location of syslog and trap information to the new
location on the Linux system.

Syslog

Change the Syslog Log Manager to point to the new location on the Linux system. This allows
the display of syslog information in the Syslog Event View tab.

1. From the Console menu bar, select Tools > Alarm/Event > Event View Manager.
2. Select the Syslog entry under Available Log Managers, and select the Edit button. The Log Manager
Parameters window opens.
3. Change the path in the Log Directory field to /var/log/syslog.
4. Change the Pattern to Red Hat LINUX Syslog Pattern.
5. Select OK.

Traps

Change the Traps Log Manager to point to the new location on the Linux system. This allows the
display of trap information in the Traps Event View tab.

1. From the Console menu bar, select Tools > Alarm/Event > Event View Manager.
2. Select the Traps entry under Available Log Managers, and select the Edit button. The Log Manager
Parameters window opens.

26 of 58
 Systems with Multiple NICs

3. Change the path in the Log Directory field to %logdir%/traps.

4. Select OK.

Inventory Manager
If you are using Inventory Manager, you need to change the Data Storage Directory path to
point to the new location on the Linux system. The Data Storage directory is where all Inventory
Manager data is stored, including capacity planning reports, configuration templates, archived
configurations, and property files.

1. From the Inventory Manager menu bar, select Tools > Options. Expand the Inventory Manager options
folder and select Data Storage Directory Path.
2. Change the path to the correct new location. On a default Linux install, the path would be:
<user's home directory>/appdata/InventoryMgr
3. Select OK.

Systems with Multiple NICs

This section provides instructions for configuring ExtremeCloud IQ Site Engine servers with
multiple NICs (Network Interface Cards). During the startup process, the ExtremeCloud IQ Site
Engine server automatically binds to the first available NIC, which may not be the correct
interface for the server to use. In addition, changes on the network can cause the server to bind
to an incorrect interface, should the server restart during a change.

If the system has multiple NICs installed, it is a good practice to either:

l configure the server to bind to a preferred IP address, if using only one interface for connections or
l configure multiple network interfaces, if using more than one interface for connections.

This ensures that local and remote clients, as well as ExtremeControl engines, are able to
connect to the ExtremeCloud IQ Site Engine server.

Binding to One Interface

If the ExtremeCloud IQ Site Engine server has multiple NICs installed but only one interface is
used to access ExtremeCloud IQ Site Engine, use the following instructions to configure the
preferred interface for the ExtremeCloud IQ Site Engine server.

Configure the ExtremeCloud IQ Site Engine server to bind to the correct IP address.

1. Open the /var/Extreme_Networks/.netsight file. Edit the line JBOSS_HOSTNAME=<server

IP> to add the correct NIC IP address.
2. Restart the ExtremeCloud IQ Site Engine server.

27 of 58
 Uninstalling ExtremeCloud IQ Site Engine

NOTE: User preferences and application data (such as FlexViews and MIBs) for remote clients are stored in
the following local directory on the client machine: C:\Documents and
Settings\<username>\Application Data\NetSight.

Uninstalling ExtremeCloud IQ Site Engine

Use the procedures below to uninstall your ExtremeCloud IQ Site Engine Suite of products. The
uninstall removes all ExtremeCloud IQ Site Engine data from the database. Be sure to backup
your database prior to uninstalling.

Navigate to the <install directory>/uninstaller directory and start the Uninstaller by issuing the
command:
./uninstall.sh

Extreme Networks Support

If you require assistance, contact Extreme Networks Global Technical Assistance Center using
one of the following methods.

Web www.extremenetworks.com/support/
Phone 1-800-872-8440 (toll-free in U.S. and Canada) or 1-603-952-5000
For the Extreme Networks Support phone number in your country:
www.extremenetworks.com/support/contact/
Email support@extremenetworks.com

28 of 58
 Extreme Networks Support

ExtremeCloud IQ Site Engine Licensing

ExtremeCloud IQ Site Engine includes all the features and functionality of Extreme Management
Center. If you are an existing Extreme Management Center customer, contact your
representative to have your Extreme Management Center license migrated to an ExtremeCloud
IQ Site Engine license. The ExtremeCloud IQ Site Engine license also includes licensing for
ExtremeAnalytics.

l ExtremeCloud IQ Site Engine is a subscription-based -only licensing model.

NOTES: l ExtremeCloud IQ Site Engine is not compatible with ExtremeCloud IQ Connect level account.
The Pilot level is mandatory.

You can view ExtremeCloud IQ and ExtremeCloud IQ Site Engine license information by
accessing Administration > Licenses.

This Help topic includes information on the following:

l Licensing for Devices in Connected Mode
l Licensing for Devices in Air Gap Mode
l Revoke Air Gap License
l License Limits and Violations
l Licensing for ExtremeControl

There are three tiers of licenses for ExtremeCloud IQ Site Engine and devices:
l Pilot - Natively supported Extreme devices
l Navigator - 3rd party devices, Extreme Campus Controller, ExtremeCloud IQ Controller, WiNG wireless
devices, and devices not natively supported by ExtremeCloud IQ Site Engine
l No License - Status-Only devices

ExtremeCloud IQ Site Engine can be deployed in two ways, using connected mode or air gap
mode:
l Connected mode:
l ExtremeCloud IQ - Site Engine uses ExtremeCloud IQ to determine if you meet or exceed the
license limits for each license type.
l All ExtremeCloud IQ - Site Engines connected to the same customer account share a pool of
licenses, one serial number consumes one license entitlement, regardless of the number of
monitoring entities.
l ExtremeCloud IQ - Site Engine shares information with ExtremeCloud IQ.
l ExtremeCloud IQ can cooperate with ExtremeCloud IQ - Site Engine.

29 of 58
 Licensing for Devices in Connected Mode

l Air gap mode:

l ExtremeCloud IQ - Site Engine does not require internet access.
l ExtremeCloud IQ - Site Engine uses a license file to determine if you meet or exceed the license
limits for each license type.
l ExtremeCloud IQ - Site Engines can not share licenses.

Devices that do not have serial numbers or MAC addresses in Extreme

Management Center must be Rediscovered after you upgrade to
ExtremeCloud IQ Site Engine in connected mode before they can be
onboarded to ExtremeCloud IQ.

If your number of devices exceeds your licenses available, ExtremeCloud IQ

NOTE: Site Engine transitions to a license violation state and your access to
ExtremeCloud IQ Site Engine features and functionality is degraded. To
resolve the license shortage you need to access the Extreme Networks
License Portal or ExtremeCloud IQ to evaluate the quantities of available
Pilot, Navigator, and NAC licenses versus the number of licenses required by
ExtremeCloud IQ Site Engine.

Licensing for Devices in Connected Mode

When ExtremeCloud IQ Site Engine has been onboarded, it starts sending requests to add the
devices from its database to ExtremeCloud IQ.

As devices are added and discovered in ExtremeCloud IQ Site Engine, they are onboarded to
ExtremeCloud IQ, with a request for a license of the appropriate tier (Navigator, Pilot or No
License) that each device will require.

Devices may be marked as Unmanaged in ExtremeCloud IQ, which means they are not using a
license and available features are very limited.

The following grid details the type of license required by each device and engine type:

Number of
Device Type License Tier Type Licenses Per
Device
Extreme-supported Device (Includes Universal
Platform Fabric Engine, Universal Platform VOSS,
VSP series, SLX, Extreme Access Series, Fabric Pilot 1
Manager, ICX Series, Security Appliances, MLXe
Series, VDX Series)
Extreme-supported Device (Universal Platform
Switch Engine, Universal Platform EXOS, Summit
Pilot 1 for each unit
Series, ERS Series, A Series, B Series, C Series,
7100 Series, 200 Series)

30 of 58
 Licensing for Devices in Air Gap Mode

Number of
Device Type License Tier Type Licenses Per
Device

Extreme-supported Device (S-Series, K-Series) Pilot 1 for each chassis

Extreme-supported Chassis (Includes S series, K

series, N series, E series, Black Diamond, Black
Pilot 1 for each chassis
Diamond X, X series, VSP series, MLXe series,
VDX series, SLX series)

ExtremeControl engine Pilot 1

ExtremeAnalytics engine Pilot 1

ExtremeCloud IQ Site Engine* Pilot 1

vSensor Pilot 1

All Other Devices (Includes Non-Extreme

Navigator 1
Device)

Devices with Ping-Only profile No License 0

*There is one license required for the ExtremeCloud IQ Site Engine itself. Each
ExtremeCloud IQ Site Engine consumes only one license even if there are multiple
ExtremeCloud IQ Site Engine devices are in the device list.

For HiveOS APs (IQE) and Dell N-Series, a Pilot license is required, but currently not
NOTE: enforced in ExtremeCloud IQ Site Engine. These are not onboarded to ExtremeCloud IQ
through ExtremeCloud IQ Site Engine.

Licensing for Devices in Air Gap Mode

ExtremeCloud IQ Site Engine uses licenses stored locally in a license file. This ensures
ExtremeCloud IQ Site Engine does not require an internet connection to verify licenses are
available as you add devices.

Licenses in one installation of ExtremeCloud IQ Site Engine in air gap mode cannot be
NOTE:
shared with other installations of ExtremeCloud IQ Site Engine.

As devices are added and discovered in ExtremeCloud IQ Site Engine, they consume a license of
the appropriate tier (Navigator, Pilot or No License) that each device requires against the total
listed in the license file.

31 of 58
 Revoke Air Gap License

Devices may be marked as Unmanaged, which means they are not using a license and available
features are very limited.

The following grid details the type of license required by each device and engine type:

Number of
Device Type License Tier Type Licenses Per
Device
Extreme-supported Device (Includes Universal
Platform Fabric Engine, Universal Platform
VOSS, VSP series, SLX, Extreme Access Series,
Pilot 1
Fabric Manager, ICX Series, Security Appliances,
MLXe Series, VDX Series, HiveOS (IQE), Dell N-
Series)
Extreme-supported Device (Universal Platform
Switch Engine, Universal Platform EXOS,
Pilot 1 for each unit
Summit Series, ERS Series, A Series, B Series, C
Series, 7100 Series, 200 Series)
Extreme-supported Chassis (Includes S series, K
series, N series, E series, Black Diamond, Black
Pilot 1 for each chassis
Diamond X, X series, VSP series, MLXe series,
VDX series, SLX series)

ExtremeControl engine Pilot 1

ExtremeAnalytics engine Pilot 1

ExtremeCloud IQ Site Engine* Pilot 1

vSensor Pilot 1

All Other Devices (Includes Non-Extreme

Navigator 1
Device)

Devices with Ping-Only profile No License 0

*There is one license required for the ExtremeCloud IQ Site Engine itself. Each
ExtremeCloud IQ Site Engine consumes only one license even if there are multiple
ExtremeCloud IQ Site Engine devices are in the device list.

Revoke Air Gap License

NOTE: A maximum of 10 Air Gap licenses can be revoked in one revocation file.

32 of 58
 License Limits and Violations

Follow this procedure to revoke your Air Gap license.

1. Open Administration > Licenses or enter this URL.

https://<Server>:/8443/xiqLicenseSetup.jsp?setupMode=Airgap
2. Select either the Pilot, Navigator, or NAC license to revoke.

ExtremeCloud IQ Site Engine generates a revocation file.

3. Download the file to your computer.

4. Log into the Extreme Portal (https://extreme-networks.my.site.com/ExtrCloudLicenseLanding).
5. Select Assets > Cloud Licenses Home > Revoke License.

6. Upload the revocation file and select Submit.

The revoked licenses are returned to the license pool. Contact support if you encounter an error.
You will need to provide the revocation file (.rvk) and the error message.

License Limits and Violations

For each request to add a device to ExtremeCloud IQ Site Engine:

33 of 58
 License Limits and Violations

l In connected mode: ExtremeCloud IQ determines if there are enough licenses of that type available.
l In air gap mode: ExtremeCloud IQ Site Engine uses the license file to determine if there are enough
licenses of that type available.

As a result for both modes, one of the following actions happens:

l If there are enough licenses, device onboarding is successful.
l If there are not enough Navigator licenses, a Pilot license is used instead.
l If there are not enough Pilot licenses, the request is considered a license violation.

When an evaluation license is used for ExtremeCloud IQ Site Engine, all devices are
NOTE:
managed with Pilot licenses.

To correct a license limit violation:

l In connected mode: You must acquire more licenses (and, when the updated licenses are available in
ExtremeCloud IQ, they are used by ExtremeCloud IQ Site Engine).
l In air gap mode: You must acquire more licenses by generating a new licensing file from the licensing
portal, then install the licensing file in ExtremeCloud IQ Site Engine.

Devices Marked as Unmanaged

When devices are marked as Unmanaged in ExtremeCloud IQ, they are also Unmanaged in
ExtremeCloud IQ Site Engine.

Onboarded Unmanaged devices are indicated in the XIQ Onboarded column of the Network >
Site > Device table by a red X.

For more details on the Network > Site > Device table, visit Onboarding Unmanaged Devices.

34 of 58
 Licensing for ExtremeControl (Network Access Control)

Licensing for ExtremeControl (Network Access Control)

If the ExtremeCloud IQ Site Engine was onboarded to ExtremeCloud IQ, ExtremeCloud IQ
provides the Network Access Control (NAC) entitlements to ExtremeCloud IQ Site Engine.
There is an option to allocate a portion of the available license pool in ExtremeCloud IQ. The full
100% NAC entitlements should be allocated automatically to the first ExtremeCloud IQ Site
Engine. If there are more Site Engines, for example, a lab instance and a production instance,
then the NAC entitlements allocation can be changed in the ExtremeCloud IQ GUI. It is
recommended to check the NAC entitlements allocation in ExtremeCloud IQ.

If the ExtremeCloud IQ Site Engine is operated in air gap deployment mode, the licensed
quantity for ExtremeControl is provided through a license file. The license file is generated in
Extreme Portal. The licensed quantity for ExtremeControl varies depending on whether
ExtremeCloud IQ Site Engine is initially installed or it was upgraded from the Extreme
Management Center.

After Upgrading from Extreme Management Center

If you are upgrading from Extreme Management Center to ExtremeCloud IQ Site Engine, the
licensing and capabilities of ExtremeControl do not change. The following are included in the
licenses:
l NMS-ADV License includes 500 Access Control End-Systems and 50 Guest and IoT Manager
(GIM) licenses.
l NMS-xx License includes 250 Access Control End-Systems and 25 GIM licenses.

If your version of ExtremeControl contains NMS or NMS-ADV licenses described above and licenses are
NOTE: used through ExtremeCloud IQ (in Connected mode) or in a locally stored license file (in Air Gap
mode), ExtremeControl will sum those licensed quantities.

Upon Initial Installation

If you are completing an initial install of ExtremeCloud IQ - Site Engine, there is no end-system
license included. The evaluation license can be generated on the Extreme Portal which includes
unlimited end-systems and Guest and IoT Manager (GIM) licenses.

35 of 58
 Post upgrade from Extreme Management Center Version 8.5.5 or newer

Logging into ExtremeCloud IQ Site Engine

In connected mode, ExtremeCloud IQ Site Engine gets licenses through ExtremeCloud IQ.
ExtremeCloud IQ acts as a license proxy between ExtremeCloud IQ Site Engine and Extreme
Portal. Therefore, your ExtremeCloud IQ needs to be linked to your license entitlements in the
Extreme Portal before your ExtremeCloud IQ Site Engine can be onboarded to ExtremeCloud
IQ and consumes licenses via ExtremeCloud IQ. In Air Gap deployment mode, ExtremeCloud IQ
Site Engine utilizes these licenses based on a license file.

Post upgrade from Extreme Management Center Version

8.5.5 or newer
When the Extreme Management Center is onboarded to ExtremeCloud IQ using the soft launch
feature, you need to remove Extreme Management Center from ExtremeCloud IQ before
onboarding ExtremeCloud IQ Site Engine.

Initial installation of ExtremeCloud IQ Site Engine or

upgrading from Extreme Management Center
Follow these steps to launch ExtremeCloud IQ Site Engine:

1. Enter this https://<IP Address>:8443 in your browser.

2. Enter your ExtremeCloud IQ Site Engine login credentials and select Login. These are the credentials
you configured during the installation

36 of 58
 Initial installation of ExtremeCloud IQ Site Engine or upgrading from Extreme Management

3. Accept the License Agreement and select Next.

4. Select your deployment mode. Refer to the XIQ-SE Activation document for licensing information.
l Connected mode - Onboard to ExtremeCloud IQ Site Engine - In connected deployment mode,
ExtremeCloud IQ Site Engine utilizes these licenses through connection to ExtremeCloud IQ. It is
required to link your Extreme Portal to ExtremeCloud IQ. Once those are linked together, you can
use the licenses you purchased in both ExtremeCloud IQ and ExtremeCloud IQ Site Engine.
l Air Gap mode - Enter entitlement(s) for air gapped ExtremeCloud IQ Site Engine - In air gap
deployment mode, ExtremeCloud IQ Site Engine utilizes these licenses based on a license file.
During the generation of the license file, the licenses are assigned to the locking ID of
ExtremeCloud IQ Site Engine.

37 of 58
 Initial installation of ExtremeCloud IQ Site Engine or upgrading from Extreme Management

The Welcome screen provides a link to the procedure for restoring ExtremeCloud IQ
NOTE:
Site Engine from backup.

5. Click Next.
6. Depending on the deployment mode you selected, you will do one of the following:
l For Connected mode onboarding of ExtremeCloud IQ Site Engine to ExtremeCloud IQ, enter the
ExtremeCloud IQ email address and password and select Onboard. If your environment requires
HTTP Proxy or other advanced settings, select the Advanced link. If you do not have an
ExtremeCloud IQ account, select the Register Here link.

38 of 58
Initial installation of ExtremeCloud IQ Site Engine or upgrading from Extreme Management

l For Air Gap deployment, drag and drop your entitlements to this screen.

39 of 58
 Onboarding Devices (Connected mode only)

7. Click Onboard (Connected mode) or Continue (Air Gap mode). ExtremeCloud IQ Site
Engine is ready to use.

You can now access ExtremeCloud IQ Site Engine.

If you need to convert your deployment between Connected or Air Gap mode,
NOTE: see Convert from Connected to Air Gap deployment or Convert from Air Gap to
Connected deployment.

Onboarding Devices (Connected mode only)

When ExtremeCloud IQ Site Engine is onboarded, it starts sending requests to add the devices
from its database to ExtremeCloud IQ. Cloud Configuration Groups are created in
ExtremeCloud IQ that match User Device Groups in ExtremeCloud IQ Site Engine.

Devices with IPv6 addresses in ExtremeCloud IQ Site Engine will not be

NOTE: onboarded as locally-managed devices in ExtremeCloud IQ. Only devices with
IPv4 addresses qualify.

As devices are added and discovered in ExtremeCloud IQ Site Engine, they are onboarded to
ExtremeCloud IQ, with a request for a license of the appropriate tier (Navigator, Pilot or No
License) that each device will require.

If devices that are onboarded are included in User Device Groups in ExtremeCloud IQ Site
Engine, they are also included in Cloud Configuration Groups in ExtremeCloud IQ that match the
devices' assigned User Device Groups in ExtremeCloud IQ Site Engine.

Cloud Configuration Groups are updated when devices are added to User Device Groups (either
by user action or by API call). Cloud Configuration Groups are also updated when devices are
removed from a User Device Group or deleted from ExtremeCloud IQ Site Engine.

Cloud Configuration Group names include User Device Group parent names
(other than "My Network") and are prefixed with "XIQSE-".
NOTE:
The Cloud Configuration Group names will be shortened to fit the limit of 128
characters.

View the ExtremeCloud IQ Site Engine and ExtremeCloud IQ Onboarding Flowchart for a
detailed chart on how devices are onboarded to ExtremeCloud IQ and managed by
ExtremeCloud IQ Site Engine.

XIQ Onboarded Status for Devices (Connected mode

only)
After an attempt is made to onboard a device, the XIQ Onboarded column in the table Network
> Site > Device) indicates the status of the onboarding attempt.

40 of 58
 XIQ Onboarded Status for Devices (Connected mode only)

l Black check mark - Indicates that the device is onboarded to ExtremeCloud IQ.

l Red X - Indicates the device is onboarded but Unmanaged, which means it is not using a license, it has
read-only device-level support, and available features in ExtremeCloud IQ Site Engine are limited. Other
functionality, including Status Polling, Historical Device + Port Statistics Collection, Existing Scheduled
Tasks, and Archives, are supported for devices with Unmanaged status, but these devices cannot be
configured for new tasks or new archives.

In ExtremeCloud IQ Site Engine version 24.10.13, only use ExtremeCloud

IQ to set an ExtremeCloud IQ Site Engine onboarded device to
Unmanaged as a temporary measure while you obtain more licenses.

If you mark a device as Unmanaged so it does not trigger a license limit

violation, you can then access ExtremeCloud IQ Site Engine and delete
NOTE:
the device before the license violation occurs.

You can perform an enforce for an ExtremeControl engine with an

Unmanaged status; however, if the device has an Unmanaged status, then
the enforce does not reconfigure the device and changes are not written
to the device.

When devices are marked as Unmanaged in ExtremeCloud IQ, they are also Unmanaged in
ExtremeCloud IQ Site Engine.

In addition, existing ExtremeAnalytics functionality for devices with an Unmanaged status

is still supported, but only with existing configuration.
l Blank - Indicates the device is not successfully onboarded to ExtremeCloud IQ from the ExtremeCloud
IQ Site Engine because either it is already onboarded to ExtremeCloud IQ (either from another

41 of 58
 XIQ Onboarded Status for Devices (Connected mode only)

ExtremeCloud IQ Site Engine or by using the IQ Agent to connect directly), or because ExtremeCloud IQ
Site Engine lost its connection to ExtremeCloud IQ.

If a device's status is Blank, it has limited features available in

NOTE: ExtremeCloud IQ Site Engine because management of the device is owned
by ExtremeCloud IQ.

l N/A - Indicates the device is not eligible to be onboarded to ExtremeCloud IQ because it does not have
a valid serial number or MAC address, or Extreme does not yet offer onboarding support for the device.

If ExtremeCloud IQ Site Engine does not recognize a device’s serial

number or MAC address, right-click on the device and select Rediscover
NOTE: to attempt to discover the device’s serial number or MAC address. When
the device's serial number or MAC address is discovered, it can be
onboarded to ExtremeCloud IQ during the next onboarding cycle.

42 of 58
 XIQ Onboarded Status for Devices (Connected mode only)

Convert from Connected to Air Gap deployment

Follow this procedure if you need to convert from Connected mode to Air Gap mode.

1. Delete ExtremeCloud IQ Site Engine from ExtremeCloud IQ

2. In the next 48 hours, all subscriptions will be deactivated automatically. During this time
period:
l The ExtremeCloud IQ Site Engine will report Connection Lost with
ExtremeCloud IQ

l New devices cannot be added to ExtremeCloud IQ Site Engine

3. Log in to ExtremeCloud IQ Site Engine

4. Go to Air Gap License Entitlements using
HTTPS://<SiteEngineIP>:8443/xiqLicenseSetup.jsp?setupMode=Airgap

5. Copy the ExtremeCloud IQ Site Engine serial number (Locking ID, UUID) from the entitlements screen

43 of 58
 XIQ Onboarded Status for Devices (Connected mode only)

6. Generate a license file. Follow the license generation procedure in section Air gap deployment mode:
Generate and Install the License File found in the Activation Instructions guide
7. Drag and drop the license file in the Entitlements section of the Air Gap License Entitlements screen (see
step 4).
8. Click Continue
9. Restart your ExtremeCloud IQ Site Engine server.

After the restart, your Site Engine is ready to use.

44 of 58
 XIQ Onboarded Status for Devices (Connected mode only)

Convert from Air Gap to Connected deployment

Follow this procedure if you need to convert from Air Gap mode to Connected mode.

1. Check the connectivity from ExtremeCloud IQ Site Engine to ExtremeCloud IQ. If there is a connectivity
issue, fix it before continuing.

2. Make all of the devices managed or delete all unmanaged devices from ExtremeCloud IQ
Site Engine.

3. Revoke all Air Gap licenses. For information on how to revoke the licenses, see Revoke Air Gap License.
4. Go to HTTPS://<SiteEngineIP>:8443/xiqLicenseSetup.jsp?setupMode=Auto
5. If you do not have an ExtremeCloud IQ account, then you need to create one.

45 of 58
 XIQ Onboarded Status for Devices (Connected mode only)

6. If your ExtremeCloud IQ account is not linked to your Extreme Portal account, follow the procedure in
the Activation Instructions.
7. Onboard ExtremeCloud IQ Site Engine to ExtremeCloud IQ. For more information on how to onboard
Site Engine, see Logging into ExtremeCloud IQ - Site Engine.
8. Restart your ExtremeCloud IQ Site Engine server.

After the restart, your Site Engine is ready to use.

46 of 58
 Migration Steps

MySQL to PostgreSQL Data Migration (For

Upgrades from ExtremeCloud IQ Site Engine
24.2 to 24.7 and later)
The following data migration procedure is required for ExtremeCloud IQ Site Engine upgrades
from version 24.2 to version 24.7 (or later) due to a database engine change from MySQL to
PostgreSQL. You can upgrade the Application Analytics Engine, Access Control Engine, and
Traffic Sensor the standard way, by either using the firmware upgrade feature or by running the
upgrade binary manually.

If you need to migrate data across the same versions of ExtremeCloud IQ Site Engine 24.7 or
later, see Data Migration to Rehost a Matched Version Instance of ExtremeCloud IQ Site Engine.

Backups from ExtremeCloud IQ Site Engine version 24.2 and older (MySQL) are not
compatible with ExtremeCloud IQ Site Engine version 24.7 and later (PostgreSQL).
IMPORTANT: To migrate a 24.2 backup, you must restore the 24.2 backup to an active running
configuration of ExtremeCloud IQ Site Engine version 24.2, and then perform the following
MySQL to PostgreSQL data migration procedure.

Migration Steps
1. Ensure the source server for the migration is currently running ExtremeCloud IQ Site
Engine version 24.2.
l If the source server is not running ExtremeCloud IQ Site Engine version 24.2, then
check Important Upgrade Information for more information about the intermediate
steps.
l The following flowchart shows the supported upgrade paths for a data migration to
ExtremeCloud IQ Site Engine version 24.7:

47 of 58
 Migration Steps

2. Ensure you have a backup of the ExtremeCloud IQ Site Engine version 24.2 configuration
with Administration > Backup/Restore.

3. Ensure TCP ports 22 and 4589 are open without any firewall or ACLs blocking the ports
for communication. The migration script connects to the source server on those ports.

4. Deploy and start a new installation of ExtremeCloud IQ Site Engine version 24.7 (or
newer), connect to the console, and login.

5. Follow the installation wizard. All parameters the wizard prompts for are the final desired
state, except for the IP settings. IMPORTANT: You must provide a temporary IP address
for the new installation until the data is migrated from the source server.
l The current or original settings of your MySQL based ExtremeCloud IQ Site Engine
can be found in /usr/postinstall/dnetconfig.properties.

6. After providing all required information to the installation wizard, wait for the installation
to complete with the following output:

48 of 58
 Migration Steps

7. The installation wizard might have configured one account for SCP and SFTP already. If
the Inventory Manager is configured to use different SCP and SFTP accounts, create the
accounts in the Operating System before the migration. You can use the command sudo
adduser mySCPuser.

8. Run the following commands in the ExtremeCloud IQ Site Engine version 24.2 (source of
the migration).
cd /usr/local/Extreme_Networks/NetSight/scripts
sudo ./permitSQLAccessForMigration.sh

The version 24.2 source server stops and remote access to MySQL is granted:

9. Start the data migration by running the following command in the new installation of ExtremeCloud IQ
Site Engine (destination of the migration):
sudo /usr/local/Extreme_Networks/NetSight/scripts/migrateFromVersion24_
2.sh -s <IP-of-the-source> -u <username-for-OS-access>

Optional additional command syntax parameters are:

49 of 58
 Migration Steps

l --noAnalytics to skip migration of Analytics data

l --noNAChistory to skip migration of NAC end-system history
l --noStats to skip migration of device and port statistics
l --timeout to change the timeout value in seconds for the data transfer from the
MySQL server (default timeout is 120 seconds)

10. Provide the password to access the Operating System by SSH/SCP when prompted.

11. The data migration is in process. Wait until the migration process finishes and the following prompt is
returned:

The nsserver process automatically starts with the migrated data

12. Log in to the new installation of ExtremeCloud IQ Site Engine and check you have all the data you
expected to be migrated from version 24.2.

13. Change the IP address of the source server running ExtremeCloud IQ Site Engine version
24.2 to some unused available IP by running sudo /usr/postinstall/dnetconfig.
Change the IP address so that If you need to start this machine again, you will not have a
duplicate IP address scenario.

50 of 58
 Migration Steps

14. Shutdown the source server running ExtremeCloud IQ Site Engine version 24.2

15. Run sudo /usr/postinstall/dnetconfig from the console and reconfigure the IP address of
the new installation of ExtremeCloud IQ Site Engine to use the IP address previously configured to the
shut down ExtremeCloud IQ Site Engine version 24.2.

16. Use the reconfigured IP address to re-connect to the new installation ExtremeCloud IQ Site Engine GUI.

17. Continue with a traditional upgrade of other Engines you might have (Access Control Engines, Analytics
Engines, Traffic Sensor, etc), the minimum version is 24.2.13.

18. Navigate to Administration > Backup/Restore > Backup, and create a new backup of the new
installation ExtremeCloud IQ Site Engine configuration.

Notes:
l Migration takes data from the MySQL database, not from the backup. Backups are not
migrated.
l After changing the IP address, be aware that the new system has a new MAC address (the
MAC is not cloned), if static ARPs are used, update your arp cache on your router.
l Historical Syslog events are not migrated
l Backups from ExtremeCloud IQ Site Engine based on MySQL (version 24.2 and older) are
not compatible with ExtremeCloud IQ Site Engine based on PostgreSQL (version 24.7 and
newer). To migrate a 24.2 backup you need to restore it to active configuration of
ExtremeCloud IQ Site Engine running version 24.2 first and run the migration procedure.
l Custom reports (/usr/local/Extreme_Networks/NetSight/appdata/OneView/MyReports)
are not migrated. If you use custom reports using SQL commands they need to be
adjusted.
l If SCP is used for inventory manager, it might be beneficial to copy ssh keys and settings
by:
sudo scp -r root@<IP-of-the-source>:/etc/ssh /etc/

l Local user accounts created in the operating system manually are not automatically
migrated. It might be necessary to create local users again in the new system.
l The following features are transferred during the migration:
o Vendor Profile definition
(~/NetSight/appdata/VendorProfiles/Stage/MyVendorProfile)
o Custom Mibs (~/NetSight/appdata/System/mibs/MyMibs)
o Custom FlexViews (~/NetSight/appdata/System/FlexViews/My FlexViews)
o Archives (the path is defined in Administration > Options > Inventory Manager >
Data Storage)

51 of 58
 Migration Steps

o Configuration templates (the path is defined in Administration > Options >

Inventory Manager > Data Storage)
o TFTP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
o FTP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
o SCP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
o SFTP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
o Connect module configuration
(~/NetSight/wildfly/standalone/configuration/connect/)
o Custom Analytics Fingerprints (~/NetSight/appdata/Purview/MyFingerprints/)
o Licenses (~/NetSight/appdata/license)
o Events/logs (the path is in Alarms & Events > Event Configuration > Event Logs)
o TFTPd settings (~/NetSight/services/nstftpd.cfg)
o SNMPtrapd settings (~/NetSight/appdata/snmptrapd.conf)
o NAT config settings (~/NetSight/appdata/nat_config.txt)
o Private certificate
(~/NetSight/wildfly/standalone/configuration/nsserver.keystore)
o Custom scripts (~/NetSight/appdata/scripting/overrides)
o Custom CLI scripts ( (~/NetSight/appdata/CommandScriptTool/overrides)
l If there are other customizations like custom scripts in the file system then you must
move those customizations manually

Post-Migration Known Issues

Known Issue 1:

Access Control "Enforce Preview" may show a line similar to the following:

Removed engine property: MGT_SVR_JMS_USERNAME MGMT_IP_AT_PREVIOUS_ENFORCE

MGT_SVR_JMS_PASSWORD VERSION_AT_PREVIOUS_ENFORCE FAILED_SWITCH_
CONFIG_LIST DB_ENCRYPTED_MGT_SVR_JMS_PASSWORD VERSION_AT_PREVIOUS_
SWITCH_CONFIGURATION

Resolution: You can safely ignore this line, the engine(s) enforced without issue.

52 of 58
 Migration for Hardware Appliances

Known Issue 2:

Access Control "Enforce Preview" may show a line similar to the following:

AAA Configuration TEAP Chaining Mode mode: DEF_TEAP_MSCHAP_MSCHAP, changing to:

null

Cause: If AAA configurations were not saved on the original server prior to migration, this line
appears on the new server in Enforce Preview.

Resolution: In each AAA configuration in Access Control (Configuration > AAA), save the
configuration. If the "Save" button is not available, undo and redo a change in the configuration
to activate the button, then Save. The line should no longer appear in the Enforce Preview.

Known Issue 3:

Access Control "Enforce Preview" may show a line similar to the following:

Removed Assessment Server Pools: Local Global

Removed Assessment Servers: Agent-based Assessment Agent-less Assessment

Resolution: You can safely ignore this line, the engine(s) enforced without issue.

Migration for Hardware Appliances

You have two procedure options for migrating a ExtremeCloud IQ Site Engine hardware
appliance, in each option a temporary VM or hardware appliance is required:

Option 1 - Migrate to a Temporary ExtremeCloud IQ Site Engine

then Move
1. Acquire a secondary hardware appliance or deploy a virtual machine to host a temporary
instance of ExtremeCloud IQ Site Engine 24.7 (or later).

2. Perform the Migration Steps procedure to migrate from the original hardware appliance
to the temporary instance of ExtremeCloud IQ Site Engine 24.7 (or later), then return
here.

3. Manually offload all the customized features and files as noted from the source server;
optionally restore the offloaded customized features and files to the temporary
ExtremeCloud IQ Site Engine instance.

4. Verify the temporary ExtremeCloud IQ Site Engine instance is operating as expected after
shutting down the original hardware appliance.

NOTE: If you deployed a new hardware appliance intended to directly replace the original
hardware appliance, then the migration is complete and you can skip the following steps.

53 of 58
 Migration for Hardware Appliances

IMPORTANT: After performing the following step, the system data is erased from the
original source server. Ensure all data, manual files, etc are transferred off the source
server original hardware appliance before performing the next steps.

5. Re-image the original hardware appliance using the ExtremeCloud IQ Site Engine 24.7 (or
newer) USB / ISO image.

6. Perform a database backup on the temporary ExtremeCloud IQ Site Engine.

7. Offload the database backup from the temporary ExtremeCloud IQ Site Engine and
restore the backup to the re-imaged original hardware appliance.

8. Restore all the customized features and files to the re-imaged original hardware
appliance.

9. Confirm the re-imaged hardware appliance is operating as expected with migrated and
restored data on ExtremeCloud IQ Site Engine 24.7 (or later).

Option 2 - Move to a Temporary ExtremeCloud IQ Site Engine

then Migrate
1. Deploy a temporary ExtremeCloud IQ Site Engine 24.2.15 virtual machine.

2. Perform a database backup on the original ExtremeCloud IQ Site Engine 24.2.15 hardware
appliance.

3. Offload the database backup from the original hardware appliance and restore to the
temporary ExtremeCloud IQ Site Engine 24.2.15 virtual machine.

4. Manually offload all the customized features and files as noted; Optionally
(recommended) restore the customized features and files to the temporary
ExtremeCloud IQ Site Engine 24.2.15 virtual machine.

5. Verify the temporary ExtremeCloud IQ Site Engine 24.2.15 virtual machine instance is
operating as expected after shutting down the original hardware appliance.

IMPORTANT: After performing the following step, the system data is erased from the
original source server. Ensure all data, manual files, etc are transferred off the source
server original hardware appliance before performing the next steps.

6. Re-image the hardware appliance using the ExtremeCloud IQ Site Engine 24.7 (or later)
USB / ISO image.

7. Perform the Migration Steps procedure and migrate from the temporary ExtremeCloud
IQ Site Engine 24.2.15 virtual machine to the re-imaged hardware appliance, then return
here.

8. Restore all the customized features and files to the re-imaged original hardware
appliance.

54 of 58
 Migration for Hardware Appliances

9. Confirm the re-imaged hardware appliance is operating as expected with migrated and
restored data on ExtremeCloud IQ Site Engine 24.7 (or later).

55 of 58
 Migration Steps:

Data Migration to Rehost a Matched Version

Instance of ExtremeCloud IQ Site Engine
You can migrate data across the same version of ExtremeCloud IQ Site Engine to a new
instance running on a new host. Use this procedure if you need to migrate your data across the
matched version of ExtremeCloud IQ Site Engine 24.7 or later. Use this procedure for scenarios
such as migrating from VM to physical, from physical to virtual, for a host OS change, or to
migrate to a new host on a different network environment or location.

If you need to migrate data from an old version to a new version of ExtremeCloud IQ Site Engine
for an upgrade, go see MySQL to PostgreSQL Data Migration (For Upgrades from
ExtremeCloud IQ Site Engine 24.2 to 24.7 and later)

Migration Steps:
1. Ensure you have a backup of the ExtremeCloud IQ Site Engine configuration with
Administration > Backup/Restore.

2. Install a new ExtremeCloud IQ Site Engine, use the ExtremeCloud IQ Site Engine Suite
Installation procedure.

3. Complete the installation wizard. If you need original values then check these files in your
migration source:
/usr/postinstall/dnetconfig.properties
/usr/postinstall/snmpconfig.properties

4. Copy the backup to the new installation.

5. Restore the backup onto the new system through CLI, see Restoring the Database Using
the CLI.

6. As necessary, re-create local accounts in the Operating System of the new installation.
The local accounts defined in the Operating System are not part of the backup.
For reference, the /etc/passwd file contains local accounts known to the operating
system.

7. If SCP is used for inventory manager, copy the SSH keys and settings with the command:
sudo scp -r root@<IP-of-the-source>:/etc/ssh /etc/

8. Copy additional files from the source instance that are not part of the backup:
l Custom Mibs (~/NetSight/appdata/System/mibs/MyMibs)
l TFTP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)

56 of 58
 Migration Steps:

l FTP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
l SCP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
l SFTP Firmware files (path is defined in Administration > Options > Inventory
Manager > File Transfer)
l Licenses (~/NetSight/appdata/license)
l Events/logs (the path is in Alarms & Events > Event Configuration > Event Logs)
l TFTPd settings (~/NetSight/services/nstftpd.cfg)
l SNMPtrapd settings (~/NetSight/appdata/snmptrapd.conf)
l NAT config settings (~/NetSight/appdata/nat_config.txt)
l Custom CLI scripts (~/NetSight/appdata/CommandScriptTool/overrides)
l Custom FlexViews not part of the VendorProfiles
(~/NetSight/appdata/System/FlexViews/My FlexViews)
l Logs (~/NetSight//appdata/logs and all subdirectories)

9. Check and transfer any custom modifications you might have in:
l NSJBoss.properties (~/NetSight/appdata/NSJBoss.properties)
l snmptrapd.conf (~/NetSight/appdata/snmptrapd.conf)
l If you customized the file ~/NetSight/services/nstftpd.cfg. Verify it matches the
Firmware Directory Path specified in the TFTP Transfer Settings option in Inventory
Manager (Tools > Options > Inventory Manager > File Transfer Settings > TFTP
Transfer Settings).

10. Check for and transfer over any other customizations, such as custom scripts in the file
system.

11. Configure the server certificate trust mode on the ExtremeCloud IQ Site Engine to handle
the certificates it receives from other servers. Required if you have Access Control
Engines or Application Analytics Engines or connect to LDAP servers, and you want the
server certificate trust mode to be "Locked." For more information, see the section of the
ExtremeCloud IQ Site Engine and ExtremeControl Secure Communication Help topic.

a. Configure the ExtremeCloud IQ Site Engine with the Server Certificate Trust Mode
set to "Trust All" (the default). Trust All avoids certificate trust problems while the
server is being configured.

b. Once the server is configured and communicating with other servers and engines
as necessary, you can transition the Server Certificate Trust Mode to "Trust And

57 of 58
 Migration Steps:

Record" where the server learns the certificates it expects to receive, and then
transition to "Locked" when the certificate learning is completed.

58 of 58