VMware SD-WAN supports bi-directional communication with the VMware SD-WAN Edge by using WebSockets. WebSocket is a full-duplex communication protocol over a single TCP connection. WebSockets easily enable communication between a Web browser (or other client applications) and a Web server with much lower overhead than HTTP polling. Remote Diagnostics uses a bi-directional WebSocket connection instead of the live-mode heartbeat mechanism to improve the responsiveness of the Remote Diagnostics in the VMware SD-WAN Orchestrator.

The WebSocket communication involves the following two WebSocket connections for passing WebSocket messages from a Web browser to a VMware SD-WAN Edge and vice versa:
  • A WebSocket connection between a Web browser (Orchestrator UI portal) and an Orchestrator. This connection is responsible for all communications with the Web browser and for setting up the system properties needed for establishing a WebSocket connection.
  • Another WebSocket connection between an Orchestrator and an Edge. This connection is persistent and setup on Edge activation for processing heartbeats from the Edge and sending back responses to the Orchestrator.

While establishing WebSocket connections between a Web browser and an Edge, in order to ensure Web security against Distributed Denial-of-Service (DDoS) and Cross site request forgery (CSRF) attacks, the browser origin address that is used to access the Orchestrator UI is validated for incoming requests.

In most Orchestrators, the browser origin address/DNS hostname is the same as the value of the network.public.address system property. To support scenarios where the address used to access the Orchestrator UI from the browser is different from the value of the network.public.address system property, the following system properties are added newly for WebSocket connections:
  • network.portal.websocket.address - Allows to set an alternate address/DNS hostname to access the UI from a browser if the browser address is not the same as the value of network.public.address system property. By default, the network.portal.websocket.address system property is not set.
  • session.options.websocket.portal.idle.timeout - Allows to set the total amount of time (in seconds) the browser WebSocket connection is active in an idle state. By default, the browser WebSocket connection is active for 300 seconds in an idle state.

To run Remote Diagnostics tests on an Edge, perform the following steps.

Procedure

  1. In the Enterprise portal, click Test & Troubleshoot and click Remote Diagnostics. The Remote Diagnostics page displays all the active Edges.
  2. Search for an Edge that you want to troubleshoot by using the Filter option, and click Apply.
  3. Select an Edge to troubleshoot.
    The Edge enters live mode and displays all the possible Remote Diagnostics tests than you can run on the Edge.
  4. Choose an appropriate Remote Diagnostics test to run on the Edge and click Run. The diagnostic information is fetched from the Edge and displayed in the Edge Remote Diagnostics screen.
    For more information about all the supported Remote Diagnostics tests, see Performing Remote Diagnostics Tests.