To access the Karios management interface, open a supported web browser (Chrome or Safari – current year release recommended). Navigate to the Karios management URL and you’ll see a login screen.
Default Administrator Account
Username: admin
Password: Use the generated password
Note
System Password Retrieval
The system generates a default password that can be retrieved directly from your node’s command line interface. For step-by-step instructions, refer to Obtaining UI Password from the CLI in the documentation appendices.
Important
Use these credentials initially to explore the application’s full capabilities, but immediately change them after your first login.
Login Process
Open Web Browser: Launch a supported web browser (Chrome or Safari current year release)
Navigate to Karios: Enter the Karios management interface URL
Enter Credentials: Input username and password in the login form
Sign In: Click the “Sign in” button to access the system
Sign Up Option: Click “New User? Sign Up” link on the login page
Complete the registration form with required details:
Username: A unique username for system identification
Email Address: A valid email address (used for account verification)
First Name: Your first name
Last Name: Your last name
Password: A strong, secure password that meets the system requirements
Confirm Password: Re-enter your password to verify it
Account Creation: Click “Sign Up” to create the new user account
Note
New users are not granted any access by default. Contact a system administrator for permission upgrades if needed. Detailed instructions on how to provide access are available in the Getting Full Access section of the documentation.
Access Level Considerations
Read-Only Access: New registered users have limited permissions
Administrative Access: Full system capabilities require administrative privileges
Permission Management: Contact system administrators for permission upgrades (Refer User Management & Permissions section)
Security Best Practice: Use administrative accounts only when necessary
To return to the login page, click “Existing User? Login.”
Password Security is Critical: Implement strong password policies for all accounts. Change your password regularly.
2FA Setup Requirements
Before proceeding, ensure you have:
A smartphone or tablet with internet access
One of the following authenticator apps installed:
Google Authenticator (iOS/Android)
Microsoft Authenticator (iOS/Android)
Authy (iOS/Android/Desktop)
1Password (with TOTP support)
Bitwarden (with authenticator feature)
Tip
Authenticator apps generate time-based one-time passwords (TOTP) that change every 30 seconds, providing secure access even if your password is compromised.
Setting Up 2FA
2FA Registration Prompt
After successful admin login, you’ll see the “Set up Two-Factor Authentication” screen
If the first code doesn’t work, wait for the next 30-second cycle and try the new code. Clock synchronization between your device and the server is important for successful verification.
Backup Codes Generation
Upon successful verification, the system generates backup recovery codes
Download or print the backup codes and store them in a secure location
Save these backup codes securely - they allow account recovery if you lose your device. Each backup code can only be used once, so treat them like passwords and store them safely.
Your password has been reset successfully. You can now log in with your new password.
Administrative Account Usage: Use administrative accounts only when necessary and change the default admin credentials immediately after initial login.
File Confirmation: Successfully uploaded files show filename and file size
Validation Status: Green checkmark indicates successful file upload
Error Handling: The system will display errors if the license file is invalid or corrupted
Note
It is critical to set BMC credentials for the node to enable fetching system updates and performing essential system calls.
BMC Security Configuration
Danger
CRITICAL SECURITY NOTICE
Before connecting your BMCs to the Provisioning Center, secure their credentials immediately. Using default passwords creates serious security vulnerabilities.
Password Security Requirements
Warning
Password Configuration - Critical Security Step
Strong Password Requirements:
- At least 12 characters long
- Mix of uppercase, lowercase, numbers, and symbols
- Avoid common words or personal information
- Change regularly (recommended every 90 days)
Error
Do not skip this crucial security step!
Failure to secure BMC credentials before network connection exposes your infrastructure to potential compromise.
Step 5: Set BMC Credentials
How to set BMC credentials:
Navigate to the Provisioning Center, located at the top of the control node interface.
Edit the first node, which is automatically added during bootstrap.
Critical Network Configuration Notice
Disable any DHCP or DNS services running on your network to avoid conflicts.
Technitium information:
Please wait for the Technitium information to populate in the karios_install_info.txt file located at /root/karios_install_info.txt on the control node. This will take approx 10 mins.
Permission-Based Authorization: The RBAC system implements a granular permission model where access is controlled through specific permissions rather than broad administrative categories. This provides:
Principle of Least Privilege: Users are granted only the minimum permissions necessary to perform their required tasks, reducing security risks and preventing accidental system modifications.
Separation of Duties: Different administrative functions are separated into distinct roles, preventing any single user from having unlimited system access and creating accountability trails.
Scalable Authorization: The permission system can accommodate complex organizational structures with varying levels of access requirements across different operational domains.
The user provisioning process follows these key steps:
Role Determination: Select appropriate role based on job responsibilities
Account Creation: Create user account with assigned role
Initial Setup: Configure user preferences and access credentials
Training: Provide role-specific system training
Monitoring: Initial monitoring period for new users
Role Modification Procedures
Users may require role changes due to evolving job functions or organizational changes. The role modification process includes:
Role Upgrade: Process for granting additional permissions
Role Downgrade: Process for removing unnecessary permissions
Temporary Access: Procedures for temporary permission elevation
Emergency Access: Emergency procedures for critical system access
RBAC Implementation Through Web Interface
Accessing RBAC Management: The RBAC system is accessible through the admin dropdown menu in the top-right corner of the Karios interface, providing three main management sections:
Role Management: Create, edit, and delete custom roles
User Management: Register, manage, and assign roles to users
Administrative Access Requirements: RBAC management requires System Admin privileges or USER_MANAGE permissions to access role and user management functions.
Name: Human-readable role name (e.g., “Storage Admin”, “Network Admin”)
Role Slug: System identifier for the role (auto-generated or custom)
Description: Detailed explanation of role purpose and responsibilities
Step 3: Permission Assignment
The interface provides a comprehensive checkbox grid with all available permissions:
Infrastructure Permissions
VM_VIEW / VM_MANAGE: Virtual machine visibility and control
Role Documentation: Maintain clear documentation of role purposes and permissions
Training: Provide adequate training for users with new role assignments
Change Management: Follow proper procedures for role modifications
Emergency Procedures: Maintain emergency access procedures for critical situations
Note
This practical implementation guide provides step-by-step instructions for managing roles and users through the Karios web interface, ensuring proper access control while maintaining system security and operational efficiency.
Servers progress through distinct stages in the Karios management lifecycle:
Stage 1: Discovered
- Servers detected during network scanning
- Basic hardware information collected (BMC IP, Vendor)
- No management capabilities yet established
- Ready for credential configuration and registration
Stage 2: Creds Set
- Intermediate stage after credential configuration
- BMC credentials have been set but registration not yet complete
- Transitional state before full registration
Steps to set credentials:
Click on the highlighted edit icon for your discovered node
Enter the BMC credentials for your node
Click save to complete the registration process
Stage 3: Registered
- Servers added to the Karios management system
- BMC (Baseboard Management Controller) connectivity established
- Credentials configured and validated
- Ready for provisioning and configuration operations
Stage 4: Provisioned and Configured
- Management credentials are configured
- Remote management capabilities are enabled
- Server is ready for operating system deployment
- Operating system is installed and configured
- Server is ready for workload deployment
- Full management capabilities are available
Management Actions
Click on “more” to select actions:
Configure: Installing all required services and packages to provide a ready-to-use node
Override BMC Status: Cleans the existing file system and allows you to reprovision your node
Unregister: The node will be removed from the GUI. Run the scan again to discover the node
BMO: Baremetal operator. Used to perform various baremetal operations like power control, BIOS attribute updates, firmware updates, and hardware inventory capturing prior to provisioning.
The Baremetal Management & Inventory (BMO) module enables centralized management and automation for Supermicro/Dell servers using their Baseboard Management Controllers (BMCs) via the Redfish protocol.
Key Capabilities:
Hardware Inventory: Automatically collects detailed server information (CPU, memory, network, BIOS, etc.) by securely connecting to the BMC. Inventory data is stored for audit and reporting.
Figure: Overview of hardware inventory showing server details.
Once a server is registered, administrators can perform various management operations:
Provision
- Purpose: Provision and configure the registered server
- Process: Initiates the provisioning workflow including OS deployment
- Result: Server progresses through Provisioned to Configured stage
Override BMC Status
- Purpose: Reset server to previous management state
- Process: Deprovisions the server and reverts to registered state
- Use Case: Troubleshooting, reconfiguration, or maintenance operations
Unregister
- Purpose: Remove server from Karios inventory
- Process: Removes server registration and management capabilities
- Impact: Loss of remote management and monitoring capabilities
Administrators can access various control center management features. The control center provides centralized management capabilities for the entire Karios infrastructure.
Preview Feature Notice
This section on Liquid Cooling is currently reflecting the preview version of the feature. Expect updates and enhancements as it progresses towards general availability (GA).
Karios Cool Integration: The Liquid Cooling tab provides access to the Karios Cool thermal management system for monitoring and controlling liquid cooling infrastructure across your deployment.
Liquid Cooling Interface: The interface provides two main management categories:
Immersion Cooling and Rack Level.
Immersion Cooling Systems: The Immersion Cooling tab provides comprehensive management of immersion cooling systems and components:
Netbox Configuration:
Netbox is a system that acts as a central repository (“single source of truth”) for all information about your datacenter. It runs in the background (backend) to manage and track assets and configurations.
How does it work with Karios?
Karios uses Netbox by creating connections (northbound/southbound APIs) to pull data from and send data to Netbox. This allows Karios to retrieve information about your datacenter.
Integration Benefits:
Centralized asset management and tracking
Automated configuration synchronization
Real-time datacenter information access
Unified infrastructure visibility
To connect Karios to Netbox, follow these configuration steps:
Click “Configure Netbox”
Initiates the setup process within the Karios interface
Figure : Configure Netbox Button
Enter the Netbox URL
Provide the web address where your Netbox instance is located (e.g., http://example.com:8000)
Enter an API Token
This token acts as authentication credentials for Karios to access and modify data within Netbox
Click “Save Configuration”
Applies the settings and establishes the connection between Karios and Netbox
Rack Selection: After configuring Netbox, administrators can select and manage available racks:
DEV Rack: Active rack with detailed specifications
Physical Specifications: View rack dimensions, device counts, and power requirements
Rack Management: Access rack-level cooling controls and monitoring
Immersion Cooling Loop Control: The system provides visual control of the immersion cooling loop:
Tank: Coolant tank with visual fluid level indicators
Pump: Circulation pump with control capabilities
Servers: Server units (U1-U10) with cooling connections
Chiller: Cooling chiller with temperature control
Coolant Flow: Visual representation of coolant flow paths
Coolant Flow Management:
Flow Control: ON/OFF button to control coolant flow
Flow Direction: Visual indicators showing coolant flow from Tank → Pump → Servers → Chiller → Tank
Flow Status: Real-time status of coolant circulation
Temperature Zones: Cold water (blue) and warm water (red) flow indicators
Server Information Display: Individual server information within the immersion cooling system:
Server Status: Active/inactive status for each server unit
Server Identification: Unit positions (U1, U2, U3, etc.)
Temperature Monitoring: Per-server temperature monitoring
Monitoring Controls:
Sensors Dropdown: Select “Sensors” to view different available sensors
Sensor Types and Monitoring: The system provides comprehensive sensor monitoring with 8 different sensor types:
Flame Sensor: Fire detection and safety monitoring for the cooling system
Motor: Motor status and performance monitoring for pumps and fans
Temperature Sensor (CPU): CPU temperature monitoring for thermal management
Flow Control: Start/stop coolant circulation with ON/OFF controls
Temperature Management: Monitor and control temperature across the system
Pump Management: Control pump operation and speed
Chiller Control: Manage chiller operation and temperature settings
System Status Monitoring:
Visual Status Indicators: Real-time visual indicators for system components
Component Health: Monitor health status of pumps, chillers, and sensors
Flow Visualization: Visual representation of coolant flow throughout the system
Temperature Mapping: Visual temperature mapping across server units
Navigation and Usage:
Tab Navigation: Switch between Immersion Cooling and Rack Level tabs
Back to Racks: Return to rack overview with “Back to Racks” button
Node Selection: Select specific nodes for detailed management
Configuration Access: Access configuration options for cooling systems
Status Monitoring: Monitor cooling system status and performance
For detailed information regarding liquid cooling functionality, configuration options, and advanced features, please refer to Section 5: Liquid Cooling Management.
Storage Tab Overview: The Storage tab provides comprehensive storage management capabilities for all supported storage protocols and systems. This centralized interface allows administrators to configure, monitor, and manage various storage types through a unified dashboard.
Storage Protocol Support: The storage interface provides access to multiple storage protocols with dropdown selection:
MooseFS Distributed Storage:
MooseFS is a distributed file system that provides scalable, fault-tolerant storage across multiple servers with a unified namespace. It offers high availability and automatic data replication for enterprise storage requirements.
Mount MooseFS Storage: Click “Mount MooseFS Storage” to configure MooseFS connections
Server Information: View MooseFS server details (e.g., 192.168.111.92)
Port Configuration: Configure MooseFS port settings (e.g., 9421)
Storage Metrics: Monitor storage usage and capacity
Mount Point: View mount directory (e.g., /mnt/moosefs/karios)
To mount MooseFS storage, follow these steps:
Step 1: Gather MooseFS Server Information
Before configuring, obtain the following details
MooseFS server IP address
Server port number (usually 9421)
Available directory/namespace to mount
Step 2: Configure MooseFS Mount
ID: Enter a name to identify this storage mount (e.g., “main-storage”)
Tip
A MooseFS ID is a unique identifier used for user authentication, access control, and quota management within the distributed MooseFS file system.
Server: Enter the IP address of your MooseFS server (e.g., 192.168.111.92)
Tip
A MooseFS server is any computer running the MooseFS software and fulfilling a specific role like managing metadata (master), storing data chunks (data), or facilitating discovery (listen) within a distributed file system cluster.
Port: Enter the MooseFS port number (default is 9421)
Tip
MooseFS ports are network doorways used by the master, data, and listen servers to communicate with each other and clients, with default values like 10001 (master), 10003 (data), and 10005 (listen).
Directory: Enter the MooseFS directory path you want to access (e.g., “moosefs”)
Tip
A MooseFS directory is a hierarchical structure within the distributed file system, similar to traditional directories, that organizes files and subdirectories across multiple servers for storage and access.
Step 3: Configure Options
✓ Auto Mount on Restart: Check this to automatically connect to storage when system restarts
✓ Add to Datastore: Check this to make the storage available for virtual machines
Step 4: Complete Setup
Click Submit to save the configuration and mount the S3 storage.
MooseFS Storage Management
Actions: Unmount and manage MooseFS storage
Click Delete icon to unmount the moosefs storage. It will prompt you for a confirmation. Click “unmount” to remove the moosefs mount.
S3 (Simple Storage Service) provides scalable object storage for backup, archival, and cloud-native applications. It offers cost-effective storage with global accessibility and integration with modern DevOps workflows.
Why S3 is Useful for Hypervisors - Core Benefits
Centralized Storage for VM Images and Disks
The most common and significant use case involves storing VM disk images (.raw files) in S3 buckets instead of local hypervisor storage. This approach provides:
Scalability: Easily scale storage capacity as needed without being limited by the physical hardware of the hypervisor host
Cost-Effectiveness: S3 is often cheaper than traditional SAN or NAS solutions for large amounts of data
Data Durability & Redundancy: S3 provides extremely high levels of data durability and redundancy, protecting against data loss
Additional Use Cases
Backup and Disaster Recovery: S3 serves as an ideal target for VM backups. Regular VM backups to S3 ensure quick restoration in case of disaster or hardware failure
VM Migration & Replication: Moving VMs between Karios hosts becomes easier when VM images are stored centrally in S3. This simplifies copying images between locations and enables streamlined disaster recovery replication
Content Delivery: For VMs hosting web applications or content-serving services, S3 can serve as a staging area or directly serve static assets
Specific Advantages for Karios
Flexibility: S3 allows Karios to operate more independently of the underlying storage hardware
Cloud-Native Integration: For Karios deployments in cloud environments, S3 integration provides natural architectural alignment
Simplified Management: Centralized storage simplifies management and reduces complexity compared to managing multiple local storage devices
Important
Summary
S3 enables a more scalable, resilient, and flexible Karios environment by separating VM images from the hypervisor’s physical storage infrastructure.
To mount S3 storage, follow these steps:
Step 1: Gather S3 Storage Information
Before configuring, obtain the following details:
S3 bucket name
Access credentials (Access Key and Secret Key)
S3 endpoint URL or region information
Step 2: Configure S3 Mount
Bucket Name: Enter the name of your S3 bucket you want to access
Tip
An AWS bucket is a container within Amazon S3 that securely stores objects (files and their metadata) in the cloud, offering scalability, durability, and various configuration options for different use cases.
Access Key: Enter your S3 access key ID for authentication
Tip
A bucket access key is a unique set of credentials, an Access Key ID and Secret Access Key that allows users or applications to authenticate and interact with an AWS S3 bucket.
Secret Key: Enter your S3 secret access key for authentication
Tip
The bucket secret key, also known as the Secret Access Key, is a confidential string of characters paired with an Access Key ID that authenticates requests made to your AWS S3 bucket.
Endpoint: Enter the S3 endpoint URL (e.g., s3.amazonaws.com)
Tip
The URL of the S3 service endpoint for your region (e.g., s3.amazonaws.com for global, or s3.us-west-2.amazonaws.com for specific regions). For S3-compatible services, this would be the custom endpoint URL
Region: Enter the S3 region (e.g., us-east-1) or leave default
Tip
An S3 region is a geographical location where your Amazon S3 bucket’s data is physically stored, impacting latency, cost, and compliance considerations.
ID: Enter a name to identify this storage mount (e.g., “karios”)
Tip
An S3 Access Key ID is a public identifier that acts as the first part of your credentials for authenticating requests to access your Amazon S3 bucket.
Step 3: Configure Options
✓ Auto Mount on Restart: Check this to automatically connect to storage when system restarts
✓ Add to Datastore: Check this to make the storage available for virtual machines
Step 4: Complete Setup
Click Submit to save the configuration and mount the S3 storage.
Storage Status: Monitor S3 storage availability and connection status
Click Delete to unmount the S3 storage. Click “unmount” to confirm the removal of S3 storage.
iSCSI Block Storage:
iSCSI provides block-level storage access over IP networks, enabling remote storage to appear as locally attached disks. It’s commonly used for shared storage in virtualization environments and high-performance database applications.
iSCSI integration provides Karios with flexible, centralized block storage that delivers:
Improved performance through dedicated storage networks
Enhanced reliability via centralized storage management
Better manageability with unified storage administration
Simplifies management and enables easy scaling of storage capacity as infrastructure grows
High Availability
Supports live VM migration between hosts without data loss, ensuring continuous operations
Cost-Effective
Provides SAN functionality at a lower cost than traditional Fibre Channel solutions
Understanding iSCSI Terms:
Target: An iSCSI target is the storage device or service on the remote server that provides the actual storage space. It’s identified by an IQN (iSCSI Qualified Name) and contains one or more LUNs (Logical Unit Numbers).
Mount: Mounting makes the connected iSCSI storage accessible to the operating system as a usable disk or file system. After mounting, the remote storage appears as a local disk that can be used for data storage.
Connect to iSCSI Target: Click “Connect to iSCSI Target” to establish iSCSI connections
Step 1: Gather iSCSI Target Information
Before configuring, obtain the following details:
iSCSI target server IP address
Target name (IQN - iSCSI Qualified Name)
Authentication credentials (username and password)
Step 2: Configure iSCSI Connection
Portal: Enter the IP address of your iSCSI target server (e.g., 192.168.116.113)
Tip
An iSCSI portal is the combination of an IP address and TCP port (typically 3260) that defines a specific endpoint for initiating or accepting iSCSI connections, essentially acting as the doorway for communication between an initiator and target.
Target: Enter the iSCSI target name (e.g., iqn.store.ai.karios:storage.lun1)
Username: Enter the authentication username for the iSCSI target (e.g., admin)
Tip
An iSCSI username is a credential used for authentication when connecting to an iSCSI target, ensuring only authorized initiators can access the shared storage.
Password: Enter the authentication password for the iSCSI target
Tip
An iSCSI password, paired with a username, provides secure authentication for clients accessing an iSCSI target, verifying their identity before granting storage access.
Step 3: Complete Connection
Click Submit to establish the iSCSI connection and make the storage available as a block device.
To mount iSCSI devices, follow these steps:
After connecting to an iSCSI target, you need to mount the discovered devices to make them accessible for storage operations.
Step 1: Configure Multipath Settings
Multipath Name: Enter a name for the multipath device (e.g., “mp_disk”)
Tip
The Multipath Name is essentially the logical name you assign to the multipath device created from multiple iSCSI paths.
Select Devices: Choose the iSCSI devices you want to include in the multipath configuration
Device Selection: Check the boxes for available devices (e.g., “da1”)
Verify Selection: Confirm your selected devices are listed correctly
Step 2: Complete Mount Process
Click Mount to mount the selected iSCSI devices and make them available for use.
Device Actions: These are the following actions that can be performed on an iSCSI storage device.
Mount: Makes the iSCSI storage accessible to the system as a usable disk drive
Disconnect: Terminates the connection to the iSCSI target while preserving configuration
Remove Device: Completely removes the device from the system configuration
Destroy Path: Removes the multipath configuration and destroys the path mapping
NFS File Storage:
NFS (Network File System) allows you to access files on remote servers as if they were stored locally on your system. It’s commonly used for shared storage in Unix/Linux environments and virtualization platforms.
NFS Advantages for Hypervisors
For hypervisors like Karios, NFS offers several crucial advantages:
Shared Storage
The primary benefit of NFS integration. NFS allows multiple Karios hosts to access and use the same VM disk images (.raw files). This shared access is essential for advanced hypervisor features like live migration.
Live Migration Support (Future)
Moving a running virtual machine from one Karios host to another becomes feasible with NFS. Since both hosts access the same storage, the VM’s data remains accessible during migration, minimizing downtime.
Centralized Management
Simplifies storage administration by consolidating management at the NFS server level rather than managing storage individually on each hypervisor host.
Scalability & Flexibility
Enables easier storage capacity scaling by adding resources to the NFS server without modifying individual Karios hosts. This approach also provides flexibility in storage hardware selection, removing dependency on directly attached storage.
Cost-Effectiveness
Can provide more economical storage solutions compared to dedicated SAN implementations, particularly beneficial for smaller deployments.
Implementation Benefits
Operational Advantages:
Unified storage management across multiple hypervisor hosts
Simplified backup and disaster recovery procedures
Reduced storage hardware complexity per host
Enhanced resource utilization through shared storage pools
Technical Considerations:
Network bandwidth requirements for storage traffic
NFS server performance impact on VM operations
Network reliability requirements for storage availability
Security considerations for network-attached storage
To mount NFS storage, follow these steps: Click “Mount NFS Storage” to configure NFS connections
Step 1: Select NFS Server
NFS Server: Enter the IP address or hostname of your NFS server (e.g., 192.168.116.113)
Click Next to proceed to mount configuration
Step 2: Configure NFS Mount
ID: Enter a name to identify this storage mount
Tip
An NFS ID (Network File System Identifier) is a unique identifier assigned to each client accessing an NFS server, used for access control and tracking.
Server: Enter the IP address or hostname of your NFS server (e.g., 192.168.1.100)
Tip
A network file server that runs the Network File System daemon (nfsd) and exports (shares) directories to remote client systems over a network. The NFS server manages file access permissions, handles client requests for file operations (read, write, create, delete), and maintains the shared file systems that clients can mount and access as if they were local storage.
Export Path: Enter the directory path exported by the NFS server (e.g., /exports/shared)
Tip
The directory path on the NFS server that has been configured and made available for sharing to client systems. This is the actual folder location on the server (e.g., /exports/shared, /home/data) that contains the files you want to access remotely.
Tip
Mount Point: The local directory path on the client system where the remote NFS share will be attached and accessed. This is an empty directory on your local system (e.g., /mnt/nfs-storage, /data/shared) that serves as the access point for the remote files.
Mount Options: Configuration parameters that control how the NFS file system is mounted and behaves, including NFS protocol version (NFSv3, NFSv4), read/write permissions, timeout settings, cache behavior, and security options. These options determine the performance characteristics and access rules for the mounted file system.
Step 3: Configure Options
✓ Auto Mount on Restart: Check this to automatically mount NFS storage when system restarts
✓ Add to Datastore: Check this to make the storage available for virtual machines
✓ Enable pNFS: Check this to enable parallel NFS for improved performance (if supported)
Tip
An extension to NFSv4 that allows clients to access file data directly from multiple storage servers simultaneously, rather than routing all data through a single NFS server. This parallel access significantly improves performance and scalability by distributing I/O operations across multiple storage devices, reducing bottlenecks and enabling higher throughput for large file operations.
Step 4: Complete Setup
Click Submit to save the configuration and mount the NFS storage.
To unmount the NFS storage, please click on the delete icon
SMB (Server Message Block), formerly known as CIFS (Common Internet File System), is a network file sharing protocol primarily used by Windows environments. It allows computers to access files over a network as if they were local drives, similar to NFS functionality.
Importance for Hypervisors
For hypervisors like Karios, SMB offers valuable benefits, particularly in mixed or Windows-integrated environments:
Windows Integration
Simplifies integration in infrastructures that heavily utilize Windows servers and Active Directory, leveraging existing expertise and tools
Shared Storage Capabilities
Similar to NFS, SMB enables multiple Karios hosts to access the same VM disk images (.raw files), which is crucial for live migration and high availability
Live Migration Support (Future)
Allows seamless movement of running VMs between Karios hosts since both access the same storage location, minimizing downtime during migrations
Administrative Familiarity
For administrators experienced with Windows environments, SMB setup and management are often more straightforward than NFS alternatives
Cost-Effective Implementation
SMB solutions can be economical, especially when leveraging existing Windows servers for file sharing
Protocol Comparison
Protocol
Best Use Case
Key Characteristics
SMB/CIFS
Windows-centric environments
Native Windows integration, familiar management
NFS
Linux/Unix-centric setups
POSIX compliance, Unix-native features
SAN
High-performance requirements
Superior performance but higher cost and complexity
Storage Decision Factors
Choose SMB when:
Infrastructure has strong Windows presence
Existing Windows file sharing infrastructure available
Administrative team has Windows storage expertise
Integration with Active Directory is required
Mount SMB/CIFS Storage: Click “Mount SMB/CIFS Storage” to configure SMB connections and follow these steps:
Step 1: Gather SMB Server Information
Before configuring, obtain the following details:
SMB server IP address or NetBIOS name
Share name on the SMB server
Authentication credentials (username and password)
Step 2: Configure SMB Mount
ID: Enter a name to identify this SMB mount (e.g., “karios”)
NetBIOS Name: Enter the Windows computer name or NetBIOS name (e.g., “DESKTOP-FHPF4OS”)
Tip
A NetBIOS name is a legacy computer name used in Windows networking that can be utilized when specifying the server address for mounting SMB/CIFS shares.
Server: Enter the IP address of your SMB server (e.g., 192.168.111.230)
Tip
An SMB (Server Message Block) / CIFS (Common Internet File System) server allows users on a network to share files, printers, and other resources using the Windows networking protocol.
Share: Enter the name of the shared folder (e.g., “shared-folder”)
Tip
An SMB share is a designated folder on an SMB/CIFS server that’s made accessible to other computers on the network for file sharing.
Username: Enter your SMB authentication username (e.g., “smbuser”)
Tip
An SMB username is a specific account name used to authenticate and access resources (like files and folders) on an SMB/CIFS share, separate from your local computer’s login.
Password: Enter your SMB authentication password
Tip
An SMB password is the secret credential associated with an SMB username, required for authentication when accessing shared resources on an SMB/CIFS server.
Step 3: Configure Options
✓ Auto Mount on Restart: Check this to automatically mount SMB storage when system restarts
✓ Add to Datastore: Check this to make the storage available for virtual machines
Step 4: Complete Setup
Click Submit to save the configuration and mount the SMB storage.
SMB Server Configuration: SMB/CIFS server connections.
Unmount: Click on the “delete” icon to unmount SMB storage.
Protocol Selection: Dropdown selection for different storage protocols
Unified Interface: Single interface for all storage protocol management
Real-time Monitoring: Live storage metrics and status updates
Action Controls: Direct action buttons for storage operations
Storage Analytics: Detailed storage usage and performance metrics
For detailed information regarding storage protocols, configuration options, advanced features, and comprehensive storage management, please refer to Flexible Storage.
SeaweedFS Storage (This is optional - the Future releases of Karios are going to have a more robust solution for distributed storage)
SeaweedFS Distributed Object Storage:
SeaweedFS is a distributed file system that provides scalable object and file storage with automatic replication. It offers both S3-compatible object storage and POSIX file system interfaces for flexible data access.
SeaweedFS Terms:
Master Server: Controls the distributed file system by managing metadata, coordinating volume servers, and handling file location requests. It acts as the central coordinator for the entire SeaweedFS cluster.
Volume Server: Stores the actual file data and handles read/write operations. Multiple volume servers work together to provide distributed storage capacity and redundancy.
Master Server Management: Configure and manage SeaweedFS master servers
To configure SeaweedFS Master, follow these steps:
Step 1: Access SeaweedFS Configuration
Navigate to the SeaweedFS section in your Karios interface
Click Configure Master to begin master server setup
Step 2: Configure Master Server
Datacenter: Enter datacenter identifier (e.g., “dc0”)
Tip
A logical identifier that represents a physical data center or geographic location where SeaweedFS nodes are deployed. This helps SeaweedFS understand the physical topology and make intelligent replication decisions to ensure data copies are distributed across different locations for disaster recovery.
Rack: Enter rack identifier (e.g., “r0”)
Tip
A logical identifier that represents a physical server rack within a datacenter. SeaweedFS uses rack information to ensure data replicas are stored on servers in different racks, providing protection against rack-level failures such as power loss, network switch failures, or cooling issues affecting an entire rack.
Default Replication: Set replication factor (e.g., “000”)
Tip
A three-digit configuration that defines how many copies of data SeaweedFS automatically creates and where they are stored. The format is “XYZ” where X = copies across datacenters, Y = copies across racks, Z = copies across volume servers. For example, “001” means 1 copy on different volume servers, “010” means 1 copy on different racks, and “100” means 1 copy across different datacenters.
Note
SeaweedFS replication 000: Stores only a single copy of each chunk (no replicas). Use this setting only when durability isn’t required as any volume/node failure may result in data loss.
In a single-node deployment, SeaweedFS replication is disabled and has no effect. Replication is only applicable when multiple volume servers (nodes) are configured.
Select Node for Master Configuration: Choose which node will serve as the master server
Configure Volumes: Click “Configure Volumes” to manage storage volumes and select a server IP address from the available list.
Unmount Volumes: Click on Unmount button to remove the volume servers
Master Servers Display: View active master servers with IP addresses and status
IP Address: Master server addresses (e.g., 192.168.116.137:9333)
Status: Active status for all master servers
Multi-Master Support: Multiple master servers for high availability
Delete Configure: Removes the entire seaweed configuration.
Control Center level ISO section is only enabled if seaweed is configured. If you don’t wish to configure seaweed, please navigate to the node level ISO section to upload or download ISO.
Understanding Basic Terms:
ISO: A disk image file format that contains an exact copy of data from an optical disc (CD/DVD). In virtualization, ISO files are used as virtual installation media to install operating systems or software on virtual machines, eliminating the need for physical discs.
RAW: An uncompressed disk image format that contains a bit-for-bit copy of a storage device or partition. RAW images provide maximum compatibility and performance but consume more storage space since they don’t use compression, making them ideal for high-performance virtual machine storage.
Network Tab Selection: Access network management by selecting the Network tab from the main navigation
Dropdown Menu Options: Choose between “Switches” and “Interface” from the network options dropdown
Search Functionality: Search network options using the integrated search bar
Server Selection: Select target server from the server dropdown menu
Switches Section (Selected from Network dropdown)
Virtual Switch: A software-based network switch that operates within the host system, enabling communication between virtual machines and connecting them to physical or virtual network interfaces. It functions like a physical Ethernet switch by learning MAC addresses, forwarding traffic, and managing network connections entirely in software.
Interface: A network connection point that allows systems to communicate over a network. This can be a physical network interface (like an Ethernet port) or a virtual interface (like a VM’s network adapter), serving as the entry and exit point for network traffic.
A High performance networking (software) switch that delivers packet delivery with low latency and high throughput compared to regular software switches.
After navigating to Switches and Select Vale Switch.
To create a Vale switch, please click on this.
Please enter the following fields for the vale switch configuration:
Vale Switch Number (not greater than 4094): An identifier to each VALE switch.
Tip
VALE Switch Number: A unique numerical identifier assigned to each VALE switch instance within the system. This number distinguishes between multiple VALE switches running on the same host, allowing the system to route traffic to the correct high-performance switch instance (e.g., vale0, vale1, vale2).
Tap Interface & VM Mapping field: Select a tap interface of your desired vm from the available list for vale connection
Network Interface: Select the network interface from the available list of interfaces.
Tip
TAP Interface: A virtual network interface that operates at Layer 2 (Ethernet level), simulating a complete network card that can send and receive raw Ethernet frames. It’s commonly used to connect virtual machines to networks by creating a virtual ethernet adapter that appears as a real network device to the operating system.
VLAN: A Virtual Local Area Network that logically segments a physical network into multiple isolated networks using VLAN tags. VLANs allow you to create separate network segments on the same physical infrastructure, improving security and organization by grouping devices logically rather than physically.
The VALE switches module has 3 types of Network topologies.
a) Fully connected network: parent interface - VALE - tap interface(s)
b) Unused Networks: parent interface - vale
c) Isolated Networks: VALE - tap interface(s)
Clicking on any topology element displays a detailed view showing the complete network hierarchy: the parent physical interface, the VALE switch configuration, and all connected virtual machine TAP interfaces.
An option to detach the parent interface is available, which will convert the network into an isolated network. A warning will be displayed before performing this destructive action.
You will find two detach options on the right side of the VALE switch:
Bulk detach all TAP interfaces: Removes all connected virtual machine interfaces at once
Detach individual TAP interfaces: Selectively remove specific virtual machine interfaces
If available interfaces exist, you can add them to the VALE switch.
A destroy switch option is available with a warning that displays the potential impact of destroying the VALE switch before executing the destructive action.
Access traditional network bridge switch management
Create Switch Button: Create new switches with type selection and configuration options
To create a new switch
Switch name: Give a unique alphanumeric name to the switch
Tip
A unique identifier assigned to distinguish and manage individual virtual switches within the Karios network infrastructure.
Select interface: Select the desired interface for switch configuration
Tip
A network connection point that allows systems to communicate over a network. This can be a physical network interface (like an Ethernet port) or a virtual interface (like a VM’s network adapter), serving as the entry and exit point for network traffic.
Click “Create Network Switch” button
Interface Section (Selected from Network dropdown)
Physical Tab: Access physical network interface management and monitoring
Virtual Tab: Access virtual network interface and VLAN configuration
Overview: You will be able to manage 2 kinds of interfaces:
This is the landing page which allows you to view your Network Interface Cards (NIC) and their status.
The Interface panel also gives the MAC address, IP address, media, VLAN’s connected to the NIC, etc.
Tip
MAC Address: A unique 48-bit hardware identifier assigned to network interfaces, displayed in hexadecimal format (e.g., 00:50:56:12:34:56). It serves as the physical address for network communication at the data link layer.
IP Address: A numerical address assigned to devices on a network for identification and communication. It can be IPv4 (e.g., 192.168.1.100) or IPv6 format, used for routing traffic across networks.
Media: The physical transmission medium or connection type used by a network interface, such as Ethernet copper cables, fiber optic cables, or wireless connections.
NIC: Network Interface Card - a hardware component that connects a computer to a network, providing the physical interface for sending and receiving network data over Ethernet or other network protocols
Click on ‘View Details’ to view the Received & Transmitted packets.
Note
View Details is only available for active interfaces.
Virtual Network Interfaces (VLANs):
In the Network Interfaces tab, like shown below, please navigate to Virtual.
We have Virtual LANs (VLAN’s) currently supported and the landing page shows you the metrics associated with VLANs like count, status, VLANs with IP and Tag ID.
In each VLAN, you will get basic information like its MAC address, IP, status, parent interface.(usually the physically interface which is seen above)
Under the Virtual Interface - Virtual LANs (VLANs), you will be able to find an option to create a VLAN - ‘Add VLAN’
VLAN Management: Configure and manage Virtual LANs with comprehensive settings
Add VLAN Button: Click on ‘Add VLAN’, it redirects you to a vlan configuration popup.
VLAN Configuration Process:
Provide all the information given below and click “Create VLAN”
Tag ID Assignment: Enter VLAN tag ID within valid range (1-4094) with duplicate avoidance
Tip
Tag ID Assignment: A unique numerical identifier (1-4094) assigned to VLAN traffic for network segmentation. The tag is added to Ethernet frames to identify which VLAN the traffic belongs to, enabling logical network separation on shared physical infrastructure.
Parent NIC Selection: Choose parent network interface from available interfaces dropdown (Parent network interface is usually from the Network → physical Interfaces, an “active” parent interface is provided).
Selecting IP: If you choose to allow Dynamic IP assignment based on the Tag ID you entered, you can skip entering the Static IP address and Subnet Mask. (It will either automatically assign an IP within 15 seconds or asks you to enter Static IP While Entering Static IP addresses it is recommended to enter IP as per the tag ID, and the subnet (the recommended formats are entered in the place holders).
Tip
Subnet: A logical subdivision of an IP network that groups devices within a specific IP address range using subnet masks (e.g., 192.168.1.0/24). Subnets organize network traffic and improve security by creating logical network boundaries.
Dynamic IP: An IP address automatically assigned to a device by a DHCP server from a predefined pool of available addresses. The address can change when the device reconnects or when the lease expires.
Static IP: A permanently assigned IP address that remains constant and is manually configured on a device. Static IPs provide consistent network identity and are essential for servers and network infrastructure that need predictable addressing.
Note
It is recommended that you have your L2 network configurations ready as per your requirements.
VLAN Management Module:
VLAN Details: Display VLAN name, Tag ID, MAC address information
Network Configuration: Show Parent NIC, IPv4 addresses, and MTU settings
Tip
MTU Settings: Maximum Transmission Unit - the largest size of data packet that can be transmitted over a network interface, measured in bytes.
Standard Ethernet MTU is 1500 bytes, while jumbo frames can support up to 9000 bytes for improved performance on high-speed networks.
Status Monitoring: Active status, admin up/down state, and connectivity indicators
Action Controls: View, Stats, Ping, and Delete functionality for each VLAN
You can perform all the 4 actions mentioned above per VLAN:
View: This gives you details such as Parent NIC, MAC address, Status, Virtual Switches connected, Routing Table. (Please scroll down to find them)
Stats: The packets VLAN receives and transmits is displayed here.
Ping: For an Active VLAN, a ping is possible to its gateway. In this case VLAN with Tag ID 115 is connecting to its interface 115.253.
Delete: Before you delete a VLAN, you will be given a warning on the connected switches that will be isolated if the VLAN is deleted.
Available Updates: Click on the updates tab to display all available system updates with comprehensive details
Remote Server Sync: Shows “Fetched from remote server” status with last fetch timestamp
Update Information: Display update name, version, description, type, and available actions
Download and Install: Direct download and install buttons for each available update
Once you click the Download button, the update package will be downloaded to the system. When the download is complete, the Install button will become active, allowing you to proceed with the installation. Click on “install” button to open the install update dialog.
Update Categories: Filter updates by type (Core, OS, Security) and priority levels
Action Controls: Install, Download, and Logs buttons for update management
Install Update Dialog: Comprehensive installation interface with multiple configuration options
- Update Details: Display update type (CORE, OS, UI) and version information
- Node Selection: Multi-select interface for choosing target nodes for installation
- Installation Status: Track Already Updated, Pending, and Scheduled installation states
- Schedule Management: Optional scheduling with date/time picker for future installations
Steps to install an update:
Select a node from the available list.
Choose between immediate installation or scheduled deployment
Click on “install now” for immediate installation.
Note
We have two update install options i.e., “install now” for instant installation and “set schedule time” for later installation.
Multi-Node Management: Support for managing updates across multiple nodes simultaneously
Remote Update Fetching: Automatic fetching of updates from remote servers with status indicators
Installation Rollback: Automatic rollback capabilities for failed installations
Comprehensive Logging: Detailed logging for all installation activities and system changes
Status Filtering: Advanced filtering options for monitoring specific installation states
For detailed information regarding system release management, advanced update procedures, rollback processes, and comprehensive release deployment strategies, please refer to Section 9: System Release Management.
The Data Center Efficiency Overview provides comprehensive monitoring and analysis of power efficiency metrics for datacenter operations. This system tracks three critical efficiency measurements: Power Usage Effectiveness (PUE), Carbon Usage Effectiveness (CUE), and Water Usage Effectiveness (WUE) to help optimize datacenter environmental performance and operational costs.
The efficiency dashboard enables administrators to:
Monitor real-time power efficiency metrics across configurable date ranges
Power Usage Effectiveness measures how efficiently a datacenter uses energy by comparing total facility energy consumption to IT equipment energy consumption.
Carbon Usage Effectiveness quantifies the greenhouse gas emissions associated with powering IT equipment, based on the carbon intensity of the electricity used.
Accessing Worker Node Components:
To access worker node level management, administrators must first navigate to the specific server they want to manage. This provides access to individual server components and detailed node-specific operations.
Navigation Process:
Server Selection: From the datacenter hierarchy in the left sidebar, select the specific worker node you want to manage
Component Access: Once a worker node is selected, the interface displays “Selected Server” with the server’s name(e.g., k00000)
Component Tabs: The worker node interface provides access to specialized component tabs designed for individual server management
Node Component Overview: The worker node interface provides access to the following key components:
Home: Server dashboard with performance metrics and system information
ISO: Node-specific ISO image management and mounting
Storage: Local storage management and disk health monitoring
Monitoring: Server-specific performance monitoring and analytics
Power: Power consumption monitoring and energy efficiency metrics
Network: Network interface management and connectivity status
Firewall: Node-level firewall configuration and security policies
Security: Server-specific security settings and compliance monitoring
Logs: System logs and event monitoring for the individual server
Interface Context: When working at the worker node level, all operations and configurations apply specifically to the selected server, providing granular control over individual infrastructure components.
Worker Node Home Overview: The Home tab serves as the primary dashboard for individual worker node management, providing comprehensive real-time metrics and system information essential for server administration and monitoring.
Performance Metrics Dashboard: The Home dashboard displays five key performance indicators in an intuitive card-based layout:
Hardware Information Display: The System Information section provides comprehensive details about the server’s hardware configuration and specifications.
System Specifications:
Make: Hardware manufacturer information (e.g., “Supermicro”)
Model: Server model designation (e.g., “Super Server”)
Network Interface: Primary network interface details with IP address and MAC address
Health Monitoring: Comprehensive health status for all storage devices
Performance Tracking: Storage performance metrics and optimization insights
Note
Click on any storage controller in the list to view additional details about the device, including hardware specifications, health status, NVMe health metrics.
Physical Server Visualization: The Chassis View provides a visual representation of the physical server hardware, helping administrators understand the physical layout and configuration.
Chassis Display Features:
3D Server Visualization: Three-dimensional representation of the server chassis
Front Panel View: Default front panel view of the server hardware
Hardware Identification: Visual identification of physical server components
Physical Layout: Understanding of physical component placement and accessibility
Chassis Navigation:
View Options: Toggle between different chassis views (Front/Back)
Show Back Button: Option to view the rear panel of the server
Hardware Mapping: Visual correlation between logical and physical components
Physical Maintenance: Assistance with physical hardware maintenance and identification
Chassis View Benefits:
Hardware Identification: Quickly identify physical components and their locations
Maintenance Planning: Plan physical maintenance and hardware replacement
Visual Reference: Provide visual context for hardware troubleshooting
Documentation: Visual documentation of server configuration and layout
The Console tab provides direct access to the FreeBSD command-line interface for individual worker nodes, enabling administrators to perform advanced system administration tasks, troubleshooting, and direct system configuration through a web-based terminal interface.
Console Interface Features:
Web-based Terminal: Browser-based access to the FreeBSD command line
Direct System Access: Full command-line access to the underlying FreeBSD system
Real-time Interaction: Live terminal session with immediate command execution
Administrative Control: Complete system administration capabilities through CLI
Secure Access: Password-protected console access with credential validation
Once authenticated, administrators have full access to FreeBSD system commands:
System Monitoring:
# System status and resource monitoring
top# Display running processes and system usage
psaux# List all running processes
df-h# Display filesystem disk usage
free-h# Show memory usage statistics
uptime# Display system uptime and load average
Service Management:
# FreeBSD service management
service-e# List enabled services
service<name>status# Check service status
service<name>start# Start a service
service<name>stop# Stop a service
service<name>restart# Restart a service
Network Configuration:
# Network interface and connectivity
ifconfig# Display network interface configuration
netstat-rn# Show routing table
ping<host># Test network connectivity
sockstat-l# Display listening sockets
Log Analysis:
# System log examination
tail-f/var/log/messages# Monitor system messages in real-time
grep"error"/var/log/messages# Search for errors in system logs
dmesg# Display kernel boot messages
logger"test message"# Add custom message to system log
# File and directory management
ls-la# List files with detailed informationcd/path/to/directory# Change directorypwd# Display current directory
mkdirdirectory_name# Create new directory
rm-rfdirectory# Remove directory and contents
System Configuration:
# System configuration files
cat/etc/rc.conf# View system startup configuration
sysctl-a# Display all system variables
mount# Show mounted filesystems
zpoolstatus# Check ZFS pool status (if applicable)
Package Management:
# FreeBSD package management
pkginfo# List installed packages
pkgsearch<package># Search for packages
pkginstall<package># Install new package
pkgupdate# Update package repository
Process Management:
# Process control and monitoring
killall<process># Kill processes by namekill-9<pid># Force kill process by PIDjobs# Display active jobs
nohup<command>&# Run command in background
FreeBSD Handbook: Reference comprehensive FreeBSD documentation for command usage
Man Pages: Use man pages within the console for detailed command documentation
System Help: Access built-in help functions for commands and utilities
Community Resources: Leverage FreeBSD community resources and forums
Support Resources:
Platform Documentation: Refer to Karios platform documentation for integration guidance
Knowledge Base: Access knowledge base articles for common console operations
Training Resources: Utilize available training resources for FreeBSD administration
Command Reference:
# Get help for any command
man<command># Display manual page for command
<command>--help# Display command help (if available)
which<command># Show path to command executable
whereis<command># Locate command binary, source, and manual
The PCIe Devices interface allows you to view and manage all PCIe (Peripheral Component Interconnect Express) devices installed in your server. PCIe is the modern standard for connecting hardware components like graphics cards, network cards, and storage devices to your computer’s motherboard.
Think of PCIe devices as the various pieces of hardware that plug into slots on your computer’s motherboard to give it different capabilities - like adding graphics processing, network connectivity, or storage functions.
PCIe stands for “Peripheral Component Interconnect Express.” It’s a high-speed connection standard that allows different hardware components to communicate with your computer’s processor and memory.
Why PCIe Matters
Speed: Much faster than older connection types
Flexibility: Supports many different types of devices
Expandability: Allows you to add new capabilities to your server
Storage Management Overview: The Storage tab provides comprehensive ZFS storage management capabilities at the node level, enabling administrators to create and manage storage pools, datasets, and volumes directly on individual servers.
ZFS (Zettabyte File System) A next-generation file system and logical volume manager originally developed by Sun Microsystems for Solaris, now widely used on FreeBSD and other operating systems. ZFS combines traditional file system functionality with volume management, providing data integrity, compression, deduplication, snapshots, and RAID-like functionality in a single integrated solution.
Storage Management Interface: The Storage Management interface offers three primary functions accessible through the top action bar:
Create Pool: Create new ZFS storage pools with configurable RAID levels
Create Datastore: Create new datastores for virtual machine storage
Storage Pools Dropdown: Select and manage existing storage pools
Tip
Pool (ZFS Pool/zpool) The top-level storage container in ZFS that consists of one or more virtual devices (vdevs) made up of physical storage devices. A pool aggregates storage capacity and provides the foundation for all ZFS file systems, volumes, and datasets. Pools can be expanded by adding more vdevs and provide redundancy through various RAID-like configurations.
Dataset A generic term in ZFS that refers to any of the following: file systems, volumes, clones, or snapshots. More commonly, it refers to a ZFS file system - a mountable unit of storage within a pool that can have its own properties, quotas, and snapshots. Datasets are hierarchical and can contain other datasets.
ZFS Storage Pool Overview: The Storage Pools section displays comprehensive information about existing ZFS pools on the worker node:
Pool Information Display:
Pool Name: ZFS pool identifier (e.g., “zroot”)
Pool Size: Total pool capacity (e.g., “920G”)
Pool State: Current operational status (e.g., “ONLINE”)
Storage Utilization: Visual progress bar showing allocated vs. free space
Capacity Details: Specific capacity information (e.g., “Free: 848G, Allocated: 71.6G”)
Pool Health Monitoring:
State Indicators: Real-time pool health status (ONLINE)
Capacity Monitoring: Visual and numerical capacity utilization tracking
ZFS ARC Memory Management
ARC (Adaptive Replacement Cache) is ZFS’s in-memory caching system. It keeps frequently accessed data and metadata in RAM, improving read performance and reducing disk I/O. The ARC Memory Management section shows:
- Available: Free memory remaining on the node.
- Current: The ARC size currently allocated.
- Recommended: A suggested ARC allocation, based on system resources.
Adjust ARC Memory:
Modify the Current value to the desired cache size.
You can increase it for more aggressive caching.
Or decrease it to free RAM for virtual machines and other workloads.
To save the settings, click “apply” . Changes apply dynamically
Impact of Adjustments
Increasing ARC
Pros: Higher cache hit rates, improved read performance, reduced latency on repeated operations.
Cons: Less memory left for VMs or applications; risk of memory pressure if set too high.
Decreasing ARC
Pros: Frees RAM for VMs and services, preventing out-of-memory scenarios.
Cons: Lower cache hit rates, more disk access, possible performance dips for repeated reads.
Disk Management
Physical Disk Information: The Disks section provides detailed information about physical storage devices within the pool:
Disk Status Display:
Disk Identifier: Physical disk designation (e.g., “nda1p3”)
Disk State: Current operational status (e.g., “ONLINE”)
Disk Performance: Read, write, and checksum statistics
Disk Health Monitoring:
Performance Tracking: Monitor disk I/O performance and statistics
Error Detection: Track and report disk errors and failures
Health Status: Visual indicators for disk health and reliability
Predictive Maintenance: Early warning indicators for disk replacement
Pool Management Actions: The Storage Pool interface provides four primary operational buttons:
Purpose
Create a new ZFS dataset within an existing storage pool for file storage and organization.
Functionality
Datasets allow you to create structured storage areas inside a pool. They can be managed independently with properties such as quotas, compression, and optional encryption.
Organization
Datasets are organized hierarchically (like directories) under the pool name.
for example:
zroot/mydataset
Usage
Ideal for organizing file-based storage into logical, isolated datasets.
Steps to create a dataset:
Step 1: Please click on “Create dataset” on any of the available pools (e.g., zroot)
Step 2: Please provide an appropriate dataset name(e.g., dataset-1)
Step 3: Enable encryption if required and provide a passphrase (min 8 characters)
Step 4: Click “Create”
Tip
ZFS Encryption
Provides data-at-rest protection by encrypting datasets at the storage level, ensuring that sensitive data remains unreadable even if physical drives are compromised, stolen, or improperly disposed of. This native encryption feature supports regulatory compliance requirements (HIPAA, PCI-DSS, GDPR) while maintaining high performance through hardware acceleration and granular control over different datasets based on security requirements.
View Datasets:
Purpose: Display and manage existing datasets within the pool
Functionality: Comprehensive dataset viewing and management
Dataset Information: Usage statistics, compression settings, and configurations
Filter Options: Filter datasets by type (All Types, Filesystem, Volume, Snapshot
Click on “View datasets” to display and manage your datasets within the pool.
Create Zvol:
Purpose: Create ZFS volumes for block storage
Tip
Block Level Storage
Refers to a data storage method where data is stored and accessed in fixed-size blocks (typically 512 bytes to several KB), with each block having a unique address that the operating system can directly access.
Functionality: Block-level storage for virtual machines and applications
Configuration: Specify volume name and size with unit selection (GB, TB)
Usage: Ideal for virtual machine storage and database applications
Provide an appropriate name for the zvol and select “Create Zvol”
Delete Pool:
Purpose: Remove storage pools from the system
Functionality: Complete pool deletion with data removal
Safety: Confirmation required before permanent deletion
Impact: Permanent removal of all pool data and configurations
Please navigate to the appropriate pool and select “Delete Pool”
Warning: Performing this action will delete all the datasets, volumes, snapshots and it cannot reversed.
Create ZPool Interface: The Create ZPool dialog provides comprehensive options for creating new ZFS storage pools:
Pool Configuration Options:
Pool Name: Specify unique pool identifier
RAID Type Selection: Choose from multiple RAID configurations:
- raidz1: Single parity RAID-Z (similar to RAID 5)
- raidz2: Double parity RAID-Z (similar to RAID 6)
- raidz3: Triple parity RAID-Z (maximum fault tolerance)
- mirror: Mirrored configuration (similar to RAID 1)
- striped: Striped configuration (similar to RAID 0)
Disk Selection:
Available Disks: Display of available physical disks for pool creation
Disk Status: Real-time availability status of storage devices
Disk Validation: Verification of disk suitability for pool creation
No Disks Available: Clear indication when no disks are available for pool creation
Steps to create a zpool:
Step 1: Provide an appropriate pool name
Step 2: Select the desired RAID type and available disks based on the RAID type.
Step 3: Click “Create ZPool” to provision the ZFS pool.
Tip
RAID-Z Levels
RAID-Z1 A ZFS implementation similar to RAID-5, using single-parity protection across multiple drives (minimum 3 drives). Can tolerate the failure of one drive while maintaining data integrity, providing a balance between storage capacity and redundancy.
RAID-Z2 A ZFS implementation similar to RAID-6, using double-parity protection across multiple drives (minimum 4 drives). Can tolerate the failure of up to two drives simultaneously, offering higher redundancy than RAID-Z1 at the cost of additional storage overhead.
RAID-Z3 A ZFS implementation using triple-parity protection across multiple drives (minimum 5 drives). Can tolerate the failure of up to three drives simultaneously, providing the highest level of redundancy in the RAID-Z family, ideal for large storage arrays where maximum data protection is critical.
Mirror A ZFS configuration similar to RAID-1, where data is duplicated across two or more drives. Provides excellent read performance and can tolerate the failure of all but one drive in the mirror group, offering the fastest rebuild times but using 50% or more of available storage capacity for redundancy.
Striped A ZFS configuration similar to RAID-0, where data is distributed across multiple drives without any redundancy. Provides maximum storage capacity and improved performance through parallel I/O operations, but offers no fault tolerance - the failure of any single drive results in complete data loss.
Create Datastore Interface: The Create Datastore dialog enables creation of datastores for virtual machine storage:
Tip
Datastore
A logical storage container that abstracts and manages underlying physical storage resources (hard drives, SSDs, storage arrays) into a unified pool of storage capacity.
Monitoring Overview: The Monitoring tab provides comprehensive real-time performance monitoring and historical analysis for individual worker nodes, enabling administrators to track system performance, identify trends, and optimize resource utilization.
Feature available under “Diagnostics” tab.
Monitoring Interface: The monitoring interface features a time-based performance dashboard with configurable time ranges and multiple performance metrics displayed in detailed graphical format.
Time Range Controls: The monitoring interface provides flexible time range selection for performance analysis:
Available Time Ranges:
Last 1h: Real-time monitoring for the past hour (default selection)
Last 30m: Short-term monitoring for the past 30 minutes
Last 15m: Immediate monitoring for the past 15 minutes
Last 5m: Real-time monitoring for the past 5 minutes
Last 1m: Live monitoring for the past minute
Time Range Features:
Active Selection: Currently selected time range highlighted in blue
Flexible Analysis: Choose appropriate time ranges for different analysis needs
Historical Data: Access historical performance data for trend analysis
Real-time Updates: Continuous data updates for live monitoring
Power Management Overview: The Power tab provides comprehensive power monitoring and management capabilities for individual worker nodes, enabling administrators to track power consumption, optimize energy efficiency, and manage power profiles for optimal performance and cost savings.
Power Interface Features: The Power management interface offers dual view modes and comprehensive power analytics:
View Mode Selection: Switch between “Power Metrics” and “Power Monitoring” views
Time Range Controls: Flexible time range selection for power analysis
Real-time Monitoring: Live power consumption tracking and visualization
Power Profile Management: Configure and optimize power profiles for different workloads
Network Overview: The Network tab provides comprehensive network interface and switch management for individual worker nodes, enabling administrators to configure network connectivity, manage virtual switches, and monitor network interface status across the cluster infrastructure.
Network Interface Management: The network management interface features dedicated sections for interface monitoring and switch configuration, providing granular control over network connectivity and virtual network topology.
Overview: The Firewall tab provides comprehensive packet filter (PF) rule management for individual worker nodes, enabling administrators to configure network security policies, manage traffic filtering rules, and maintain system security through advanced firewall configuration.
Firewall Rule Management: The firewall interface features a code-based rule editor with syntax highlighting, real-time validation, and safety mechanisms to prevent system lockout through configuration errors.
This PF rule acts as a security guard for your server, preventing connection flooding and brute-force attacks. It works by implementing multiple security mechanisms:
Limiting Connections
Restricts the number of simultaneous connections and rate of new connection attempts from any single IP address
Overload Protection
When configured limits are exceeded, the rule aggressively blocks attackers by dropping their connections and terminating existing ones using a pre-defined “bruteforce” action block
Attack Mitigation
Designed to stop malicious actors from overwhelming your server with connection requests while minimizing disruption to legitimate users
Configuration Requirements
Proper configuration is crucial for rule effectiveness:
Critical Components:
Connection limit thresholds appropriate for your environment
Rate limiting parameters for new connection attempts
Bruteforce overload block configuration
Timeout values for blocked connections
Best Practices:
Test configuration changes in a controlled environment
Monitor logs to ensure legitimate traffic isn’t blocked
Adjust thresholds based on actual traffic patterns
Document configuration changes for future reference
Warning
Configuration Impact
Improper PF rule configuration can block legitimate traffic or fail to protect against attacks. Always validate settings before applying to production systems.
PF Rules Display: The Packet Filter Rules section provides a comprehensive view of all active firewall rules.
Rule Configuration Display:
Line Numbers: Sequential line numbering for easy rule reference and navigation
Syntax Highlighting: Color-coded syntax highlighting for different rule components
Rule Structure: Clear display of rule syntax with proper formatting
Code Editor: Full-featured code editor with firewall rule editing capabilities
Advanced Configuration Warning:
Security Notice: Prominent warning about advanced configuration complexity
Risk Assessment: Clear indication of potential security vulnerabilities
Expertise Requirement: Emphasis on required expertise for rule modification
System Lockout Prevention: Warning about potential system access issues
The Simple Mode interface provides a user-friendly way to configure FreeBSD Packet Filter (PF) rules through an intuitive drag-and-drop interface. This mode is designed for quick and easy firewall rule creation without requiring deep knowledge of PF syntax.
Interface Components
Existing Packet Filters Section
The left panel displays currently configured packet filter elements organized by type:
Variables: Network interface definitions and other variables
Set Options: Firewall behavior configuration options
Rules: Pass/block rule definitions
Tables: Address groupings for rule references
Anchors: NAT/RDR anchor definitions
Adding New Packet Filter Rules
Select Rule Type
Choose from the available rule types:
Variables - Define network interfaces and other variables
Set Options - Configure firewall behavior options
Tables - Define address tables for grouping
Rules - Define pass/block rules
Anchors - Define NAT/RDR anchors
Anchor Templates - Predefined service configurations
Rule Configuration Options
Variables
Configure network interface definitions and custom variables:
Variable Name: Define the variable identifier (e.g., ext_if)
Value: Set the variable value (e.g., igb0)
Set Options
Configure firewall behavior settings:
Option Name: Select from available options (e.g., block-policy)
Drag and Drop: The new rule appears in the left panel where you can drag it to reorder priority
Save Changes: Click “Save Changes” to apply the configuration
Configuration Validation and Application
When you click “Save Changes”:
Syntax Check: The system validates PF rule syntax
60-Second Timer: If syntax is valid, a 60-second confirmation timer begins
Confirmation Required: You must confirm the changes within 60 seconds
Automatic Rollback: If not confirmed, changes are automatically reverted
Rule Application: Upon confirmation, the new PF configuration is saved and applied
Warning
Always ensure you have alternative access to the system before applying firewall changes. The 60-second confirmation window provides a safety mechanism to prevent lockouts.
Advanced Features
When Simple Mode limitations are reached, Advanced Mode provides:
Complex rule matching criteria
Advanced NAT/RDR configurations
Queue management and traffic shaping
Custom macro definitions
Raw PF rule syntax editing
Switch to Advanced Mode when you need capabilities beyond the simplified interface options.
Use the “Need more options? Switch to Advanced Mode” link or “Advanced” button at the top to access additional configuration options when Simple Mode doesn’t provide sufficient flexibility.
The Security Center provides a centralized interface for managing and monitoring your infrastructure’s security posture. This walkthrough will guide you through the key features and functionalities available in the Security Center.
How this score is calculated:
- The CAT I / CAT II / CAT III counts directly drive this compliance score — each issue reduces the score based on severity and total volume.
CAT I (Critical):
- Largest impact; each lowers compliance by ~1.5–2 points.
CAT II (High/Medium):
- Moderate impact; each lowers compliance by ~0.25–0.60 point.
CAT III (Low):
- Smallest impact; each lowers compliance by ~0.1–0.2 points.
Volume Factor:
- More total findings → each new one counts a bit more (up to ~30% extra impact).
Calculation:
- Compliance = 100 – (Weighted Findings × Volume Factor ÷ 10)
- Final score is clamped to 0–100. If no findings → 100% compliance.
Safety-First Remediation - All XCCDF rules include automated checks with manual remediation for high-risk changes that could cause system lockout (SSH, PAM, firewall modifications).
Industry Standard Compliance - Rules follow CIS FreeBSD 14 Benchmark v1.0.1 with proper CVE identifiers, CVSS scores, and NIST 800-53 control mappings for enterprise compliance frameworks.
Service Continuity Protection - Remediation scripts avoid automatic service restarts and include clear warnings about potential disruption to critical services like SSH and databases.
Operational Documentation - Each rule includes comprehensive warning, remediation, and recommendation sections with specific manual steps for safe implementation in production environments.
Prioritize vulnerabilities based on risk assessment
Test remediation actions in development environments first
Document all security configuration changes
System Monitoring
Monitor system performance after applying security fixes
Verify that remediation actions do not impact system functionality
Maintain audit trails of all security-related changes
Important
Always test security remediation actions in a controlled environment before applying them to production systems to ensure system stability and functionality.
Log Overview: The Logs tab provides comprehensive system log monitoring and analysis for individual worker nodes, featuring real-time log streaming, filtering capabilities, and log export functionality for troubleshooting and system analysis.
Log Viewer Interface: The Log Viewer displays system logs in a structured format with filtering options, search capabilities, and export tools for efficient log management and analysis.
The FreeBSD Debug Framework provides comprehensive system diagnostic capabilities through both REST API and command-line interfaces. This unified framework enables administrators to collect, analyze, and export system diagnostics from FreeBSD environments efficiently.
The framework enables you to:
Run system diagnostic tools
Collect their outputs in organized directories
Generate and download consolidated PDF reports
Manage outputs automatically with cleanup policies
Access diagnostics through both API and CLI interfaces
This simplifies debugging workflows by providing consistent interfaces for system analysis and reporting.
The support bundle tool collects system logs and diagnostic information, encrypts them, and packages them into a .7z archive for analysis by the support team.
Click on “Ondemand Services” tab under “Diagnostics” and select “Support Bundle”.
Review the Information
Read the description: “Collects system logs and diagnostic information, encrypts them, and packages them into a .7z archive for analysis by the support team”
Check the “When to use” scenarios to confirm this matches your needs:
Troubleshooting system issues
Diagnostic analysis
System health evaluation
Performance problem investigation
Generate the Bundle
Click the blue “Generate Bundle” button
Wait for Processing
The system will collect logs and diagnostic data
Package everything into an encrypted .7z archive
This may take a few minutes depending on system size
Download the Bundle
Once complete, download the generated .7z file
This encrypted archive can be shared with the support team for analysis
Generate Support Bundle via Command Line
Connect to the Console
Use SSH or direct console access to log in to your FreeBSD machine.
sshadmin@your-freebsd-machine
Tip
Ensure you have administrative privileges before proceeding with support bundle collection.
Navigate to the Tool Location
Change directory to where the support_bundle binary is placed:
cd/path/to/support_bundle
Note
Replace /path/to/support_bundle with the actual installation path on your system.
Run the Support Bundle Tool
Execute the tool:
./support_bundle
When prompted, enter a password to encrypt the archive.
Important
Remember this password—you will need to share it with support for archive decryption.
Warning
Choose a strong password for the archive encryption. This password protects sensitive system information during transmission.
Verify the Archive
After completion, check that the archive was created:
ls-lsupport_bundle.7z
Expected output should show the created archive file with its size and timestamp.
Share the Archive
Send the support_bundle.7z file and the password to the support team via the provided support email for further analysis.
Use the following template when submitting your support bundle:
Subject Line:
Subject: Support Bundle for Analysis
Email Body:
Attached is the support_bundle.7z file collected from our FreeBSD system.
Password for the archive: [your password]
Please let us know if you need further information.
The “Setup VM” button provides access to virtual machine creation with two distinct deployment methods:
Standard VM Setup: Traditional virtual machine configuration for FreeBSD, Windows 10, and Ubuntu
Cloud-Init Setup: Automated VM deployment with cloud-init support for FreeBSD and Ubuntu
Note
Please setup the technitium DHCP and DNS server before proceeding with the vm installation.
Refer to Technitium DHCP and DNS Setup documentation for detailed instructions.
Cloud-Init setup provides automated VM deployment with pre-configuration capabilities, supporting:
FreeBSD: Automated FreeBSD deployment with cloud-init
Ubuntu: Automated Ubuntu deployment with cloud-init integration
Note
Please upload and download a raw image (.raw) if it is not available during the setup. To do this, navigate to the node-level ISO section in the interface.
Cloud-Init Configuration Process
Setup Method Selection: Choose “Cloud-Init Setup” from available options
Server Selection: Select target server for VM deployment
Basic VM Configuration: Configure VM name, loader, and OS
Resource Allocation: Set CPU, memory, and storage parameters
User Account Setup: Configure initial user account and authentication
Network Configuration: Set network parameters (DHCP or static)
VM Creation: Deploy the cloud-init enabled virtual machine
For enhanced security, configure SSH key authentication for your virtual machines.
SSH Key Format
Provide your SSH public key in standard format (e.g., ssh-rsa, ssh-ed25519).
Paste the public key directly into the VM setup form or upload as required.
Key Benefits
Enables passwordless authentication for secure remote access.
Reduces risk of brute-force password attacks.
Simplifies automation and remote management.
Multiple Keys Support
You may specify multiple SSH public keys for a VM.
Each key grants access to authorized users.
Key Management
SSH keys are managed centrally via the Karios interface.
Administrators can add, remove, or update authorized keys for each VM.
Regularly review and rotate SSH keys for optimal security.
Note
Always keep your private SSH keys secure and never share them.
Only authorized public keys should be added to the VM configuration.
Network Configuration Options
DHCP Configuration (Default):
- Automatic IP address assignment
- Dynamic network configuration
- Simplified setup process
Static IP Configuration:
- Static IP Address: Manually specify IP address
- Subnet Mask: Configure network subnet mask
- Domain Name: Set domain name for the VM
Once a VM is created, the VM management interface provides comprehensive control through several key sections:
Click on the icon highlighted below to navigate to the VM management interface. All created VMs will be listed here.
Hardware Tab: Configure VM hardware specifications and resources
Console Tab: Direct console access to the virtual machine
Snapshots Tab: Create and manage VM snapshots
Activity Logs Tab: View VM operation history and logs
VM Hardware Configuration
The Hardware tab allows dynamic modification of VM specifications:
VM Details Configuration: Adjust CPU and memory allocation
CD/DVD Drive Management: Attach ISO images for installation or boot
Network Switch Management: Configure network interfaces and switches
Update: Modify existing network configurations
Virtual Disk Management: Attach virtual disks
Attach Only Disk:
Reassign: Remove the virtual disk from the current vm and assign it to some other available vm in the node.
Delete: Delete the unused disk permanently
Attach PCIe Device: Attach PCIe devices like GPU and NIC to the VM. Click on the “Attach” button to attach the PCIe device.
Note
When passing through NVIDIA GPUs to virtual machines running Linux-based operating systems, ensure you blacklist the nouveau driver to prevent conflicts with NVIDIA proprietary drivers.
Select the PCIe devices to attach to the VM and click on the “Attach Devices” button.
Confirm the PCIe devices to be attached to the VM. Click on the “Attach Devices” button to proceed.
Attached devices will be listed in the Hardware tab.
Detach PCIe Device: Detach the PCIe devices from the VM. Click on the “detach” button to detach the PCIe device.
The Bhyve Logs tab provides comprehensive access to virtual machine hypervisor logs:
Real-time Log Monitoring: View live bhyve hypervisor logs with automatic updates
Log Entry Details: Each log entry displays timestamp and detailed system messages
VM Initialization Tracking: Monitor VM startup sequence including:
MAC address generation
Boot loader initialization
CPU and memory allocation
Network bridge configuration
UUID assignment and debug mode status
Primary disk attachment
Log Refresh Control: Manual refresh capability to update log entries on demand
Total Log Count Display: Shows complete number of log entries (e.g., “Total logs: 24”)
Chronological Log Organization: Entries numbered sequentially with precise timestamps
System Event Correlation: Track VM state changes and correlate with system events
Troubleshooting Support: Detailed logging for diagnosing VM startup and operational issues
The Bhyve Logs interface provides essential diagnostic information for understanding VM behavior, troubleshooting boot issues, and monitoring hypervisor-level operations during virtual machine lifecycle management.
GPU passthrough provides virtual machines with direct access to graphics processing units, enabling near-native performance for GPU-accelerated applications.
# Start a virtual machine
vmstartvm_name
# Start VM with specific boot options
vmstart-B"-s 31,lpc -l com1,stdio"vm_name
# Stop a virtual machine
vmstopvm_name
# Force stop (power off)
vmpoweroffvm_name
# Restart a virtual machine
vmrestartvm_name
# List all virtual machines
vmlist
# Show detailed VM information
vminfovm_name
# Show VM configuration
vmconfigvm_name
# Show VM console output
vmconsolevm_name
# Create a template from an existing VM config
cp/zroot/vm/vm_name/vm.conf/vm/.templates/template_name.conf
# List available templates
ls/vm/.templates/
# Show template details
cat/vm/.templates/template_name.conf
# Delete a template
rm/vm/.templates/template_name.conf
# Create a VM from a template
vmcreate-ttemplate_namenew_vm_name
# Connect to VM console
vmconsolevm_name
# Disconnect from console# Press Ctrl+] to exit console# Enable VNC for VM
vmconfigvm_namevnc=on
# Set VNC port
vmconfigvm_namevnc_port=5900# Set VNC password
vmconfigvm_namevnc_password=secure_password
# Monitor overall system resource usage
top-a
# Show CPU usage per core
top-P
# Monitor disk I/O statistics
iostat-x1# Show live disk statistics per device
gstat
# Display network statistics (interfaces)
netstat-i
# Show protocol-level network statistics
netstat-s
# View specific VM process resource usage
psaux|grepbhyve
Note
Replace vm_name, template_name, and other variables with actual values specific to your environment.
Warning
Some operations like PCI passthrough require specific hardware support and configuration.
Tip
Use vmhelpcommand_name to get detailed information about any specific command and its options.
For troubleshooting scenarios where Karios services are unresponsive, you can manually control individual services using FreeBSD’s service management commands.
Warning
Only perform manual service operations when services are not responding through the normal Karios interface. Always check service status before making changes.
Always backup your system before performing service restarts in production environments. Database service interruptions may affect running virtual machines and storage operations.
The Karios platform provides a comprehensive RESTful API interface accessible through Swagger UI, enabling developers and administrators to interact with all platform features programmatically.
Step-by-Step API Access Guide
Step 1: Access Swagger Endpoint
The Swagger UI provides an interactive interface for exploring and testing the Karios API.
Navigate to Swagger Interface:
http://192.168.116.132:8080/swagger/index.html
Swagger Interface Components
Upon accessing the Swagger interface, you’ll see:
API Title and Version: Displays the current API version
Server Information: Shows the base URL for API calls
Authorization Section: Located at the top-right corner
API Endpoints: Organized by functional categories
Try it Out Buttons: Interactive testing for each endpoint
