Black Box LES1108A User Manual Download Page 129 | Manualshive

Page: 129 / 237

background image

_____________________________________________________________________

724-746-5500 | b lackb o x.co m

Page 129

If a local user logs in, they may be authenticated/authorized from the remote AAA server, depending on
the chosen priority of the remote AAA. A local user’s authorization is the union of local and remote
privileges.

Example 1:

User Tim is locally added, and has access to ports 1 and 2. He is also defined on a remote
TACACS server, which says he has access to ports 3 and 4. Tim may log in with either his local or
TACACS password, and will have access to ports 1 through 4. If TACACS is down, he will need to
use his local password, and will only be able to access ports 1 and 2.

Example 2:

User Ben is only defined on the TACACS server, which says he has access to ports 5 and 6. When
he attempts to log in, a new user will be created for him, and he will be able to access ports 5
and 6. If the TACACS server is down he will have no access.

Example 3:

User Paul is defined on a RADIUS server only. He has access to all serial ports and network hosts.

Example 4:

User Don is locally defined on an appliance using RADIUS for AAA. Even if Don is also defined on
the RADIUS server, he will only have access to those serial ports and network hosts he has been
authorized to use on the appliance.

If a “no local AAA” option is selected, then root will still be authenticated locally.

You can add remote users to the admin group via either RADIUS or TACACS. Users may have a set of
authorizations set on the remote TACACS server. Users automatically added by RADIUS will have
authorization for all resources, whereas those added locally will still need their authorizations specified.

LDAP has not been modified, and will still need locally defined users.

9.2

PAM (Pluggable Authentication Modules)

The

console server

supports RADIUS, , and LDAP for two-factor authentication

via

PAM

(Pluggable Authentication Modules). PAM is a flexible mechanism for authenticating users. Nowadays, a
number of new ways of authenticating users have become popular. The challenge is that each time a
new authentication scheme is developed, you need to rewrite all the necessary programs (login, ftpd,

etc

.) to support it.

PAM provides a way to develop programs that are independent of authentication scheme. These
programs need “authentication modules” to be attached to them at run-time in order to work. Which
authentication module is attached depends on the local system setup and is at the discretion of the local

Administrator

.

The

console server

family supports PAM with the following modules added for remote authentication:

RADIUS

- pam_radius_auth

(http://www.freeradius.org/pam_radius_auth/)

- pam_tacplus

(http://echelon.pl/pubs/pam_tacplus.html)

LDAP - pam_ldap

(http://www.padl.com/OSS/pam_ldap.html)

«
...
127
128
129
130
131
...
»

Summary of Contents for LES1108A

Page 1: ...LES1208A LES1116A LES1216A LES1148A LES1248A Order toll free in the U S Call 877 877 BBOX outside U S call 724 746 5500 FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746 Mailing address Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 Web site www blackbox com E mail info blackbox com Customer Support Information ...

Page 2: ... Inc Linux is a registered trademark of Linus Torvalds Internet Explorer Windows Windows Me Windows NT and Windows Vista are a registered trademarks of Microsoft Corporation Nagios is a registered trademark of Nagios Enterprises LLC Java and Solaris are trademarks of Sun Microsystems Inc Unix is a registered trademark of X Open Company Ltd Any other trademarks mentioned in this manual are acknowle...

Page 3: ...rvers Manual We re here to help If you have any questions about your application or our products contact Black Box Tech Support at 724 746 5500 or go to blackbox com and click on Talk to Black Box You ll be live with one of our technical experts in less than 20 seconds ...

Page 4: ...ference when the equipment is operated in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority t...

Page 5: ...inetes que impidan el flujo de aire por los orificios de ventilación 10 El equipo eléctrico deber ser situado fuera del alcance de fuentes de calor como radiadores registros de calor estufas u otros aparatos incluyendo amplificadores que producen calor 11 El aparato eléctrico deberá ser connectado a una fuente de poder sólo del tipo descrito en el instructivo de operación o como se indique en el a...

Page 6: ... IPv6 configuration 25 3 4 System Services 25 3 5 Communications Software 27 3 5 1 SDT Connector 27 3 5 2 PuTTY 28 3 5 3 SSHTerm 28 3 6 Management network configuration LES1208A LES1216A and LES1248A only 29 3 6 1 Enable the Management LAN 29 3 6 2 Configure the DHCP server 30 3 6 3 Select Failover or broadband OOB 32 3 6 4 Bridging the network ports 33 SERIAL PORT AND NETWORK HOST 35 4 1 Configur...

Page 7: ... for out of band connection to the gateway 79 6 6 Importing and exporting preferences 80 6 7 SDT Connector Public Key Authentication 81 6 8 Setting up SDT for Remote Desktop access 81 6 8 1 Enable Remote Desktop on the target Windows computer to be accessed 82 6 8 2 Configure the Remote Desktop Connection client 83 6 9 SDT SSH Tunnel for VNC 87 6 9 1 Install and configure the VNC Server on the com...

Page 8: ...31 NAGIOS INTEGRATION 134 10 1 Nagios Overview 134 10 2 Central management and setting up SDT for Nagios 135 10 2 1 Set up central Nagios server 136 10 2 2 Set up distributed console servers 136 10 3 Configuring Nagios distributed monitoring 139 10 3 1 Enable Nagios on the console server 139 10 3 2 Enable NRPE monitoring 140 10 3 3 Enable NSCA monitoring 140 10 3 4 Configure selected Serial Ports ...

Page 9: ... 20 Dial in settings 185 14 21 DHCP server 186 14 22 Services 186 14 23 NAGIOS 187 ADVANCED CONFIGURATION 189 15 1 Custom Scripting 189 15 1 1 Custom script to run when booting 189 15 1 2 Running custom scripts when alerts are triggered 190 15 1 3 Example script Power cycling on pattern match 191 15 1 4 Example script Multiple email notifications on each alert 191 15 1 5 Deleting configuration val...

Page 10: ...ation 212 15 7 Secure Sockets Layer SSL Support 213 15 8 HTTPS 213 15 8 1 Generating an encryption key 213 15 8 2 Generating a self signed certificate with OpenSSL 213 15 8 3 Installing the key and certificate 214 15 8 4 Launching the HTTPS Server 214 15 9 Power Strip Control 215 15 9 1 The PowerMan tool 215 15 9 2 The pmpower tool 216 15 9 3 Adding new RPC devices 217 15 10 IPMItool 218 15 11 Cus...

Page 11: ...nect controlled devices 3 System Configuration Describes the initial installation and configuration using the Management Console Covers configuration of the console server on the network and the services that will be supported 4 Serial Network Covers configuring serial ports and connected network hosts and setting up Users and Groups 5 Failover and OoB dial in Describes setting up the high availab...

Page 12: ...r access and control authority These users are set up as members of the users user group or some other user groups the Administrator may have added They are only authorized to perform specified controls on specific connected devices and are referred to as Users These Users when authorized can access serial or network connected devices and control these devices using the specified services for exam...

Page 13: ...le serial port connect via ssh or telnet through the LAN or connect through an SSH tunneling to the console server Manual Conventions This manual uses different fonts and typefaces to show specific actions Note Text presented like this indicates issues to note Text presented like this highlights important information Make sure you read and follow these warnings Text presented with an arrow head in...

Page 14: ...d in this manual at any time This manual could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes may be incorporated in new editions of the publication Notice to Users Use proper back up systems and necessary safety devices to protect against injury death or property damage caused by system failure This protection is the us...

Page 15: ...erify you have all the parts shown above and that they all appear in good working order If you are installing the console server in a rack you will need to attach the rack mounting brackets supplied with the unit then install the unit in the rack Make sure you follow the Safety Precautions listed in Appendix C Connect your console server to the network to the serial ports of the controlled devices...

Page 16: ... Console Server 2 UTP CAT5 blue cables DB9F RJ45S straight and DB9F RJ45S cross over connectors Dual IEC AC power cords Printed Quick Start Guide and User s Manual on CD ROM 2 1 2 Kit components LES1116A and LES1148A Console Servers LES1116A or LES1148A Console Server 2 UTP CAT5 blue cables DB9F RJ45S straight and DB9F RJ45S cross over connectors IEC AC power cord Printed Quick Start Guide and Use...

Page 17: ... accept AC input voltage between 100 and 240 VAC with a frequency of 50 or 60 Hz The total power consumption per console server is less than 30W Two IEC AC power sockets are located at the rear of the metal case and these IEC power inlets use conventional IEC AC power cords Power cords for various regions are available although the North American power cord is provided by default There is a warnin...

Page 18: ...is included in the kit The 5 VDC connector from the power supply plugs into the 5VDC power socket on the rear of the LES1108A 2 3 Network connection The RJ 45 LAN ports are located on the rear panel of the LES1108A and on the front panel of the rack mount console servers Use industry standard Cat5 cabling and connectors Make sure that you only connect the LAN port to an Ethernet network that suppo...

Page 19: ...nsole Modem port that is on the LE1108A s rear panel and on the rackmount units front panels Conventional CAT5 cabling with RJ 45 jacks is used for serial connections Before connecting an external device s console port to the console server serial port confirm that the device supports the standard RS 232C EIA 232 Black Box supplies a range of cables and adapters that may be required to connect to ...

Page 20: ... initial configuration we recommend that you connect the console server directly to a single PC or workstation However if you choose to connect your LAN before completing the initial setup steps it is important that you make sure that there are no other devices on the LAN with an address of 192 168 0 1 the console server and the PC workstation are on the same LAN segment with no interposed router ...

Page 21: ...he console server In the example below a console server has a MAC Address 00 13 C6 00 02 0F designated on the label on the bottom of the unit and we are setting its IP address to 192 168 100 23 Also the PC workstation issuing the arp command must be on the same network segment as the console server that is have an IP address of 192 168 100 xxx Type arp s 192 168 100 23 00 13 C6 00 02 0F Note for U...

Page 22: ...h access to serial ports on the Serial Network Users page Chapter 3 After completing each of the above steps you can return to the configuration list by clicking in the top left corner of the screen on the Black Box logo Note If you are not able to connect to the Management Console at 192 168 0 1 or if the default Username Password were not accepted then reset your console server refer to Chapter ...

Page 23: ...ou can also use the special characters _ and There are no restrictions on the characters that can be used in the System Description or the System Password each can contain up to 254 characters However only the first eight System Password characters are used to make the password hash Click Apply Since you have changed the password you will be prompted to log in again This time use the new password ...

Page 24: ...ts any network IP address assigned by a DHCP server on your network In this initial state the console server will then respond to both its Static address 192 168 0 1 and its newly assigned DHCP address By default the console server LAN port auto detects the Ethernet connection speed You can use the Media menu to lock the Ethernet to 10 Mbps or 100 Mbps and to Full Duplex FD or Half Duplex HD Note ...

Page 25: ...parameters on each Interface page 3 4 System Services The Administrator can access and configure the console server and connect to the managed devices using a range of access protocols services The factory default enables HTTPS and SSH access to the console server and disables HTTP and Telnet A User or Administrator can also use nominated enabled services to connect through the console server to a...

Page 26: ...her public network This will provide authenticated communications between the SSH client program on the remote PC workstation and the SSH sever in the console server By default SSH is enabled For more information on SSH configuration refer Chapter 9 Authentication You can configure related service options at this stage SNMP This will enable netsnmp in the console server which will keep a remote lo...

Page 27: ... other generic tools such as PuTTY and SSHTerm These tools are all described below as well 3 5 1 SDT Connector Each console server has an unlimited number of SDT Connector licenses to use with that console server SDT Connector is a lightweight tool that enables Users and Administrators to securely access the console server and the various computers network devices and appliances that may be serial...

Page 28: ...otocol and use the default IP Port 22 Click Open and the console server login prompt will appear You may also receive a Security Alert that the host s key is not cached Choose yes to continue Using the Telnet protocol is similarly simple but you use the default port 23 3 5 3 SSHTerm Another popular communications package you can use is SSHTerm an open source package that you can download from http...

Page 29: ...e LES1208A LES1216A and LES1248A console servers provide a firewall router and DHCP server You need to connect an external LAN switch to Network 2 to attach hosts to this management LAN This Management LAN feature is disabled by default To configure the Management LAN gateway Select the Management LAN page on the System IP menu and uncheck Disable Configure the IP Address and Subnet Mask for the M...

Page 30: ...le by SSH port forwarding This ensures that the remote and local connections to Managed Devices on the Management LAN are secure You can also configure the LAN ports in bridged mode as described later in this chapter or you can configure them from the command line 3 6 2 Configure the DHCP server The LES1208A LES1216A and LES1248A console servers also host a DHCP server which by default is disabled...

Page 31: ...e console server s IP address is used So leave this field blank for automatic DNS server assignment Optionally enter a Domain Name suffix to issue DHCP clients Enter the Default Lease time and Maximum Lease time in seconds The lease time is the time that a dynamically assigned IP address is valid before the client must request it again Click Apply The DHCP server will sequentially issue IP address...

Page 32: ... addresses copy these addresses into the pre assigned list so the same IP address will be reallocated if you reboot the system 3 6 3 Select Failover or broadband OOB The LES1208A LES1216A and LES1248A console servers provide a broadband failover option If you have a problem using the main LAN connection for accessing the console server an alternate access path is used By default the failover is no...

Page 33: ...be probed to trigger failover and set up the failover ports themselves This is covered in Chapter 5 Note With the LES1208A LES1216A and LES1248A you can configure the second Ethernet port as either a gateway port or as an OOB Failover port but not both Make sure you did not enable the Management LAN function on Network 2 3 6 4 Bridging the network ports By default you can only access the console s...

Page 34: ...et ports are all transparently connected at the data link layer layer 2 and they are configured collectively using the Network Interface menu When bridging is enabled network traffic is forwarded between all Ethernet ports with no firewall restrictions This mode also removes all the Management LAN Interface and Out of Band Failover Interface functions and disables the DHCP Server ...

Page 35: ...l in Chapter 9 Network Hosts configuring access to network connected devices referred to as hosts Configuring Trusted Networks nominate user IP addresses Cascading and Redirection of Serial Console Ports Connecting to Power UPS PDU and IPMI and Environmental Monitoring EMD devices Managed Devices presents a consolidted view of all the connections 4 1 Configure Serial Ports To configure a serial po...

Page 36: ...dit When you have reconfigured the common settings Chapter 4 1 1 and the mode Chapters 4 1 2 4 1 6 for each port you can set up any remote syslog Chapter 4 1 7 then click Apply Note If you want to set the same protocol options for multiple serial ports at once click Edit Multiple Ports and select which ports you want to configure as a group If the console server has been configured with distribute...

Page 37: ...devices they will be controlling and make sure they have matching settings Note The serial ports are all set at the factory to RS232 9600 baud no parity 8 data bits 1 stop bit and Console server Mode You can change the baud rate to 2400 230400 baud using the management console You can configure lower baud rates 50 75 110 134 150 200 300 600 1200 1800 baud from the command line Refer to Chapter 14 ...

Page 38: ...or s computer can connect to a serial device attached to this serial port on the console server The Telnet communications are unencrypted so this protocol is generally recommended only for local connections With Win2000 XP NT you can run telnet from the command prompt cmd exe Vista and Windows 7 include a Telnet client and server but they are not enabled by default To enable Telnet Log in as Admin...

Page 39: ...ateway then configure it as a host Next you enable Telnet service on Port 2000 serial port i e 2001 2048 Refer to Chapter 6 for more details on using SDT Connector for Telnet and SSH access to devices that are attached to the console server serial ports You can also use standard communications packages like PuTTY to set a direct Telnet or SSH connection to the serial ports refer to the Note below ...

Page 40: ...erver is secure For SSH access to the consoles on devices attached to the console server serial ports you can use SDT Connector Configure SDT Connector with the console server as a gateway then as a host and enable SSH service on Port 3000 serial port i e 3001 3048 Chapter 6 Secure Tunneling has more information on using SDT Connector for SSH access to devices that are attached to the console serv...

Page 41: ...ing RFC2217 enables serial port redirection on that port For RFC2217 the default port address is IP Address _ Port 5000 serial port that is 5001 5048 Special client software is available for Windows UNIX and Linux that supports RFC2217 virtual com ports so a remote host can monitor and manage remote serially attached devices as though they were connected to the local serial port see Chapter 4 6 Se...

Page 42: ... is Power Menu This setting enables the shell power command A user can control the power connection to a Managed Device from command line when they are connected to the device via telnet or ssh To operate the Managed Device must be set up with both its Serial port connection and Power connection configured The command to bring up the power menu is p Single Connection This setting limits the port t...

Page 43: ...onfigure the port and wait for a connection to be made An active connection on a serial device is usually indicated by the Data Carrier Detect DCD pin on the serial device being raised When a connection is detected the getty program issues a login prompt and then invokes the login program to handle the actual system login Note Selecting Terminal Server mode will disable Port Manager for that seria...

Page 44: ... network attached management accesses as covered in Chapter 7 Alerts and Logging you can also configure the console server to support the remote syslog protocol on a per serial port basis Select the Syslog Facility Priority fields to enable logging of traffic on the selected serial port to a syslog server and to appropriately sort and action those logged messages that is redirect them send alert e...

Page 45: ... server settings for example to enabled HTTP Telnet for future access They can also access any of the connected Hosts or serial port devices using any of the services that have been enabled for these connections The Administrator can reconfigure the access services for any Host or serial port Only trusted users should have Administrator access Note For convenience the SDT Connector Retrieve Hosts ...

Page 46: ...k Add User to add a new user Add a Username and a confirmed Password for each new user You may also include information related to the user for example contact details in the Description field Note The User Name can contain from 1 to 127 alphanumeric characters you can also use the special characters _ and There are no restrictions on the characters that you can use in the user Password each can c...

Page 47: ... manage ports The time allowed to re configure increases as the number and complexity increases We recommend that you keep the aggregate number of users and groups under 250 The Administrator can also edit the access settings for any existing users Select Serial Network Users Groups and click Edit for the User to be modified Note For more information on enabling the SDT Connector so each user has ...

Page 48: ...st is a PDU or UPS power device or a server with IPMI power control then specify RPC for IPMI and PDU or UPS and the Device Type The Administrator can then configure these devices and enable which users have permission to remotely cycle power etc refer to Chapter 8 Otherwise leave the Device Type set to None If the console server has been configured with distributed Nagios monitoring enabled then ...

Page 49: ...ocated with a particular Class C network for example 204 15 5 0 connection to the nominated port then you would add the following Trusted Network New Rule Network Address 204 15 5 0 Network Mask 255 255 255 0 If you want to permit only the one user who is located at a specific IP address for example 204 15 5 13 say to connect Network Address 204 15 5 0 Network Mask 255 255 255 255 If however you w...

Page 50: ...ers as Slave units and all the serial ports on the Slave units appear as if they are part of the Master Black Box s clustering connects each Slave to the Master with an SSH connection This uses public key authentication so the Master can access each Slave using the SSH key pair rather than using passwords This ensures secure authenticated communications between Master and Slaves enabling the Slave...

Page 51: ... have been successfully generated Click here to return and the keys will automatically be uploaded to the Master and connected Slaves 4 6 2 Manually generate and upload SSH keys Or if you have an RSA or DSA key pair you can manually upload them to the Master and Slave console servers Note If you already have an RSA or DSA key pair that you do not want to use you will need to create a key pair usin...

Page 52: ...ect System Administration on the Slave s Management Console Browse again to the stored RSA or DSA Public Key and upload it to Slave s SSH Authorized Key Click Apply The next step is to Fingerprint each new Slave Master connection This one time step will validate that you are establishing an SSH session to who you think you are On the first connection the Slave will receive a fingerprint from the M...

Page 53: ...d a short Label for the Slave use a convention here that enables you to effectively manage large networks of clustered console servers and the connected devices Enter the full number of serial ports on the Slave unit in Number of Ports Click Apply This will establish the SSH tunnel between the Master and the new Slave The Serial Network Cascaded Ports menu displays all the Slaves and the port numb...

Page 54: ...configuration file update Also while the Master is in control of all Slave serial port related functions it is not master over the Slave network host connections or over the Slave console server system itself You must access each Slave directly to manage Slave functions such as IP SMTP SNMP Settings Date Time and DHCP server These functions are not overwritten when configuration changes are propag...

Page 55: ...ions that is Serial Port if serially connected or USB if USB connected IP Address if network connected Power PDU outlet details if applicable and any UPS connections Devices such as servers will commonly have more than one power connections for example dual power supplied and more than one network connection for example for BMC service processor All Users can view but not edit these Managed Device...

Page 56: ...e you set up a Network Host designate it as RPC or UPS then go to RPC Connections or UPS Connections to configure the relevant connection A corresponding new Managed Device with the same Name Description as the RPC UPS Host is not created until you complete this connection step refer Chapter 8 Power and Environment Note The outlet names on this newly created PDU will by default be Outlet 1 and Out...

Page 57: ...e configure the serial port designate it as a Device then enter a Name and Description for that device in the Serial Network RPC Connections or UPS Connections or Environmental When applied this will automatically create a corresponding new Managed Device with the same Name Description as the RPC UPS Host refer to Chapter 8 Power and Environment All the outlet names on the PDU will by default be O...

Page 58: ...et up for dial in PPP access the console server will await an incoming dial in connection Set up the remote client dial in software so it can establish a network connection from the Administrator s client modem to the dial in modem on the console server Note The LES1208A LES1216A and LES1248A models all have an internal modem and a DB9 Local Console port for OoB access With these models you can st...

Page 59: ... by editing etc mgetty config files as described in the Chapter 15 Advanced Configuration Check the Enable Dial In Access box Enter the User name and Password to be used for the dial in PPP link In the Remote Address field enter the IP address to be assigned to the dial in client You can select any address for the Remote IP Address It and the Local IP Address must both be in the same network range...

Page 60: ...n the internet sending a username and password to a server where they are compared with a table of authorized users While most common PAP is the least secure of the authentication options CHAP Challenge Handshake Authentication Protocol CHAP is used to verify a user s name and password for PPP Internet connections It is more secure than PAP the other main authentication protocol MSCHAPv2 Microsoft...

Page 61: ...r 6 5 5 1 3 Set up Windows XP 2003 Vista 7 client Open Network Connections in Control Panel and click the New Connection Wizard Select Connect to the Internet and click Next On the Getting Ready screen select Set up my connection manually and click Next On the Internet Connection screen select Connect using a dial up modem and click Next Enter a Connection Name any name you choose and the dial up ...

Page 62: ...DIAL and the Redhat Dialup configuration tool GUI dial program X isp Download Installation Configuration Note For all PPP clients Set the PPP link up with TCP IP as the only protocol enabled Specify that the Server will assign IP address and do DNS Do not set up the console server PPP link as the default for Internet connection 5 2 OoB broadband access The LES1208A LES1216A and LES1248A console se...

Page 63: ...work 1 In this mode Network 2 eth1 is available as the transparent back up port to Network 1 eth0 for accessing the management network Network 2 will automatically and transparently take over the work of Network 1 if Network 1 becomes unavailable for any reason When Network 1 becomes available again it takes over the work again 5 4 Dial Out Failover The console servers can be configured so a dial ...

Page 64: ...ating Select the System Dial menu option and the port to be configured Serial DB9 Port or Internal Modem Port Select the Baud Rate and Flow Control that will communicate with the modem Note You can further configure the console modem port for example to include modem init strings by editing etc mgetty config files as described in Chapter 13 Check the Enable Dial Out box in System Dial and enter th...

Page 65: ... s PC Black Box recommends you use the SDT Connector client software supplied with the console server for this SDT Connector is simple to install and auto configure and it provides all your users with point and click access to all the systems and devices in the secure network With one click SDT Connector sets up a secure SSH tunnel from the client to the selected console server then establishes a ...

Page 66: ...warded inside tunnel 80 HTTP on local LAN forwarded inside tunnel 3389 RDP on local LAN forwarded inside tunnel 5900 VNC on local LAN forwarded inside tunnel 73XX RDP over serial from local LAN where XX is the serial port number that is 7301 to 7348 on a 48 port console server 79XX VNC over serial from local LAN where XX is the serial port number Add the new Users using Serial Network Users Groups...

Page 67: ...o start the client Note SDT Connector is a Java application so it must have a Java Runtime Environment JRE installed You can download this for free from http java sun com j2se It installs on Windows 2000 XP 2003 Vista and 7 PCs and on most Linux platforms Solaris platforms are also supported but they must have Firefox installed SDT Connector can run on any system with Java 1 4 2 and above installe...

Page 68: ...e public IP address of the console server or of the router firewall that connects the console server to the Internet as assigned by the ISP One way to find the public IP address is to access http checkip dyndns org or http www whatismyip com from a computer on the same network as the console server and note the reported IP address Set port forwarding for TCP port 22 through any firewall NAT router...

Page 69: ...rwarded through by SSH to the Host All other services TCP UDP ports will be blocked 6 2 3 Auto configure SDT Connector client with the user s access privileges Each user on the console server has an access profile that was configured with those specific connected hosts and serial port devices the user has authority to access and a specific set of the enabled services for each of these You can uplo...

Page 70: ...and we recommend that you only use this account for initial config and to add an initial admin account to the console server 6 2 4 Make an SDT connection through the gateway to a host Simply point at the host to be accessed and click on the service to use to access that host The SSH tunnel to the gateway is then automatically established the appropriate ports redirected through to the host and the...

Page 71: ...emote site through the on site console server Gateway 6 2 5 Manually adding hosts to the SDT Connector gateway For each gateway you can manually specify the network connected hosts that you will access through that console server and for each host specify the services that you will use to communicate with the host Select the newly added gateway and click the Host icon to create a host that will be...

Page 72: ...HTTP Or select the client to use to access the local endpoint of the redirection Select which Client application is associated with the new service A range of client application options are pre configured in the default SDT Connector RDP client VNC client HTTP browser HTTPS browser Telnet client etc If you want to add new client applications to this range proceed to the next section Adding a new c...

Page 73: ...he RAC web console It automatically loads in a Java client served through the web browser so it does not need to have a local client associated with it On the Add Service screen you can click Add as many times as needed to add multiple new port redirections and associated clients You may also specify Advanced port redirection options Enter the local address to bind to when creating the local endpo...

Page 74: ...tor binds as the local endpoint of the tunnel Note that for UDP services you still need to specify a TCP port under General This will be an arbitrary TCP port that is not in use on the gateway An example of this is the SOL Proxy service It redirects local UDP port 623 to remote UDP port 623 over the arbitrary TCP port 6667 6 2 7 Adding a client program to be started for the new service Clients are...

Page 75: ...dress to which the local endpoint of the redirection is bound that is the Local Address field for the Service redirection Advanced options port is the local port to which the local endpoint of the redirection is bound that is the Local TCP Port field for the Service redirection Advanced options If this port is unspecified that is Any the appropriate randomly selected port will be substituted For e...

Page 76: ... secure SSH tunnel from the remote Client PC to the console server 6 3 SDT Connector to Management Console You can also configure SDT Connector for browser access to the console server s Management Console and for Telnet or SSH access to the command line For these connections to the console server itself you must configure SDT Connector to access the Gateway itself by setting the Gateway console s...

Page 77: ...oll to the bottom and click Apply Administrators by default have gateway access privileges For Users to access the console server Management Console you will need to give those Users the required access privileges Select Users Groups from Serial Network Click Add User Enter a Username Description and Password Confirm Select 127 0 0 1 from Accessible Host s and click Apply 6 4 SDT Connector telnet ...

Page 78: ...t to selected Port for example Port 2 if the target device is attached to the second serial port Make sure the port s serial configuration is appropriate for the attached device Scroll down to Console server Setting and select Console server Mode Check Telnet or SSH and scroll to the bottom and click Apply Select Network Hosts from Serial Network and click Add Host In the IP Address DNS Name field...

Page 79: ...tart and stop the OoB connection You can start an OoB connection by initiating a dial up connection or adding an alternate route to the gateway SDT Connector allows for maximum flexibility It allows you to provide your own scripts or commands for starting and stopping the OoB connection To configure SDT Connector for OoB access When adding a new Gateway or editing an existing Gateway select the Ou...

Page 80: ... using SDT Connector Select the console server and click Out Of Band The status bar will change color to indicate that this console server is now accessed using the OoB link rather than the primary link When you connect to a service on a host behind the console server or to the console server itself SDT Connector will initiate the OoB connection using the provided Start Command The OoB connection ...

Page 81: ...xt add the private part of your SSH key pair this file is typically named id_rsa or id_dsa to SDT Connector Click Edit Preferences Private Keys Add locate the private key file and click OK You do not have to add the public part of your SSH key pair the private key calculates it SDT Connector will now use public key authentication when connecting through the SSH gateway console server You may have ...

Page 82: ...ical interface just as though they were in front of the computer screen at work To set up a secure Remote Desktop connection enable Remote Desktop on the target Windows computer that you want to access and configure the RPD client software on the client PC 6 8 1 Enable Remote Desktop on the target Windows computer to be accessed To enable Remote Desktop on the Windows computer being accessed Open ...

Page 83: ... sessions More than one user can have active sessions on a single computer When the remote user connects to the accessed computer on the console session Remote Desktop automatically locks that computer no other user can access the applications and files When you come back to your computer at work you can unlock it by typing CTRL ALT DEL 6 8 2 Configure the Remote Desktop Connection client Now that...

Page 84: ...a console server located at 192 168 0 50 then you would enter 192 168 0 50 7303 Where there is an SSH tunnel over a dial up PPP connection or over a public internet connection or private network connection simply enter the localhost as the IP address 127 0 0 1 For Port Number enter the source port you created when setting SSH tunneling port forwarding in Section 6 1 6 for example 1234 Click Option...

Page 85: ...ws Me Windows NT 4 0 and Windows 2000 When run this software allows these older Windows platforms to remotely connect to a computer running current Windows B On a Linux or UNIX client PC Launch the open source rdesktop client rdesktop u windows user id p windows password g 1200x950 ms windows terminal server host name option description a Color depth 8 16 24 r Device redirection Redirect sound on ...

Page 86: ...Hat 8 0 or other distributions of Linux download source untar configure make make then install rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http www rdesktop org C On a Macintosh client Download Microsoft s free Remote Desktop Connection client for Mac OS X http www microsoft com mac otherproducts otherproducts aspx pid remotedesktopclien...

Page 87: ...other architectures There is a Windows server allowing you to view the desktop of a remote Windows machine on any of these platforms using exactly the same viewer RealVNC was founded by members of the AT T team who originally developed VNC TightVNC http www tightvnc com is an enhanced version of VNC It has added features such as file transfer performance improvements and read only password support...

Page 88: ...NC software that you can download 6 9 2 Install configure and connect the VNC Viewer VNC is truly platform independent so a VNC Viewer on any operating system can connect to a VNC Server on any other operating system There are Viewers and Servers from a wide selection of sources for example UltraVNC TightVNC or RealVNC for most operating systems There are also a wealth of Java viewers available so...

Page 89: ...ver i e locally or remotely through a VPN or dial in connection and the VNC Host computer is serially connected to the console server enter the IP address of the console server unit with the TCP port that the SDT tunnel will use The TCP port will be 7900 plus the physical serial port number i e 7901 to 7948 so all traffic directed to port 79xx on the console server is tunneled thru to port 5900 on...

Page 90: ...wiki VNC 6 10 Using SDT to IP connect to hosts that are serially attached to the gateway Network IP protocols like RDP VNC and HTTP can also be used for connecting to host devices that are serially connected through their COM port to the console server To do this you must establish a PPP connection Section 6 7 1 between the host and the gateway then set up Secure Tunneling Ports on the console ser...

Page 91: ...lick the New Connection Wizard Select Set up an advanced connection and click Next On the Advanced Connection Options screen select Accept Incoming Connections and click Next Select the Connection Device i e the serial COM port on the Windows computer that you cabled through to the console server By default select COM1 The COM port on the Windows computer should be configured to its maximum baud r...

Page 92: ...ed by the console server For simplicity use the IP address as shown in the illustration above From 169 134 13 1 To 169 134 13 2 Or you can set the advanced connection and access on the Windows computer to use the console server defaults Specify 10 233 111 254 as the From address Select Allow calling computer to specify its own address Also you could use the console server default username and pass...

Page 93: ... null modem connection for the dial in configuration C For earlier version Windows computers follow the steps in Section B above To get to the Make New Connection button For Windows 2000 click Start and select Settings At the Dial Up Networking Folder click Network and Dial up Connections and click Make New Connection You may need to first set up a connection over the COM port using Connect direct...

Page 94: ...files by selecting Serial Network User Groups menu tag as described earlier in Chapter 4 Configuring Serial Ports 6 10 3 Set up SDT Connector to SSH port forward over the console server Serial Port In the SDT Connector software running on your remote computer specify the gateway IP address of your console server and a username password for a user you set up on the console server that has access to...

Page 95: ...en you set it up as the Dial In PPP Server For Internet or local VPN connections connections this will be the console server s public IP address Select the SSH Protocol and the Port will be set as 22 Go to the SSH Tunnels menu and in Add new forwarded port enter any high unused port number for the Source port for example 54321 Set the Destination IP details If your destination device is network co...

Page 96: ...ote host as win2k3 3389 Or you can set the Destination as portXX 3389 where XX is the SDT enabled serial port number For example if port 4 is on the console server is to carry the RDP traffic then specify port04 3389 Note http www jfitz com tips putty_config html has useful examples on configuring PuTTY for SSH tunneling Select Local and click the Add button Click Open to SSH connect the Client PC...

Page 97: ...curity is very important VNC uses a random challenge response system to provide the basic authentication that allows you to connect to a VNC server This is reasonably secure and the password is not sent over the network Once connected all subsequent VNC traffic is unencrypted A malicious user could snoop your VNC session There are also VNC scanning programs available which will scan a subnet looki...

Page 98: ...o maintained as is a history of the status of any attached environmental monitors Some models also log access and communications with network attached hosts and maintain a history of the UPS and PDU power status If port logs are to be maintained on a remote server then configure the access path to this location Section 7 3 Then you need to activate and set the desired levels of logging for each se...

Page 99: ...main com You may also enter a Username and Password if the SMTP server requires authentication You can specify the specific Subject Line that will be sent with the email Click Apply to activate SMTP 7 1 2 SMS alerts The console server uses email to SMS services to send SMS alert notifications to mobile devices Sending SMS via email using SMTP Simple Mail Transfer Protocol is much faster than sendi...

Page 100: ...tain a truncated version of the alert notification message which is contained in full in the body of the email However some SMS gateway service providers require blank subjects or require specific authentication headers to be included in the subject line Click Apply to activate SMTP 7 1 3 SNMP alerts The Administrator can configure the Simple Network Management Protocol SNMP agent that resides on ...

Page 101: ...nning processes etc refer to Chapter 15 5 Modifying SNMP Configuration for more details 7 1 4 Nagios alerts To notify the central Nagios server of Alerts NSCA must be enabled under System Nagios and Nagios must be enabled for each applicable host or port under Serial Network Network Hosts or Serial Network Serial Ports refer to Chapter 10 7 2 Activate Alert Events and Notifications The Alert facil...

Page 102: ...for the Email Recipient s and or the SMS Recipient s to be notified of the alert For multiple recipients enter comma separated addresses Activate SNMP notification if an SNMP trap is to be sent for this event Activate Nagios notification to use it for this event In a SDT Nagios centrally managed environment you can check the Nagios alert option On the trigger condition for matched patterns logins ...

Page 103: ...licable Host or Serial Port or when a Slave connects or disconnects from the applicable UPS and you must specify the applicable connections to Apply Alert To Serial Port Signal Alert This alert will be triggered when the specified signal changes state and applies to serial ports only You must specify the particular Signal Type DSR DCD or CTS trigger condition and the Applicable Ports s Serial Port...

Page 104: ...ronment and power alert type This alert type monitors UPSes RPCs power devices and EMD environmental devices Select Environment and Power Alert to activate Specify which Sensor Type to alert on Temperature Humidity Power Load and Battery Charge Set the levels at which Critical and or Warning alerts are to be sent You can also specify High and or Low Set Points for sending alerts and the Hysteresis...

Page 105: ...rst set no high temp notification will be sent 7 2 4 Configuring alarm sensor alert type You can set an alert on sensor devices that may be attached to any EMD devices connected to the console server Select Alarm Sensor Alert and then set the time windows when these sensors will not be monitored For example for a door open sensor you may not want to deactivate the sensor alert monitoring during th...

Page 106: ...e Logging Level of for each port as Level 0 Turns off logging for the selected port Level 1 Logs all connection events to the port Level 2 Logs all data transferred to and from the port all changes in hardware flow control status and all User connection events Click Apply Note A cache of the most recent 8K of logged data per serial port is maintained locally in addition to the Logs that are transm...

Page 107: ...se you also must set up the level of logging to maintain for each service Specify the logging level to maintain for that particular TDC UDP port service on that particular Host Level 0 Turns off logging for the selected TDC UDP port to the selected Host Level 1 Logs all connection events to the port Level 2 Logs all data transferred to and from the port Click Add then click Apply ...

Page 108: ...server serial port to operate with a serial COM port redirector in the PC as detailed in Chapter 4 Similarly you can control network attached PDUs with a browser for example with SDT as detailed in Chapter 6 3 an SNMP management package or using the vendor supplied control software Servers and network attached appliances with embedded IPMI service processors or BMCs invariably have their own manag...

Page 109: ... presents a list of serial ports and network Host connections that you have set up with device type RPC but have yet to connect to a specific RPC device When you select Connect Via for a Network RPC connection then the corresponding Host Name Description that you set up for that connection will be entered as the Name and Description for the power device Or if you select to Connect Via a Serial con...

Page 110: ...onnected If you are connecting to the RPC via the network you will be presented with the IPMI protocol options and the SNMP RPC Types currently supported by the embedded Network UPS Tools If you are connecting to the RPC by a serial port you will be presented with all the serial RPC types currently supported by the embedded PowerMan and the Black Box power manager ...

Page 111: ... your PDU is not on the default list then you can add support directly as covered in Chapter 14 Advanced Configurations or add the PDU support to either the Network UPS Tools or PowerMan open source projects Configure IPMI service processors and BMCs so that all authorized users can use the Management Console to remotely cycle power and reboot computers even when their operating system is unrespon...

Page 112: ...will be presented with a table of the history and detailed graphical information on the selected RPC Click Manage to query or control the individual power outlet This will take you to the Manage Power screen 8 2 Uninterruptible Power Supply Control UPS You can configure all Black Box console servers to manage locally and remotely connected UPS hardware using Network UPS Tools Network UPS Tools NUT...

Page 113: ...power through the UPS slaves to monitor the UPS status and take appropriate action such as shutdown when the UPS battery is low The console server may or may not be drawing power itself through the Managed UPS When the UPS s battery power reaches critical the console server signals and waits for slaves to shut down then powers off the UPS Serial and network connected UPSes must first be connected ...

Page 114: ...s etc required by the UPS refer to Chapter 4 1 1 Common Settings Then select UPS as the Device Type For each network connected UPS go to the Serial Network Network Hosts menu and configure the UPS as a connected Host by specifying it as Device Type UPS and clicking Apply No such configuration is required for USB connected UPS hardware Select the Serial Network UPS Connections menu The Managed UPSe...

Page 115: ...r device Or if you selected to Connect Via a USB or serial connection then you will need to enter a Name and Description for the power device and these details will also be used to create a new Managed Device entry for the serial USB connected UPS devices Enter the login details This Username and Password is used by slaves of this UPS that is other computers that are drawing power through this UPS...

Page 116: ...nitored using Nagios central management Check Enable Shutdown Script if this is the UPS providing power to the console server itself and if a critical power failure occurs you can perform any last gasp actions on the console server before power is lost Place a custom script in etc config scripts ups shutdown you may use the provided etc scripts ups shutdown as a template This script only runs when...

Page 117: ...t these remote sites would enable the system manager to centrally monitor the status of the power supplies at all sites and centralize alarms So he she can be warned to initiate a call out or shut down Check Log Status and specify the Log Rate minutes between samples if you want the status from this UPS to be logged You can view these logs from the Status UPS Status screen Check Enable Shutdown Sc...

Page 118: ...ame of the Managed UPS password is the Password of the Manager UPS There are NUT monitoring clients available for Windows computers WinNUT If you have an RPC PDU you can shut down UPS powered computers and other equipment if if the they don t have a client running for example communications and surveillance gear Set up a UPS alert and using this to trigger a script that controls a PDU to shut off ...

Page 119: ...og Status checked The information is also presented graphically 8 2 6 Overview of Network UPS Tools NUT NUT is built on a networked model with a layered scheme of drivers server and clients Configure NUT using the Management Console as described above or configure the tools and manage the UPSes directly from the command line This section provides an overview of NUT You can find full documentation ...

Page 120: ...ough the UPS to shutdown gracefully when the battery power reaches critical There are also logging clients upslog and third party interface clients Big Sister Cacti Nagios Windows and more Refer www networkupstools org client projects The latest release of NUT 2 4 also controls PDU systems It can do this either natively using SNMP or through a binding to Powerman open source software from Livermor...

Page 121: ...re and one humidity sensor and one or two general purpose status sensors that you can connect to a smoke detector water detector vibration or open door sensor Using the Management Console Administrators can view the ambient temperature in C and humidity percentage and set the EMD to automatically send alarms progressively from warning levels to critical alerts Vibration sensor Motion detector Airf...

Page 122: ...5 UTP cable up to 33 feet 10 meters long Screw the bare wires on any smoke detector water detector vibration sensor open door sensor or general purpose open close status sensors into the terminals on the EMD Note You can attach two external sensors onto the terminals on EMDs that are connected to LES1108A LES1116A and LES1148A console servers LES1208A LES1216A and LES1248A console servers only sup...

Page 123: ... the status from this EMD These logs can be views from the Status Environmental Status screen Click Apply This will also create a new Managed Device with the same name 8 3 2 Environmental alerts You can now set temperature humidity and probe status alerts using Alerts Logging Alerts refer to Chapter 7 8 3 3 Environmental status You can monitor the current status of all EMDs and their probes Select...

Page 124: ..._____________________________________________________________________ 724 746 5500 blackbox com Page 124 ...

Page 125: ...d OpenSSH to establish a secure Administration connection to the console server 9 1 Authentication Configuration Authentication can be performed locally or remotely using an LDAP Radius or TACACS authentication server The default authentication method for the console server is Local Any authentication method that is configured will be used for authentication of any user who attempts to log in thro...

Page 126: ...ou can also enter separate lists of Authentication Authorization servers and Accounting servers If no Accounting servers are specified the Authentication Authorization servers are used instead Enter the Server Password Click Apply TACAS remote authentication will now be used for all user access to console server and serially or network attached devices TACACS The Terminal Access Controller Access ...

Page 127: ...er separate lists of Authentication Authorization servers and Accounting servers If no Accounting servers are specified the Authentication Authorization servers are used instead Enter the Server Password Click Apply RADIUS remote authentication will now be used for all user access to console server and serially or network attached devices RADIUS The Remote Authentication Dial In User Service RADIU...

Page 128: ...sed for all user access to console server and serially or network attached devices LDAP The Lightweight Directory Access Protocol LDAP is based on the X 500 standard but is significantly simpler and more readily adapted to meet custom needs The core LDAP specifications are all defined in RFCs LDAP is a protocol used to access information stored in an LDAP server You can find further information on...

Page 129: ...liance If a no local AAA option is selected then root will still be authenticated locally You can add remote users to the admin group via either RADIUS or TACACS Users may have a set of authorizations set on the remote TACACS server Users automatically added by RADIUS will have authorization for all resources whereas those added locally will still need their authorizations specified LDAP has not b...

Page 130: ... over AAA Users may be granted Administrator rights via networked AAA For TACACS a priv lvl of 12 of above indicates an Administrator For RADIUS Administrators are indicated via the Framed Filter ID See the example configuration files below for example Authorization via TACACS for both serial ports and host access Permission to access resources may be granted via TACACS by indicating a Black Box A...

Page 131: ...owser may respond with a message that verifies the security certificate is valid but notes that it is not necessarily verified by a certifying authority To proceed you need to click yes if you are using Internet Explorer or select accept this certificate permanently or temporarily if you are using Mozilla Firefox You will then be prompted for the Administrator account and password as normal We rec...

Page 132: ... code for example DE for Germany or US for the USA Note Enter the country code in CAPITAL LETTERS Email The email address of a contact person that is responsible for the console server and its security Challenge Password Some certification authorities require a challenge password to authorize later changes on the certificate for example revocation of the certificate The password must be at least 4...

Page 133: ...746 5500 blackbox com Page 133 After completing these steps the console server has its own certificate that is used for identifying the console server to its users Note You can find information on issuing certificates and configuring HTTPS from the command line in Chapter 15 ...

Page 134: ...ive customizable distributed monitoring Even if distributed monitoring is not required the console servers can be deployed locally alongside the Nagios monitoring host server to provide additional diagnostics and points of access to managed devices SDT for Nagios extends the capabilities of the central Nagios server beyond monitoring enabling it to be used for central management tasks It incorpora...

Page 135: ... send warning e mails pager or SMS alerts when a service failure or degradation is detected Assign contact groups who are responsible for specific services in specific time frames 10 2 Central management and setting up SDT for Nagios The Black Box Nagios solution has three parts the Central Nagios server Distributed Black Box console servers and the SDT for Nagios software Central Nagios server A ...

Page 136: ...0 2 1 Set up central Nagios server SDT for Nagios requires a central Nagios server running Nagios 2 x or 3 x Nagios 1 x is not supported The Nagios server software is available for most major distributions of Linux using the standard package management tools Your distribution will have documentation available on how to install Nagios This is usually the quickest and simplest way to get up and runn...

Page 137: ...erver Enter the IP address that the distributed Black Box console server will use to contact the central Nagios server in Nagios Server Address Enter the IP address that the clients running SDT Connector will use to connect through the distributed Black Box servers in SDT Gateway address Check Prefer NRPE NRPE Enabled and NRPE Command Arguments Check NSCA Enabled choose an NSCA Encryption Method a...

Page 138: ...r Common Settings are correct and match the attached router s console port Click Console server Mode and select Logging Level 1 Check Telnet SSH access is not required as SDT Connector is used to secure the otherwise insecure Telnet connection Scroll down to Nagios Settings and check Enable Nagios Check Port Log and Serial Status Click Apply Now you can set the console server to send alerts to the...

Page 139: ... monitor must have Nagios enabled and any specific Nagios checks configured Configure the central upstream Nagios monitoring host 10 3 1 Enable Nagios on the console server Select System Nagios on the console server Management Console and tick the Nagios service Enabled Enter the Nagios Host Name that the Console server will be referred to in the Nagios central server this will be generated from l...

Page 140: ...n example below for details about how to configure specific NRPE checks By default the console server will accept a connection between the upstream Nagios monitoring server and the NRPE server with SSL encryption without SSL or tunneled through SSH The security for the connection is configured at the Nagios server 10 3 3 Enable NSCA monitoring NSCA is the mechanism that allows you to send passive ...

Page 141: ... monitors the data logged for the serial port 10 3 5 Configure Selected Network Hosts for Nagios Monitoring The individual Network Hosts connected to the console server that you want to monitor must also be configured for Nagios checks Select Serial Network Network Port and click Edit on the Network Host you want to monitor Select Enable Nagios specify the name of the device as it will appear on t...

Page 142: ... If NRPE is enabled then the upstream server will be able to request status updates under its own scheduling 10 4 Advanced Distributed Monitoring Configuration 10 4 1 Sample Nagios configuration An example configuration for Nagios is listed below It shows how to set up a remote Console server to monitor a single host with both network and serial connections For each check it has two configurations...

Page 143: ...nd check_serial_status define service service_description serial signals server host_name server use generic service check_command check_serial_status active_checks_enabled 0 passive_checks_enabled 1 define servicedependency name Black Box_nrpe_daemon_dep host_name Black Box dependent_host_name server dependent_service_description Serial Status service_description NRPE Daemon execution_failure_cri...

Page 144: ...on execution_failure_criteria w u c Ping define command command_name check_ping_via_Black Box command_line USER1 check_nrpe H 192 168 254 147 p 5666 c host_ping_ HOSTNAME define service service_description Host Ping host_name server use generic service check_command check_ping_via_Black Box define service service_description host ping server host_name server use generic service check_command check...

Page 145: ...x_nrpe_daemon_dep host_name Black Box dependent_host_name server dependent_service_description SSH Port service_description NRPE Daemon execution_failure_criteria w u c 10 4 2 Basic Nagios plug ins Plug ins are compiled executables or scripts that can be scheduled to run on the console server to check the status of a connected host or service This status is then communicated to the upstream Nagios...

Page 146: ...eck_ssh check_ssmtp check_swap check_tcp check_time check_udp check_ups check_user You can download these plug ins from the Nagios plug ins package from www blackbox com You can also download and run bash scripts primarily check_log sh To configure additional checks save the downloaded plug in program in the tftp addins directory on the USB flash and save the downloaded text plug in file in etc co...

Page 147: ... be avoided by setting up an SSH session to the console server and tunneling the NRPE port This allows the NRPE daemon to run securely without SSL encryption because SSH will provide the security When the console server submits NSCA results it staggers them over a certain time period for example 20 checks over 10 minutes will result in two check results every minute Staggering the results like thi...

Page 148: ...erver will perform checks based on both serial and network access Remote site with restrictive firewall In this scenario the role of the console server will vary One aspect may be to upload check results through NSCA Another may be to provide an SSH tunnel to allow the Nagios server to run NRPE commands PC running NAGIOS Hosts Network checks over Ethernet Serial checks over RS 232 Power monitoring...

Page 149: ... In this scenario the console server allows dial in access for the Nagios server Periodically the Nagios server will establish a connection to the console server and execute any NRPE commands before dropping the connection SSH travel initiated for remote site NRPE server at branch server s request Internet Console server PC running NAGIOS ...

Page 150: ...e System IP Address Chapter 3 3 Setting the permitted Services by which to access the gateway Chapter 3 4 Setting up OoB Dial in Chapter 5 Configuring the Dashboard Chapter 12 11 1 System Administration and Reset The Administrator can reboot or reset the gateway to default settings A soft reset is affected by Selecting Reboot in the System Administration menu and clicking Apply The console server ...

Page 151: ...er the default administration username and administration password Username root Password default 11 2 Upgrade Firmware Before upgrading make sure you are already running the most current firmware in your gateway Your console server will not allow you to upgrade to the same or an earlier version The Firmware version is displayed in each page s header Or select Status Support Report and note the Fi...

Page 152: ...og and NFS logging use the system time for time stamping log entries while certificate generation depends on a correct Timestamp to check the validity period of the certificate Select the System Date Time menu option Manually set the Year Month Day Hour and Minute using the Date and Time selection boxes then click Apply The gateway can synchronize its system time with a remote time server using th...

Page 153: ...n Note You can also back up the configuration files from the command line refer to Chapter 14 With all console servers you can save the backup file remotely on your PC and you can restore configurations from remote locations Click Save Backup in the Remote Configuration Backup menu The config backup file System Name_date_config opg will be downloaded to your PC and saved in the location you nomina...

Page 154: ...r console server If there are multiple USB devices installed you will be warned to remove them To backup to the USB enter a brief Description of the backup in the Local Configuration Backups menu and select Save Backup The Local Configuration Backup menu will display all the configuration backup files you have stored onto the USB flash To restore a backup from the USB simply select Restore on the ...

Page 155: ...ctory defaults as per section 11 1 of the user manual If the configuration is stored on an internal USB storage device reset it to factory defaults using a specially prepared USB storage device o The USB storage device must be formatted with a Windows FAT32 VFAT file system on the first partition or the entire disk most USB thumb drives are already formatted this way o The file system must have th...

Page 156: ...e Users Statistics Support Reports Syslog Dashboard Other status reports that are covered elsewhere include UPS Status Chapter 8 2 RPC Status Chapter 8 1 Environmental Status Chapter 8 3 12 1 Port Access and Active Users The Administrator can see which Users have access privileges with which serial ports Select the Status Port Access The Administrator can also see the current status as to Users wh...

Page 157: ...nd detailed statistics reports by selecting the various submenus 12 3 Support Reports The Support Report provides useful status information that will assist the Black Box Technical Support team to solve any problems you may experience with your console server If you do experience a problem and have to contact tech support make sure you include the Support Report with your email support request The...

Page 158: ...Server Address and Syslog Server Port details and click Apply The console maintains a local Syslog To view the local Syslog file Select Status Syslog To make it easier to find information in the local Syslog file use the provided pattern matching filter tool Specify the Match Pattern that you want to search for for example the search for mount is shown below and click Apply The Syslog will then be...

Page 159: ...e is a dashboard layout configured for John then you will see the dashboard for John upon log in and each time you click on the Status Dashboard menu item If there is no dashboard layout configured for John but there is an admin group dashboard configured then you will see the admin group dashboard instead If there is no user dashboard or admin group dashboard configured then you will see the defa...

Page 160: ... is deleted the corresponding XML files that belong to that alert are also deleted To configure what is to be displayed by each widget Go to the Configure widgets panel and configure each selected widget for example specify which UPS status is to be displayed on the ups widget or the maximum number of Managed Devices to be displayed in the devices widget Click Apply Note Dashboard configuration is...

Page 161: ...script and display the output of the script commands directly on the screen inside the specific widget The best way to format the output would be to send HTML commands back to the browser by adding echo commands in the script echo table You can of course run any command and its output will be displayed in the widget window directly Below is an example script that writes the current date to a file ...

Page 162: ...evice Management To display the Managed Devices and their associated serial network and power connections Select Manage Devices The Administrator will be presented with a list of all configured Managed Devices whereas the User will only see the Managed Devices they or their Group has been given access privileges for Select Serial Network or Power for a view of the specific connections The user can...

Page 163: ...age Port Logs and the serial Port to be displayed To display Host logs select Manage Host Logs and the Host to be displayed 13 3 Serial Port Terminal Connection Administrator and Users can communicate directly with the console server command line and with devices attached to the console server serial ports using SDT Connector and their local tenet client or use a java terminal in their browser Sel...

Page 164: ...RE compatibility issues that may prevent it from loading Select Manage Terminal The jcterm java applet is downloaded from the console server to your browser and the virtual terminal will be displayed Select File Open SHELL Session from the jcterm menu to access the command line using SSH To access the console server s command line enter its TCP address e g 192 168 254 198 as hostname and the Usern...

Page 165: ... Accessing config from the command line The console server runs a standard Linux kernel and embeds a suite of open source applications If you do not want to use a browser and the Management Console tools you can configure the console server and manage connected devices from the command line using standard Linux and Busybox commands and applications such as ifconfig gettyd stty powerman nut etc Wit...

Page 166: ... activate the new configuration by running the relevant configurator that performs the action needed to make the configuration changes live The custom user configuration is saved in the etc config config xml file This file is transparently accessed and edited when configuring the device using the Management Console browser GUI Only the user root can configure from the shell By default the config e...

Page 167: ...file Save active configuration to file i import file Load configuration from file t test import file Pretend to load configuration from file S separator char The pattern to separate fields with default is P password id Prompt user for a value Hash the value then save it in id The registered configurators are alerts auth cascade console dhcp dialin eventlog hosts ipaccess ipconfig nagios power seri...

Page 168: ...ced Configuration 14 2 Serial Port configuration The first set of configurations you need to make to any serial port are the RS 232 common settings For example setup serial port 5 to use the following properties Baud Rate 9600 Parity None Data Bits 8 Stop Bits 1 label Myport log level 0 protocol RS232 flow control None To do this use the following commands config s config ports port5 speed 9600 co...

Page 169: ...led TCP access Enabled telnet access Disabled Unauthorized telnet access Disabled config s config ports port5 delay 100 config s config ports port5 escapechar config s config ports port5 loglevel 2 config s config ports port5 powermenu on config s config ports port5 rfc2217 on config s config ports port5 singleconn on config s config ports port5 ssh on config s config ports port5 tcp on config d c...

Page 170: ... port 5 config s config ports port5 mode bridge Optional configurations for the network address of RFC 2217 server of 192 168 3 3 and TCP port used by the RFC 2217 service 2500 config s config ports port5 bridge address 192 168 3 3 config s config ports port5 bridge port 2500 To enable RFC 2217 access config s config ports port5 bridge rfc2217 on To redirect the serial bridge over an SSH tunnel to...

Page 171: ... P parameter will prompt the user for a password and encrypt it You can encrypt the value of any config element using the P parameter but only encrypted user passwords and system passwords are supported If any other element value were to be encrypted the value will become inaccessible and will have to be reset To add this user to specific groups admin users config s config users user2 groups group...

Page 172: ...removing user Groups The console server is configured with a few default user groups even though only two of these groups are visible in the Management Console GUI To find out how many groups are already present config g config groups total Assume this value is six Make sure you number any new groups you create from seven and up To add a custom group to the configuration with Group name Group7 Gro...

Page 173: ...n To change the type of authentication for the console server config s config auth type authtype authtype can be Local LocalTACACS TACACS TACACSLocal TACACSDownLocal LocalRADIUS RADIUS RADIUSLocal RADIUSDownLocal LocalLDAP LDAP LDAPLocal LDAPDownLocal To configure TACACS authentication config s config auth tacacs auth_server comma separated list list of remote authentiction and authorization serve...

Page 174: ...RPC network host with the following details IP address DNS name 192 168 2 5 Host name remoteUPS Description UPSroom3 Type UPS Allowed services ssh port 22 and https port 443 Log level for services 0 Issue the commands below config s config sdt hosts host4 address 192 168 2 5 config s config sdt hosts host4 name remoteUPS config s config sdt hosts host4 description UPSroom3 config s config sdt host...

Page 175: ...ice2 name OfficePC config s config devices device2 description MyPC config s config devices total 2 The following command will synchronize the live system with the new configuration config hosts 14 7 Trusted Networks You can further restrict remote access to serial ports based on the source IP address To configure this via the command line you need to do the following Determine the total number of...

Page 176: ...LI then the master SSH public key will need to be manually copied to every slave device before cascaded ports will work refer Chapter 4 The following command will synchronize the live system with the new configuration config r cascade 14 9 UPS Connections Managed UPSes Before adding a managed UPS make sure that at least 1 port has been configured to run in device mode and that the device is set to...

Page 177: ...s connection1 name My UPS config s config devices device3 connections connection1 type UPS Unit config s config devices device3 name My UPS config s config devices device3 description UPS in toom 5 config s config devices total 3 To delete this managed UPS config d config ups monitors monitor1 Decrement monitors total when deleting a managed UPS Remote UPSes To add a remote UPS with the following ...

Page 178: ...ports port2 power snmp community v1 config s config ports port2 power log enabled on config s config ports port2 power log interval 600 config s config ports port2 power outlets 4 The following five commands are used by the Management Console to add the RPC to Managed Devices config s config devices device3 connections connection1 name myRPC config s config devices device3 connections connection1 ...

Page 179: ...nvi4 config s config devices device5 connections connection1 type EMD Unit config s config devices device5 name Envi4 config s config devices device5 description Monitor in room 5 config s config devices total 5 The following command will synchronize the live system with the new configuration config a 14 12 Managed Devices To add a managed device also see UPS RPC connections and Environmental conf...

Page 180: ...oint for storing on a remote USB device is var run portmanager logdir The following command will synchronize the live system with the new configuration config a 14 14 Alerts You can add an email SNMP or NAGIOS alert by following the steps below The general settings for all alerts Assume this is our second alert and we want to send alert emails to john Black Box com and sms s to peter Black Box com...

Page 181: ...host 192 168 0 50 power status changes between on line on battery and low battery config s config alerts alert2 sensor temp config s config alerts alert2 signal DSR config s config alerts alert2 type ups config s config alerts alert2 ups1 myUPS localhost config s config alerts alert2 ups2 thatUPS 192 168 0 50 Environmental and Power Sensor Alert config s config alerts alert2 enviro high critical c...

Page 182: ...alerts alert2 type enviro Alarm Sensor Alert To set an alert for doorAlarm and windowAlarm that are two alarms connected to an environmental sensor called SensorInRoom3 Both alarms are disabled on Mondays from 8 15 am to 2 30 pm config s config alerts alert2 alarm1 SensorInRoom3 alarm1 doorAlarm config s config alerts alert2 alarm1 SensorInRoom3 alarm2 windowAlarm config s config alerts alert2 ala...

Page 183: ...agent on the device config s config system snmp protocol UDP TCP config s config system snmp trapport port number default is 162 config s config system snmp address NMS IP network address config s config system snmp commnity community name v1 and v2c only config s config system snmp engineid ID v3 only config s config system snmp username username v3 only config s config system snmp password passw...

Page 184: ...g system bridge enabled on To enable IPv6 for all interfaces config s config system ipv6 enabled on To configure the management LAN interface use the same commands as above but replace config interfaces wan with config interfaces lan Note Not all devices have a management LAN interface To configure a failover device in case of an outage config s config interfaces wan failover address1 ip address c...

Page 185: ...ddress 172 24 1 2 Authentication Type MSCHAPv2 Serial Port Baud Rate 115200 Serial Port Flow Control Hardware Custom Modem Initialization ATQ0V1H0 Callback phone 0800223665 User to dial as user1 Password for user secret Run the following commands config s config console ppp localip 172 24 1 1 config s config console ppp remoteip 172 24 1 2 config s config console ppp auth MSCHAPv2 config s config ...

Page 186: ...config interfaces lan dhcpd defaultlease 200000 config s config interfaces lan dhcpd maxlease 300000 config s config interfaces lan dhcpd dns1 192 168 2 3 config s config interfaces lan dhcpd dns2 192 168 2 4 config s config interfaces lan dhcpd domain company com config s config interfaces lan dhcpd gateway 192 168 0 1 config s config interfaces lan dhcpd pools pool1 start 192 168 0 20 config s c...

Page 187: ...dress 192 168 0 1 IP to find this device at NAGIOS server address 192 168 0 10 upstream NAGIOS server Enable SDT for NAGIOS ext Enabled SDT gateway address 192 168 0 1 defaults to host address Prefer NRPE over NSCA Disabled defaults to Disabled config s config system nagios enabled on config s config system nagios name les1116 config s config system nagios address 192 168 0 1 config s config syste...

Page 188: ...un as Group1 defaults to nobody config s config system nagios nsca enabled on config s config system nagios nsca encryption BLOWFISH config s config system nagios nsca secret secret config s config system nagios nsca interval 2 config s config system nagios nsca port 5650 config s config system nagios nsca user User1 config s config system nagios nsca group Group1 Then synchronize the live system ...

Page 189: ... to perform advanced and custom management tasks using Black Box commands Linux commands and the open source tools embedded in the console server portmanager serial port management raw data access to the ports and modems iptables modifications and updating IP filtering rules modifying SNMP with net snmpd public key authenticated SSH communications SSL configuring HTTPS and issuing certificates usi...

Page 190: ...ipt to run instead The code that does this check is shown below an extract from the file etc scripts portmanager pattern alert If there s a user configured script run it instead scripts 0 etc config scripts pattern alert ALERT_PORTNAME scripts 1 etc config scripts portmanager pattern alert for i 0 i scripts i do if f scripts i then exec bin sh scripts i fi done This code shows that there are two a...

Page 191: ...cled every time the console reads the EMERGENCY character stream on port 2 15 1 4 Example script Multiple email notifications on each alert If you want to send more than one email when an alert triggers you have to create a replacement script using the method described above and add the appropriate lines to your new script Currently there is a script etc scripts alert email that runs from within a...

Page 192: ...syntax to run the script is delete node node name To remove user 3 delete node config users user3 The delete node script bin bash User must provide the node to be removed e g config users user1 Usage delete node full node path if 1 then echo Wrong number of arguments echo Usage delnode full delimited node path exit 2 fi test for spaces TEMP echo 1 sed s N if TEMP N then echo Wrong input format ech...

Page 193: ... e g config sdt hosts then echo deleting 1 config d 1 echo Done exit 0 elif NUMBER TOTAL Test if only one item exists then echo only one item exists Deleting node echo Deleting 1 config d 1 Modifying item total config s TOTALNODE 0 echo Done exit 0 elif NUMBER lt TOTAL more than one item exists then Modify the users list so user numbers are sequential by shifting the users into the gap one at a ti...

Page 194: ...arded as a command to run whenever the ping to the host fails ping detect can run any number of commands Below is an example using ping detect to power cycle an RPC PDU outlet whenever a specific host fails to respond to a ping request The ping detect runs from etc config rc local to make sure that the monitoring starts whenever the system boots Suppose we have a serially controlled RPC connected ...

Page 195: ...to run any number of commands when a specific host stops responding to ping requests Here are details of the ping detect script itself bin sh Usage ping detect HOST COMMANDS This script takes 2 types of arguments hostname IPaddress to ping and the commands to run if the ping fails 5 times in a row This script can only take one host IPaddress per instance Multiple independent commands can be sent t...

Page 196: ... You can then add any commands to the custom script and they will be invoked after the configurator runs The custom scripts must be in the correct location etc config scripts config post To create an alerts custom script cd etc config scripts touch config post alerts vi config post alerts You could use this script to recover a specific backup config or overwrite a config or make copies of config f...

Page 197: ...9 Backing up the configuration off box If you do not have a USB port on your console server you can back up the configuration to an off box file Before backing up you need to arrange a way to transfer the backup off box This could be via an NFS share a Samba Windows share to USB storage or copied off box via the network If backing up directly to off box storage make sure it is mounted tmp is not a...

Page 198: ...ection to serial ports checks permissions and monitors and logs all the data flowing to from the ports 15 2 1 Portmanager commands pmshell The pmshell command acts similar to the standard tip or cu commands but all serial port access is directed via the portmanager Example To connect to port 8 via the portmanager pmshell l port08 pmshell Commands Once connected the pmshell command supports a subse...

Page 199: ...is actively connected to ports 1 and 2 while user2 is connected to both ports 1 and 8 portmanager daemon There is normally no need to stop and restart the daemon To restart the daemon normally just run the command portmanager Supported command line options are Force portmanager to run in the foreground nodaemon Set the level of debug logging loglevel debug info warn error alert Change which config...

Page 200: ...PORT 1 USER 2 echo Welcome to port PORT USER etc config pmshell start sh The return value from the script controls whether the user is accepted or not if 0 is returned or nothing is done on exit as in the above script the user is permitted otherwise the user is denied access Here is a more complex script which reads from configuration to display the port label if available and denies access to the...

Page 201: ...ndard modem initialization string either use the Management Console refer Chapter 5 or the command line config tool refer to Dial In Configuration Chapter 14 Enabling Boot Messages on the Console If you are not using a modem on the DB9 console port and instead want to connect to it directly via a Null Modem cable enable verbose mode which allows you to see the standard linux start up messages Foll...

Page 202: ...es policy OUTPUT ACCEPT Allow responses to outbound connections back in iptables append INPUT match state state ESTABLISHED RELATED jump ACCEPT Explicitly accept any connections from computers on 192 168 10 0 24 iptables append INPUT source 192 168 10 0 24 jump ACCEPT There s good documentation about using the iptables command at the Linux netfilter website http netfilter org documentation index h...

Page 203: ...ervers are added manually using config Log in to the console server s command line shell as root or an admin user Refer back to the Management Console UI or user documentation for descriptions of each field To set the Manager Protocol field config set config system snmp protocol2 UDP or config set config system snmp protocol2 TCP To set the Manager Address field config set config system snmp addre...

Page 204: ... catastrophic consequences It leaves the door open for eavesdropping connection hijacking and other network level attacks Secure Shell SSH is a program to log into another computer over a network to execute commands in a remote machine and to move files from one machine to another It provides strong authentication and secure communications over insecure channels OpenSSH the de facto open source SS...

Page 205: ...sed for For example mkdir keys ssh keygen t rsa Generating public private rsa key pair Enter file in which to save the key home user ssh id_rsa home user keys control_room Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in home user keys control_room Your public key has been saved in home user keys control_room pub The key fingerprint is 28 a...

Page 206: ...mand on the linux unix computer scp ssh id_dsa pub root 192 168 0 1 etc config users fred ssh authorized_keys The authorized_keys file on the console server needs to be owned by fred so login to the Management Console as root and type chown fred etc config users fred ssh authorized_keys If the Black Box device selected to be the server will only have one client device then the ssh rsa AAAB3NzaC1yc...

Page 207: ...ion 1 http www openbsd org cgi bin man cgi query sshd 15 6 5 Generating public private keys for SSH Windows This section describes how to generate and configure SSH keys using Windows First create a new user from the Black Box Management the following example uses a user called testuser making sure it is a member of the users group If you do not already have a public private key pair you can gener...

Page 208: ...on Follow the instruction to move the mouse over the blank area of the program in order to create random data used by PUTTYGEN to generate secure keys Key generation will occur once PUTTYGEN has collected sufficient random data Create a new file authorized_keys with notepad and copy your public key data from the Public key for pasting into OpenSSH authorized_keys file section of the PuTTY Key Gene...

Page 209: ...ngerprints are stored in ssh known_hosts To receive the fingerprint from the remote server log in to the client as the required user usually root and establish a connection to the remote host ssh remhost The authenticity of host remhost 192 168 0 1 can t be established RSA key fingerprint is 8d 11 e0 7e 8a 6f ad f1 94 0f 93 fc 7c e6 ef 56 Are you sure you want to continue connecting yes no At this...

Page 210: ...r is set up in Serial Bridging Mode with the Server Address and Server TCP Port 4000 port for RAW or 5000 port for RFC2217 specified Select SSH Tunnel when configuring the Serial Bridging Setting Next you will need to set up SSH keys for each end of the tunnel and upload these keys to the Server and Client console servers Client Keys The first step in setting up ssh tunnels is to generate keys Ide...

Page 211: ... user ssh id_ rsa dsa Your public key has been saved in home user ssh id_ rsa dsa pub The key fingerprint is 28 aa 29 38 ba 40 f4 11 5e 3f d4 fa e5 36 14 d6 user server It is advisable to create a new directory to store your generated keys It is also possible to name the files after the device they will be used for For example mkdir keys ssh keygen t rsa Generating public private rsa key pair Ente...

Page 212: ...lic and private keys are in the correct spot 15 6 8 SDT Connector Public Key Authentication SDT Connector can authenticate against a console servers using your SSH key pair rather than requiring you to enter your password i e public key authentication To use public key authentication with SDT Connector you must first create an RSA or DSA key pair using ssh keygen PuTTYgen or a similar tool and add...

Page 213: ...e networks More documentation on OpenSSL is available from http www openssl org docs apps openssl html http www openssl org docs HOWTO certificates txt 15 8 HTTPS The Management Console can be served using HTTPS by running the webserver via sslwrap The server can be launched on request using inetd The HTTP server provided is a slightly modified version of the fnord httpd from http www fefe de fnor...

Page 214: ...rt pem root address of unit etc config PuTTY and the PSCP utility can be downloaded from http www chiark greenend org uk sgtatham putty download html More detailed documentation on the PSCP can be found http the earth li sgtatham putty 0 58 htmldoc Chapter5 html pscp 15 8 4 Launching the HTTPS Server Note that the easiest way to enable the HTTPS server is from the web Management Console Simply cli...

Page 215: ...ch time this option is used powermand queries the appropriate RPC s Targets connected to RPC s that could not be contacted e g due to network failure are reported as status unknown If possible output will be compressed into host ranges n node Query node power status of targets if implemented by RPC If no targets specified query all targets In this context a node in the OFF state could be ON at the...

Page 216: ...n your shell you might need to enclose ranged lists within quotes For example in tcsh the last example above should be executed as powerman on foo 0 4 5 15 9 2 The pmpower tool The pmpower utility is a high level tool for manipulating remote preconfigured power devices connected to the console server either via a serial or network connection The PDU UPS and IPMI power devices are variously control...

Page 217: ...he configuration also looks for and loads etc config powerstrips xml if it exists The user can add their own support for more devices by putting definitions for them into etc config powerstrips xml This file can be created on a host system and copied to the Management Console device using scp Alternatively login to the Management Console and use ftp or wget to transfer files Here is a brief descri...

Page 218: ...latform management and its primary purpose is to handle the autonomous sensor monitoring and event logging features The ipmitool program provides a simple command line interface to this BMC It features the ability to read the sensor data repository SDR and print sensor values display the contents of the System Event Log SEL print Field Replaceable Unit FRU inventory information read and set LAN co...

Page 219: ...28 encryption algorightms E The remote server password is specified by the environment variable IPMI_PASSWORD f password_file Specifies a file containing the remote server password If this option is absent or if password_file is empty the password will default to NULL h Get basic usage help from the command line H address Remote server address can be IP address or hostname This option is required ...

Page 220: ...urther we strongly advise that you do not enable IPMI for remote access without setting a password and that that password should not be the same as any other password on that system When an IPMI password is changed on a remote machine with the IPMIv1 5 lan interface the new password is sent across the network as clear text This could be observed and then used to attack the remote system We recomme...

Page 221: ...vides a development kit that allows changes to be made to the software in console server firmware image The customer can use the CDK to generate a firmware image without certain programs such as telnet which may be banned by company policy generate an image with new programs such as custom Nagios plug in binaries or company specific binary utilities generate an image with custom defaults e g it ma...

Page 222: ... username to the list of connected users for that port each time it sees LOGOUT username it removes it from the list The list can then be nicely formatted and displayed You can run the script on the remote log server To enable log storage and connection logging Select Alerts Logging Port Log Configure log storage Select Serial Network Serial Port Edit the serial port s Under Console server select ...

Page 223: ...fault build tree The Administrator can use these to configure the console server and monitor and manage attached serial console and host devices addgroup Add a group or add an user to a group adduser Add an user agetty alternative Linux getty arp Manipulate the system ARP cache arping Send ARP requests replies bash GNU Bourne Again Shell busybox Swiss army knife of embedded Linux commands cat Conc...

Page 224: ...filtering and NAT ip6tables Administration tool for IPv6 packet filtering iptables restore Restore IP Tables iptables save Save IP Tables kill Send a signal to a process to end gracefully ln Make links between files login Begin session on the system loopback Black Box loopback diagnostic command loopback1 Black Box loopback diagnostic command loopback2 Black Box loopback diagnostic command loopbac...

Page 225: ...ory reboot Soft reboot rm Remove files or directories rmdir Remove empty directories routed Show or manipulate the IP routing table routed Show or manipulate the IP routing table routef IP Route tool to flush IPv4 routes routel IP Route tool to list routes rtacct Applet printing proc net rt_acct rtmon RTnetlink listener scp Secure copy remote file copy program sed Text stream editor setmac Sets th...

Page 226: ...most commands the h or help argument to provide a terse runtime description of their behavior More details on the generic Linux commands can found online at http en tldp org HOWTO HOWTO INDEX howtos html and http www faqs org docs Linux HOWTO Remote Serial Console HOWTO html An updated list of the commands may found using ls command to view all the commands actually available in the bin directory ...

Page 227: ...urce is available from http okvm sourceforge net The console server BIOS boot loader code is a port of uboot which is also a GPL package with source openly available The console server CGIs the html code xml code and web config tools for the Management Console are proprietary to Black Box however the code will be provided to customers under NDA Also inbuilt in the console server is a Port Manager ...

Page 228: ... optstring name arg hash r p pathname name help s pattern history c d offset n or hi if COMMANDS then COMMANDS elif jobs lnprs jobspec or job kill s sigspec n signum si let arg arg type apt name name typeset afFrxi p name value ulimit SHacdflmnpstuv limit umask p S mode unalias a name unset f v name until COMMANDS do COMMANDS done variables Some variable names an wait n while COMMANDS do COMMANDS ...

Page 229: ...to 90 Power Refer to Chapter 2 for various models Power Consumption All less than 30W CPU Micrel KS8695P controller Memory LES1208A 16A 48A 64MB SDRAM 16MB Flash 512MB USB Flash LES1116A 48A 64MB SDRAM 16MB Flash LES1108A 16MB SDRAM 8MB Flash Serial Connectors LES1208A 8 RJ 45 RS 232 serial ports LES1216A 16 RJ 45 RS 232 serial ports LES1248A 48 RJ 45 RS 232 serial ports LES1116A 16 RJ 45 RS 232 s...

Page 230: ...k Box qualified personnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground Always pull on the plug not the cable when disconnecting the power cord from the socket Do not connect or disconnect the console server during an electrical storm We recommend that you use a surge suppressor or UPS to protect the equipment from transients FCC Warning ...

Page 231: ...source code This license does not grant you any rights to patents copyright trade secrets trademarks or any other rights with respect to the Software You may make a reasonable number of copies of the electronic documentation accompanying the Software for each Software license you acquire provided that you must reproduce and include all copyright notices and any other proprietary rights notices app...

Page 232: ...urchase price paid by you for the Software on the defective media or to replace the Software on new media Black Box makes no warranty or representation that its Software will meet your requirements will work in combination with any hardware or application software products provided by third parties that the operation of the software products will be uninterrupted or error free or that all defects ...

Page 233: ... the copyright holder saying it may be distributed under the terms of this General Public License The Program below refers to any such program or work and a work based on the Program means either the Program or any derivative work under copyright law that is to say a work containing the Program or a portion of it either verbatim or with modifications and or translated into another language Hereina...

Page 234: ... above on a medium customarily used for software interchange or b Accompany it with a written offer valid for at least three years to give any third party for a charge no more than your cost of physically performing source distribution a complete machine readable copy of the corresponding source code to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for softw...

Page 235: ...use of the Program is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as if writt...

Page 236: ...NABILITY TO USE THE PROGRAM INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS ...

Page 237: ...ches all supported by free live 24 7 Tech support available in 20 seconds or less Copyright 2009 All rights reserved Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any third party trademarks appearing in this white paper are acknowledged to be the property of their respective owners Black Box Tech Support FREE Live 24 7 Tech support the way it should be Grea...

Reviews:

No comments

Related manuals for LES1108A

Brand: Oki Pages: 121

Z10 BUISNESS CLASS Z10 BC

Brand: IBM Pages: 67

x3450 - System - 7948

Brand: IBM Pages: 2

Portbase PB-3010

Brand: SystemBase Pages: 45

OmniStor 4900F Series

Brand: Rackable Systems Pages: 196

Brand: NMS Communications Pages: 22

Brand: Nortel Pages: 144

Brand: Intermec Pages: 232

Brand: Atop Pages: 52

Brand: Sun Microsystems Pages: 12

Brand: Gigabyte Pages: 120

Brand: D-Link Pages: 40

Device Installer

Brand: Lantronix Pages: 21

Device Server MSS 485

Brand: Lantronix Pages: 69

Brand: Lanner Pages: 72

Brand: Spectra Pages: 184

Brand: Measy Pages: 15

Brand: Advantech Pages: 110

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands