Home
/
Cyclades
/
AlterPath OnBoard
/
Administrator'S Manual

Cyclades AlterPath OnBoard, Administrator'S Manual

Share

Page: 99 / 460

Cyclades AlterPath OnBoard Administrator'S Manual Download Page 99

Introduction

63

Understanding Firewall/Packet Filtering on the OnBoard

The administrator can configure data buffering and log file storage only by
using the

cycli

utility. See the release notes for how to configure data

buffering. You can download the release notes by going to

http://

www.cyclades.com/downloads.php

and searching for the product

name “AlterPath OnBoard.”

Understanding Firewall/Packet Filtering on the

OnBoard

Packet filtering on the OnBoard is controlled by

chains

and

rules

that are

configured in

iptables

. (For more details about the predefined chains and

rules, see “Chains” on page 64 and “Rules” on page 64.)

Both the Web Manager and the

cycli

utility provide a way for the OnBoard

administrator to add rules and to edit or delete any added rules:

•

Because the OnBoard filters packets like a firewall, the Web Manager
menu option under “Network” is titled “Firewall.”)

•

The

cycli

utility provides the

iptables

command to do the same

tasks, because when rules are added, edited, or deleted, the corresponding

iptables

are updated.

By default, the OnBoard does not forward any traffic between private and
public networks. The administrator might want to add rules to allow some
limited communications between specific devices on the private network and
the public network. For example, the administrator could add rules to allow a
device to send email using an email server on the public network, as shown in
the example in

/usr/share/docs/OnBoard/

Application_Notes/Network/priv-to-pub.pdf

.

Caution!

It is possible for an OnBoard administrator to create rules that

circumvent the access controls on a device. The OnBoard administrator is
responsible for understanding the implications of packet filtering rules that the
administrator may add to the system and making sure that security is not
compromised by the added rules.

«
...
97
98
99
100
101
...
»

Summary of Contents for AlterPath OnBoard

Page 1: ...rd Administrator sGuide Cyclades Corporation 3541 Gateway Boulevard Fremont CA 94538 USA 1 888 CYCLADES 292 5233 1 510 771 6100 1 510 771 6200 fax http www cyclades com Release Date February 2006 Part...

Page 2: ...registered or registration pending trademarks of Cyclades Corporation in the United States and other countries Cyclades and AlterPath All trademarks trade names logos and service marks referenced here...

Page 3: ...Configuring Users 10 Configuring Groups 10 Tasks for Configuring Users and Groups 11 Planning Access to Connected Devices 11 Understanding Security Profiles 12 Understanding Services on the OnBoard 1...

Page 4: ...er Management 46 Service Processor Power Management 47 Tasks for Configuring Power Management 47 Configuring the User s Console Login Menu 48 New Menu Item Example 50 Understanding Routing on the OnBo...

Page 5: ...anager 74 Features of Administrator s Screens 77 Overview of Web Manager Menus 79 Chapter 3 Web Manager Wizard 81 Using the Wizard 82 Changing the Administrative User s Password Wizard 84 Selecting a...

Page 6: ...IPDU Power Management 132 Configuring Over Current Protection for an IPDU 133 Configuring Users to Manage Power Outlets on a Connected IPDU 135 Configuring Names and Power Up Intervals for Outlets on...

Page 7: ...on Server 188 Configuring a TACACS Authentication Server 190 Configuring an Authentication Method for the OnBoard 192 Configuring Notifications 194 Configuring SNMP Trap Notifications 195 Configuring...

Page 8: ...econdary Ethernet Ports 236 Configuring Firewall Rules for OnBoard Packet Filtering 239 Adding a Rule 240 Configuring Hosts 242 Configuring Static Routes 244 Configuring VPN Connections 246 Configurin...

Page 9: ...OnBoard 274 Chapter 9 Using the cycli Utility 275 Accessing the Command Line 276 cycli Utility Overview 277 Execution Modes 277 Command Line Mode 278 Interactive Mode 278 Batch Mode 278 cycli Options...

Page 10: ...oot Authentication Failure 304 Restarting the Web Manager 306 Replacing a Boot Image for Troubleshooting 307 Using the create_cf Command When Troubleshooting 307 Appendix A Advanced Device Configurati...

Page 11: ...guration for Example 2 346 IPSec VPN Configuration for Example 2 349 PPTP VPN Configuration for Example 2 352 Enabling Native IP and Accessing a Device s Native Features Using Real IP Addresses for Ex...

Page 12: ...e 376 Network Boot Options and Caveats 378 Options for the create_cf Command 381 Examples for create_cf Command Usage 383 Saving an Image to a Flash PCMCIA Card 383 Saving an Image into the Image2 are...

Page 13: ...gure 3 2 Cancel Wizard Button Dialog 83 Figure 3 3 Wizard Confirm Changes Screen 83 Figure 3 4 Wizard Configure Administrator Password Screen 84 Figure 3 5 Config Security Profile Screen With the Mode...

Page 14: ...a Regular User Screen Wizard 107 Figure 4 1 Access Menu Options 112 Figure 4 2 Administrative User Console Session Window Initial Connection from an IP Address 113 Figure 4 3 OnBoard Console Login Dia...

Page 15: ...DU Users With a User Added 136 Figure 5 16 Settings IPDU Outlets Screen 138 Figure 5 17 Outlet Name Dialog 138 Figure 5 18 Outlet Power Up Interval Dialog 138 Figure 5 19 Settings PCMCIA Screen 139 Fi...

Page 16: ...fig Devices Screen 163 Figure 6 3 Fields in the Add New Device or Edit Dialog 164 Figure 6 4 Config Users and Groups Screen 169 Figure 6 5 Add New User or Edit Dialog 170 Figure 6 6 Add or Edit a User...

Page 17: ...05 Figure 6 29 Config Sensor Alarms Pager Message Fields 207 Figure 6 30 Config Sensor Alarms Email Message Fields 208 Figure 6 31 Config SNMP Configuration Screen 210 Figure 6 32 Config SNMP Edit OnB...

Page 18: ...led 236 Figure 7 4 Network Host Settings Screen With Both Interfaces Enabled and DHCP Disabled 237 Figure 7 5 Network Firewall Screen 239 Figure 7 6 Network Firewall Add Rule Dialog 240 Figure 7 7 Net...

Page 19: ...e A 3 Private Subnet Configuration Example 343 Figure A 4 Example 1 Device Configuration Example 344 Figure A 5 ifconfig Output Showing a priv0 Private Subnet Alias 344 Figure A 6 Example 2 Two Privat...

Page 20: ...re A 15 Example Values for Configuring Two Private Subnets With a Virtual Network 360 Figure A 16 Example 1 Device Configuration Example 361 Figure A 17 Access Devices Screen With Virtual IP Addresses...

Page 21: ...Services Features 13 Table 1 9 Services and Other Functions in the Custom Security Profile 14 Table 1 10 Services That Require Additional Configuration 17 Table 1 11 Tasks for Changing the Default tel...

Page 22: ...ministrative Users 78 Table 3 1 Wizard Steps and Where They are Described 84 Table 3 2 Network Interfaces Configuration Values 92 Table 3 3 Ethernet Port Settings 93 Table 3 4 Fields on the Private Su...

Page 23: ...ion Values 234 Table 7 3 Fields and Menus for Configuring Static Routes 245 Table 7 4 Fields for Configuring a PPTP Profile 249 Table 7 5 Fields on the Private Subnet Configuration Dialog 252 Table 7...

Page 24: ...A 7 Expect Script Related Application Notes 331 Table A 8 Expect Script Exit Codes 335 Table A 9 Tasks for Creating Addresses to Assign to Connected Devices 336 Table A 10 IP Address Ranges Reserved f...

Page 25: ...ntroduction 73 T To Log Into the Web Manager 75 T To Disable Web Manager Timeouts 76 Chapter 3 Web Manager Wizard 81 T To Change the Administrative User s Password Wizard 85 T To Select or Configure a...

Page 26: ...CIA Card 149 T To Configure System Date and Time 151 T To Configure OnBoard Boot 155 T To Specify a New Location for OnBoard Help Files 157 Chapter 6 Web Manager Config Menu Options 159 T To Add a Dev...

Page 27: ...ed Service Processors 223 T To Select the OnBoard s Security Profile 229 T To Configure Services 230 Chapter 7 Web Manager Network Menu Options 231 T To Configure OnBoard Network Interfaces 237 T To A...

Page 28: ...ew Template 318 T To Use the onbdtemplate Utility to Test a Template 320 T To Create a Custom IPMI Expect Script 333 T To Create a Custom Expect Script 336 Advanced B Boot and Backup Configuration Inf...

Page 29: ...s Guide is for administrators who are authorized to configure access to service processors and other devices connected to the OnBoard during installation For installation details see the AlterPath OnB...

Page 30: ...the Web Manager and for disabling timeouts 3 Web Manager Wizard Describes and provides procedures for how the administrative user uses the Web Manager Wizard to perform basic configuration 4 Web Manag...

Page 31: ...inux command line on the AlterPath OnBoard and can use the cycli utility 6 Troubleshooting Provides troubleshooting procedures A Advanced Device Configuration Describes and provides advanced procedure...

Page 32: ...specific models of devices and firmware levels that are also listed in the release notes Before configuring a device check the release notes to ensure that both the device you want to connect to the...

Page 33: ...leases new versions of the software See Additional Resources on page xxxv for information about free software upgrades Typographic and Other Conventions The following table describes the typographic c...

Page 34: ...sequentially Ctrl k p entered while the user is connected to a KVM port brings up an IPDU power management screen Ctrl and k must be pressed at the same time followed by p pressed by itself Ctrl Shif...

Page 35: ...to training cyclades com Cyclades Software Upgrades Cyclades offers periodic software upgrades for the AlterPath products free of charge to current Cyclades customers You may want to check http www c...

Page 36: ...xxxvi AlterPath OnBoard Administrator s Guide...

Page 37: ...chapters in this administrator s guide The following table lists the topics in this chapter Overview of OnBoard Features for Administrators Page 3 Understanding Authentication on the OnBoard Page 4 Un...

Page 38: ...Alarms Page 52 Understanding Device Configuration Page 53 Understanding Private Subnets on the OnBoard Page 61 Tasks for Configuring IP Addresses Page 62 Example and Demo Scripts and Application Notes...

Page 39: ...ed devices while only OnBoard administrators can configure access and security on the OnBoard The OnBoard provides a set of security features not available in any service processor management product...

Page 40: ...cusses only the types of authentication used for controlling who can access the OnBoard and connected devices Other authentication methods that are used by SNMP PPTP IPSec or PPP are described in the...

Page 41: ...one No login required X Local Uses local user password for local authentication on the OnBoard X X Kerberos Uses Kerberos network authentication protocol X X Kerberos Down Local Uses local authenticat...

Page 42: ...wn X X RADIUS Local Uses local authentication if RADIUS authentication fails X X Local RADIUS Uses RADIUS authentication if local authentication fails X X SMB Uses SMB authentication for Microsoft Win...

Page 43: ...tion method specified Each authentication server must be configured and operational The administrator configuring the OnBoard needs to work with the administrator of each authentication server to get...

Page 44: ...e information needed to configure the servers on the OnBoard and to make sure the required accounts are set up on the servers N A On the OnBoard configure an authentication server for each authenticat...

Page 45: ...ard users separately When setting up a user account the administrator can do the following Authorize the user to access the OnBoard by creating a user account and assigning a password to the account T...

Page 46: ...one or more connected devices Table 1 4 User Configuration Settings Settings Notes Username Login name required for the user account Full name Administratively defined name to identify the user Passwo...

Page 47: ...ake a note of the outlets where the devices will be plugged you need to supply the outlet numbers when configuring IPDU power management Create a list of user accounts that specifies which type of acc...

Page 48: ...cked bypassing authorizations is not available in any of the default security profiles but it can be selected in a custom security profile The administrative user defines the security profile during i...

Page 49: ...es Features Enabled Services Features Disabled Services Features HTTPS HTTP SSH v2 ICMP Default authentication type to access devices set to Local IPSEC PPTP RPC SNMP v1 SNMP v2c SNMP v3 SSH v1 Telnet...

Page 50: ...profile IPSec PPTP RPC SNMP v1 SNMP v2 SNMP v3 SSH v1 SSH v2 Telnet to OnBoard Default authentication type to access devices set to Local Table 1 9 Services and Other Functions in the Custom Security...

Page 51: ...to SSH HTTP HTTPS Options Redirect HTTP to HTTPS HTTP allow or disallow HTTP port number Assign an alternate port to HTTP HTTPS allow or disallow HTTPS port number Assign an alternate port to HTTPS Ov...

Page 52: ...uently None Local or NIS Kerberos Kerberos Down Local Kerberos Local Local Kerberos LDAP LDAP Down Local LDAP Local Local LDAP Radius Radius Down Local Radius Local Local Radius SMB SMB Down Local SMB...

Page 53: ...een then shows the service as disabled and vice versa Similarly if a service is enabled using either the Web Manager or the cycli utility the cycli utility detects it However if the root user turns se...

Page 54: ...sor supports the command The user is authorized to use that command for that service processor For details about the service processor management commands see the AlterPath OnBoard User s Guide PPTP V...

Page 55: ...specific service processor management commands cannot be passed as parameters to telnet on the command line Telnet can be enabled by an administrative user on the Web Manager Config Services page or b...

Page 56: ...ions The root user can configure ssh to be used instead of Telnet on service processors that support SSH An OnBoard administrator who knows the root password and can connect to the console can follow...

Page 57: ...to use ssh or bidilink to communicate with iLO type devices copy the contents of talk_ilo exp into the talk_custom1 exp file 5 Open the custom expect script for editing and find the line that sources...

Page 58: ...or every service processor configured to use ssh by doing the following steps a Use ssh to connect to the service processor as an administrator A dialog similar to the following appears b If the finge...

Page 59: ...the Self Signed Certificate With an SSL Certificate From a Certificate Authority 1 Log into the OnBoard console as root 2 Use openssl with the req parameter to create a private key and a public CSR c...

Page 60: ...ry whenever the saveconf command is run or the administrative user saves the configuration files using the Save button on the Mgmt Backup restore screen State or Province Name full name Some State The...

Page 61: ...bled on the OnBoard by default The OnBoard administrator may want to enable the DHCP server to provide fixed IP addresses for connected devices that are running DHCP client software The fixed IP addre...

Page 62: ...dhcpd conf file and performing other steps described under Configuring the DHCP Server on page 26 Considerations When Deciding Whether to Use DHCP to Configure Device Addresses Before deciding whether...

Page 63: ...vice by performing the following steps a Find the line that begins host MySP and replace MySP with a hostname alias for the device for example host sp1 SAMPLE CONFIGURATION subnet 192 168 0 0 netmask...

Page 64: ...s for example fixed address 192 168 0 21 For example see the following edited host entry d Copy and paste the three lines that define the IP address for a device as many times as needed and then make...

Page 65: ...or restarting dhcpd This file defines the dhcpd service configuration ENABLE NO Must be NO or YES uppercase DNAME dhcpd daemon name DPATH usr sbin daemon path ShellInit Performs any required initializ...

Page 66: ...it provides authentication and encryption of data that is lacking in v1 and v2c The OnBoard provides proxied access to SNMP data from service processors The administrator can configure the following...

Page 67: ...self For compatibility with other clients unencrypted transfer of data is possible with SNMP v3 connections but unencrypted data transfer is strongly discouraged Caution Because of the risks in unencr...

Page 68: ...e user jedgar may be authorized to access deviceA deviceC and deviceD Caution Once a user has been authenticated and the user s authorizations to access a device have been checked the user with a VPN...

Page 69: ...Windows 95 with DUN1 3 update Supported authentication method MS CHAPv2 Note Only local or RADIUS authentication types can be used because the MS CHAPv2 protocol does not work with other authenticati...

Page 70: ...o enable the user s workstation and the OnBoard to exchange packets specify it in the IPSec connection profile or create a route manually Before attempting to access the Native IP feature on the OnBoa...

Page 71: ...information username and password and connection keys or certificates is needed If the RSA public key authentication method is chosen the generated keys are different on each end When shared secret i...

Page 72: ...user Local Left ID OnBoard_name IP address Public IP address of the OnBoard Next hop Leave blank if the user s workstation and the OnBoard are able to exchange packets If a route must be set up to ena...

Page 73: ...ds the relevant portions of the ipsec conf file from the OnBoard s IPSec configuration use it to replace the same section in the workstation s ipsec conf file Ensure that routes are in place to allow...

Page 74: ...is address when connecting to the OnBoard to enable native IP access to a device Authorize the user for PPTP access and provide the user with the PPTP password which may be different from the password...

Page 75: ...native IP before closing the PPTP VPN connection to prevent other users from potentially being able to obtain unauthorized and unauthenticated access to native IP features of the device Message Loggi...

Page 76: ...must know the IP address of the syslog server Tasks for Configuring Syslog Messages The following table lists the tasks related to configuring syslog messages and destinations Table 1 17 Tasks for Co...

Page 77: ...private Ethernet port may require multiple IP addresses All communication among private Ethernet ports are blocked unless priv0 is the sending or receiving port Public Ethernet Ports On the public sid...

Page 78: ...sections that describe how to perform that tasks using the Web Manager root ONB ifconfig bond0 Link encap Ethernet HWaddr 00 60 2E 00 4F 97 inet addr 172 20 0 131 Bcast 172 20 255 255 Mask 255 255 0...

Page 79: ...callback access to the OnBoard The following table lists the modem configuration tasks for the two types of modems with links to where they are documented Note Administrators can also configure modem...

Page 80: ...e modem configuration options that apply whether the modem is being configured through the Web Manager or the cycli utility Table 1 20 Modem Configuration Field and Menu Definitions Sheet 1 of 3 Field...

Page 81: ...ion between the local and the remote modem By default the IP address of the OnBoard is used Use the default unless you have a specific reason to use another IP address Remote IP Address The remote IP...

Page 82: ...device that is plugged into an AlterPath PM intelligent power distribution unit IPDU when the IPDU is connected to the OnBoard s AUX port and an administrator has configured the AUX port for power man...

Page 83: ...nt The following table lists the tasks for configuring power management and where they are described Table 1 21 Tasks for Configuring Power Management Task Where Documented Configure IPDU power manage...

Page 84: ...menu to display other options including links to additional submenus or commands by modifying the etc menu ini file The default etc menu ini file is shown in the following screen example Figure 1 1 De...

Page 85: ...ehavior on for successful programs and off for unsuccessful ones are provided in the configuration file The OnBoard administrator assigns the usr bin rmenush shell to users as appropriate by editing t...

Page 86: ...en example Figure 1 2 Example Onetime Password Option Added to menu ini Table 1 22 Example Option Added to Menu for Regular Users New Option Function and Submenu Onetime Password Displays the onetime...

Page 87: ...ng types of routes using either the Web Manager or the cycli utility default See Default Route Configuration host or network See Host or Network Route Configuration on page 51 Default Route Configurat...

Page 88: ...ing System daemons such as messages from the cron daemon crond Out of range sensor readings from sensors on service processors Table 1 23 Tasks for Configuring Routes Task Where Described Description...

Page 89: ...figure notifications and alarms and email Configuring Notifications on page 194 Configuring Sensor Alarms on page 201 Configuring an Address for System Emails on page 250 Understanding Device Configur...

Page 90: ...t is configured as recommended Figure 1 3 illustrates connecting two servers that have service processors with the service processors indicated by gray boxes The same recommendations apply to connecti...

Page 91: ...rted types of devices are connected to the private Ethernet ports on the OnBoard Each connected device s dedicated Ethernet port needs an internal IP address assigned on the OnBoard and configured for...

Page 92: ...168 49 61 from a private subnet network IP range of 192 168 49 0 24 Note The IP addresses assigned to the servers primary Ethernet ports on the production network are not covered in this document serv...

Page 93: ...s needed for planning and implementing IP addresses The referenced section describes the following topics that the administrator needs to understand Why one or more private subnets must be created Whe...

Page 94: ...m row of rack 1 The assigned name can be used to access the device by entering the name with the ssh command on the command line See the AlterPath OnBoard User s Guide for the syntax for using ssh wit...

Page 95: ...1 and Why Define Private Subnets on page 339 for more information about planning and implementing subnets and assigning them to devices Private subnets can be configured in the Web Manager on the Wiza...

Page 96: ...f authorized users Users who have native IP access service processor console or device console access cannot be prevented from discovering the IP address of the dedicated Ethernet port that is connect...

Page 97: ...ddress within the private subnet s address range to be used by devices when communicating with the OnBoard If a device is not assigned a private subnet the OnBoard attempts to contact the device using...

Page 98: ...in local files on the OnBoard s resident flash memory on the hard disk of an external server or on a PCMCIA flash memory card When data buffering is configured data is stored in logs under var log co...

Page 99: ...all the Web Manager menu option under Network is titled Firewall The cycli utility provides the iptables command to do the same tasks because when rules are added edited or deleted the corresponding i...

Page 100: ...the type of packets they handle as shown in the following lists The first three chains listed below are in the iptables filter table INPUT OUTPUT FORWARD The three chains listed below are in the nat...

Page 101: ...You can select a protocol for filtering from one of the following options ALL TCP UDP ICMP GRE ESP AH Source IP mask Destination IP mask A host IP address or subnetwork IP address in the form hostIPa...

Page 102: ...r existing chains Edit or delete administrator added rules The following table lists the tasks related to configuring packet filtering and where the Web Manager procedures for performing the tasks are...

Page 103: ...iguration files Unless changes are saved in configuration files they do not persist after a reboot The OnBoard administrator can back up changed configuration files at any time Like other AlterPath pr...

Page 104: ...gz Any compressed configuration file that already resides in the directory is overwritten Table 1 27 Options for Saving Configuration File Changes Environment Action Web Manager On any Web Manager sc...

Page 105: ...le by performing the actions shown in the following table Table 1 29 Options for Saving Configuration File Changes Environment Action Web Manager While logged in as an administrative user go to the Mg...

Page 106: ...ipt to the system make sure to add the file s pathname to the config_files file T To Configure an Added Script or Other File for Backup and Restoration 1 Log into the OnBoard command line as root 2 Ch...

Page 107: ...ides links to where the tasks and options for restoring configuration files are described To Restore the OnBoard Configuration Files to the Last Saved Version Page 380 To Restore the OnBoard Configura...

Page 108: ...Understanding How Configuration Changes Are Handled 72 AlterPath OnBoard Administrator s Guide...

Page 109: ...user The information is provided in the following sections This chapter provides the procedures listed in the following table Logging Into the Web Manager Page 74 Features of Administrator s Screens...

Page 110: ...like regular users can access the Web Manager from a browser using HTTP or HTTPS either over the Internet or through a dial in or callback PPP connection Like regular users administrative users can us...

Page 111: ...Cyclades Web Manager for background about the Web Manager and Prerequisites for Using the Web Manager for the required browsers preparation and browser plug ins T To Log Into the Web Manager This pro...

Page 112: ...is 1800 seconds 30 minutes The value can be changed to any number of seconds up to 213 up to sixty years 1 Connect to the OnBoard s console and log in as root 2 Change to the etc cacpd directory and o...

Page 113: ...administrative user logs in Figure 2 2 Administrative User Options on the Web Manager Selecting an item from the top menu changes the list of menu options displayed in the left menu Settings tab Acces...

Page 114: ...example The grayed out options and buttons become active only after the administrative user clicks either the OK or Cancel button The administrative user may need to click other types of buttons to e...

Page 115: ...ons Chapter 6 Web Manager Config Menu Options Chapter 7 Web Manager Network Menu Options Chapter 8 Web Manager Info and Mgmt Menu Options Access Devices OnBoard IPDU Password Network Host settings Fir...

Page 116: ...Overview of Web Manager Menus 80 AlterPath OnBoard Administrator s Guide...

Page 117: ...sted in the following table Using the Wizard Page 82 Changing the Administrative User s Password Wizard Page 84 Selecting a Security Profile Wizard Page 85 Configuring Network Interfaces Wizard Page 9...

Page 118: ...y in Wizard mode A Next button appears on all Wizard pages in a series except the last A Previous button shown in Figure 3 3 appears on all pages in a series except the first When a Wizard configurati...

Page 119: ...user can click the Save and apply changes button to save the changes before cancelling the Wizard again Press OK to exit the Wizard and lose any unsaved changes After the Next button is clicked on th...

Page 120: ...Wizard Configure Administrator Password Screen Table 3 1 Wizard Steps and Where They are Described Wizard Step Where Described Change the administrative user s password Changing the Administrative Use...

Page 121: ...he administrative user in the Password field and retype it in the Retype password field 4 Click the Set Password button to save the password Selecting a Security Profile Wizard Figure 3 1 shows the sc...

Page 122: ...rity Profile Configuration Dialog With Moderate Profile Selected An administrative user can use the dialog shown in Figure 3 6 to select one of the default security profiles or configure a custom secu...

Page 123: ...links and the Security Profile screen reappears showing the newly selected security profile s name The following figure illustrates the screen after the security profile s name is changed to secured a...

Page 124: ...ty profile Figure 3 8 Secured Profile Dialog Note Follow the reminder at the bottom of the screen shown in Figure 3 8 by making sure to notify all users that they must use HTTPS when bringing up the W...

Page 125: ...ollowing figure shows the lists of enabled and disabled features in the dialog for the Open security profile Figure 3 9 Open Security Profile Dialog The features in the Open security profile are descr...

Page 126: ...bed in Table 1 9 Services and Other Functions in the Custom Security Profile on page 14 Note Selecting a default authentication type means that the specified authentication type is selected by default...

Page 127: ...u select the Custom profile make sure the checkboxes are checked next to services and features you want to be enabled and make sure the checkboxes are clear next to services and features you want to b...

Page 128: ...dary Ethernet Ports on page 94 Table 3 2 Network Interfaces Configuration Values Settings Notes Host name Default OnBoard Domain name Domain name used on the domain name server DNS Primary DNS server...

Page 129: ...d the administrative user should go to the Network Static routes screen Table 3 3 Ethernet Port Settings Settings Notes DHCP DHCP is enabled by default on the OnBoard s interfaces If DHCP is enabled t...

Page 130: ...dary Ethernet interface becomes active only if the primary Ethernet port is not available As a result the values entered in the fields on the screen shown in Figure 3 12 apply to the single bond0 inte...

Page 131: ...ing the primary Ethernet port as it appears when both the Enable and DHCP checkboxes are checked Figure 3 14 Configure Primary Ethernet Connection Enabled With DHCP Figure 3 15 shows the screen for co...

Page 132: ...Configure OnBoard Network Interfaces Wizard 1 Log into the Web Manager as an administrative user See To Log Into the Web Manager on page 75 if needed 2 Click the Wizard button Click the Network interf...

Page 133: ...ation screens by clicking the DHCP checkbox 10 If desired configure the selected Ethernet port to use a static IP address by performing the following steps a Disable DHCP by making sure the DHCP check...

Page 134: ...ontact the device the OnBoard tries to use the default route After changing or deleting a private subnet to avoid making devices unavailable make sure to reassign all affected devices to the correct p...

Page 135: ...Virtual Network on page 102 Configuring Private Subnets Clicking the Add Subnet button on the Configure Subnets screen brings up the Private Subnet configuration dialog shown in the following screen e...

Page 136: ...ws a private subnet name of net1 an OnBoard side IP address of 192 168 0 254 and a subnet netmask of 255 255 255 0 The private subnet address derived from this configuration is 192 168 0 0 Figure 3 18...

Page 137: ...e To Log Into the Web Manager on page 75 if needed 2 Click the Wizard button 3 Click the Subnets option in the left menu bar 4 Click the Add Subnet button 5 Enter a meaningful name for the private sub...

Page 138: ...ork Address Translation DNAT must be defined in the following cases When multiple subnets must be supported as when connected devices are previously configured with IP addresses from multiple address...

Page 139: ...in the virtual network s network address range in the Address field 5 Enter a netmask in the Netmask field 6 Click Save and apply changes 7 Click the Next button if desired to go to the next Wizard st...

Page 140: ...and Edit and Delete buttons appear next to each device s entry The Add new device button always appears on the screen Figure 3 20 Configure Devices Screen Wizard Clicking the Add new device button br...

Page 141: ...er that if the default route is assigned the device could only be accessed if it is connected to the public interface of the OnBoard a highly unlikely scenario and not recommended Table 1 24 Device Co...

Page 142: ...in text commands that are used to interact with connected service processors devices The following table lists the default command templates and describes the types of devices to which they apply See...

Page 143: ...ent authorizations on all configured devices For example giving the user the Native IP authorization on this screen gives the user native IP access to all configured devices To configure a user accoun...

Page 144: ...d field 7 Enter the password again in the Retype password field Full name Administratively defined name to identify the user Password Password used for accessing the OnBoard Retype Password As stated...

Page 145: ...ccess menu With any option other than None selected additional fields appear for entering the PPP or PPTP password 10 If you selected any option other than None do the following steps a Enter a passwo...

Page 146: ...Configuring Regular Users Wizard 110 AlterPath OnBoard Administrator s Guide...

Page 147: ...Chapter 2 Web Manager Introduction if needed This chapter covers the topics in the following sections This chapter provides the procedures listed in the following table Access Options Only for Adminis...

Page 148: ...Access Menu Options The menu options that are available when the Access option is highlighted in the top menu for administrative users are the same options that are available to regular users except t...

Page 149: ...ser clicks the OnBoard option under Access a MindTerm window appears with an encrypted SSH connection between the user s computer and the console The following figure shows an example Figure 4 2 Admin...

Page 150: ...s up the login prompt for the OnBoard console as shown in the following screen example Figure 4 4 OnBoard Console Login Prompt for Administrative Users After an administrative user enters the correct...

Page 151: ...time you accessed the console the login prompt for the OnBoard appears Go to Step 4 3 If this is the first time you are accessing the OnBoard s console do the following steps a Press Enter at the prom...

Page 152: ...following three tabs appear as shown in the previous figure Outlets Manager View IPDU Info Software Upgrade Access to the first two tabs listed above is the same for administrative and authorized use...

Page 153: ...displays the version number of the software that is currently installed on the IPDU The Refresh button also appears on the screen Figure 4 6 shows entries for a Master Unit which has software version...

Page 154: ...igure 4 7 Upgrade Button on the IPDU Software Upgrade Screen Pressing the Upgrade button starts the upgrade process The top of the screen shown in the following figure shows the message that displays...

Page 155: ...ote Updated versions of related documents can also be found on the Cyclades website under Support Downloads Documentation After downloading the software onto the OnBoard by following this procedure th...

Page 156: ...p directory into which the software needs to be downloaded 3 Enter the ftp command to access ftp cyclades com 4 Enter anonymous when prompted for the Name and press Enter when prompted for the passwor...

Page 157: ...SV 150 Here comes the directory listing drwxr xr x 2 1006 100 4096 Sep 06 2003 V_1 1 0 drwxr xr x 2 1006 100 4096 Feb 23 2004 V_1 2 1 drwxr xr x 2 1006 100 4096 Mar 04 2004 V_1 2 2 drwxr xr x 2 1006 1...

Page 158: ...nd got to To Upgrade Software on a Connected IPDU T To Upgrade Software on a Connected IPDU Perform this procedure to upgrade the software on all connected AlterPath PM IPDUs This procedure requires t...

Page 159: ...lick the Refresh button If a tmp pmfirmware file exists containing a more recent version of the PM software than the one currently installed the following changes occur on the screen The value next to...

Page 160: ...Upgrading AlterPath PM IPDU Software 124 AlterPath OnBoard Administrator s Guide...

Page 161: ...iguring the AUX Port for Modem or Power Management Page 127 Configuring the AUX Port for IPDU Power Management Page 128 Configuring IPDU Power Management Page 132 Configuring PCMCIA Cards Page 139 Con...

Page 162: ...that appear when an administrative user clicks Settings and provides links to where the options are described To Configure a Modem PCMCIA Card Page 145 To Configure a Compact Flash PCMCIA Card Page 14...

Page 163: ...een to configure either of the following types of optional devices if they are connected to the AUX port One or more AlterPath PM IPDUs An external modem For how to connect IPDUs and external modems s...

Page 164: ...on the Settings AUX port screen Figure 5 3 Settings AUX Port Power Management T To Configure an AUX Port for IPDU Power Management This procedure assumes that an AlterPath PM IPDU is connected to the...

Page 165: ...le 1 20 on page 44 for descriptions of the valid values to be entered on the modem configuration screen Figure 5 4 shows the fields and pull down menus that appear when Autodetect is selected from the...

Page 166: ...ttings AUX Port Modem When the Use Callback checkbox is checked the Callback Number field appears as shown in the following figure Figure 5 6 Callback Number Field Under Settings AUX Port Modem When t...

Page 167: ...he Profile menu 4 Choose Autodetect Login or PPP from the Modem access menu 5 Select a baud rate from the Baud Rate pull down menu 6 If you chose Autodetect or Login select an option from the Flow Con...

Page 168: ...y changes Configuring IPDU Power Management When an administrative user clicks the IPDU option under Settings a screen like the one shown in the following figure appears Figure 5 8 Settings IPDU Scree...

Page 169: ...re described Configuring Over Current Protection for an IPDU The Settings IPDU General tab displays a warning and three options with checkboxes as shown in the following screen example Figure 5 10 Set...

Page 170: ...g or Enable buzzer or both are checked Checking Enable syslog causes syslog messages to be sent to the console if the maximum current is exceeded Checking Enable buzzer causes a buzzer to sound on the...

Page 171: ...shold for IPDU Dialog appears b Enter the appropriate number of Amps for the selected type of AlterPath PM in the Alarm Threshold field c Click OK 4 Check Enable syslog to enable messages to be sent t...

Page 172: ...d one or more outlets Figure 5 14 Settings IPDU Users Add User Dialog A comma can be used to separate outlet numbers and a hyphen can be used to indicate a range of outlets for example 1 3 5 6 8 After...

Page 173: ...IPDU Users 3 Click the Add User button 4 Enter the name of a user in the Username field 5 Enter the outlets to manage in the Outlets field 6 Click OK 7 Click Save and apply changes Configuring Names a...

Page 174: ...t power up interval dialog box appears with the field shown in the following figure Figure 5 18 Outlet Power Up Interval Dialog Intervals can be specified using numbers or numbers followed by decimals...

Page 175: ...in the Outlet N power up interval field c Click OK 5 Click Save and apply changes Configuring PCMCIA Cards When an administrative user clicks the PCMCIA option under Settings a screen appears like th...

Page 176: ...button on an entry for a PCMCIA card slot brings up a dialog like the one shown in the following figure Figure 5 20 Insert PCMCIA Query After the card is inserted clicking YES in the dialog causes in...

Page 177: ...gure 5 21 Example PCMCIA Ethernet Card inserted in Slot 1 Ejecting a PCMCIA Card Clicking an Eject button brings up a screen like the one shown in the following figure Figure 5 22 Eject PCMCIA Dialog...

Page 178: ...f the slots on the front of the OnBoard See the Advanced Procedures chapter in the AlterPath OnBoard Installation Guide for guidance about the order of insertion and other hardware specific instructio...

Page 179: ...rd through an installed modem PCMCIA card and to optionally enable callback The values to select or to enter for modem configuration are described in Table 1 20 Modem Configuration Field and Menu Defi...

Page 180: ...PCMCIA Configure Modem Callback If Login is selected from the Modem Access Type pull down menu the following fields and checkbox appear Figure 5 25 Settings PCMCIA Configure Modem Login If PPP is sele...

Page 181: ...figuration Field and Menu Definitions on page 44 for the values that an administrative user needs to select or to enter for modem configuration if needed 1 Make sure that Modem is selected from the Ca...

Page 182: ...ccept the default provided in the Remote IP address field Only change the remote IP address if you have a specific reason to do so c Enable or disable authentication during modem access by checking or...

Page 183: ...rk mask and gateway when the DHCP checkbox is not checked Figure 5 28 Settings PCMCIA Configure Ethernet Dialog Without DHCP T To Configure an Ethernet PCMCIA Card This procedure assumes that an Ether...

Page 184: ...er none in the Gateway field 4 Click OK 5 Click Save and apply changes Configuring a Compact Flash PCMCIA Card When a compact flash card is inserted in the selected slot clicking the Configure button...

Page 185: ...assumes that a compact flash card is inserted into a PCMCIA slot on the OnBoard and the steps under To Begin Configuring a PCMCIA Card on page 142 are complete 1 Make sure that Compact Flash is selec...

Page 186: ...owing figure Figure 5 31 Settings Date time Screen An administrative user can use the Settings Date time screen for configuring the timezone and for specifying how the OnBoard sets its time and date T...

Page 187: ...l menu Date and Time configuration fields appear as shown in Figure 5 31 for an administrative user to enter the date and time manually Figure 5 34 Settings Date time Screen T To Configure System Date...

Page 188: ...efine the location from which the OnBoard boots By default the OnBoard boots from a boot file in the on board Flash memory Booting from the resident software is strongly recommended Network boots shou...

Page 189: ...re image referred to as Image1 The first time a new software version is downloaded and installed from Cyclades the new image is stored as Image2 in the flash memory and the configuration is changed so...

Page 190: ...other image than the one currently selected you can select that image from the Unit boot from menu Network Boot Options Network boots are recommended only for troubleshooting or for possible downloads...

Page 191: ...or Active 4 Choose the desired image or Network from the Unit boot from menu Table 5 4 Boot Configuration Fields and Options Field or Value Name Description OnBoard IP address A new IP address for the...

Page 192: ...anges Configuring an Alternate Help File Location When an administrative user selects the Help option under Settings a screen appears like the one shown in the following figure Figure 5 37 Settings He...

Page 193: ...for OnBoard Help Files 1 Download the help files from www cyclades com online help onb v_1 0 0 and install them on a publicly accessible web server 2 Log into the Web Manager as admin and go to Settin...

Page 194: ...Configuring an Alternate Help File Location 158 AlterPath OnBoard Administrator s Guide...

Page 195: ...cedures listed in the following table Options Under Config Page 161 Configuring Devices Page 163 Configuring Users and Groups Page 169 Configuring Authentication Page 178 Configuring Notifications Pag...

Page 196: ...gins Page 193 To Configure SNMP Trap Notifications Page 196 To Configure Pager Notifications Page 198 To Configure an Email Notification Page 200 To Begin Configuring a Sensor Alarm Page 202 To Config...

Page 197: ...n in the following figure Figure 6 1 Config Menu Options The following table lists the options that appear when an administrative user clicks Config and provides links to where the options are describ...

Page 198: ...on page 194 Sensor alarms Configuring Sensor Alarms on page 201 SNMP Configuring SNMP on page 209 Syslog Configuring SNMP on page 209 Event log backend Configuring the Event Log Backend on page 222 Se...

Page 199: ...igured devices and Edit and Delete buttons appear next to each device s entry The Add new device button always appears on the screen Figure 6 2 Config Devices Screen An administrative user can use the...

Page 200: ...private subnet the device can only be accessed if it is connected to the public interface of the OnBoard a highly unlikely scenario and not recommended Table 1 24 Device Configuration Parameters on pa...

Page 201: ...nd device types iLO RSA II DRAC IPMI 1 5 device console Three additional custom types may be assigned but only if OnBoard administrators have created customized scripts custom1 custom2 custom3 Note In...

Page 202: ...late Works With a New Device on page 317 to find out if a default command template works with the new device and to create a new command template if needed You know the username and password pair that...

Page 203: ...DRAC IPMI 1 5 device console custom 1 custom 2 custom 3 7 Select a command template or no template from the Command template pull down menu 8 Select a private subnet name from the Private subnet name...

Page 204: ...ot 2 Enter the cycli command 3 Make sure the primary Ethernet interface eth0 is active 4 Save the changes 5 Exit from the cycli utility 6 Log out and bring up the Web Manager Config Devices screen The...

Page 205: ...in the following figure appears Figure 6 4 Config Users and Groups Screen The administrative user can use the Config Users and groups screen for adding and configuring users and groups who can access...

Page 206: ...the screens that appear when the Add a regular user option is selected Table 6 3 User Configuration Settings Settings Notes User Name Login name required for the user account Full name Administrativel...

Page 207: ...red devices remain to be assigned to the user the Add new device button does not appear Clicking the Add new device or Edit Sensors Event log Device Con sole Power Service Processor Con sole Native IP...

Page 208: ...s and menu options shown in the following figure Figure 6 7 Add New Device or Edit Device Dialog On the dialog shown in Figure 6 7 the following device management actions are available to assign for t...

Page 209: ...th the fields shown in the following figure Figure 6 8 Add New Group or Edit Dialog Clicking the Delete button shown in Figure 6 9 deletes the group without bringing up a confirmation dialog Figure 6...

Page 210: ...ice button shown in Figure 6 10 does not appear Clicking the Add new device button brings up a screen with the fields and menu options shown in the following figure Figure 6 11 Add New Device to a Gro...

Page 211: ...ord field and re enter it in the Retype password field 4 Assign device access to a user by performing the following steps a Click the Device Access button b Click the Add new device button The Adding...

Page 212: ...cess pull down menu g If you select any option except None from the PPP PPTP access pull down menu enter a password in the PPP PPTP password field and re enter it in the Retype password field h Click...

Page 213: ...spaces e Click OK The Edit groupname s device access privileges screen appears 3 Assign device access to a group by performing the following steps a Click the Device Access button on the line with th...

Page 214: ...ntication Configuration Task Where Documented Configure authentication servers Configuring Authentication Servers on page 179 Configuring a Kerberos Authentication Server on page 180 Configuring an LD...

Page 215: ...od is selected additional fields appear on the screen for specifying the information that is required to set up communications with an authentication server of the selected type Note If NIS is configu...

Page 216: ...os authentication server which is also referred to as a Key Distribution Center or KDC has previously been configured in either of the authentication configuration screens the fields are filled in wit...

Page 217: ...ministrators of the OnBoard and connected devices know the passwords assigned to the accounts An account for admin or other administrative user If Kerberos authentication is specified for the OnBoard...

Page 218: ...e the same NTP server a Follow the procedure under To Configure System Date and Time on page 151 to set the timezone date and time b Work with the authentication server s administrator to synchronize...

Page 219: ...If the LDAP authentication server has previously been configured the fields are filled in with the previously configured values To configure an LDAP server the administrative user must obtain the nee...

Page 220: ...or users who need access to the connected devices 1 Log into the Web Manager as an administrative user 2 Go to Config Authentication and select LDAP from the Authentication Type pull down menu The LDA...

Page 221: ...rver by filling in these fields that display when the NIS authentication type is selected NIS Domain Name NIS Server IP Note If you select NIS authentication for the OnBoard or for any device NIS must...

Page 222: ...es 1 Log into the Web Manager as an administrative user 2 Go to Config Authentication and select NIS from the Authentication Type pull down menu The NIS fields display 3 Enter the NIS domain name in t...

Page 223: ...rk with the Radius server s administrator to ensure that following types of accounts are set up on the Radius server and that the administrators of the OnBoard and connected devices know the passwords...

Page 224: ...ive user goes to Config Authentication and selects SMB from the Authentication Type pull down menu the fields shown in the following figure appear Figure 6 17 Config Authentication SMB The administrat...

Page 225: ...swords assigned to the accounts An account for admin or other administrative user If SMB authentication is specified for the OnBoard accounts for all users who need to log into the OnBoard If SMB auth...

Page 226: ...ig Authentication TACACS The administrative user must obtain the needed information about the TACACS server from the server s administrator The administrative user must configure the server by filling...

Page 227: ...og into the OnBoard If TACACS authentication is specified for devices accounts for users who need access to the connected devices 1 Log into the Web Manager as an administrative user 2 Go to Config Au...

Page 228: ...the OnBoard When an administrative user goes to Config Unit Authentication the screen shown in the following figure appears The administrative user uses this screen to configure the authentication me...

Page 229: ...configured for the selected method the fields contain the appropriate information If the fields are empty the administrative user needs to configure the authentication server for the selected method...

Page 230: ...en for defining alarm triggers to generate notifications when they occur The administrative user specifies the notices to be sent by one of the following methods SNMP trap Pager Email Figure 6 21 Defa...

Page 231: ...ement Protocol SNMP service is enabled on the OnBoard the OnBoard administrator can use the dialog shown in Figure 6 22 to send notifications about significant events or traps to an SNMP management ap...

Page 232: ...me for the trigger in the Name field 5 Enter an event to trigger the alarm in the Alarm trigger field Alarm trigger The event you want to trigger a notification OID Type value The number of the OID ty...

Page 233: ...y name in the Community field 9 Enter an SNMP server IP address or DNS name in the SNMP server field 10 Enter any desired text in the Body field 11 Click OK 12 Click Save and apply changes Configuring...

Page 234: ...atches 4 Enter a name for the notification in the Name field 5 Enter an event to trigger the alarm in the Alarm trigger field 6 Enter a pager or phone number in the Pager phone number field 7 Enter th...

Page 235: ...ing figure shows the fields that appear when the Email option is selected and the Add button is clicked Figure 6 24 Default Config Notifications Email Add Dialog The email notification method dialog h...

Page 236: ...he notification in the Name field 5 Enter an event to trigger the alarm in the Alarm trigger field 6 Enter a destination email address in the To field 7 Enter a source email address in the From field...

Page 237: ...service processors and to configure alarms to be sent if the sensor readings are not within certain specified values Figure 6 25 Default Config Sensor Alarms Screen Figure 6 25 shows the screen as it...

Page 238: ...he sensor to monitor in the Sensor field 4 Select a condition to trigger the sensor alarm from the Condition pull down menu 5 When the condition is inside or outside a range specify the range in the R...

Page 239: ...on which option is selected from the Action menu in Step 7 Configuring a Syslog Message Sensor Alarm Action The following figure shows the fields that appear when Syslog Message is selected on the Act...

Page 240: ...a priority from the Priority menu 3 Enter text as desired in the Body field 4 Click OK 5 Click Save and apply changes Configuring the SNMP Trap Sensor Alarm Action The following figure shows the field...

Page 241: ...cribes the fields in Figure 6 28 Table 6 10 Fields for Configuring a SNMP Trap Sensor Alarms Field or Menu Name Description Protocol SNMP v1 SNMP v2c SNMP v3 OID Object Identifier Each managed object...

Page 242: ...an authentication type from the Authentication Type pull down menu iii Enter the authentication password in the Password field iv Select an encryption method from the Encryption pull down menu Communi...

Page 243: ...ollowing figure shows the fields that appear when Pager is selected on the Action menu on the Config Sensor Alarms screen that is shown in Figure 6 26 Figure 6 29 Config Sensor Alarms Pager Message Fi...

Page 244: ...ber field 3 Enter the user name required for authentication in the SMS username field 4 Enter the IP address of the SMS server in the SMS server field 5 Enter the SMS port number in the SMS port field...

Page 245: ...planatory message for the alarm in the Body field 6 Click OK 7 Click Save and apply changes Configuring SNMP The OnBoard administrator can use this screen to configure Simple Network Management Protoc...

Page 246: ...the SNMP service is active by checking the Config Services screen If the security profile in effect enables SNMP you do not need to activate SNMP on the Services screen The following table lists the t...

Page 247: ...ed values The Edit button brings up the screen shown in the following figure Figure 6 32 Config SNMP Edit OnBoard Information Settings T To Configure OnBoard SNMP Information 1 Log into the Web Manage...

Page 248: ...or Sun Net Manager As shown in Figure 6 33 the names of all configured devices that have service processors are listed under the Servers SNMP configuration heading on the Config SNMP screen Figure 6...

Page 249: ...34 a screen appears like the one shown in the following figure when v1 is selected from the SNMP version menu Figure 6 35 Config SNMP Device SNMP Access Dialog With V1 Selected When the administrative...

Page 250: ...ith V2c Selected When the administrative user clicks the Edit button under the Service Processor SNMP setting heading shown in Figure 6 33 a screen appears like the one shown in the following figure w...

Page 251: ...he following figure Figure 6 38 Config SNMP Device SNMP Access Dialog With V1 Selected The fields on the screen shown in Figure 6 38 vary according to which SNMP protocol type is selected Figure 6 38...

Page 252: ...Identifier Each managed object has a unique identifier SNMP version v1 v2c v3 Community SNMP v1 and v2c only The community name is sent in every communication between the client and the server and the...

Page 253: ...t identifier in the OID field c Select a version from the SNMP version pull down menu d If either the v1 or v2c version is selected in Step c enter a community name in the Community field e If the v3...

Page 254: ...a Read view and Write view from the Security level pull down menus d If the v3 version is selected in Step b do the following steps i Configure users as desired by clicking the Add user button and fi...

Page 255: ...any entries as desired with an OID and Mask and select the desired Include and Exclude options from the pull down menu on the left of each entry v Click OK f Click OK 7 Click OK 8 Click Save and apply...

Page 256: ...istrative user can use the Config Syslog screen to tell the OnBoard to send syslog messages to one or all of the following Console Root user if the root user is configured to receive syslog messages m...

Page 257: ...configure messages to be sent to a syslog server add a syslog server to the Syslog servers list by doing the following steps i Enter a syslog server s IP address in the New syslog server field ii Cli...

Page 258: ...n entry appears for each configured device with an Edit button next to each device s entry Figure 6 42 Config Event Log Backend Screen An administrative user can use the Config Event log backend scree...

Page 259: ...he Edit button to edit event logging for a device The Edit OnBoard Event Log Settings for Device displays 4 Select On or Off from the Logging Status pull down menu or accept the currently selected men...

Page 260: ...igure appears Figure 6 44 Config Security Profile Screen The note at the bottom of the security profile configuration screen is a reminder that putting another security profile into effect could disab...

Page 261: ...re a custom security profile for the OnBoard See Understanding Security Profiles on page 12 for important background information The features in the Moderate security profile are described in Table 1...

Page 262: ...6 46 Config Security Profile Dialog With the Secured Profile Enabled Note Follow the reminder at the bottom of the screen shown in Figure 6 46 by making sure to notify all users that they must use HT...

Page 263: ...Open The following figure shows the lists of enabled and disabled features in the dialog for the Open security profile Figure 6 47 Open Security Profile Dialog The features in the Open security profil...

Page 264: ...described in Table 1 9 Services and Other Functions in the Custom Security Profile on page 14 Note Selecting a default authentication type means that the specified authentication type is selected by d...

Page 265: ...abled and make sure the checkboxes are clear next to services and features you want to be disabled 6 Click OK The security profile confirmation screen appears 7 Click the Save and apply changes button...

Page 266: ...ervices 1 Log into the Web Manager as an administrative user 2 Go to Config Services The Services screen displays 3 Click to check a checkbox next to each service you want to enable 4 Click to leave u...

Page 267: ...ures listed in the following table Options Under Network Page 232 Configuring Network Interfaces Page 233 Configuring Firewall Rules for OnBoard Packet Filtering Page 239 Configuring Hosts Page 242 Co...

Page 268: ...Network When an administrative user clicks the Network option in the top menu of the Web Manager seven options appear in the left menu as shown in the following figure Figure 7 1 Network Menu Options...

Page 269: ...re appears Figure 7 2 Network Host Settings Screen Table 7 1 Options Under Network Option Where Described Host Settings Configuring Network Interfaces on page 233 Firewall Configuring Firewall Rules f...

Page 270: ...he following table Table 7 2 Network Interfaces Configuration Values Settings Notes Failover Selecting enabled from the pull down menu configures failover from the primary to the secondary Ethernet po...

Page 271: ...assigned two different IP addresses both interfaces are reachable through either IP address even if the cable is disconnected from one of the interfaces Configuring Routes Configuring the network inte...

Page 272: ...the primary Ethernet interface and the secondary Ethernet interface becomes active only if the primary Ethernet port is not available As a result the values entered in the fields on the screen shown...

Page 273: ...to the Ethernet port s Configuring DNS Figure 7 4 Network Host Settings Screen With Both Interfaces Enabled and DHCP Disabled T To Configure OnBoard Network Interfaces 1 Log into the Web Manager as an...

Page 274: ...address for a network gateway in the Gateway IP field Note The IP address entered in the Gateway IP field is used for the OnBoard s default route e Enter or modify a broadcast IP address in the Broadc...

Page 275: ...igure The administrative user can use this screen to configure packet filtering as described in this section See Understanding Firewall Packet Filtering on the OnBoard on page 63 for background inform...

Page 276: ...atively defined rule for the filter table INPUT chain The number 0 is assigned automatically As shown an Edit and Delete button appear next to the entry for each administrator defined rule The adminis...

Page 277: ...destination IP and subnet mask in the form hostIPaddress or networkIPaddress NN d Depending on which chain you selected select an input or output interface from the Input interface or Output interfac...

Page 278: ...selected from the Input interface or Output interface pull down menu e Accept or change the types of packets to be filtered selected from the Fragments pull down menu f Accept or change the target sel...

Page 279: ...a host the administrative user must enter the information in the top two bullets below IP address Name Alias The Alias is optional T To Add a New Host 1 Log into the Web Manager as an administrative...

Page 280: ...in the following figure appears Figure 7 9 Network Static Routes Screen The administrative user can use the Static routes screen to manually add a static route or to edit or delete existing static ro...

Page 281: ...ld 6 Click Apply 7 Click the Save and apply changes button Table 7 3 Fields and Menus for Configuring Static Routes Field or Menu Name Definition Network Address Enter the IP address of the destinatio...

Page 282: ...users create a VPN connection from their remote computers to enable access native IP features on an SP Also see Example 2 Two Private Subnets and VPN Configuration on page 345 The Web Manager Network...

Page 283: ...ns T To Configure IPSec VPN Make sure that the IPsec service is enabled See Table 1 16 IPSec VPN Configuration Information for Administrators and Users on page 35 if needed for details about the value...

Page 284: ...tHop field d Enter the netmask for the subnet in the Subnet Mask field 10 If RSA public keys is selected in Step 7 do one of the following steps a When configuring the left host generate the key for t...

Page 285: ...an administrative user See To Log Into the Web Manager on page 75 if needed 2 Got to Network VPN connections 3 Enter a single IP address or a pool of IP addresses in the PPP local address pool field 4...

Page 286: ...ch as those generated by the cron daemon The Web Manager Network Outbound email screen appears as shown in the following figure Figure 7 14 Network Outbound Email Screen T To Configure Outbound Email...

Page 287: ...Private subnets screen appears as shown in the following figure Figure 7 15 Network Private Subnets Screen The administrator must define at least one subnet as described under Adding Private Subnets...

Page 288: ...reen the Private Subnet configuration dialog appears as shown in the following screen example Figure 7 16 Network Private Subnets Add Subnet Dialog A subnet is defined by configuring the following The...

Page 289: ...t address is 192 168 0 255 by convention and the OnBoard s address is 192 168 0 254 the administrator can assign an address between 192 168 0 1 and 192 168 0 253 when configuring a connected device Co...

Page 290: ...rivate subnet in the Private subnet name field 4 Enter an IP address for the OnBoard within the private subnet s network address range in the Onboard side IP address field 5 Enter a netmask for the pr...

Page 291: ...r as an administrative user See To Log Into the Web Manager on page 75 if needed 2 Under Virtual Network DNAT configuration enter a virtual IP address to assign to the OnBoard from the virtual network...

Page 292: ...Configuring Private Subnets and Virtual Networks 256 AlterPath OnBoard Administrator s Guide...

Page 293: ...ocedures listed in the following table Options Under Info Page 258 Viewing System Information Page 259 Viewing System Information Page 260 Viewing Information About Detected Devices Page 263 Options U...

Page 294: ...n the following figure Figure 8 1 Info Menu Options The options that appear when an administrative user clicks Info are described in the sections listed below Table 8 1 Options Under Info Option Where...

Page 295: ...vice may be accessed through a single OnBoard private port for that reason configuration is done on devices not on ports This screen is the only place where the port to which a device is connected is...

Page 296: ...erPath OnBoard Administrator s Guide Viewing System Information When an administrative user goes to Info System information a screen appears like the one shown in the following figure Figure 8 3 Info...

Page 297: ...available on the system information screen Table 8 3 Information on the System Information Screen Heading Listed Information System Information Kernel Version Date Up Time Power Supply State CPU Info...

Page 298: ...Active InActive HighTotal HighFree LowTotal LowFree SwapTotal SwapFree Committed_AS VmallocTotal VmallocUsed VmallocChunk PCMCIA Information Socket 0 Ident ity Socket 0 Config Socket 0 Status Socket 1...

Page 299: ...e describes the information provided on the Info Detected devices screen RAM Disk Usage Lists the partitions under the following headings Table 8 4 Information on the Info Detected Devices Screen Head...

Page 300: ...cases the column is empty DHCP Hostname If a DHCP server is enabled as described in Configuring the DHCP Server on page 26 the OnBoard administrator usually assigns a fixed IP address along with a DH...

Page 301: ...screen example Figure 8 5 Mgmt Options The following table describes the Menu Options under Mgmt and provides links to procedures Table 8 5 Tasks Performed Under the Web Manager Mgmt Tab Task Option...

Page 302: ...ny previous backup file Clicking the Load button overwrites the current state of the configuration files with the last backup copy that was made See Understanding How Configuration Changes Are Handled...

Page 303: ...ore Backed up Configuration Files 1 Bring up the Web Manager and log in See To Log Into the Web Manager on page 75 if needed 2 Go to Mgmt Backup restore 3 Click the Restore button to restore any previ...

Page 304: ...irst The Cyclades ftp site address is ftp cyclades com See To Download OnBoard Firmware From Cyclades on page 269 for how to download the firmware for upgrading from a local ftp server Username Userna...

Page 305: ...After downloading the software onto the OnBoard by following this procedure the administrative user needs to perform the procedure under To Upgrade the OnBoard s Operating System Applications and Conf...

Page 306: ...umber and change to binary mode As shown in the previous screen example the directory contains a binary file zImage_onb_version_number bin for the latest software version and a checksum file Image_onb...

Page 307: ...ole session and got to To Upgrade the OnBoard s Operating System Applications and Configuration Files Special Considerations if the Last Boot Was a Network Boot If the OnBoard was last booted over the...

Page 308: ...the following three choices Install into image 1 preserving image 2 Install into image 2 preserving image 1 Erase Flash and install into image 1 The Configuration to install menu provides the followin...

Page 309: ...Configuration to install menu c Click the Upgrade Now button 5 To upgrade using an image from an ftp server do the following steps a Enter the IP address or DNS name of the ftp server in the FTP site...

Page 310: ...ration files after the upgrade the new software runs with the configuration files that were last saved before the upgrade was done Restarting the OnBoard When an administrative user goes to Mgmt Resta...

Page 311: ...owing table Accessing the Command Line Page 276 cycli Utility Overview Page 277 Execution Modes Page 277 Command Line Mode Page 278 Batch Mode Page 278 Interactive Mode Page 278 cycli Options Page 279...

Page 312: ...ole port using a terminal or computer running a terminal emulation program as illustrated in the following figure By remote logins using SSH or PPP or a terminal emulation program Remote users can acc...

Page 313: ...ood use of the cycli utility Example scripts are provided in libexec example_scripts The cycli utility provides a set of commands described under cycli Commands on page 285 The commands act on paramet...

Page 314: ...h mode from the specified file or script See Batch Mode on page 278 Interactive Mode Entered by invoking cycli on the command line The cli prompt appears and the administrator performs configuration b...

Page 315: ...accepted when setting Table 9 1 cycli Utility Options Option Description 1 When entered either in command line or in batch mode with commands that act on a single parameter speeds up response time C C...

Page 316: ...meter No parameters are nested under failover Figure 9 1 Example Branch in the cycli Parameter Tree In this branch the only commands supported are get and set All of the parameters in a branch are ent...

Page 317: ...the following parameters in interactive mode to turn on Ethernet failover Entering a Command in Command Mode Based on the branch in Figure 9 1 you could enter the set command to turn on Ethernet fail...

Page 318: ...he following screen example You could then make the script executable and execute it on the command line as shown in the following screen example If you want to run a cycli command from the same scrip...

Page 319: ...ollowing screen example You can put one or more commands in a plain text file without invoking any shell as shown in the following screen example And then you can invoke the cycli command with the f f...

Page 320: ...parameters as shown in the following screen example Pressing the Tab key once after partially typing a parameter name automatically completes the parameter name unless there is more than one paramete...

Page 321: ...ne TAB cli set network TAB TAB hostname hosts interface resolv smtp st_routes cli set network i TAB cli set network interface eth0 TAB TAB active address broadcast gateway method mtu netmask cli set...

Page 322: ...ers causes one or more related parameters to be added For example in the case where an IP address is added to the hosts list empty hostname and alias parameters are also added Until values are set for...

Page 323: ...160 11 name fruitbat ERR result 5 No such file or directory cli get network hosts 192 168 160 11 name fruitbat ERR result 5 No such file or directory cli add network hosts 192 168 160 11 OK cli get n...

Page 324: ...associated parameters For instance if an IP address is deleted from the host list other parameters associated with a host name alias are also deleted delete parameter s cli cd network network get host...

Page 325: ...Example When get is entered with a partial parameter all the subtrees display In the output if a value is assigned the parameter preceding the value ends with a semicolon cli get network hosts 192 16...

Page 326: ...ace eth1 broadcast network interface eth1 gateway none network interface eth1 mtu 1500 network interface bond0 active no network interface bond0 method static network interface bond0 address 192 168 1...

Page 327: ...es that are currently stored in the RAM memory not the actual value stored in the affected configuration file list List available parameters With no parameters listed the whole parameter tree is displ...

Page 328: ...sult in a whole subtree of parameters being moved For instance if an IP address in the host list is changed all parameters associated with that host name alias are moved under the new name cli list ne...

Page 329: ...e of the values are changed set parameter s value s cli get network hosts 192 168 160 11 network hosts name fruitbat alias cli rename network hosts 192 168 160 11 192 168 160 222 OK cli get network ho...

Page 330: ...kes an entry for a host with the specified IP address in the hosts list Parameters for this new host can be changed with the set command set network hosts IP address name hostname shell Escape to shel...

Page 331: ...d the parameters that need to be added using the add command first before using the set command to set additional parameters and values cli set Tab Tab auth httpd notifications profile syslog auxport...

Page 332: ...Tab Tab shows the boot configuration parameters to set cards Use the set command to configure PCMCIA cards set cards Tab Tab shows the cardtypes and set cards cardtype Tab Tab shows the configuration...

Page 333: ...the add command to add a VPN IPSec connection name add ipsec conn connectionname Use the set command to configure the connection parameters set ipsec conn connection_name Tab Tab shows the configurat...

Page 334: ...rk interface interface_name Tab Tab lists the parameters to configure network ipv4 Use the set command to configure ipv4 set network ipv4 Tab Tab lists the parameters to configure network resolv Use t...

Page 335: ..._method onboard global security encrypt passwords Use the set command to configure whether passwords are encrypted the default is no set onboard global security encrypt_passwords yes no onboard global...

Page 336: ...he add onboard user command to authorize a user to use a device that has been previously configured possibly with set onboard server devicename add onboard user username devicename Use the set onboard...

Page 337: ...ch snmpd access com2sec group user view Use the add snmpd command to add access com2sec group user and view add snmpd access com2sec group user view Use the set snmpd command to configure the paramete...

Page 338: ...as the passwd set user username Tab Tab shows the parameters to set web Use the set web command to specify a user accessible server where the help files have been downloaded set web Tab Tab shows the...

Page 339: ...anced Device Configuration for procedures to use if you have trouble getting connected devices to communicate with the OnBoard Connection Methods for Troubleshooting Page 304 Recovering from root Auth...

Page 340: ...Board s console after establishing a dial in connection from a terminal emulation program to an external modem optionally connected to the OnBoard Local OnBoard administrators can connect to the OnBoa...

Page 341: ...d group databases whose lines do not start with the pound sign For example in the portion of the nsswitch conf file in the following screen example no pound signs appear before the entries for the pas...

Page 342: ...rt the Apache web server T To Restart the Web Manager 1 Enter the http k start command as shown in the following screen example 2 Enter the ps command with the ef option and look for a line with apach...

Page 343: ...rk boots are recommended for troubleshooting For example if you want to test a new release of the software to make sure a problem is fixed or if the removable flash memory becomes corrupted you could...

Page 344: ...Using the create_cf Command When Troubleshooting 308 AlterPath OnBoard Administrator s Guide...

Page 345: ...Tasks for Configuring New Devices Page 310 Understanding How the OnBoard Manages Communications With Devices Page 311 Understanding Address Configuration for Connected Devices Page 336 To Find Out if...

Page 346: ...ddress which hides the real IP address of the device from users and which requires the configuration of a virtual network DNAT The following table lists the sections that apply to each requirement Tab...

Page 347: ...clades com support downloads under the product name AlterPath OnBoard Creating and assigning IP addresses of the following types A device IP address A virtual IP address A private subnet A optional vi...

Page 348: ...mmand differences An OnBoard administrator root or an administrative user can use the onbdtemplate utility on the command line to test the default command templates when configuring a device and to cr...

Page 349: ...rocessors with the IPMI 2 0 RCMP encrypted protocol in either of the two following ways Identify the service processor as a IPMI 1 5 type which enables the OnBoard to communicate with the 2 0 type ser...

Page 350: ...of some firmware versions for various platforms follows for example 1 07 x235 was released before 1 03 x306 1 03 x360 is very different from 1 03 x205 1 03 x205 supports neither event log nor sensors...

Page 351: ...tory SSH_Access txt bidilink_Access txt In addition see the notes in the following files in the libexec onboard directory bidi_login exp ssh_login exp Interact with the web interface of a service proc...

Page 352: ...only for Native IP access When adding any other kind of new device the OnBoard administrator needs to do the following Find out if the new device and its firmware have been tested and proven to work...

Page 353: ...ated 3 Check for updated application notes at http www cyclades com support downloads php under the product name AlterPath OnBoard and if any are found review those notes for additional tips about the...

Page 354: ...can get to the server b If you cannot access the server check the network configuration and fix the problem that is preventing access 10 If you can access the server but still cannot access the servic...

Page 355: ...you are editing Note Sensors may not be supported If any command is not supported leave it commented out in the template 5 Enter the login prompt in the form login_prompt login_prompt 6 Enter the pass...

Page 356: ...e whether or not they are authorized 19 Save and quit the file 20 Enter the saveconf command 21 Logout from the console 22 Log into the Web Manager as an administrative user and go to Config Devices W...

Page 357: ...sed when logging into the OnBoard 8 Go to To Use the onbdtemplate Utility to Create a New Template on page 268 Command Templates Command templates are stored in the etc onboard_templates ini file The...

Page 358: ...he configuration parameters for each configured device except for the username and password information for each device which are stored in the etc onboard_server_auth ini file By default neither file...

Page 359: ...ip 192 168 0 2 local_ip 192 168 0 254 virtual_ip 10 0 0 2 netmask 255 255 255 0 authtype local template ilo default description Compaq Proliant iLO 1 82 server rack1_dev3_dell_drac type drac ip 10 0 0...

Page 360: ...oes not have a template rack1_dev4_newisys_ipmi type ipmi_1 5 ip 10 0 0 4 real_ip 172 10 0 2 local_ip 172 10 0 254 virtual_ip 10 0 0 4 netmask 255 255 255 0 authtype local description Newisys IPMI 1 5...

Page 361: ...Template Works With a New Device on page 317 describes steps the OnBoard administrator can follow to find out whether one of the default RSA templates works and if neither template works to create a n...

Page 362: ...tion menu shown in the following screen example Selecting New from the Action menu brings up an editor with a template file open for you to configure Selecting View Edit Copy Test or Rename from the A...

Page 363: ...he first time you select any action to test you are prompted to enter a username and password If local authentication is specified for the device enter the username and password that you entered to ac...

Page 364: ...t The administrator tests the rsa default command template on a server called rack3_ibm_e306_rsa which is configured for local authentication The administrator must enter the same username password pa...

Page 365: ...xpect scripts associated with each of the custom types By default the talk_customN exp scripts contain warnings that they have not been configured along with some brief instructions on how to get them...

Page 366: ...pect scripts The administrator should set the file permissions to allow reading and execution by all users and writing by members of the admin group The format of a custom Expect script s file name sh...

Page 367: ...ore configuring expect scripts see the notes under usr share docs OnBoard Application_Notes Service_Processor_ Related The following table lists the subdirectories and describes the contents Table A 7...

Page 368: ...le of Creating a Custom IPMI Type Script The OnBoard uses ipmitool commands to communicate with IPMI 1 5 type service processors The OnBoard administrator can create a custom script to communicate wit...

Page 369: ...to the two argument format occurs when the action is spconsole When the second argument is spconsole any other number of arguments may follow all arguments entered after the spconsole action are colle...

Page 370: ...way to handle an unexpected action argument sensors Asks the service processor for a sensor reading and display service processor sensor output on standard output poweron Asks the service processor t...

Page 371: ...er or on a server or other device that supports device console access through its Ethernet port Note ssh must be invoked with the t option when this mode is used log_sensors Retrieves sensor data in a...

Page 372: ...in Preparing an Addressing Scheme on page 55 the OnBoard administrator must plan and implement an IP addressing scheme to create a pool of private IP addresses to assign when configuring connected dev...

Page 373: ...ration file Options for Assigning IP Addresses to Connected Devices on page 368 A virtual network should be created in the following cases To hide a device s private IP addresses from non administrati...

Page 374: ...uirements for Native IP Access on page 341 IPSec VPN Configuration for Example 2 on page 349 PPTP VPN Configuration for Example 2 on page 352 Enabling Native IP and Accessing a Device s Native Feature...

Page 375: ...To enable communications between remote user s workstations on the Internet or local user s on the same LAN and connected devices on the private management network via the OnBoard s Native IP access...

Page 376: ...ator must define IP address or addresses for priv0 by defining private subnet s When multiple private subnets exist their IP addresses are assigned to aliases of priv0 such as priv0 sub1 and priv0 sub...

Page 377: ...long with the IP address assigned to the OnBoard in the form inet addr OnBoardIPaddr If multiple private subnets are configured multiple priv0 private_subnet name interfaces exist each with its admini...

Page 378: ...349 PPTP VPN Configuration for Example 2 on page 352 IPSec VPN Configuration for Example 3 on page 362 and PPTP VPN Configuration for Example 3 on page 364 which discuss routing requirements for the t...

Page 379: ...subnet shown in Figure A 2 Figure A 3 Private Subnet Configuration Example Figure A 3 shows the following values entered in the dialog that appears when the Add Subnet button is clicked on the Network...

Page 380: ...iguration Example As shown in the following screen example the new private subnet name and the OnBoard side IP address and subnet mask from Figure A 3 are assigned to the priv0 interface Figure A 5 if...

Page 381: ...re not in the same network range as the other two devices Configuration details follow including how to set up VPN connections Figure A 6 Example 2 Two Private Subnets OnBoard side IP 192 168 1 1 Alte...

Page 382: ...Figure A 6 and listed here Private subnet sub1 OnBoard side IP address 192 168 1 1 Subnet mask 255 255 255 0 The above values define a range between 197 168 1 0 and 192 168 1 255 256 addresses of whi...

Page 383: ...ivate subnet sub1 so its IP address in the same range 192 168 1 3 sp3 is on private subnet sub2 It has previously been assigned the IP address 192 168 4 21 which cannot be changed sp4 is also on priva...

Page 384: ...e to create the VPN tunnel Make sure the user who needs the VPN access has an account that is authorized for native IP access to the devices The following screen example shows the configuration inform...

Page 385: ...1 and sp2 The second connection supports the IPSec VPN tunnel to sp3 and sp4 The OnBoard administrator must also do the following to enable an IPSec client to access the private subnets where the devi...

Page 386: ...policy equipment compatibility and site routing requirements Note In some circumstances for example if packets are being blocked by a firewall on the client s default gateway the user s workstation an...

Page 387: ...anager for the user to insert into the ipsec conf file on the user s workstation The authorized user must do the following to enable the IPSec client running on the user s workstation to bring up the...

Page 388: ...ompleted a VPN connection must be created This example shows the configuration steps that must be performed by the OnBoard administrator and by a user on a remote workstation for setting up an PPTP VP...

Page 389: ...is authorized for native IP access to sp1 sp2 sp3 and sp4 as shown in Figure A 10 The user s account is configured for PPTP access to the OnBoard as shown in Figure A 13 The following figure shows an...

Page 390: ...station to discover the IP address assigned to the OnBoard s end of the PPTP VPN tunnel When the PPTP tunnel is being activated the OnBoard chooses an IP address from each of the address pools for the...

Page 391: ...or the appropriate private subnet to access the OnBoard and then enables Native IP access to the desired device Enabling Native IP Access In this example to enable native IP access on sp1 or sp2 on su...

Page 392: ...browser On the user s workstation on the command line entering the ssh command with the name alias of the device along with the IP address of the OnBoard side address for the subnet where the device r...

Page 393: ...the following cases To hide the addresses of the connected devices from users by the use of virtual IP addresses Caution When an authorized user has service processor access device console access or...

Page 394: ...management actions Power commands Sensor commands System event log commands As stated elsewhere users who have the following types of access to a device cannot be prevented from seeing the real IP ad...

Page 395: ...ddresses in the 172 20 0 1 range to hide the real private subnet IP addresses Figure A 14 Example 3 Virtual Network Configuration AlterPath OnBoard Primary Ethernet port eth0 IP 203 1 2 3 Subnet mask...

Page 396: ...evice named sp3 a virtual IP of 172 20 0 4 The device named sp4 with IP 192 168 4 22 does not work with virtual network DNAT addressing so it cannot be contacted using a virtual IP address Therefore t...

Page 397: ...address 172 20 0 2 assigned to the device sp1 on the Web Manager Config Devices screen to implement the configuration shown in Figure A 14 Figure A 16 Example 1 Device Configuration Example Figure A 1...

Page 398: ...c VPN connection must be configured to create the IPSec VPN tunnel from the user s workstation to sp1 sp2 and sp3 which are on both private subnets in example 3 Configuration of connSub2 would be stil...

Page 399: ...ction Configuration for Access to sub1 Private Subnet and sp1 and sp2 Devices As in the earlier example the OnBoard administrator must do the following to enable the IPSec client to access the subnets...

Page 400: ...described under Enabling Native IP and Accessing a Device s Native Features Using Real IP Addresses for Example 2 on page 355 PPTP VPN Configuration for Example 3 After the private subnets device and...

Page 401: ...Enabling native IP and accessing the device s native features is the same as described under Enabling Native IP and Accessing a Device s Native Features Using Real IP Addresses for Example 2 on page 3...

Page 402: ...menush menu in one of the following ways ssh username 172 20 0 1 ssh t username 172 20 0 menu Select Access Devices from the menu Select either sp1 sp2 or sp3 from the devices menu Select Enable nativ...

Page 403: ...e user s workstation by bringing it up from there If the management application resides on the service processor and is an executable that can be invoked on the command line by accessing the service p...

Page 404: ...h a default IP address would not be used Instead an IP address of the OnBoard administrator s choosing would probably be assigned from the site s private side device IP addressing scheme using one of...

Page 405: ...Appendix A Advanced Device Configuration 369 Understanding Address Configuration for Connected Devices ssh_tunnel pdf tftp pdf...

Page 406: ...Understanding Address Configuration for Connected Devices 370 AlterPath OnBoard Administrator s Guide...

Page 407: ...Network Boot Options and Caveats Page 378 Options for the create_cf Command Page 381 Options for the restoreconf Command Page 384 To Boot from an Alternate Image Using cycli Page 375 To Boot in U Boo...

Page 408: ...systems mounted on three Linux partitions The first partition for each image contains the kernel the second partition contains the root filesystem mounted read only and the third partition contains th...

Page 409: ...partition which is mounted read write contains the configuration files Figure B 1 Boot Partitions The previous figure also shows a configuration backup partition dev hda3 in removable flash This part...

Page 410: ...so that the system boots from the new image Do a network boot from the image and then save it onto the removable flash The U Boot monitor command net_boot boots the image from the TFTP server specifie...

Page 411: ...ity See To Boot from an Alternate Image Using cycli on page 375 Boot in U Boot monitor mode and use the available boot commands See To Boot in U Boot Monitor Mode on page 377 T To Boot from an Alterna...

Page 412: ...ny key before the timer expires brings the OnBoard to U Boot monitor mode If boot fails the OnBoard automatically enters U Boot monitor mode The U Boot hw_boot command boots from either the first or s...

Page 413: ...ime elapses to stop the boot The U Boot monitor prompt appears 4 Enter help to see a list of supported commands T To Boot from an Alternate Image in U Boot Monitor Mode 1 Go to U Boot monitor mode See...

Page 414: ...ooting and must not be used for normal operation of the OnBoard For example if you want to test a new release of the software to make sure a problem is fixed or if the removable flash memory becomes c...

Page 415: ...d ipaddr environment variables using the boot filename the TFTP boot server s IP address and the IP address of the OnBoard to use for network booting The format of the boot filename is zmppcons vversi...

Page 416: ...te Image in U Boot Monitor Mode on page 377 if needed 9 Enter the reboot command T To Restore the OnBoard Configuration Files to the Last Saved Version This procedure assumes that you or a previous ad...

Page 417: ...reate_cf command with the factory_default option Options for the create_cf Command You can use the create_cf command when troubleshooting problems with the boot image as described under To Replace a B...

Page 418: ...the factory default configuration d device Creates the image on the specified device The default device is dev hda the removable flash memory Make sure the filesystem is not mounted Use the d device o...

Page 419: ...RAM into the flash memory PCMCIA card in PCMCIA slot 1 Saving an Image into the Image2 area and Restoring the Factory Default Configuration The following command saves the image from RAM into the imag...

Page 420: ...conf subcommands are shown in the following screen example restoreconf Usage Restore from flash restoreconf Restore from factory default restoreconf factory_default Restore from storage device restore...

Page 421: ...r security policies See also authentication authorization and encryption ActiveX A set of technologies developed by Microsoft from its previous OLE object linking and embedding and COM component objec...

Page 422: ...de a specific function such as an ASIC chip that serves as a BMC authentication The process by which a user s identity is checked usually by checking a user supplied username and password before the u...

Page 423: ...e Cyclades products save configuration changes in the affected configuration files while maintaining a backed up compressed set of configuration files in a separate directory The backup directory s co...

Page 424: ...not operable Sits on the server s baseboard motherboard on an internal circuit board or on the chassis of a blade server Monitors on board instrumentation Provides remote reset or power cycle capabili...

Page 425: ...d presses the Enter or Return key The computer processes the command displays output when appropriate and displays another prompt Users can save a series of frequently used commands in a script Being...

Page 426: ...e community name must be also configured on the SNMP server For security reasons the default community name public cannot be used console A computer mode that gives access to a computer s command line...

Page 427: ...HCP dynamic host configuration protocol A service that can automatically assign an IP address to a device on a network which saves administrator s time and reduces the number of IP addresses needed Ot...

Page 428: ...servers may include an independent DRAC system controller Several incompatible version types exist DRAC II DRAC III DRAC III XT DRAC IV along with several incompatible firmware versions All controller...

Page 429: ...used by IPSec AH is the other ESP encrypts and authenticates data flowing over the connection Does not define the authentication method that must be used DES 3DES AES and Blowfish are commonly used wi...

Page 430: ...any reason When the primary component becomes available it takes over the work again Automatically and transparently redirects requests from the unavailable component to the backup component Used to...

Page 431: ...assigns MIB numbers to organizations iLO Integrated Lights Out Hewlett Packard s proprietary service processor pronounced EYE loh Even though HP is a major supporter of IPMI the company also provides...

Page 432: ...it can function even if the operating system is unavailable or if the system is powered down The OnBoard supports IPMI version 1 5 OnBoard administrators can create custom Expect scripts to support IP...

Page 433: ...y servers that are connected to the switch Cyclades AlterPath KVM analog switches are one component of the out of band infrastructure KVM over IP switch A KVM switch that supports remote access over a...

Page 434: ...need for a site visit management software Each server company that offers a service processor produces its own client side software to access the servers management features through the service proce...

Page 435: ...of one set of IP addresses for internal traffic and another set of IP addresses for traffic over the public network The AlterPath OnBoard uses NAT to allow access to service processors and managed dev...

Page 436: ...native web interface A service processor feature that allows browser access to the service processor s information management configuration and actions by means of a HTTP HTTPS server running on the s...

Page 437: ...with a high accuracy network time protocol server OID A unique indentifier for each object in an SNMP MIB The OID naming scheme is in the form of an inverted tree with branches pointing downward The...

Page 438: ...lidated console and KVM ports AlterPath PM IPDUs the AlterPath OnBoard service processor manager and the AlterPath Manager for centralized control of and access through multiple AlterPath devices to u...

Page 439: ...ion as PPP production network The network on which the primary computing work of an organization is done Users on a production network expect 24 7 365 availability with access to data and resources as...

Page 440: ...remote media to control power and to manage the console through a web browser using a built in Web server Provides more options than the IPMI service processor that is available on IBM xseries e325 a...

Page 441: ...f access through a single Ethernet address see IP address consolidation to services that are provided by service processors from several different vendors and to the console of certain servers and oth...

Page 442: ...P agent software send data from management information bases MIBs to the SNMP manager software On certain Cyclades devices administrators can enable SNMP to allow a remote administrator to manage the...

Page 443: ...nistrator and an internal baseboard management controller BMC that enables the management features Management features can include serial console emulation using Telnet or IPMI KVM over IP power contr...

Page 444: ...andards NIST and the Canadian government s Communications Security Establishment CSE Authorized users on the AlterPath OnBoard can enter an OnBoard specific set of commands such as poweron poweroff po...

Page 445: ...that is physically connected to the remote administrator s computer to VPN virtual private network A mechanism enabling two computers to securely transfer information over an otherwise untrusted netw...

Page 446: ...410 AlterPath OnBoard Administrator s Guide...

Page 447: ...n 3 4 configuring with cycli 7 default method 8 default type for devices 13 local fallback option 7 method 8 modem 45 supported methods 5 supported types for IPSec 33 type selecting a default 90 authe...

Page 448: ...ivate subnets 98 when changing the default rmenu sh menu 49 51 when creating a command template 320 when creating filtering rules 63 certificate signing request generating 23 certification authorities...

Page 449: ...severity level 39 crond daemon 52 currentimage environment variable 374 383 curses commands 313 custom security profile 8 14 bypassing authorizations 12 customizing command templates 312 expect script...

Page 450: ...ot 2 device name 382 devconsole default command template 106 321 device configuration 310 unique tasks 310 device console 105 device management 3 device management actions event log 313 power 313 serv...

Page 451: ...d up restored 70 certificate files pre added to 24 etc httpd conf ssl key server key file 24 etc menu ini login shell configuration file 48 etc onboard_templates ini file 320 321 eth0 42 eth1 42 Ether...

Page 452: ...clades 269 flash memory 62 272 378 partitions 381 PCMCIA card 383 configuration form 139 flow control 44 format storage media while creating a boot image 382 FORWARD packet filtering chain 64 ftp serv...

Page 453: ...oderate security profile 12 VPN connections 35 iptables introduction 64 67 K Kerberos authentication 5 7 33 181 kernel version 261 keys conventions for hot keys escape keys and keyboard shortcuts xxxi...

Page 454: ...ation 318 configuring basic parameters Web Manager 237 network interfaces configuring 233 234 configuring a default route 51 93 235 configuring Web Manager 234 configuring Wizard 84 91 network route 5...

Page 455: ...devices and outlets 11 power management commands 312 318 325 configuring 46 device 313 on IBM servers using RSA II cards 314 power on 312 power supply state 261 PPP 4 10 45 74 configuring options 46...

Page 456: ...261 rmenush login shell configuring 48 root user 51 cannot log in 304 routes default configuring for the OnBoard 51 93 235 routing for the OnBoard understanding 51 specifying the OnBoard s default ro...

Page 457: ...n LDAP configuring 184 NIS configuring 185 RADIUS configuring 187 SMB configuring 189 TACACS configuring 191 syslog 40 service processors 41 53 54 console 313 318 hiding vulnerable protocols used by 3...

Page 458: ..._ipmi exp Expectscript 313 talk_rsa_I exp Expect script 313 325 tasks configuration using the Wizard 84 device configuration 310 for administering packet filtering 66 for assigning a command template...

Page 459: ...management 47 configuring Wizard 84 107 planning device and IPDU outlet access 11 users and groups authorizations 3 usr bin rmenush login shell configuring 48 V var log console devicename log 62 vendo...

Page 460: ...424 AlterPath OnBoard Administrator s Guide...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands