Opengear ACM5000 User Manual Download Page 118

Page: 118 / 335

Chapter 5:

Firewall, Failover and Out of Band

118

Console Server & RIM Gateway User Manual

Action: Block

The firewall rules are processed in a set order- from top to bottom. So rule placement is important.

For

example with the following rules, all traffic coming in over the

Network Interface

is blocked except when it comes from two

nominated IP addresses (

SysAdmin

and

Tony

To allow all incoming traffic on all
interfaces from the SysAdmin:

To allow all incoming
traffic from Tony:

To block all incoming traffic
from the Network Interface:

Interface

Any

Network Interface

Port Range

Any

Source MAC

Any

Source IP

IP address of SysAdmin

IP address of Tony

Any

Destination IP

Any

Protocol

TCP

Direction

Ingress

Action

Accept

Block

However if the

Rule Order

above was to be

changed so the “

Block Everyone Else

” rule was second on the list then the

traffic coming in over the

Network Interface

from

Tony

would be blocked.

Summary of Contents for ACM5000

Page 1: ...Advanced Console Server RIM Gateway User Manual 1 User Manual ACM5000 ACM5500 RIM Gateways IM4000 IM4200 DCIM Managers CM4000 DCIM Console Servers SD4000 Secure Device Server Rev 4 5 April 16th 2012...

Page 2: ...tective grounding conductor must be connected through to ground Always pull on the plug not the cable when disconnecting the power cord from the socket Do not connect or disconnect the console server...

Page 3: ......

Page 4: ...rial Port Connection 25 2 4 1 Opengear Classic RJ45 pinout option X0 26 2 4 2 Cisco Rolled Cyclades RJ45 pinout option X1 26 2 4 3 Cisco RJ45 pinout option X2 27 2 5 USB Port Connection 27 2 6 Fitting...

Page 5: ...77 4 10 3 Windows OpenVPN Client and Server set up 80 4 11 PPTP VPN 84 4 11 1 Enable the PPTP VPN server 84 4 11 2 Add a PPTP user 86 4 11 3 Set up a remote PPTP client 86 4 12 Call Home 88 4 12 1 Set...

Page 6: ...thentication 134 6 8 Setting up SDT for Remote Desktop access 134 6 8 1 Enable Remote Desktop on the target Windows computer to be accessed 134 6 8 2 Configure the Remote Desktop Connection client 136...

Page 7: ...sors 186 8 3 4 Environmental alerts 188 8 3 5 Environmental status 188 8 4 Digital I O Ports 189 8 4 1 Digital I O Output Configuration 189 8 4 2 Digital I O Input Configuration 190 8 4 3 High Voltage...

Page 8: ...ve Users 234 12 2 Statistics 234 12 3 Support Reports 235 12 4 Syslog 236 12 5 Dashboard 236 12 5 1 Configuring the Dashboard 237 12 5 2 Creating custom widgets for the Dashboard 238 MANAGEMENT 240 13...

Page 9: ...tc config snmpd conf 284 15 5 5 Adding multiple remote SNMP managers 285 15 6 Secure Shell SSH Public Key Authentication 286 15 6 1 SSH Overview 286 15 6 2 Generating Public Keys Linux 286 15 6 3 Inst...

Page 10: ...Table of Contents 10 Console Server RIM Gateway User Manual...

Page 11: ......

Page 12: ...that will be supported 4 Serial Network Covers configuring serial ports and connected network hosts and setting up users 5 Firewall Failover OoB Describes setting up the firewall router functions and...

Page 13: ...n access serial or network connected devices and control these devices using the specified services e g Telnet HHTPS RDP IPMI Serial over LAN Power Control An authorized User also has a limited view t...

Page 14: ...an action you should take as part of the procedure Bold text indicates text that you type or the name of a screen object e g a menu or button on the Management Console Italic text is also used to indi...

Page 15: ...t could include technical inaccuracies or typographical errors Changes are periodically made to the information herein these changes may be incorporated in new editions of the publication Proper back...

Page 16: ...02 2 1 1 Temp probes 02 Ext AC DC ACM5004 4 1 1 Temp probes 02 Ext AC DC ACM5004 2 4 2 2 Temp probes 02 Ext AC DC ACM5003 M 3 1 1 Internal Temp probes 02 Ext AC DC ACM5003 W 3 1 1 802 11 Temp probes 0...

Page 17: ...The sections below show the components shipped with each of these models 2 1 1 IM4208 2 IM4216 2 IM4232 2 IM4248 2 and IM4216 34 kit components Part 509006 Part 509007 Part 509008 Part 509009 IM4216...

Page 18: ...e parts shown above and that they all appear in good working order Proceed to connect your IM4004 5 to the network the serial ports USB ports and LAN ports of the controlled devices and to the AC powe...

Page 19: ...e parts shown above and that they all appear in good working order Proceed to connect your CM4008 to the network the serial ports of the controlled servers and AC power as shown below 2 1 5 CM4001 and...

Page 20: ...M5000 kit components Part 509054 Part 509055 Part 509056 Part 509057 Part 509058 Part 509059 Part 509000 Part 509073 ACM5002 Advanced Console Server ACM5003 M ACM5003 W ACM5004 ACM5004 2 ACM5004 G ACM...

Page 21: ...34 DAC IM4208 2 DAC IM4216 2 DAC IM4232 2 DAC and IM4248 2 DAC power These standard IM42xx and IM4216 34 console servers all have dual universal AC power supplies with auto failover built in These pow...

Page 22: ...in sequence 2 2 4 CM4001 SD4002 and SD4001 power The CM4001 SD4002 and SD4001 models are each supplied with an external DC wall mount power supply A specific power supply models for each region will...

Page 23: ...ecting the DC power lines to a power plug that plugs into the 12VDC PWR jack Similarly the ACM5500 can be powered by connecting an external 9V AC to 24V AC power source to this jack The industrial ACM...

Page 24: ...ower supply Turn on the DC power The safety covers are an integral part of the DDC product Do not operate the unit without the safety cover installed Any exposed wire lead from a DC input power source...

Page 25: ...of an external device to the console server serial port confirm that the device does support the standard RS 232C EIA 232 The console servers come with one to forty eight serial connectors for the RS2...

Page 26: ...ic RJ45 pinout option X0 The CM4000 CM4100 and IM4004 models have the Opengear Classic RJ45 pinout shown below The IM4200 console servers are also available with this RJ45 pinout as an option PIN SIGN...

Page 27: ...X2 G and IM42xx 2 DAC X0 G models have one USB1 1 port on the front face and one USB 2 0 port at the rear face This USB2 0 port uses a micro AB USB connector so an adapter cable is also included Thes...

Page 28: ...rear of the ACM5004 G GI Then place the unit and or aerial in a location that will ensure the best signal The ACM5504 5 G I ACM5004 G I and current revisions of the ACM5004 G GV all come with dual SMA...

Page 29: ...cellular modems from Sierra Wireless The USB modem attaches to one of the rear USB 2 0 ports on the IM4200 DAC X2 via the modem s USB adapter cable Similarly external USB cellular modem can be attach...

Page 30: ...address of 192 168 0 1 the console server and the computer are on the same LAN segment with no interposed router appliances 3 1 1 Connected computer set up To configure the console server with a brow...

Page 31: ...s 192 168 100 23 00 13 C6 00 02 0F Type ping t 192 18 100 23 to start a continuous ping to the new IP Address Turn on the console server and wait for it to configure itself with the new IP address It...

Page 32: ...m Firewall page Refer Chapter 5 Enable IP masquerading for cellular connection System Firewall page Refer Chapter 5 After completing each of the above steps you can return to the configuration list by...

Page 33: ...which each can contain up to 254 characters However only the first eight Password characters are used to make the password hash The MOTD Banner can be used to display a message of the day text to auth...

Page 34: ...it is to be connected to On the System IP menu select the Network Interface page then check DHCP or Static for the Configuration Method If you selected Static you must manually enter the new IP Addre...

Page 35: ...re your computer so it has an IP address that is in the same network range as this new address as detailed in an earlier note in this chapter Click Apply You will need to reconnect the browser on the...

Page 36: ...ny of the Ethernet or cellular network connections on the console server by default DDNS is disabled on all ports Select the DDNS service provider from the drop down Dynamic DNS list on the System IP...

Page 37: ...02 11 wireless OoB Failover second Ethernet connections VPN IPSec or Open VPN connection over any network interface Check uncheck for each network which service access is to be enabled disabled In the...

Page 38: ...d console server then enabling this service will set up default tftp and ftp server on the USB flash These servers are used to store config files maintain access and transaction logs etc Files transfe...

Page 39: ...have appropriate communications software tools set up on the Administrator and User client s computer Opengear provides the SDT Connector as the recommended client software tool however other generic...

Page 40: ...T Connector can be installed on Windows 2000 XP 2003 7 Vista PCs and on most Linux UNIX and Solaris 3 5 2 PuTTY Communications packages like PuTTY can be also used to connect to the Console server com...

Page 41: ...your username and password from the remote system You will then be logged on to the console server 3 6 Management Network Configuration The IM4200 IM4004 5 ACM5500 and ACM5004 2 console servers have...

Page 42: ...nfigured with an active Management LAN This can be a 4 port ETH1 4 Management LAN switch or a 3 port ETH2 4 switch with ETH 1 configured for OoB Failover The above Management LAN features are all disa...

Page 43: ...the DHCP Server field or go to the System DHCP Server menu and check Enable DHCP Server Enter the Gateway address that is to be issued to the DHCP clients If this field is left blank the console serv...

Page 44: ...llocated in the event of a reboot 3 6 3 Select Failover or broadband OoB The IM4200 family ACM5508 2 I M ACM5504 5 G I IM4004 5 and ACM5004 2 console servers provide a failover option so in the event...

Page 45: ...N function on Network LAN 2 3 6 4 Aggregating the network ports By default the console server s Management LAN network ports can only be accessed using SSH tunneling port forwarding or by establishing...

Page 46: ...nternal 802 11g wireless client LAN adapter The other ACM5000 models and IM4004 5 models can be fitted externally with a Opengear WUBR 101 802 11g USB dongle To configure the wireless LAN connection L...

Page 47: ...omatically disables any static address The console server MAC address can be found on a label on the base plate The wireless LAN when enabled will operate as the main network connection to the console...

Page 48: ...irmware 3 4 and later support static routes which provide a very quick way to route data from one subnet to different subnet So you can hard code a path that specifies to the console server router to...

Page 49: ...address of a router that will route packets to the destination network Enter a value in the Metric field that represents the metric of this connection This generally only has to be set if two or more...

Page 50: ...ks nominate specific IP addresses that trusted users access from Cascading and Redirection of Serial Console Ports Connecting to Power UPS PDU and IPMI and Environmental Monitoring EMD devices Serial...

Page 51: ...protocol options for multiple serial ports at once click Edit Multiple Ports and select which ports you wish to configure as a group If the console server has been configured with distributed Nagios m...

Page 52: ...ole Server Mode Select Console Server Mode to enable remote management access to the serial console that is attached to this serial port Logging Level This specifies the level of information to be log...

Page 53: ...s a gateway then as a host and you enable Telnet service on Port 2000 serial port i e 2001 2048 Refer Chapter 6 for more details on using SDT Connector for Telnet and SSH access to devices that are at...

Page 54: ...the console server serial ports you can use SDT Connector You configure SDT Connector with the console server as a gateway then as a host and you enable SSH service on Port 3000 serial port i e 3001 3...

Page 55: ...cting Unauthenticated Telnet enables telnet access to the serial port without requiring the user to provide credentials When a user accesses the console server to telnet to a serial port they normally...

Page 56: ...to computers which are locally connected to the console server by their serial COM port However such port forwarding requires a PPP link to be set up over this serial port For configuration details r...

Page 57: ...ridging the serial data on a nominated serial port on one console server is encapsulated into network packets and then transported over a network to a second console server where is then represented a...

Page 58: ...local values and the Priority to critical At this priority if the console server syslog server does receive a message it will automatically raise an alert Refer to Chapter 7 Alerts Logging 4 1 8 NMEA...

Page 59: ...the IM4208 16 32 48 models However GPS support is not available for devices with an externally attached cellular modem 4 2 Add Edit Users The Administrator uses this menu selection to set up edit and...

Page 60: ...Administrator access 2 Membership of the user group provides the user with limited access to the console server and connected Hosts and serial devices These Users can access only the Management sectio...

Page 61: ...minate the Accessible Hosts Accessible Ports and Accessible RPC Outlet s that you wish any users in this new Group to be able to access Click Apply 4 2 1 Set up new Users To set up new users and to cl...

Page 62: ...ng into this port Enter the Dial Back Phone Number with the phone number to call back when user logs in Click Apply The new user will now be able to access the Network Devices Ports and RPC Outlets yo...

Page 63: ...ccess a locally networked computer or device referred to as a Host you must identify the Host and specify the TCP or UDP ports services that will be used to control that Host Selecting Serial Network...

Page 64: ...The Administrator can then configure these devices and enable which users have permissions to remotely cycle power etc refer Chapter 8 Otherwise leave the Device Type set to None If the console serve...

Page 65: ...permitted connection to the nominated port Host Subnet Address 204 15 5 128 Subnet Mask 255 255 255 224 Click Apply Note The above Trusted Networks will limit access by Users and Administrators to the...

Page 66: ...ibuted locally on a LAN or remotely around the world 4 6 1 Automatically generate and upload SSH keys To set up public key authentication you must first generate an RSA or DSA key pair and upload them...

Page 67: ...simply Click here to return and the keys will automatically be uploaded to the Master and connected Slaves 4 6 2 Manually generate and upload SSH keys Alternately if you have a RSA or DSA key pair you...

Page 68: ...ized Key Click Apply The next step is to Fingerprint each new Slave Master connection This once off step will validate that you are establishing an SSH session to who you think you are On the first co...

Page 69: ...first Slave added will be assigned port number 17 onwards Once you have added all the Slave console servers the Slave serial ports and the connected devices are configurable and accessible from the M...

Page 70: ...ay need to write custom scripts to provide this view This is covered in Chapter 11 4 7 Serial Port Redirection PortShare Opengear s Port Share software delivers the virtual serial port technology your...

Page 71: ...ected or USB if USB connected IP Address if network connected Power PDU outlet details if applicable and any UPS connections Devices such as servers will commonly have more than one power connections...

Page 72: ...s the RPC UPS Host is not created until this connection step is completed refer Chapter8 Power and Environment Note The outlet names on this newly created PDU will by default be Outlet 1 Outlet 2 When...

Page 73: ...etween advanced console serves distributed at remote sites and a VPN gateway such as Cisco router running IOS IPsec on their central office network Users and administrators at the central office can t...

Page 74: ...unnel you are adding such as WestStOutlet VPN Select the Authentication Method to be used either RSA digital signatures or a Shared secret PSK o If you select RSA you will asked to click here to gener...

Page 75: ...figured enter the private subnet details in Left Subnet Use the CIDR notation where the IP address number is followed by a slash and the number of one bits in the binary notation of the netmask For ex...

Page 76: ...rver within a data center Configuration of OpenVPN can be complex so Opengear provides a simple GUI interface for basic set up as described below However for more detailed information on configuring O...

Page 77: ...thority CA certificate and key which is used to sign each of the server and client certificates This Root CA Certificate will be a crt file type For a server you may also need dh1024 pem Diffie Hellma...

Page 78: ...r Manual To enter authentication certificates and files Edit the OpenVPN tunnel Select the Manage OpenVPN Files tab Upload or browse to relevant authentication certificates and files Apply to save cha...

Page 79: ...way User Manual 79 To enable OpenVPN Edit the OpenVPN tunnel Check the Enabled button Apply to save changes Note Please make sure that the console server system time is correct when working with OpenV...

Page 80: ...is section outlines the installation and configuration of a Windows OpenVPN client or a Windows OpenVPN server and setting up a VPN connection to a console server Console servers with firmware V3 5 2...

Page 81: ...le will need to be created Using a text editor create an xxxx ovpn file and save in C Program Files OpenVPN config For example C Program Files OpenVPN config client ovpn An example of an OpenVPN Windo...

Page 82: ...ccess the server enter the proxy server DNS name or IP and port number ca file name Enter the CA certificate file name and location The same CA certificate file can be used by the server and all clien...

Page 83: ...ying of the successful connection and assigned IP This information as well as the time the connection was established is available anytime by scrolling over the OpenVPN icon Note An alternate OpenVPN...

Page 84: ...s clients If you take your portable computer on a business trip you can dial a local number to connect to your Internet access service provider ISP and then create a second connection tunnel into your...

Page 85: ...e client password is transmitted unencrypted None Select the Required Encryption Level Access is denied to remote users attempting to connect not using this encryption level Strong 40 bit or 128 bit e...

Page 86: ...client Ensure the remote VPN client PC has Internet connectivity To create a VPN connection across the Internet you must set up two networking connections One connection is for the ISP and the other c...

Page 87: ...remote VPN clients to the local network you need to know the user name and password for the PPTP account you added as well as the Internet IP address of the Opengear appliance If your ISP has not all...

Page 88: ...ach of its Managed Console Servers These connections are used for monitoring commanding and accessing the Managed Console Servers and the Managed Devices connected to the Managed Console Server To man...

Page 89: ...4 12 2 Accept Call Home candidate as Managed Console Server on CMS This section gives an overview on configuring the CMS to monitor console servers that are connected via Call Home For more details r...

Page 90: ...lick Add o Enter IP Address and SSH Port if these fields have not been auto completed and enter a Description and unique Name for the Managed Console Server you are adding o Enter the Remote Root Pass...

Page 91: ...may create a Remote port forward from the Server to this unit or a Local port forward from this unit to the Server Specify a Listening Port to forward from leave this field blank to allocate an unused...

Page 92: ...sole server All IM4200 models ACM5508 2 M and ACM5003 M come with an internal modem which can provide for OoB dial in access These models will display a Internal Modem Port tab under System Dial as we...

Page 93: ...editing etc mgetty config files as described in the Chapter 14 Advanced Check the Enable Dial In Access box In the Remote Address field enter the IP address to be assigned to the dial in client You c...

Page 94: ...Chapter 5 Firewall Failover and Out of Band 94 Console Server RIM Gateway User Manual...

Page 95: ...line level 5 2 2 Using SDT Connector client Administrators can use their SDT Connector client to set up secure OoB dial in access to remote console servers The SDT Connector Java client software prov...

Page 96: ...e console server can be set up either in Failover mode where a dial out connection is only established in event of a ping failure or with the dial out connection is always on In both of the above case...

Page 97: ...connection However in firmware versions later than 3 0 2 HTTPS access is also enabled So the administrator can then SSH or HTTPS connect to the console server and fix the problem When configuring the...

Page 98: ...e modem Note You can further configure the console modem port e g to include modem init strings by editing etc mgetty config files as described in the Chapter 13 Advanced Check the Enable Dial Out Acc...

Page 99: ...r The failover state will be removed once the original state has been re established 5 4 OoB Broadband Ethernet Access The ACM5500 ACM5000 IM4004 5 and IM4200 family of advanced console servers have a...

Page 100: ...0 ACM5000 IM4004 5 and IM4200 family of advanced console servers can also be configured for failover to ensure transparent high availability When configuring the principal network connection specify M...

Page 101: ...priority and reestablished following three successful pings of the probe addresses during failover The failover state will be removed once the original state has been re established Note For firmware...

Page 102: ...B 2 0 ports Before powering on the ACM5004 G I ACM55044 5 G I or IM4200 X2 G you must install the SIM card provided by your cellular carrier and attach the external aerial Note The ACM5004 G I and ACM...

Page 103: ...o enable Override DNS check the Override returned DNS Servers box Enter the IP of the DNS servers into the spaces provided Check Apply and a radio connection will be established with your cellular car...

Page 104: ...zon uses 22899 Telus uses 22886 Click Activate to initiate the OTASP call The process is successful if no errors are displayed and you no longer see the CDMA Modem Activation form If OTASP is unsucces...

Page 105: ...k Activate If no errors occur you will see the new values entered into the NAM Profile at the Cellular page on Status Statistics Navigate to the Internal Cellular Modem tab on System Dial To connect t...

Page 106: ...cellular modem connection on you can also see the connection status from the LEDs on top of unit Note The ACM5004 G I and ACM5504 5 G Ihas two cellular status LEDs The WWAN LED on top of unit is OFF w...

Page 107: ...d the cellular modem connection is always on However to be directly accessed the console server needs to have a Public IP address and it must not have SSH access firewalled Almost all carriers offer c...

Page 108: ...the principal network the 3G network connection is activated as the access path to the console server and its Managed Devices Only HTTPS and SSH access is enabled on the failover connection which sho...

Page 109: ...8 5 7 4 Cellular CSD dial in setup Once you have configured carrier connection the cellular modem can be configured to receive Circuit Switched Data CSD calls Note CSD is a legacy form of data transm...

Page 110: ...rver RIM Gateway User Manual 5 8 Firewall Forwarding Opengear console servers and cellular routers with Version 3 3 firmware and beyond have basic routing NAT Network Address Translation packet filter...

Page 111: ...connections originating within the private network destined for the outside public network and each outbound connection is maintained by using a different source IP port number When using IP Masquerad...

Page 112: ...work to enable Forwarding For example to configure a single Ethernet device such as an ACM5004 G as a cellular router The Source Network would the Network Interface and the Destination Network would b...

Page 113: ...tatic gateway address being the address of the console server and set the DNS server address to be the same as used on the external network i e if the console server is acting as an internet gateway o...

Page 114: ...the external network i e if the console server is acting as an internet gateway or a cellular router then use the ISP provided DNS server address Enter the Default Lease time and Maximum Lease time i...

Page 115: ...m Firewall page and click on the Port Forwarding tab Click Add New Port Forward Fill in the following fields Name Name for the port forward This should describe the target and the service that the por...

Page 116: ...rotocols For example to forward port 8443 to an internal HTTPS server on 192 168 10 2 the following settings would be used Input Interface Any Input Port Range 8443 Protocol TCP Output Address 192 168...

Page 117: ...XX where XX are hex digits Source Address Range Specify the source IP address or address range to match IP address ranges use the format ip netmask where netmask is in bits 1 32 This may be left blank...

Page 118: ...coming traffic on all interfaces from the SysAdmin To allow all incoming traffic from Tony To block all incoming traffic from the Network Interface Interface Any Any Network Interface Port Range Any A...

Page 119: ......

Page 120: ...ices in the secure network With one click SDT Connector sets up a secure SSH tunnel from the client to the selected console server then establishes a port forward connection to the target network conn...

Page 121: ...sers can be authorized to access the console server ports and specified network attached hosts To simplify configuration the Administrator can first set up Groups with group access permissions then Us...

Page 122: ...so supported however they must have Firefox installed SDT Connector can run on any system with Java 1 4 2 and above installed but it assumes the web browser is Firefox and that xterm e telnet opens a...

Page 123: ...nstructions for a range of routers Also you can use the Open Port Check tool from http www canyouseeme org to check if port forwarding through local firewall NAT router devices has been properly confi...

Page 124: ...redirected configure access to the console server itself this is shown as a Local Services host configure access with the enabled services for the serial port devices connected to the console server N...

Page 125: ...ices support at least 10 simultaneous client tunnels ACM5000 ACM5500 IM4216 4248 and CM4116 4148 each support at least 50 such concurrent connections So for a site with a CM4116 gateway you can have a...

Page 126: ...b Click Add Enter a Service Name and click Add Under the General tab enter the TCP Port that this service runs on e g 80 for HTTP Optionally select the client to use to access the local endpoint of th...

Page 127: ...pecify Advanced port redirection options Enter the local address to bind to when creating the local endpoint of the redirection It is not usually necessary to change this from localhost Enter a local...

Page 128: ...ation SDT Connector typically launches a client using command line arguments to point it at the local endpoint of the redirection There are three special keywords for specifying the command line forma...

Page 129: ...ion If the client PC is dialing into Local Console port on the console server you will need to set up a dial in PPP link Configure the console server for dial in access following the steps in the Conf...

Page 130: ...s to the gateway console you must configure the console server to allow port forwarded network access to itself With V3 3 firmware and later this can be done using the console server Management Consol...

Page 131: ...erial console on the device attached to serial port 2 on the gateway To enable SDT Connector to access to devices connected to the gateway s serial ports you must also configure the Console server its...

Page 132: ...ection may be achieved by initiating a dial up connection or adding an alternate route to the gateway SDT Connector allows for maximum flexibility is this regard by allowing you to provide your own sc...

Page 133: ...you connect to a service on a host behind the gateway or to the console server gateway itself SDT Connector will initiate the OoB connection using the provided Start Command The OoB connection isn t...

Page 134: ...You may have to restart SDT Connector to shut down any existing tunnels that were established using password authentication Also if you have a host behind the console server that you connect to by cl...

Page 135: ...ess open User Accounts in the Control Panel and proceed through the steps to nominate the new user s name password and account type Administrator or Limited Note With Windows XP Professional and Vista...

Page 136: ...then Communications and click Remote Desktop Connection In Computer enter the appropriate IP Address and Port Number Where there is a direct local or enterprise VPN connection enter the IP Address of...

Page 137: ...s NT 4 0 and Windows 2000 When run this software allows these older Windows platforms to remotely connect to a computer running current Windows B On a Linux or UNIX client PC Launch the open source rd...

Page 138: ...l Network Computing VNC Users and Administrators can securely access and control Windows Linux Macintosh Solaris and UNIX computers There s a range of popular VNC software available UltraVNC RealVNC T...

Page 139: ...nt for cross platform and minimalist reasons UltraVNC runs under Windows operating systems 95 98 Me NT4 2000 XP 2003 Download UltraVNC from Sourceforge s UltraVNC file list B For Linux servers and cli...

Page 140: ...ission on the Server or use a plain wallpaper Refer to http doc uvnc com for detailed configuration instructions To establish the VNC connection first configure the VNC Viewer entering the VNC Server...

Page 141: ...ote access of a home network using SSH Remote Desktop and VNC for the home user http theillustratednetwork mvps org RemoteDesktop SSH RDP VNC RemoteDesktopVNCandSSH html Taking your desktop virtual wi...

Page 142: ...ow to set up an advanced network connection between the Windows computer through its COM port to the console server Both Windows 2003 and Windows XP Professional allow you to create a simple dial in s...

Page 143: ...addresses which are not used anywhere else on your network The From address will be assigned to the Windows XP 2003 computer and the To address will be used by the console server For simplicity use th...

Page 144: ...it is a simply task to enable the null modem connection for the dial in configuration C For earlier version Windows computers again follow the steps in Section B above however to get to the Make New C...

Page 145: ...have setup on the console server that has access to the desired port Next you need to add a New SDT Host In the Host address you need to put portxx where xx the port you are connecting to Example for...

Page 146: ...in Add new forwarded port enter any high unused port number for the Source port e g 54321 Set the Destination IP details If your destination device is network connected to the console server and you a...

Page 147: ...e Add button Click Open to SSH connect the Client PC to the console server You will now be prompted for the Username Password for the console server user If you are connecting as a User in the users g...

Page 148: ...ypted So a malicious user could snoop your VNC session Also there are VNC scanning programs available which will scan a subnet looking for PCs which are listening on one of the ports which VNC uses Tu...

Page 149: ......

Page 150: ...models can maintain log records of all access and communications with the console server and with the attached serial devices A log of all system activity is also maintained as is a history of the sta...

Page 151: ...eout for the time in seconds after resolution to delay before this Auto Response can be triggered again Check Repeat Trigger Actions to continue to repeat trigger action sequences until the check is r...

Page 152: ...ition In the Environmental Check menu select the specific Environmental Sensor to be checked for the trigger Specify the Trigger value in C F for Temp and for Humidity that the check measurement must...

Page 153: ...fore configuring Alarms Digital Inputs checks in Auto Response you first must configure the sensor DIO that is to be attached to your EMD or ACM5000 7 2 3 UPS Power Supply To use the properties of any...

Page 154: ...ched UPS 7 2 5 Serial Login Logout To monitor serial ports and check for login logout or pattern matches for Auto Response triggers events Click on Serial Login Logout as the Check Condition Then in t...

Page 155: ...resolve actions will not be run 7 2 6 ICMP Ping To use a ping result as the Auto Response trigger event Click on ICMP Ping as the Check Condition Specify which Address to Ping i e IP address or DNS n...

Page 156: ...trigger check script file e g etc config test sh bin sh logger A test script logger Argument1 1 logger Argument2 2 logger Argument3 3 logger Argument4 4 if f etc config customscript 0 then rm etc conf...

Page 157: ...Response Click on SMS Command as the Check Condition Specify which Phone Number in international format of the phone sending the SMS message Set the Incoming Message Pattern PCRE regular expression to...

Page 158: ...us it could be online onbatt battlow AR_CHECK_DEV the device name of the device being checked e g for Alarm the alarm name TIMESTAMP the current timestamp HOSTNAME the hostname of the console server T...

Page 159: ...Leave as 0 for unlimited Enter any Arguments that are to be passed to the script and click Save New Action 7 3 5 Send SNMP Trap Click on Send SNMP Trap as the Add Trigger Action Enter a unique Action...

Page 160: ...on Delay Times set 7 5 Configure SMTP SMS SNMP and or Nagios service for alert notifications The Auto Response facility enables remote alerts to be sent as Trigger and Resolve Actions Before such aler...

Page 161: ...ators who provide email to SMS forwarding to phones on any carriers Alternately if your console server has an embedded or externally attached cellular modem you will be given the option to send the SM...

Page 162: ...P connection Note The option to directly send SMS alerts via the cellular modem was included in the Management GUI in V3 4 Advanced console servers have had the gateway software SMS Server Tools 3 emb...

Page 163: ...s running SNMP belong It helps define where information is sent SNMP default communities are private for Write and public for Read Configure SNMP v3 if required For SNMP v3 messages the user s details...

Page 164: ...y configure a Primary SNMP server from the Management Console Refer Chapter 15 5 for details on configuring the snmptrap daemon to send traps notifications to multiple remote SNMP servers 7 5 4 Send N...

Page 165: ...d of all serial port activity To specify which serial ports are to have activities recorded and to what level data is to be logged Select Serial Network Serial Port and Edit the port to be logged Spec...

Page 166: ...etwork attached Hosts For each Host when you set up the Permitted Services which are authorized to be used you also must set up the level of logging that is to be maintained for each service Specify t...

Page 167: ...console server also logs access and communications with network attached hosts and maintain a history of the UPS and PDU power status To activate and set the desired levels of logging for each serial...

Page 168: ...rly network attached PDUs can be controlled with a browser e g with SDT as detailed in Chapter 6 3 or an SNMP management package or using the vendor supplied control software Also servers and network...

Page 169: ...responding Host Name Description that you set up for that connection will be entered as the Name and Description for the power device Alternately if you select to Connect Via a Serial connection then...

Page 170: ...upported by the embedded PowerMan and Opengear s power manager Enter the Username and Password used to login into the RPC Note that these login credentials are not related the Users and access privile...

Page 171: ...ure the RPC with the number of outlets specified in the selected RPC Type or will query the RPC itself for this information Note Opengear s console servers support the majority of the popular network...

Page 172: ...strips and servers with embedded IPMI service processors or BMCs Select the Manage Power and the particular Target power device to be controlled and the Outlet to be controlled if the RPC supports out...

Page 173: ...3 Click on View Log or select the RPCLogs menu and you will be presented with a table of the history and detailed graphical information on the selected RPC Click Manage to query or control the individ...

Page 174: ...hapter 8 2 6 8 2 1 Managed UPS connections A Managed UPS is a UPS that is directly connected as a Managed Device to the console server It can be connected by serial or USB cable or by the network The...

Page 175: ...S refer Chapter 4 1 1 Common Settings Then select UPS as the Device Type Similarly for each network connected UPS go to Serial Network Network Hosts menu and configure the UPS as a connected Host by s...

Page 176: ...d in Serial Networks Users Groups Select the action to take when UPS battery power becomes critical i e Shut down the UPS or Shut down all Managed UPSes or simply Run until failure Note The shutdown s...

Page 177: ...only run when then UPS reaches critical battery status Click Apply Note You can also customize the upsmon upsd and upsc settings for this UPS hardware directly from the command line 8 2 2 Remote UPS m...

Page 178: ...to be logged These logs can then be viewed from the Status UPS Status screen Check Enable Shutdown Script if this remote UPS is the UPS providing power to the console server itself In the event the UP...

Page 179: ...d computers and other equipment without them have a client running e g communications and surveillance gear Set up a UPS alert and using this to trigger a script which control a PDU to shut off the po...

Page 180: ...configuration information on the select UPS System Select UPS Logs and you will be presented with the log table of the load battery charge level temperature and other status information from all the M...

Page 181: ...ers server and clients The driver programs talk directly to the UPS equipment and run on the same host as the NUT network server upsd Drivers are provided for a wide assortment of equipment from most...

Page 182: ...is embedded in Opengear console servers These NUT clients and servers all are embedded in each Opengear console server with a Management Console presentation layer added and they also are run remotel...

Page 183: ...sensor and can optionally be configured to have up to four general purpose status sensor ports which can be connected smoke or water detector and vibration or open door sensors directly connected Usi...

Page 184: ...le servers with 01 and 02 pinouts only support attaching a single sensor to each EMD The EMD can be used only with an Opengear console server and cannot be connected to standard RS232 serial ports on...

Page 185: ...nd which is read as a TTL low or a digital 0 For custom applications a user can sense the state closed or open of non Opengear dry contact sensors through the UI or command line It is also possible to...

Page 186: ...rnal EMD So go to the Serial Network Environmental page and enable the Internal EMD Then configure the attached sensors as alarms as covered in the next section 8 3 3 Adding EMDs and configuring the s...

Page 187: ...ide Labels for each of the alarm sensors you will used e g Door Open or Smoke Alarm Check Log Status and specify the Log Rate minutes between samples if you wish the status from this EMD to be logged...

Page 188: ...nmental status You can monitor the current status of all any configured external EMDs and their sensors and any internal or directly attached sensors Select the Status Environmental Status menu and a...

Page 189: ...n be configured with a default direction and state Select the System I O Ports menu 8 4 1 Digital I O Output Configuration Each of the two digital I O ports DIO1 and DIO2 can be configured as an Input...

Page 190: ...l page and edit and enable the Internal EMD Also the low voltage circuits in DIO1 and DIO2 should not be wired to voltages greater than 5V DC Alternately these input ports can be monitored using the i...

Page 191: ......

Page 192: ...tion method for the console server is Local Any authentication method that is configured will be used for authentication of any user who attempts to log in through Telnet SSH or the Web Manager to the...

Page 193: ...tion and flexible administrative control over the authentication and authorization processes TACACS allows for a single access control server the TACACS daemon to provide authentication authorization...

Page 194: ...was developed by Livingston Enterprises as an access server authentication and accounting protocol The RADIUS server can support a variety of methods to authenticate a user When it is provided with th...

Page 195: ...ndard but significantly simpler and more readily adapted to meet custom needs The core LDAP specifications are all defined in RFCs LDAP is a protocol used to access information stored in an LDAP serve...

Page 196: ...ns set on the remote TACACS server Users automatically added by RADIUS will have authorization for all resources whereas those added locally will still need their authorizations specified LDAP has not...

Page 197: ...dded to the end of any existing content in the attribute in the following format group_name testgroup1 users The above example sets the remote user as a member of testgroup1 and users if groups with t...

Page 198: ...ng which makes setting up remote groups easier The console server will retrieve a list of all the remote groups that the user is a direct member of and compare their names with local groups on the con...

Page 199: ...tive Directory servers If required enter the group information for LDAP Console Server Group DN and or LDAP Administration Group DN A user must be a member of the LDAP Console Server Group DN group in...

Page 200: ...etting is 20 minutes CLI Management Session Timeout specifies the ssh console session idle timeout in minutes The default setting is to never expire Console Server Session Timeout specifies the pmshel...

Page 201: ...ating users Nowadays a number of new ways of authenticating users have become popular The challenge is that each time a new authentication scheme is developed it requires all the necessary programs lo...

Page 202: ...Appliance and a port or networked host the user may access See the example configuration files below for example TACACS Example user tim service raccess priv lvl 11 port1 cm4001 port02 port2 192 168...

Page 203: ...do this the console server must be enabled to generate a new cryptographic key and the associated Certificate Signing Request CSR that needs to be certified by a Certification Authority CA A certific...

Page 204: ...th of this password is 4 characters Confirm Challenge Password Confirmation of the Challenge Password Key length This is the length of the generated key in bits 1024 Bits are supposed to be sufficient...

Page 205: ......

Page 206: ...Console servers and their attached network and serial hosts from a central location Note If you have an existing Nagios deployment you may wish to use the console server gateways in a distributed moni...

Page 207: ...Typically a client PC laptop etc running Windows Linux or Mac OS X Runs SDT Connector client software 1 5 0 or later Possibly remote to the central Nagios server or distributed console servers i e a r...

Page 208: ...the software from scratch The Nagios website http www nagios org has several Quick Start Guides that walk through this process Once you are able to browse to your Nagios server and see its web UI and...

Page 209: ...g 192 168 1 10 and enter a Description e g Windows 2003 IIS Server Remove all Permitted Services This server will be accessible using Terminal Services so check TCP Port 3389 and log level 1 and click...

Page 210: ...imary function of the wizard is to connect to each distributed Opengear console server and import configuration into the central Nagios server This effectively adds the hosts and service checks you se...

Page 211: ...the clients The final step is to set up SDT Connector on each of the client PCs The client PCs use a web browser to view the Nagios web UI running on the central Nagios server This web UI links to SDT...

Page 212: ...rial console port and the service check beginning with check_serial and click the link to Connect via SDT Note that these actions will also trigger the alert_login alerts that you added 10 3 Configuri...

Page 213: ...or DNS name that the upstream Nagios server will use to reach the console server if unspecified this will default to the first network port s IP Network 1 as entered in System IP In Nagios Server Add...

Page 214: ...nd check NRPE Enabled Enter the details the user connection to the upstream Nagios monitoring server and again refer the sample Nagios configuration example below for details of configuring specific N...

Page 215: ...erver to be monitored must be configured for Nagios checks Refer Chapter 4 4 Network Host Configuration for details on enabling Nagios monitoring for Hosts that are network connected to the console se...

Page 216: ...mitted TCP UDP to monitor a service that you have previously added as a Permitted Service Select Check TCP UDP to specify a service port that you wish to monitor but do not wish to allow external SDT...

Page 217: ...ce over the period of the check interval If NRPE is enabled then the upstream server will be able to request status updates under its own scheduling 10 4 Advanced Distributed Monitoring Configuration...

Page 218: ...atus host_name server use generic service check_command check_serial_status define service service_description serial signals server host_name server use generic service check_command check_serial_sta...

Page 219: ...t_ping_ HOSTNAME define service service_description Host Ping host_name server use generic service check_command check_ping_via_opengear define service service_description host ping server host_name s...

Page 220: ...r service This status is then communicated to the upstream Nagios server which uses the results to monitor the current status of the distributed network Each console server is preconfigured with a sel...

Page 221: ...lug ins package can be downloaded from ftp opengear com There also are bash scripts which can be downloaded and run primarily check_log sh To configure additional checks the downloaded plug in program...

Page 222: ...de and how often they are performed Access method will also play a part The table below shows the performance of three of the console server models 1 2 port 8 port and 16 48 port tabulating Time No en...

Page 223: ...SCA checks are also batched So in the previous example the two checks per minute will be sent through in a single transaction 10 4 5 Distributed Monitoring Usage Scenarios Below are a number of distri...

Page 224: ...be to upload check results through NSCA Another may be to provide an SSH tunnel to allow the Nagios server to run NRPE commands Remote site with no network access In this scenario the console server a...

Page 225: ......

Page 226: ...t reset is affected by Selecting Reboot in the System Administration menu and clicking Apply The console server reboots with all settings e g the assigned network IP address preserved However this sof...

Page 227: ...p opengear com firmware For ACM5000 family download acm500x flash For CM4116 4148 download cm41xx flash For CM4008 download cm4008 flash For CM4001 download cm4001 flash For IM4216 34 and IM4208 16 32...

Page 228: ...alidity period of the certificate Select the System Date Time menu option Manually set the Year Month Day Hour and Minute using the Date and Time selection boxes then click Set Time The gateway can sy...

Page 229: ...adding new Users or Managed Devices or before performing a firmware upgrade Select the System Configuration Backup menu option or click the icon Note The configuration files can also be backed up from...

Page 230: ...ation backup files you have stored onto the USB flash To restore a backup from the USB simply select Restore on the particular backup you wish to restore and click Apply After saving a local configura...

Page 231: ...ic device For example changes to authentication methods or user accounts may be grouped and run once to minimize system downtime To enable Check the Delayed Config Commits button under System Administ...

Page 232: ...ger be displayed in the top right hand corner of the screen and configurations will no longer be queued 11 6 FIPS Mode The ACM5500 ACM5000 IM4004 5 and IM4200 family of advanced console server familie...

Page 233: ...l Select the System Administration menu option Check FIPS Mode to enable FIPS mode on boot and check Reboot to safely reboot the console server Click Apply and the console server will now reboot It wi...

Page 234: ...8 2 RPC Status Chapter 8 1 Environmental Status Chapter 8 3 12 1 Port Access and Active Users The Administrator can see which Users have access privileges with which serial ports Select the Status Po...

Page 235: ...to Also when you have successfully connected the SSID of this access point will then be shown in the Wireless ESSID filed of ra0 shows below as which is not connected 12 3 Support Reports The Support...

Page 236: ...s and Syslog Server Port details and click Apply The console maintains a local Syslog To view the local Syslog file Select Status Syslog To make it easier to find information in the local Syslog file...

Page 237: ...then you will see the dashboard for John on log in and each time you click on the Status Dashboard menu item If there is no dashboard layout configured for John but there is an admin group dashboard c...

Page 238: ...t are also deleted To configure what is to be displayed by each widget Go to the Configure widgets panel and configure each selected widget e g specify which UPS status is to be displayed on the ups w...

Page 239: ...e specific widget The best way to format the output would be to send HTML commands back to the browser by adding echo commands in the script echo table You can of course run any command and its output...

Page 240: ...all configured Managed Devices whereas the User will only see the Managed Devices they or their Group has been given access privileges for Select Serial Network or Power for a view of the specific co...

Page 241: ...vice using HTTP is unencrypted and not secure The Web Terminal connects to the command line or serial device using the same protocol that is being used to browse to the Opengear Management Console i e...

Page 242: ...ich could be downloaded into your browser to connect to the console server and attached serial port devices However jcterm had some JRE compatibility issues and is no longer supported 13 3 2 SDT Conne...

Page 243: ...ole server must be added as a gateway as detailed in Chapter 6 13 4 Power Management Administrators and Users can access and manage the connected power devices Select Manage Power This enables the use...

Page 244: ...d stty powerman nut etc However without care these configurations may not withstand a power cycle reset or reconfigure So Opengear provides a number of custom command line utilities and scripts to mak...

Page 245: ...xt for the config command type config h The config application resides in the bin directory The environmental variable called PATH contains a route to the bin directory This allows a user to simply ty...

Page 246: ...to turn the config xml file into live config they will simply ignore this fruit node Administrators must make sure of the spelling when typing config commands Incorrect spelling for a node will not be...

Page 247: ...manager mode config s config ports port5 mode portmanager To set the following optional config elements for this mode Data accumulation period 100 ms Escape character default is log level 2 default is...

Page 248: ...a network connection to a remote serial port via RFC 2217 on port 5 config s config ports port5 mode bridge Optional configurations for the network address of RFC 2217 server of 192 168 3 3 and TCP p...

Page 249: ...t To add this user to specific groups admin users config s config users user2 groups group1 groupname config s config users user2 groups group2 groupname2 etc To give this user access to a specific po...

Page 250: ...have an RPC device connected to port 1 on the console manager and the RPC is configured To give this group access to RPC outlet number 3 on the RPC device run the two commands below config s config p...

Page 251: ...s config auth radius acct_server comma separated list list of remote accounting servers If unset Authentication and Authorization Server Address will be used config s config auth radius password passw...

Page 252: ...192 168 3 10 Host name OfficePC Description MyPC Allowed sevices ssh port 22 https port 443 log level for services 1 Issue the commands below If the Host is not a PDU or UPS power device or a server...

Page 253: ...nfig s config portaccess rule2 address 192 168 5 0 config s config portaccess rule2 description foo bar config s config portaccess rule2 netmask 255 255 255 0 config s config portaccess rule2 port5 on...

Page 254: ...s monitor1 username User2 config s config ups monitors monitor1 password secret config s config ups monitors monitor1 sdorder 2 config s config ups monitors monitor1 driver genericups config s config...

Page 255: ...igured to run in device mode and that the device is set to rpc To add an RPC with the following values RPC type APC 7900 Connected via Port 2 UPS name MyRPC Description RPC in room 5 Login name for de...

Page 256: ...onfig s config ports port3 enviro alarms alarm2 label window alarm config s config ports port3 enviro alarms total 2 config s config ports port3 enviro log enabled on config s config ports port3 envir...

Page 257: ...s config eventlog server logpriority priority priority can be Info Alert Critical Debug Emergency Error Notice Warning Assume the remote log server needs a username name1 and password secret config s...

Page 258: ...g s config alerts alert2 signal DSR config s config alerts alert2 type login Signal Alert To trigger an alert when a signal changes state on port 1 config s config alerts alert2 port1 on config s conf...

Page 259: ...ert2 signal DSR config s config alerts alert2 type enviro Example2 To configure a load sensor alert for outlets 2 and 4 for an RPC called RPCInRoom20 config s config alerts alert2 outlet1 RPCname outl...

Page 260: ...rd secret config s config system smtp subject SMTP alerts To set up an SMTP SMS server with the same details as above config s config system smtp server2 mail opengear com config s config system smtp...

Page 261: ...ig s config interfaces wan address 192 168 0 23 config s config interfaces wan netmask 255 255 255 0 config s config interfaces wan gateway 192 168 0 1 config s config interfaces wan dns1 192 168 0 1...

Page 262: ...ware clock time as the system time bin hwclock hctosys To change the timezone config s config system timezone US Eastern The following command will synchronize the live system with the new configurati...

Page 263: ...me 300000 seconds DNS server1 192 168 2 3 DNS server2 192 168 2 4 Domain name company com Default gateway 192 168 0 1 IP pool 1 start address 192 168 0 20 IP pool 1 end address 192 168 0 100 Reserved...

Page 264: ...s rfc2217 portbase port base number Default 5000 config s config services unauthtel portbase port base numberDefault 6000 The following command will synchronize the live system with the new configurat...

Page 265: ...ERPENT GOST NSCA password secret NSCA check in interval 5 minutes NSCA port 5650 defaults to 5667 user to run as User1 defaults to nsca group to run as Group1 defaults to nobody config s config system...

Page 266: ...atus information using SNMP and modifying SNMP with net snmpd public key authenticated SSH communications SSL configuring HTTPS and issuing certificates using pmpower for NUT and PowerMan power device...

Page 267: ...anager pattern alert exists If either of these files exists the script calls the exec command on the first file that it finds and runs that custom file script instead As an example you can copy the et...

Page 268: ...add the following lines below the existing lines export TOADDR emailaddress domain com bin sh etc scripts alert email suffix These two lines assign a new email address to TOADDR and invoke the alert...

Page 269: ...eting e g 3 NEWTOTAL is the modified total i e TOTAL 1 CHECKTOTAL checks if TOTAL is the actual total items in xml LASTFIELD 1 ROOTNODE 1 NUMBER echo LASTFIELD sed s a zA Z g TOTALNODE echo 1 sed s 1...

Page 270: ...e s LASTFIELDTEXT NUMBER COUNTER LASTFIELDTEXT NUMBER COUNTER 1 e s done let COUNTER done deleting last user config d ROOTNODE LASTFIELDTEXT TOTAL Modifying item total config s TOTALNODE NEWTOTAL ech...

Page 271: ...ands pmpower and date will run The output from these commands is sent to the file tmp output log so that we have some kind of record The ping detect is also run in the background using the Remember th...

Page 272: ...d any commands to the custom script and they will be invoked after the configurator runs The custom scripts must be in the correct location etc config scripts config post To create an alerts custom sc...

Page 273: ...tmp is not a good location for the backup except as a temporary location before transferring it off box The tmp directory will not survive a reboot The etc config directory is not a good place either...

Page 274: ...t pmshell Typing the character sequence will exit from pmshell Set RTS to 1 run the command pmshell rts 1 Show all signals pmshell signals DSR 1 DTR 1 CTS 1 RTS 1 DCD 0 Read a line of text from the se...

Page 275: ...connected to the serial port If the script cannot be executed then portmanager will execute etc config scripts portXX chat via the chat command on the serial port When an alert occurs on a port When...

Page 276: ...port Otherwise any setup you do with stty will get lost when the portmanager opens the port the reason that portmanager sets things back to its config rather than using whatever is on the port is so...

Page 277: ...to build a specialized firewall This firewall script will be run whenever the LAN interface is brought up including initially and will override any automated system firewall settings Below is a simple...

Page 278: ...cludes Serial port status Active users Remote Power Control RPC and Power Distribution Unit PDU status Environmental Monitoring Device EMD status Signal alert status Environmental alert status and UPS...

Page 279: ...3 is susceptible to man in the middle attacks Recent IETF developments suggests tunnelling SNMP over widely accepted technologies such as SSH Secure Shell or TLS Transport Layer Security rather than r...

Page 280: ...e Community field is used to specify the SNMPv1 or SNMPv2c community that will be allowed read write GET GETNEXT and SET access Configure SNMP v3 if required SNMP v3 provides secure SNMP operations th...

Page 281: ...opy the mibs from etc snmp mibs on the Opengear product to a local directory using scp or Winscp For example scp root im4004 etc snmp mibs Using the snmpwalk and snmpget commands the status informatio...

Page 282: ...th snmpwalk Oa v3 l noAuthNoPriv u readonlyusername M usr share snmp mibs im4004 OG STATUS MIB ogStatus auth snmpwalk Oa v3 l authNoPriv u readonlyusername a SHA A authpassword M usr share snmp mibs i...

Page 283: ...ity Name or Read Only Username a Authentication Protocol SHA or MD5 A Authentication Password x Privacy Protocol DES or AES X Privacy Password A mib browser may be used to explore the Opengear enterpr...

Page 284: ...ch as system contact name and location can be achieved by editing etc config snmpd conf file and locating the following lines sysdescr opengear syscontact root root localhost configure etc default snm...

Page 285: ...field config set config system snmp community3 public To set the SNMP Manager v3 Engine ID field config set config system snmp engineid3 0x8000000001020304 replacing 0x8000000001020304 with the hex En...

Page 286: ...penSSH is based on the last free version of Tatu Ylonen s sample implementation with all patent encumbered algorithms removed to external libraries all known security bugs fixed new features reintrodu...

Page 287: ...can be simply uploaded through the web interface on the System Administration page This enables you to upload stored RSA or DSA Public Key pairs to the Master and apply the Authorized key to the slav...

Page 288: ...the server will only have one client device then the authorized_keys file is simply a copy of the public key for that device If one or more devices will be clients of the server then the authorized_k...

Page 289: ...generate and configure SSH keys using Windows First create a new user from the Opengear Management the following example uses a user called testuser making sure it is a member of the users group If y...

Page 290: ...tc config users testuser ssh authorized_keys chown testuser etc config users testuser ssh authorized_keys Using WinSCP copy the attached sshd_config over etc config sshd_config on the server Makes sur...

Page 291: ...in the middle attack It is also possible that the RSA host key has just been changed The fingerprint for the RSA key sent by the remote host is ab 7e 33 bd 85 50 5a 43 0b e0 bd 43 3f 1c a5 f8 Please...

Page 292: ...need to balance the security of separate keys against the additional administration they bring Generated keys may be one of two types RSA or DSA and it is beyond the scope of this document to recomme...

Page 293: ...rver and two sets of keys for the control_room and the plant_entrance ls home user keys control_room control_room pub plant_entrance plant_entrance pub cat home user keys control_room pub home user ke...

Page 294: ...Hudson The OpenSSL toolkit is licensed under an Apache style licence which basically means that you are free to get and use it for commercial and non commercial purposes subject to some simple license...

Page 295: ...asiest way to enable the HTTPS server is from the web Management Console Simply click the appropriate checkbox in Network Services HTTPS Server and the HTTPS server will be activated assuming the ssl_...

Page 296: ...o a powerman daemon on non default host and optionally port V version Display the powerman version number and exit D device Displays RPC status information If targets are specified only RPC s matching...

Page 297: ...g new RPC devices There are a number of simple paths to adding support for new RPC devices The first is to have scripts to support the particular RPC included in either the open source PowerMan projec...

Page 298: ...nly it ensures interoperation with the port manager The final options speed charsize stop and parity define the recommended or default settings for the attached device 15 10 IPMItool The console serve...

Page 299: ...absent or if password_file is empty the password will default to NULL h Get basic usage help from the command line H address Remote server address can be IP address or hostname This option is required...

Page 300: ...0 the maximum password length is 20 characters longer passwords are truncated COMMANDS help This can be used to get command line help on ipmitool commands It may also be placed at the end of commands...

Page 301: ...the Master is in control of the serial ports on the Slaves and the Master s Management Console provides a consolidated view of the settings for its own and all the Slave s serial ports However the Ma...

Page 302: ...m can run other external programs or scripts after events like reception of a new message successful sending and also when the program detects a problem These programs can inspect the related text fil...

Page 303: ......

Page 304: ...he console server and monitor and manage attached serial console and host devices addgroup Add a group or add an user to a group adduser Add an user agetty alternative Linux getty arp Manipulate the s...

Page 305: ...diagnostic command loopback1 Opengear loopback diagnostic command loopback2 Opengear loopback diagnostic command loopback8 Opengear loopback diagnostic command loopback16 Opengear loopback diagnostic...

Page 306: ...d reports serial port configuration sh Shell showmac Shows MAC address sleep Delay for a specified amount of time smbmnt Helper utility for mounting SMB file systems smbmount Mount an SMBFS file syste...

Page 307: ...line With config a new configuration can be activated by running the relevant configurator which performs the action necessary to make the configuration changes live portmanager which provides a buffe...

Page 308: ...etary to Opengear however the code will be provided to customers under NDA Also inbuilt in the console server is a Port Manager application and Configuration tools as described in Chapters 14 and 15 T...

Page 309: ...rg hash r p pathname name help s pattern history c d offset n or hi if COMMANDS then COMMANDS elif jobs lnprs jobspec or job kill s sigspec n signum si let arg arg unset f v name until COMMANDS do COM...

Page 310: ...Power Consumption All less than 30W CPU ACM5002 3 4 M W G 2 Micrel KSZ8692 ARM9 Others Micrel KS8695P controller Memory ACM5002 3 4 M W G 2 32MB SDRAM 16MB Flash ACM5504 8 2 5 M G I 64MB SDRAM 16MB Fl...

Page 311: ...B9 port 2400 to 115 200 bps Ethernet Connectors ACM5002 3 4 M W G One RJ 45 10 100Base T Ethernet ports ACM5004 2 ACM5504 2 and ACM5508 2 Two RJ 45 10 100Base T Ethernet ports IM4208 16 32 48 2 Two RJ...

Page 312: ...ersonnel To avoid electric shock the power cord protective grounding conductor must be connected through to ground Always pull on the plug not the cable when disconnecting the power cord from the sock...

Page 313: ......

Page 314: ...d on the rear panel of the IM4004 5 and CM4008 on the front face of the ACM5000 and ACM5500 and on the front panel of the rack mount CM41xx and IM42xx The ACM5000 and ACM5500 models and the IM4216 34...

Page 315: ...DEFINITION DIRECTION 1 RTS Request To Send Output 2 DTR Data Terminal Ready Output 3 TXD Transmit Data Output 4 GND Signal Ground NA 5 CTS Clear To Send Input 6 RXD Receive Data Input 7 DCD Data Carri...

Page 316: ...eived Line Signal Detector 9 Reserved for data set testing 10 Reserved for data set testing 11 Unassigned 12 SCF Secondary Rcvd Line Signal Detector 13 SCB Secondary Clear to Send 14 SBA Secondary Tra...

Page 317: ...d ship with cross over straight RJ45 DB9 connectors Part 319014 DB9F RJ45S straight connector Part 319015 DB9F RJ45S cross over connector The CM4008 4116 4148 IM4208 16 48 Classic and IM4004 5 all hav...

Page 318: ...UTP Cat 5 cable For console servers with Opengear classic pinouts 319000 DB9F to RJ45 straight Console server with Opengear classic pinout to IP Power and other serial device 319001 DB9F to RJ45 cros...

Page 319: ...h 1023 Registered Ports are those from 1024 through 49151 Dynamic and or Private Ports are those from 49152 through 65535 Well Known Ports are assigned by IANA and on most systems can only be used by...

Page 320: ...upports by default two RS232 ports on Port 1 and Port 2 DB9 connectors Port 2 on the SD40X2 Can also be software selected to be an RS485 or RS422 port connected through the screw terminal block shown...

Page 321: ...e SD4001 is configured in RS232 mode with a vertical jumper in place on the left hand SEL pins To set the port in RS422 or RS485 mode you must remove the SEL jumper and then configure the Signaling Pr...

Page 322: ...uses a full duplex transmit on TX Transmit Data TX Transmit Data pair receive on RX Receive Data RX Receive Data pair RS 485 uses half duplex over single pair For RS 485 which is a 2 wire bus that dri...

Page 323: ......

Page 324: ...s verified that the entity is who it says it is Certificate Authority A Certificate Authority is a trusted third party which certifies public key s to truly belong to their claimed owners It is a key...

Page 325: ...o it rather than somebody else in the local area It is a 48 bit number usually written as a series of 6 hexadecimal octets e g 00 d0 cf 00 5b da A console server has a MAC address listed on a label un...

Page 326: ...racter stream from the baseboard universal asynchronous receiver transmitter UART to and from the remote client system over a LAN With SOL support and BIOS redirection to serial remote managers can vi...

Page 327: ...a public telecommunication infrastructure and Internet to provide remote offices or individual users with secure access to their organization s network WAN Wide Area Network WINS Windows Internet Nami...

Page 328: ...is protected by copyright laws international copyright treaties and other intellectual property laws and treaties Opengear and its suppliers retain all ownership of and intellectual property rights i...

Page 329: ...Y FOR COSTS LOSS DAMAGES OR LOST OPPORTUNITY OF ANY TYPE WHATSOEVER INCLUDING BUT NOT LIMITED TO LOST OR ANTICIPATED PROFITS LOSS OF USE LOSS OF DATA OR ANY INCIDENTAL EXEMPLARY SPECIAL OR CONSEQUENTI...

Page 330: ...terms of Section 1 above provided that you also meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any chan...

Page 331: ...tomatically receives a license from the original licensor to copy distribute or modify the Program subject to these terms and conditions You may not impose any further restrictions on the recipients e...

Page 332: ...NCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS EVEN IF SUCH HOLDE...

Page 333: ...SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEO...

Page 334: ...pair damage to the product if the serial number or seal or any part thereof has been altered defaced or removed If Opengear does not find the product to be defective the Purchaser will be invoiced for...

Page 335: ...ction 2 715 of the Uniform Commercial Code Opengear waives the benefit of any rule that disclaimer of warranty shall be construed against Opengear and agrees that such disclaimers herein shall be cons...

Search results

Summary of Contents for ACM5000

Reviews:

Related manuals for ACM5000

Brands by name

Popular brands

Opengear ACM5000, User Manual

Search results

Summary of Contents for ACM5000

Reviews:

Related manuals for ACM5000

Brands by name

Popular brands