ProSum Prima IP-16 User Manual Download | Manualshive

Page: 51 / 92

background image

Prima IP User Manual Rev 1.5 2007

- -

45

4.5

MAIN/Security – Certificates, Viewer Encryption

and Password Policies

The Security page enables you to configure and implement security-related settings of your Prima IP, such as
uploading your certificates for the Prima IP server side, selecting the security level of the viewer connections,
and the password policy for the viewer and browser connections.

Security settings should be taken very seriously

. If

Prima IP

security settings are set to

No

Password,

no SSL, and no PKI authentication (Viewer connection security - Level 1), almost

anyone can establish a remote connection. With these settings, you probably will not "survive"
longer than 15mn on the Internet without someone is trying to access your computers.

After you have made all modifications, click

Store Settings

to save your settings and then hit

Apply

Settings/Restart Servers

to validate these new settings.

No change you have made on this page will apply until you hit

Apply Settings/Restart Servers

!

4.5.1 Certificates and Keys

Certificates are only needed if you intend to implement full PKI authentication for the viewer connections. If
an SSL-encrypted session is already enough for your security requirements, you can just ignore this aspect of
PKI authentication.
Where can you get the certificates? There is a default set of certificates in your support CD ROM. You can
use them to practice the certificates uploads. In real world scenario, you can either generate the certificates
by yourself, since there are some freeware or shareware such as XCA for this purpose. You can also buy
certificates from companies that provide authentication service.
The valid file names and formats of the certificates and Keys to be uploaded to the Prima IP should be
exactly as below:

•

root.crt

•

server.crt.

•

serverkey.pem

•

ldapcert.crt

•

ldapkey.pem

4.5.2 Security Level of Viewer Connections

The browser connections to the web management are

always

using SSL connections. The viewer

connections can use different levels of security.

«
...
49
50
51
52
53
...
»

Summary of Contents for Prima IP-16

Page 1: ...Prima IP 8 and Prima IP 16 8 port and 16 port KVM Switches over IP User Manual Revision 1 51 23 08 2007...

Page 2: ...the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with this User Guide may cause h...

Page 3: ...OR CONNECTIONS TO PRIMA IP 13 2 3 1 Turn off mouse acceleration and Snap to option 13 2 4 MORE TIPS FOR SERVER DESKTOP CONFIGURATION 15 2 4 1 Configure Display Resolution on your Server 15 2 4 2 Turn...

Page 4: ...RVER MAIN SETTING KVM SERVER MAIN SETTINGS 52 4 9 1 Video Quality 52 4 9 2 Scanning 53 4 10 KVM SERVER VIEWER CONNECTION VIDEO SERVER NAME AND KEYBOARD TYPE SETTINGS 54 4 11 KVM SERVER COMPUTERS PORT...

Page 5: ...n Menu 82 5 3 2 OSD Setup Menu 83 5 4 LOCAL CONSOLE OPERATIONS 84 5 4 1 Select PC 84 5 4 2 Next Lower Channel 85 5 4 3 Next Higher Channel 85 5 4 4 Next Lower Bank when daisy chained 85 5 4 5 Next Hig...

Page 6: ......

Page 7: ...GUI applications and daily maintenance routines such as power cycling power control unit required All these could be nicely done either on local console or using a thin client software viewer on any...

Page 8: ...ence The Prima IP distinguishes itself among its peer products not only in its stability and durable performance but also in its industry standard security features such as full 1024 bit PKI Authentic...

Page 9: ...tions 1 2 2 TCP IP remote connection SSL encrypted Web Management Interface for all settings and upgrade backup features Support Telnet session and FTP service disabled by default for more security 1...

Page 10: ...emote LDAP or RADIUS server 3 user privileges SUPERADMIN to access complete set of management features and user features including Power ON OFF remote servers ADMIN partial set of management and all u...

Page 11: ...e Internet even when bandwidth availability is limited 1 3 1 LAN WAN Configurations The Prima IP KVM switch enables local and remote access of the connected computers servers behind anytime anywhere F...

Page 12: ...Power Control Device 1 3 3 PPP connections The Prima IP KVM switch can serve as either a PPP client or a PPP server to support PPP connection The Prima IP offers a second backup connection over modem...

Page 13: ...is lit as solid orange when the current digital link is running on 100Mbps speed The Link Act LED gives off solid green light when a network link is established and flashes whenever network transmiss...

Page 14: ...nnect the serial console cable for advanced console management of Prima IP unit via a serial terminal emulation utility such as Windows HyperTerminal or Minicom on Linux Unix Serial Port 2 RJ 12 The s...

Page 15: ...all male or the Combo free USB PS 2 KVM cable The Combo free USB PS 2 KVM cable is highly recommended for your convenience 2 A monitor with a standard D sub 15 pin video connector HDB 15 that you have...

Page 16: ...10 Figure 11 The Combo free USB PS 2 KVM cable Figure 12 The Daisy chain Cable M HDB15 to HDB15 F Figure 13 The Daisy chain Terminator...

Page 17: ...PS 2 interfaces might not recognize the PS 2 keyboard and mouse later USB computers do not have this limitation Figure 14 Prima IP configuration Single server mode Step 4 Make sure at least the PS 2 c...

Page 18: ...PS 2 computer add one USB to PS 2 adapter to the USB connector and you ll have a PS 2 connector for mouse DO NOT try to connect both USB connector and PS 2 keyboard connector to a computer at the same...

Page 19: ...n off mouse acceleration and Snap to option Windows XP Platform Access Control Panel Mouse On the Mouse Properties tab select the Pointer Options page Adjust the pointer speed slide bar to the exact m...

Page 20: ...eleration option please uncheck it If there is no mouse acceleration available on the setting page you can adjust the mouse speed slide bar to either x1 or the slowest position such as on Linux platfo...

Page 21: ...fy the display factor before connection to Prima IP we suggest you use more standard display modes such as 800 x 600 60Hz 1024 x 768 60Hz etc For the suggested display modes please refer to the follow...

Page 22: ...across bandwidth limited environment one should preferably adopt a server desktop which should be as plain as a color background with a solid and light colored graphics Complex patterns or color grad...

Page 23: ...ing in you will see the Prima IP Web Browser Management Interface Step 4 Go to the LAN TCP IP page on the Prima IP Management Interface and modify your IP settings Refer to Section 4 6 Main TCP IP Set...

Page 24: ...used for viewer connection Port base 8 used for secure browser connection However if you intend to use your own port base setting access the Web Management interface and configure the port base For e...

Page 25: ...und in which port_base 5970 is the Prima IP viewer connection port port_base 8 5978 is the browser SSL connection port port_base 9 5979 is for viewer internal communication etc For example Router inte...

Page 26: ...r a global password which is used by all who want to make viewer connections to PRIMA IP User Password the viewer prompts you with user specific password With this setting each login user is checked a...

Page 27: ...high security to keep your servers safe from unauthorized entries and or network sniffers If you choose to implement the PKI authentication feature select Level 3 viewer security connection on the Sec...

Page 28: ...e to your certificate files Step 3 Click Upload to upload the root certificate to PRIMA IP After the uploading is completed you can see the prompt page for reboot Click Reboot and wait until PRIMA IP...

Page 29: ...you have obtained from your CA It is required only if you select level 3 viewer security clientpwd if you use the default set of certificates provided on PRIMA IP CD ROM 3 User Name and Password as y...

Page 30: ......

Page 31: ...er that will connect to PRIMA IP After installation a desktop icon will be created on your client desktop Figure 16 Download Page 3 1 2 Java Viewer Before you can use the java viewer you should first...

Page 32: ...re separate certificate importation to get the job done If you plan to use both viewers on the same machine you will have to import the certificate twice once with each viewer certificate utility 3 2...

Page 33: ...LAN High video quality for viewer connection over LAN No Compression Best Video Quality with no compression but poor performances Local Cursor Shape No cursor Local cursor invisible on PRIMA IP Viewe...

Page 34: ...ing the Global Password policy setting Default global password 123456 If you are using the Level 3 security setting that requires installation of certificates for PKI authentication For details please...

Page 35: ...e or even the No Compression scheme which requires much more bandwidth or there is a network bottleneck somewhere in between PRIMA IP and your client desktop For more details please refer to Section 3...

Page 36: ...IP server the viewer on that specific client computer will use the saved connection parameters as well as the password but not the private path phrase which is not saved since it is used by secured P...

Page 37: ...er windows 3 6 1 Changing the Viewer Size to Full Screen Win32 Viewer only 3 A message box appears to remind you how to exit the full screen mode To exit the full screen mode hit Ctrl Esc to bring up...

Page 38: ...Click OK to scale the window to half size 3 6 3 Centralizing the control of your remote servers If you have multiple PRIMA IP units installed in a distributed manner among your global branch offices...

Page 39: ...t time that is used to transmit a video refresh Shared This is a shared session that allows other authorized users to login Not shared This indicates a non shared session that blocks others from subse...

Page 40: ...always on top of your screen once the PRIMA IP viewer connection is successfully made On the box you can see the computer icons together with the computer names you have already specified for each of...

Page 41: ...Opening the Viewer Menu The Quick Menu of PRIMA IP s Win32 viewer can be evoked by clicking the program icon on the leftmost of the title bar or right clicking anywhere on the title bar To open the J...

Page 42: ...mbo box View Computer ICONs Open the Select Computer box for computer selection by clicking icons Adjust Screen Fine tune the screen area by pixel shifts Connection options Open the Connection Options...

Page 43: ...ill be asked for every time when you login under Level 3 security setting Screen Refresh Force updating of the viewer screen output Full Screen Change the viewer screen to Full Screen mode Only the Wi...

Page 44: ...ves high quality always on the expense of video response speed on the viewer screen 2 The transitional effect of Windows XP is enabled The transition effects of menu will cause refreshing problems in...

Page 45: ...et enabled please check the option click Submit button and then go to Apply Settings page to click the Apply Settings button to restart PRIMA IP with new setting 2 When the viewer connection is made s...

Page 46: ...be up and running Then try to make the viewer connection again to see if it is brought back to normal function again A cold boot of PRIMA IP is always a last resort to bring the PRIMA IP back just try...

Page 47: ...ess port_number https 61 222 144 195 5908 Remember that it is a secure SSL encrypted connection so you should type https instead of the usual http Otherwise the connection will not be established The...

Page 48: ...s All functions ADMIN Partial access see table below All functions USER No access except the Download page No power on off feature Note Only SUPERADMIN users can manage user accounts PRIMA IP Browser...

Page 49: ...ter you must first install the Java Runtime Environment JRE which is freely available from Sun at http www java com It is recommended to get JRE 5 0 or higher On Windows machines a simple double mouse...

Page 50: ...the Prima IP and every hour Internet Time This option Synchronize with an Internet Time Server NTP is for the automatic time synchronization of Prima IP with an available timeserver on the Internet Yo...

Page 51: ...No change you have made on this page will apply until you hit Apply Settings Restart Servers 4 5 1 Certificates and Keys Certificates are only needed if you intend to implement full PKI authentication...

Page 52: ...word is serverpwd However if you use your own set of certificates as you should do for a real secure installation you must set the correct server certificate password you got from the Certificate Auth...

Page 53: ...ly the port number that Prima IP uses for viewer connection port base 8 is the exact port number you will use for secure http connection for the browser After you have made the port base modification...

Page 54: ...PPP Modes There are three PPP options for selection PPP Disabled by default PPP Server mode for connection request from a peer computer PPP Client mode for dial in connection to a PPP server your ISP...

Page 55: ...y the modem connection speed The Prima IP supports a high speed serial connection up to 1 Mbps Megabits per second Note the modem connection speed is NOT the PPP connection speed which depends on the...

Page 56: ...e the modem connection speed is NOT the PPP connection speed which depends on the modem technology For example even if the modem connection speed is 115 200 bps a 56K modem will provide only a 56 000...

Page 57: ...for the profile of each session To record the statistics of the video server and port switching activity by PRIMA IP remote users you should check this option to print statistics to the server log fi...

Page 58: ...idth availability However there is always a trade off between video quality and response speed when under limited network bandwidth availability High Quality Low Speed Light Filter This level is recom...

Page 59: ...se event before it switches to the next connected PC Performing the NumLock Test While Scanning The NumLock test is a way to detect whether a computer is still responding to keyboard action If you che...

Page 60: ...he Prima IP according to the real keyboard you are using on the remote login client Choosing the correct keyboard layout for your keyboard is very important since some key codes are represented by dif...

Page 61: ...you are running the Java viewer on Mac OS you might find that the default mouse resynchronization sequence CTLR CTLR Home does not work That is because the Right Control key on Mac keyboard sends out...

Page 62: ...r some computers After you have made all modifications click Store Settings to save your settings and then hit Apply Settings Restart Servers to validate these new settings No change you have made on...

Page 63: ...ption adjustment to restart when power is coming back Otherwise they will not restart without a push of the computer power button Usually you should enable the Power Loss Restart option on your comput...

Page 64: ...cript Simple Users Can Control Power Check this box if you want that simple users be able to power on and power off the computers Power Device Login Depending on the Serial Power control device you us...

Page 65: ...ing If you want to wait for a prompt that starts with a hash character you would have to write something like this Now wait for the prompt and send logout logout ESCAPE SEQUENCES The expect and reply...

Page 66: ...is from 1 x to 20 x for your selection When you move your mouse slowly PRIMA IP does not apply any acceleration When you move your mouse quickly PRIMA IP multiplies the mouse movements per Acceleratio...

Page 67: ...validate these new settings No change you have made on this page will apply until you hit Apply Settings Restart Servers Use the drop down box to select a video mode from the video mode database Each...

Page 68: ...he visible part of the screen Total Height specify the total height of the screen active hidden Vsync Start specify where the vertical synchronization should start with reference to the top of the pag...

Page 69: ...ons or to create a new user entry After you have made necessary modifications remember to hit the Store User button to save it into the user account database No change you have made on this page will...

Page 70: ...x x KVM Server Computers x x KVM Server Power Control x x KVM Server Local Console x x KVM Server Video Mode database x x Users local database x Users User Groups Users Remote Authent Servers x Users...

Page 71: ...dentifies users at connection time retrieves their group and applies the group properties Note The user at local console is slightly different When the local user authentication applies see Local Cons...

Page 72: ...this box to allow users belonging to this group to manually power on and power off the computers they can access through the viewers Note that you must use a power control device for that See the Powe...

Page 73: ...y until you hit Apply Settings Restart Servers Authentication Server Type Here you can select whether you want to disable or enable the remote server authentication by LDAP or RADIUS server Before you...

Page 74: ...hould contact your LDAP server administrator 4 17 2 RADIUS Server Port Enter here the port number used in RADIUS authentication By default it is set to port 1812 RADIUS Server IP address of the RADIUS...

Page 75: ...nge you have made on this page will apply until you hit Apply Settings Restart Servers Enable RADIUS Accounting Check this box to make PRIMA IP send RADIUS accounting messages to the accounting server...

Page 76: ...h button for current information on connected users Important Note Only when you have selected your password policy to be User Password policy will the currently connected users be registered and show...

Page 77: ...tings Restart Servers Email from Sender email address used by the Prima IP for alarm emails for example myemail myaddress any It must be accepted by the SMTP server This email address can help identif...

Page 78: ...made on this page will apply until you hit Apply Settings Restart Servers Primary Manager Specify here the IP address of the Primary SNMP manager device on your network Secondary Manager Specify here...

Page 79: ...n select which action Prima IP must do when it detects an event This page is NOT the place where you can specify how the action is to be implemented To do so refer to SNMP Traps Email Alarms and Compu...

Page 80: ...rm option Next specify what type s of screen resolution you will regard as Blue Screen 600 x 400 or 600 x 480 and subsequently select Restart Computer Send an Email or Send an SNMP trap as action to d...

Page 81: ...version page shows the current resident software and firmware version information Here you can check the Linux kernel version the time it is built together with the software application and KVM firmw...

Page 82: ...ade patch to keep your PRIMA IP most up to date When you receive the upgrade file you must first copy it to a local computer Then use the PRIMA IP s web management interface to perform the update acro...

Page 83: ...latest firmware version Note The Prima IP upgrade file must have a name such as kvmfirm xx xx xx for example kvmfirm 06 07 29 Note The Prima IP upgrade file is of an accumulative nature which means th...

Page 84: ...ation To back up the configuration file Click the Backup button It creates automatically a configuration file named kconfig yyyymmdd tgz with a timestamp in it Choose the location for saving your conf...

Page 85: ...cases you do not need to use this Reboot button to restart your Prima IP from ground level up Normally you should use the Apply Settings button on the Apply Settings page for almost all the cases of...

Page 86: ...t all current viewer connections Note In addition to the Restart Servers button the Prima IP also provides a Reboot button on Maintenance Reboot page You can use this Reboot button only when the Resta...

Page 87: ...rol commands start with two consecutive Scroll Lock keystrokes done within 2 seconds followed by one or several command keys Hotkey Control Command ScrLk ScrLk Command keys In most cases it will take...

Page 88: ...recommend you use the web management interface to name the computers instead of the OSD because computer names can be 32 character wide when using the web management The computer names that have been...

Page 89: ...the Enter key to select and the Insert key to edit There are OSD operation tips for your reference on the bottom part of the OSD menu 5 3 2 OSD Setup Menu Figure 22 OSD Main Menu Auto Logout Specify...

Page 90: ...configuration of multiple daisy chained Prima KVM switches to select bank 3 port 7 you must press the following keystrokes Select PC Even when using Prima IP alone to select port 7 you must first pre...

Page 91: ...Higher Channel 5 4 3 1 Hotkeys Next higher channel Yes makes go to higher channel 5 4 3 2 OSD Select the corresponding OSD menu option 5 4 4 Next Lower Bank when daisy chained 5 4 4 1 Front Panel Butt...

Page 92: ...select the OSD Title Bar Position to be on either the left or right side of the screen Use cursor keys to navigate to the OSD Title Bar option on the OSD Setup Menu and then hit Enter to select and c...

Reviews:

No comments

Related manuals for Prima IP-16

Brand: Keithley Pages: 434

Brand: netvox Pages: 14

FOS-3124 SERIES

Brand: CTS Pages: 223

LS-5500-28C-PWR-SI-OVS

Brand: H3C Pages: 86

SANbox 5000 Series

Brand: Qlogic Pages: 2

Brand: Clas Ohlson Pages: 4

Brand: ddtop Pages: 10

Brand: ELPRO Pages: 8

Brand: Zamel Pages: 4

Brand: e+p Pages: 2

Brand: Quintech Pages: 2

Brand: N-Tron Pages: 16

SmartStack STS16-20R

Brand: Cabletron Systems Pages: 258

Brand: Lakeshore Pages: 82

Brand: Cabletron Systems Pages: 105

Brand: Conrad Pages: 8

Brand: Edimax Pages: 8

TK-423K - USB/PS/2 KVM Switch

Brand: TRENDnet Pages: 14

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands