background image

 

Chapter 6: SX II Administration 

 

 

201

 

 

Command 

Description 

Parameters 

authmode

 

Set the authentication mode. 

  mode <local|ldap|radius|tacacs>    

LDAP Configuration 

The

 

LDAP configuration menu offers commands to set up LDAP and 

LDAPS. 

Enter 

admin > Config > Authentication > ldap

 to access the 

menu. 

 

Command 

Description 

Parameters 

ldap

 

Configure secure LDAP 
authentication mode. 

  primip <ipaddress | hostname> - Primary server 

IP address 

  secip <ipaddress | hostname> - Secondary server 

IP address  

  port <value> - LDAP port 

  basedn <Base DN> - Admin user DN  

  secret <value> - Admin user authentication secret  

  search <value> - User search DN 

  dialback <value> - Dialback search query 

  domain <Active Directory Domain> - Active 

Directory domain 

  referral <true | false> - LDAP search referrals  

  server <generic | ads> - Server type, Active 

Directory or Generic 

ldaps

 

Set/Get secure LDAP 
authentication mode. 

  port <value> - Secure LDAP port 

  enable <true | false> - Secure LDAP enable 

(true), disable (false) 

  verify <true | false> - LDAPS certificate validation 

enable (true), disable (false) 

ldaps

cert 

Retrieve a LDAPS certificate. 

  address <ipaddress | hostname> - FTP server 

address 

  port <FTP port>- FTP server port (default 21) 

  path <path to file> - Path to FTP certificate 

  user <FTP username> - FTP username 

  password <FTP password> - FTP password 

(prompted if missing) 

testldap

 

Used to test LDAP settings. 

  login <LDAP user> - LDAP login to test 

  password <LDAP users password>  

 

RADIUS Configuration 

Summary of Contents for Dominion SX II

Page 1: ...Copyright 2015 Raritan Inc DSX2 v2 0 0 0A E August 2015 255 60 0005 00 Dominion SX II Administrators Guide 2 0 0...

Page 2: ...FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy and...

Page 3: ...Ups 17 Security Warnings and Validation Messages 17 Java Validation and Access Warning 18 Additional Security Warnings 19 Initial SX II Configuration from the Remote Console 19 Connect a Laptop to SX...

Page 4: ...erial Console RSC 48 Set Linux OS Variables and Install Standalone Raritan Serial Console RSC for Linux 51 Setting UNIX OS Variables 52 Launching RSC on Windows Systems 53 Raritan Serial Console RSC F...

Page 5: ...ostic Options from the Remote Console 188 Administering SX II Using command line interface 195 Change Your Password Using CLI 195 Configure Power Strips Using CLI 196 Configure and Manage Users and Us...

Page 6: ...41 SX2 Port Ranges 242 Network Speed Settings 242 Default User Session Timeouts 243 SX II Supported Local Port DVI Resolutions 244 SX II Appliance LED Status Indicators 244 Target Cable Connection Dis...

Page 7: ...inals allowed to be connected to a telephone interface The termination on an interface may consist of any combination of devices subject only to the requirement that the sum of the Ringer Equivalence...

Page 8: ...ful Dominion hardware platform providing performance reliability and security the SX II includes virtually all the Serial over IP features of its predecessor Dominion compatible user interfaces and ma...

Page 9: ...ual AC Power Supplies All models have dual 100 240 volt AC auto switching power supplies with automatic failover for increased reliability Dual DC Powered Models Dual power and dual LAN 8 32 and 48 po...

Page 10: ...continuity and disaster recovery Innovative At the Rack Access With the Dominion SX II you get multiple types of local access at the rack This includes 1 Traditional RJ45 serial port 2 Mini USB port f...

Page 11: ...iple operating systems including SUN Solaris HP UX AIX Linux Windows Server 2012 and UNIX Up to 230 400 Baud Serial Connections Supports operating speeds of 1 200 to 230 400 bits per second for serial...

Page 12: ...Customer Provided SSL Certificates Customers can upload to the Dominion SX II digital certificates self signed or certificate authority provided for enhanced authentication and secure communication Co...

Page 13: ...inion SX supports modem dial back Rejects SSHv1 Requests Due to the many known security vulnerabilities of the SSHv1 protocol the Dominion SX will automatically reject SSHv1 connections End User Exper...

Page 14: ...r subsequent updates The TFTP server address can be retrieved via DHCP or set by the administrator Dominion Compatible Management Dominion compatible management features are available via a web based...

Page 15: ...CommandCenter Secure Gateway to manage the SX II or access the attached serial devices This connection can be via web browser or through SSH Option for SX II at the rack access while under CC SG manag...

Page 16: ...16 port serial console server DSX2 32 and DSX 32M 32 port serial console server DSX2 48 and DSX 48M 48 port serial console server Model size weight temperature and other specifications are found in SX...

Page 17: ...port indicators L Power status Note SX II 48 port models have their power status located above the front panel USB port Supported Serial Devices Routers LAN switches Rack PDUs Wireless modems Telecom...

Page 18: ...onsole RSC Help on page 47 Direct Port Access Direct Port Access allows users to bypass having to use the SX II s Login dialog and Port Access page This feature also provides the ability to enter a us...

Page 19: ...ercase Important For backup and business continuity purposes it is strongly recommended you create a backup administrator username and password Keep the information in a secure location Initial SX II...

Page 20: ...config and at the next prompt enter network 6 At the admin config network prompt enter interface if lan1 ipauto none ip ip address mask mask gw gateway ip address To use DHCP enter interface if lan1...

Page 21: ...nected to it 13 When done enter top to return to the top level prompt Set Terminal Emulation on a Target The setting for terminal emulation on SX II is a property associated with the port settings for...

Page 22: ...key sequences Ensure the default escape sequence set on the SX II server does not conflict with a key sequence required by either the access application or the host operating system The console sub m...

Page 23: ...on End User Functions in the Remote From the Remote Console end users access targets manage favorites change passwords and so on Note that these functions can also be performed via command line interf...

Page 24: ...s and Validation Messages When logging in to SX II security warnings and application validation message may appear These include Java security warnings and requests to validate SX II See Java Validati...

Page 25: ...Access Warning When logging in to SX II Java prompts you to validate SX II and to allow access to the application Raritan recommends installing an SSL certificate in each SX II device in order to red...

Page 26: ...e do not show this warning Always trust content from this publisher Initial SX II Configuration from the Remote Console 1 After you have installed the SX II at the rack connect the power cord s betwee...

Page 27: ...n SX II on Next connect SX II to your network and configure your network settings for the first time See Initial SX II Configuration Using Command Line Interface Optional on page 12 or Configure SX II...

Page 28: ...on page 17 Two sample methods on how to install an SSL Certificate in the browser are provided here both using Microsoft Internet Explorer 8 and Windows 7 Specific methods and steps depend on your bro...

Page 29: ...Click Certificates The Certificate Import Wizard opens and walks you through each step File to Import Browse to locate the Certificate Certificate Store Select the location to store the Certificate 3...

Page 30: ...1 Open an IE browser then select Tools Internet Options to open the Internet Options dialog 2 Click the Security tab 3 Click on Trusted Sites 4 Disable Protected Mode and accept any warnings 5 Click S...

Page 31: ...owser then log in to SX II 2 Click More Information on the first Java security warning 3 Click View Certificate Details on the More Information dialog You are prompted to install the certificate Follo...

Page 32: ...certificate in either Base64 Encoded DER format or PEM format If you are using an SSL certificate in binary format you cannot install it However you can convert your binary SSL certificate 1 Locate t...

Page 33: ...Click Copy to File 4 The Certificate Export Wizard opens Click Next to start the Wizard 5 Select Base 64 encoded X 509 in the second Wizard dialog 6 Click Next to save the file as a Base 64 encoded X...

Page 34: ...Note You can also update passwords using command line interface See Change Your Password Using CLI on page 195 To change your password open the Change Password page by selecting User Management Chang...

Page 35: ...Chapter 3 Access and Use Remote Console Features 28 SX II Port Access Page After a successful login the Port Access page opens listing all ports along with their status and availability...

Page 36: ...and Availability Idle Connected Busy Unavailable and Connecting by clicking on the column heading Click on any port that listed and marked as Available to open its Port Action menu so you can then ma...

Page 37: ...are accessing Always IP Address The IP address of the SX II you are accessing Always Firmware Current version of firmware installing on the SX II Always Device Model The model of the SX II you are acc...

Page 38: ...Chapter 3 Access and Use Remote Console Features 31 Collapse the left panel and then expand it again by clicking on the blue arrow located along the right edge of the panel...

Page 39: ...equently accessed SX II devices by clicking Enable in the Favorite Devices section of the left panel of the SX II interface Accept security warnings if they are displayed Change How Favorites are Disp...

Page 40: ...y from the Subnet page or add them to your list of favorites This feature allows multiple SX II devices to interoperate and scale automatically The SX II Remote Console automatically discovers the SX...

Page 41: ...e Features 34 To add devices to your Favorites List 1 Select the checkbox next to the device name IP address 2 Click Add To access a discovered device Click the device name or IP address for that devi...

Page 42: ...isplays For more information on the Port page see SX II Port Access Page on page 28 From the Port Access page use the Port Action menu to connect disconnect or control power of targets and power strip...

Page 43: ...age 41 You can then connect via Raritan Serial Console RSC When you connect to a target the RSC opens in a new window See Raritan Serial Console RSC Help Alternatively you can connect via Direct Port...

Page 44: ...l Console RSC opens in a new window and you manage the target from there If you are connected to the target from the Local Console port you access the target via command line interface See Raritan Ser...

Page 45: ...e in the Port Action menu Clicking on the Disconnect option disconnects from a target or power strip and closes the Raritan Serial Console RSC window You can also click the X icon on the window or use...

Page 46: ...en there are one or more power associations to the target and when you have permission to manage the target s power You can also perform these actions through Raritan Serial Console RSC and command li...

Page 47: ...there are one or more power associations to the target or power strip you have permission to manage the power You can also perform these actions through Raritan Serial Console RSC and command line in...

Page 48: ...d command line interface See Raritan Serial Console RSC Help on page 47 and Connect to Targets Using CLI Connect Disconnect Power On Power Off and Power Cycle Targets on page 41 Connect to Targets Usi...

Page 49: ...Chapter 4 Access Targets 42 Connect a keyboard tray or KVM console to the DVI D and USB ports Connect a laptop to the Mini USB Admin port...

Page 50: ...600 60Hz is connected to SX II SX II detects that it is not an SX II supported resolution and selects a resolution it does support such as 1280x1024 60Hz Note that you can connect to targets using the...

Page 51: ...he target admin portname poweron Power off the target admin portname poweroff Power cycle the target admin portname powercycle Command Line Interface Protocols SSH Secure Shell via IP connection Telne...

Page 52: ...b key to complete the entry Alternatively use a command from the list Command Line Interface Tips When commands are displayed as a list they are in alphabetical order Commands are not case sensitive C...

Page 53: ...mon commands can be used at all levels of the command line interface CLI top Return to the top level of the CLI hierarchy or the username prompt history Displays the last 200 commands the user entered...

Page 54: ...onnect to the Remote Console and then connect to the target For details see Standalone Raritan Serial Console Installation Download the standalone RSC from the Raritan support web site at http www rar...

Page 55: ...system and browser The JRE provides configuration instructions with the JRE download See http www java com en download help testvm xml http www java com en download help testvm xml o http www java co...

Page 56: ...Variable value block field of the New System Variable dialog add JAVA_HOME to the Variable name block and the Java path you wrote down earlier 6 Click OK 7 Select the PATH variable and click Edit 8 A...

Page 57: ...ave administrative privileges to install RSC 1 Log in to a Windows machine 2 Download or copy from a known location the RSC installer jar installation file 3 Double click on the executable file to sta...

Page 58: ...j2sdk1 6 export PATH PATH JAVA_HOME bin 3 Save the file You must have administrative privileges to install Raritan Serial Console RSC 1 Log in to your Linux machine 2 Download or copy from a known loc...

Page 59: ...to see the JRE version Assuming JRE is installed in usr local java you must set your PATH variable To set a path for the bash shell export PATH PATH usr local java j2re1 6 bin To set path for tcsh or...

Page 60: ...window due to localization support try changing the font to Courier New Choose Emulator Settings Display and select Courier New for Terminal Font Properties or GUI Font Properties Raritan Serial Conso...

Page 61: ...Change the default Idle Timeout setting and then launch the RSC See Login Limitations on page 163 for details on changing the Idle Timeout setting Access Emulator Options 1 Select the Emulator drop do...

Page 62: ...menu F10 Alt 3 The Show Confirmation Dialog on Exit checkbox is selected by default but you can deselect it based on preference 4 The Terminal Size default is selected or you can choose a different s...

Page 63: ...Click Default to accept the Default settings and then click Ok to close the Display Settings window To change the settings follow these steps a The Terminal Font Properties default is Arial or you can...

Page 64: ...lified Chinese characters RSC supports EUC CN encoding system 3 Choose the following from their respective drop down menus Foreground Color Background Color 4 Choose one of the following from the Enco...

Page 65: ...to see target device events over time When the size limit is reached the text wraps overwriting the oldest data with the newest Notes History data is displayed only to the user who requested the histo...

Page 66: ...ransmission of a null character Break to generate the OK prompt This is equivalent to issuing a STOP A from the Sun keyboard Only users with Write Access privileges can send a break To send an intenti...

Page 67: ...window Exit 1 Choose Emulator Exit to close the RSC The Exit Confirmation dialog appears 2 Click Yes Edit Use the Copy Paste and Select All text commands to relocate and or re use important text To c...

Page 68: ...active Use Ctrl V to paste text Start and Stop Logging When you start Raritan Serial Console RSC the Logging indicator on the status bar indicates whether logging is on or off Start Logging The Start...

Page 69: ...Chapter 5 Raritan Serial Console RSC Help 62 3 Click Save after selecting or creating a file Stop Logging Choose Tools Stop Logging...

Page 70: ...al Console RSC Help 63 The logging stops Send a Text File 1 Select Tools Send Text File A Send Text File screen appears 2 Open the directory of the Text file 3 Click on or enter the file name of the t...

Page 71: ...a Power Distribution Unit PDU For example if a router is connected to one of the outlets on the PDU you can toggle the router s power on or off You must configure the association of outlets to the tar...

Page 72: ...means the PDU command failed If you receive a software error message this means another user is controlling the power outlet and the power control command cannot be sent Power On a Target Use this opt...

Page 73: ...to confirm Power Off a Target Use this option to power off a target from Raritan Serial Console RSC This option is visible only when there are one or more power associations to the target and when you...

Page 74: ...cling allows you to turn a target off and then back on through the outlet it is plugged into This option is visible only when there are one or more power associations to the target the target is alrea...

Page 75: ...Chapter 5 Raritan Serial Console RSC Help 68 2 Click Yes when prompted to confirm...

Page 76: ...communicate The maximum length of a chat message is 300 characters Note When a chat is initiated a chat window appears on the monitors of all SSL users logged on to the port If a user is logged into...

Page 77: ...e assistance for operating the Raritan Serial Console RSC and release information about RSC Help Topics Choose Help Help Topics Help is displayed in a secondary window About Raritan Serial Console Cho...

Page 78: ...ommand line interface see Administering SX II Using command line interface on page 195 Configure Power Strips from the Remote Console You can control Raritan PX rack PDU outlets power strips and Bayte...

Page 79: ...e Cannot communicate with power strip or outlet number not match please check is displayed on the page in red All of the power strips you have permissions to access and that are connected to SX II are...

Page 80: ...Outlets To turn an outlet on 1 From the Powerstrip drop down select the rack PDU power strip you want to turn on 2 Click On next to the outlet you want to power on 3 Click OK to close the Power On con...

Page 81: ...to SX II it is recommended you set the power cycle time to 5 seconds Connect and Configure a Rack PDU Powerstrip SX II allows you to connect rack PDUs power strips to SX II ports You must configure t...

Page 82: ...first be deleted When a target has been associated with a rack PDU and the target is removed from the device the power association remains When this occurs you are not able to access the Port Configu...

Page 83: ...nternally User passwords are stored in an encrypted format SX II allows the administrator to define groups with common permissions and attributes They can then add users to the groups and each user ta...

Page 84: ...ppliance is allowed and other features Note These functions can also be manged using command line interface see Configure and Manage Users and User Groups Using CLI on page 197 User Groups Every SX II...

Page 85: ...p of one That is the specific user is in its own group and not affiliated with other groups Use an individual group when you need a user account can have the same rights as a group Individual groups c...

Page 86: ...person assigned to the profile will then have the same privileges This saves time but requires caution to ensure a user is not given inappropriate access to a function Use this function to limit perm...

Page 87: ...group Device Access While Under CC SG Management Allows users and user groups with this permission to directly access the SX II while it is under CC SG management SX II is accessed using an IP address...

Page 88: ...certificate security settings IP ACL User Management User and group management remote authentication login settings Important Selecting User Management allows the members of the group to change the pe...

Page 89: ...Control Control the connected target Control must be assigned to the group if power control access will also be granted 5 Click OK to create the group and apply permissions For information on IP ACL...

Page 90: ...to add insert replace and delete IP access control rules on a group level basis To add append rules 1 Type the starting IP address in the Starting IP field 2 Type the ending IP address in the Ending I...

Page 91: ...ds 3 Choose the Action from the drop down list 4 Click Replace and then click OK Your new rule replaces the original rule with the same rule number To delete a rule 1 Specify the rule number you want...

Page 92: ...idual Group from the drop down list For more information about permissions for an Individual Group see Setting Permissions for an Individual Group 6 Decide whether or not to activate this profile imme...

Page 93: ...List then click on the name of the user you want to add a SSH client certificate to The User s page opens 2 Enter the SSH key data in the SSH Key Data box This data is the rsa_id pub key generated fo...

Page 94: ...ons the password is not displayed To change the profile s password type a new password in the Password and Confirm Password fields If you leave these fields as is the password is unchanged 4 Click OK...

Page 95: ...ed twice This page contains the following user and port information Port Number port number assigned to the port the user is connected to Port Name port name assigned to the port the user is connected...

Page 96: ...SX II See Logging Users Off the SX II Force Logoff for information 1 Choose User Management Users by Port The Users by Port page opens 2 Select the checkbox next to the username of the person you wan...

Page 97: ...cting Users from Ports 1 Choose User Management Users by Port The Users by Port page opens 2 Select the checkbox next to the username of the person or persons you want to disconnect from the target 3...

Page 98: ...thenticated locally you must enable remote authentication When the SX II is configured for remote authentication the external authentication server is used primarily for the purposes of authentication...

Page 99: ...cal database Note that if a remote authentication is enabled but the user is not found SX II checks the local authentication database as well 1 Choose User Management Authentication Settings The Authe...

Page 100: ...ocol for querying and modifying directory services running over TCP IP A client starts an LDAP session by connecting to an LDAP LDAPS server the default TCP port is 389 The client then sends operation...

Page 101: ...or host name of your backup LDAP LDAPS server up to 256 characters When the Enable Secure LDAP option is selected the DNS name must be used Note that the remaining fields share the same settings with...

Page 102: ...ld An example DN of Administrative User value might be cn Administrator cn Users dc testradius dc com Optional 7 If you entered a Distinguished Name for the Administrative User you must enter the pass...

Page 103: ...option is selected in addition to using the Root CA certificate for validation the server hostname must match the common name provided in the server certificate 12 If needed upload the Root CA Certif...

Page 104: ...ntication Settings to open the Authentication Settings page 2 Click the RADIUS radio button to enable the RADIUS section of the page The section expands If it does not click the section header to expa...

Page 105: ...AP passwords are sent as plain text PAP is not interactive The user name and password are sent as one data package once a connection is established rather than the server sending a login prompt and wa...

Page 106: ...icy Conditions dialog appears Click the Add button 5 Select the NAS IP Address name and click the Add button Type the IP address of SX II 6 Type a second condition using the name Windows Group and the...

Page 107: ...ermit access by any user with Dial In enabled so this new policy would be optional If you want to use a new Policy ensure that it appears above the default policy 17 Ensure that the service is started...

Page 108: ...grams Administrative Tools Internet Authentication Service 2 Right click on Internet Authentication Service Local and select Register Server in Active Directory Note See the following Microsoft URL fo...

Page 109: ...sers Required Network Resources Users and Identity Stores Internal Identity Stores Users Configure Default Network access to enable CHAP Protocol Optional Policies Access Services Default Network Acce...

Page 110: ...NAS Port 5 Always 0 NAS IP Address 4 The IP address for the SX II User Name 1 The user name entered at the login screen Acct Session ID 44 Session ID for accounting Enable TACACS Authentication Note...

Page 111: ...own as a key this field is necessary for encryption and mutual identification with the TACACS server 5 The Timeout is recorded in seconds and default timeout is 1 second but can be changed as required...

Page 112: ...s and passwords to be maintained exclusively on the AD server Authorization and AD user privileges are controlled and administered through the standard SX II policies and user group privileges that ar...

Page 113: ...roup configuration the SX II automatically assigns the group of Unknown to users who authenticate successfully If you use a dialback number you must enter the following case sensitive string msRADIUSC...

Page 114: ...ration settings described in Initial SX II Configuration from the Remote Console on page 19 are the same that apply when making any changes Reset Network Settings to Factory Defaults 1 Select Device M...

Page 115: ...f the following to distribute it to the appliances Save the file to a TFTP server with the same name DSX2_SERIAL autoscript The first time a new SX II boots up it contacts the DHCP server and retrieve...

Page 116: ...ect Device Settings Auto Configuration 3 The name of the script is listed at the top of the Auto Script Configuration section Read only Enable automatic script configuration via USB stick 1 Prepare yo...

Page 117: ...te Script Only Once the script will only be executed on the appliance the first time it boots up and not again Changes must be made manually afterward Execute Script On Every Bootup If Script Has Chan...

Page 118: ...he field provided 5 Click OK Prepare a USB Stick for an Auto Configuration File Do the following in order to prepare your USB stick 1 Plug the USB stick into a client machine 2 Create an empty file na...

Page 119: ...chine when done Execute Auto Configurations with a USB Stick Following are steps to configure SX IIs using an auto configuration from a USB stick Prepare the USB stick and put the auto configuration f...

Page 120: ...pen ports and port protocols see Port Access Protocol Requirements on page 238 Note that SSH can be disabled or enabled via Remote Console or command line interface CLI See Configure Device Settings U...

Page 121: ...net can be disabled or enabled via Remote Console or command line interface CLI See Configure Device Settings Using CLI on page 208 For information on required open ports and port protocols see Port A...

Page 122: ...does not attempt to use it For information on required open ports and port protocols see Port Access Protocol Requirements on page 238 Note that HTTP HTTPS can be disabled or enabled via Remote Conso...

Page 123: ...nable two way communication through the default Port 5000 or a non default port configured on this page For information on required open ports and port protocols see Port Access Protocol Requirements...

Page 124: ...sername username pass word password portname port name This feature also provides the ability to enter a username and password if the username and password is not contained in the URL 1 To enable this...

Page 125: ...ess DPA through a username and port combination without requiring a unique IP address or TCP port Usage and syntax ssh l name portname number SXIP Example of access port 1 as admin ssh l admin 1 192 1...

Page 126: ...is configured for modem access To enable IP forwarding 1 Select Device Settings Static Routes The Static Routes page opens 2 Go to the IP Forwarding panel and click the Enable IP Forwarding checkbox c...

Page 127: ...fields 5 Enter the maximum transmission unit MTU in bytes in the MTU field 6 Type the TCP windows size for connections over this route in bytes in the Window field 7 Select your route type from the Fl...

Page 128: ...prompted to confirm the deletion 4 Click OK The route is deleted Enable Syslog Forwarding This feature logs all system activities and forwards them via to a remote Syslog server 1 Choose Device Settin...

Page 129: ...savings time by checking the Adjust for daylight savings time checkbox 4 Choose the method to use to set the date and time User Specified Time use this option to input the date and time manually For t...

Page 130: ...Chapter 6 SX II Administration 123 6 Click OK...

Page 131: ...security extension of SNMP that provides user authentication password management and encryption 1 Choose Device Settings Device Services The Device Service Settings page opens 2 Select the Enable SNMP...

Page 132: ...icating with the SNMP agent up to 32 characters Authentication Protocol the MD5 or SHA authentication protocol used by the SNMP v3 agent Authentication Passphrase the pass phrase required to access th...

Page 133: ...vices Services page from the Event Management Settings page The traps are configured on the Event Management Settings page The following table lists the SX II SNMP traps Trap Description automaticScri...

Page 134: ...aging in a session closes the session properly portStatusChange The port has become unavailable powerNotification The power outlet status notification 1 Active 0 Inactive powerOutletNotification Power...

Page 135: ...d if the password of any user of the device is modified userSessionTimeout A user with an active session has experienced a session termination due to timeout userUploadedCertificate A user uploaded a...

Page 136: ...an one SNMP community 5 Complete the following fields for SNMP v3 as needed Destination IP Hostname the IP or hostname of the SNMP destination Up to five 5 SNMP destinations can be created Note IPv6 a...

Page 137: ...aps Clear all of the SNMP trap fields and save Viewing the SX II MIB 1 Choose Device Settings Event Management Settings The Event Management Settings page opens 2 Click the Click here to view the SNMP...

Page 138: ...ot completed SNMP trap from being logged Enable SMTP Notifications from the Remote Console Enable SMTP notifications for users on the on the Event Management Settings page Each person for whom SMTP is...

Page 139: ...rver Settings Enter the information required for a connection to your SMTP server on the SMTP Server Settings page Note that if the server requires STARTTLS SX II automatically uses it 1 Select Device...

Page 140: ...ngs displayed on the page in the SMTP Settings pane SX II saves the settings once you click Apply 1 Send a test email by entering a destination email address to receive the test message Note that the...

Page 141: ...hout internal modems do not have access to the Modem Settings SX II models with internal modems are indicated by an M in the model such as DSX2 4M For a list of models see SX II Models on page 9 Quick...

Page 142: ...ction is established via dial up Required Enter the PPP client IP address This is the internet address SX II assigns to the Remote Client when a connection is established via dial up Required Note The...

Page 143: ...occurs when the originator of a call is immediately called back in response to the first dial in 6 Click OK to commit your changes or click Reset to Defaults to return the settings to their defaults...

Page 144: ...ess AirLink GX440 gateway modem Users who need access to SX II via the GX440 modem must be assigned to a user group with Modem Access permissions This is a security measure that helps control who can...

Page 145: ...f the SX II or to the USB port on the front of the SX II Note Only USB connections are supported Configure GX440 Following are steps to configure GX440 for use with SX II using these connections These...

Page 146: ...r Groups Modem Access Permissions Following are settings applied in SX II Modem Access permission is assigned to a user group on the Group page and the user is then assigned to the group on the User p...

Page 147: ...users who belong to a user group with Modem Access permissions can access SX II via the GX440 modem Broadband can be enabled from the Remote Client and via CLI To enable broadband from the Remote Cli...

Page 148: ...IP address is displayed in the Remote Console in the left panel under the Network section Additionally the gateway IP address is displayed on the Network Settings page in the IPv4 section s Default G...

Page 149: ...atic detection for only the power supply in use Proper configuration of power supplies ensures SX II sends the appropriate notifications should a power supply fail For example if power supply number o...

Page 150: ...select the Powerln1 Auto Detect option 3 If you are plugging power input into power supply number two right most power supply at the back of the unit then select the Powerln2 Auto Detect option 4 Cli...

Page 151: ...ng is changed it is noted here 1 The Enable DVI D Local Port Admin Port and Terminal Port checkbox is selected and the ports are enabled by default Deselecting the checkbox disables the ports The loca...

Page 152: ...hentication for Local Console access Important If local port authentication is set to None users only need to hit a character key on their keyboard and are automatically logged in as admin user This o...

Page 153: ...guage 1 Select Device Settings Language The Language Settings page opens 2 From the Language drop down select the language you want to apply to the GUI 3 Click Apply Click Reset Defaults to change bac...

Page 154: ...99999 Note that entering 0 disables timestamps for port logging The update frequency is the interval between each data push to the port log file port syslog and NFS port logging if they are enabled Th...

Page 155: ...s internal flash drive For 8 and 16 port models there is 2GB internal flash drive All other models have 8GB flash drive If needed enter a maximum file size Files that exceed the maximum are not saved...

Page 156: ...l and select the Enable Port Syslog checkbox 2 Type the IP address of the remote Syslog server in the Primary IP Address field 3 If you have a backup Syslog server type its IP address in the Secondary...

Page 157: ...Directory field 3 If you have a backup NFS server enter the same information for this server in the Secondary IP field and Secondary Directory fields If the primary server fails port logging is redire...

Page 158: ...on 151 If the re mount succeeds logging continues otherwise further logging events are inhibited Manage Port Logging Local Files from the Remote Console To delete log files 1 Select checkbox for log f...

Page 159: ...Console The Port Configuration page displays a list of the SX II ports 1 To access the Port Configuration page choose Device Settings Port Configuration This page is initially displayed in port number...

Page 160: ...rget device port the outlet name is replaced by the target device name even if you assigned another name to the outlet 3 Click OK Configure Target Devices If you selected a target device there are var...

Page 161: ...you can define those associations so that you can power on power off and power cycle the server from the Port Access page To use this feature you need Raritan remote rack PDU s 3 Select the Power Str...

Page 162: ...SH port and Telnet port Configure Port Settings Configure the remaining port settings as needed or required 1 Select the terminal emulation type from the drop down menu in the Emulation field This is...

Page 163: ...DTE on the same port 4 Select the value of Bits Per Second from the Bits Per Second drop down menu 5 Select the Parity Bits from the Parity Bits drop down menu 6 Select the Flow Control from the Flow...

Page 164: ...default for the SX II is closed bracket Raritan recommends that you do not use or Ctrl Either of these may cause unintended commands such as invoking the Escape Command unintentionally This key seque...

Page 165: ...Chapter 6 SX II Administration 158 17 Click OK Apply Settings to Other Ports...

Page 166: ...e same port settings to other ports 1 Select the ports from the Apply Serial Port Settings To Other Ports section of the page by selecting them individually or using the selection buttons at the botto...

Page 167: ...sent via SMTP if configured A corresponding trap is sent via SNMP if configured This feature is useful for notifying administrators if a particular event occurs on a port Further using port keywords...

Page 168: ...Chapter 6 SX II Administration 161 The Serial Alert event is selected from the Event Management Destinations page 1 Choose Device Settings Port Keywords The Port Keyword List page opens...

Page 169: ...on 162 2 Click Add at the bottom of list on the page The Keyword page opens 3 Type a keyword in the Keyword field 4 Select the Port s you want to associate with that keyword 5 Click Add to add them to...

Page 170: ...ted into the appliance from several client workstations simultaneously Enable Password Aging When selected all users are required to change their passwords periodically based on the number of days spe...

Page 171: ...tions specify the criteria by which users are blocked from accessing the system after the specified number of unsuccessful login attempts Select Security Security Settings The three options are mutual...

Page 172: ...he Active checkbox on the User page Strong Passwords Enable and configure strong passwords on the Security Settings page Select Security Security Settings to configure strong passwords Strong password...

Page 173: ...is not supported by your browser you will not be able to access the SX II from your browser 1 Choose one of the options from the Encryption Mode drop down list When an encryption mode is selected a w...

Page 174: ...168 for more information Note If you are running Windows XP operating system with Service Pack 2 Internet Explorer 7 cannot connect remotely to the SX II using AES 128 encryption 2 For government and...

Page 175: ...eck with the browser manufacturer or navigate to the https www fortify net sslcheck html website using the browser with the encryption method you want to check This website detects your browser s encr...

Page 176: ...re Encryption Share on page 166 Microsoft Client FIPS 140 2 should be enabled on the client computer and in Internet Explorer To enable FIPS 140 2 on a Windows client 1 Select Control Panel Administra...

Page 177: ...approved algorithms for external communications once in FIPS 140 2 mode The FIPS cryptographic module is used for encryption of session traffic 3 Reboot the SX II Required Once FIPS mode is activated...

Page 178: ...PTables rules to create policies for traffic being forwarded between LAN interfaces Add IPTable rules as needed When you enable IP forwarding for Dual LAN units use IPTables rules to create policies f...

Page 179: ...s are supported The CA verifies the identity of the originator of the CSR The CA then returns a certificate containing its signature to the originator The certificate bearing the signature of the well...

Page 180: ...fication authorities require a challenge password to authorize later changes on the certificate e g revocation of the certificate Applicable when generating a CSR for CA Certification h Confirm Challe...

Page 181: ...ou will get the new certificate from the CA Note The CSR and the private key file are a matched set and should be treated accordingly If the signed certificate is not matched with the private key used...

Page 182: ...Binary Certificate to a Base64 Encoded DER Certificate Optional SX II requires an SSL certificate in either Base64 Encoded DER format or PEM format If you are using an SSL certificate in binary forma...

Page 183: ...py to File 4 The Certificate Export Wizard opens Click Next to start the Wizard 5 Select Base 64 encoded X 509 in the second Wizard dialog 6 Click Next to save the file as a Base 64 encoded X 509 You...

Page 184: ...re is enabled the user s selection is logged in the audit log To configure a security banner 1 Click Security Banner to open the Banner page 2 Select Display Restricted Service Banner to enable the fe...

Page 185: ...n from txt file by selecting the Restricted Services Banner File radio button and using the Browse feature to locate and upload the file Click OK Once the file is uploaded the text from the file will...

Page 186: ...hoose Maintenance Audit Log The Audit Log page opens The Audit Log page displays events by date and time most recent events listed first The Audit Log provides the following information Date The date...

Page 187: ...Chapter 6 SX II Administration 180 5 To page through the audit log use the Older and Newer links...

Page 188: ...se this feature as a time saving mechanism For instance you can quickly provide access to your team from another SX II by backing up the user configuration settings from the SX II in use and restoring...

Page 189: ...cate the file and right click on it Select properties c In general tab click Change and select WordPad To restore your SX II WARNING Exercise caution when restoring your SX II to an earlier version Us...

Page 190: ...y files Use this option to quickly set up users on a different SX II Device Settings Restore This option includes only device settings such as power associations and Port Group assignments Use this op...

Page 191: ...to navigate to the directory where you unzipped the upgrade file 5 Click Upload from the Firmware Upgrade page 6 Information about the upgrade and version numbers is displayed for your confirmation i...

Page 192: ...targets which can be obtained by clicking the show link for an upgrade The target information provided is Type The type of target User The user who performed the upgrade IP IP address firmware locatio...

Page 193: ...Chapter 6 SX II Administration 186 To reboot your SX II 1 Choose Maintenance Reboot The Reboot page opens 2 Click Reboot You are prompted to confirm the action Click Yes to proceed with the reboot...

Page 194: ...See Configure Encryption Share on page 166 Note It is recommended that you save the audit log prior to performing a factory reset The audit log is deleted when a factory reset is performed and the re...

Page 195: ...from the Remote Console Ping Host Page Ping is a network tool used to test whether a particular host or IP address is reachable across an IP network Using the Ping Host page you can determine if a tar...

Page 196: ...route to the host 1 Choose Diagnostics Trace Route to Host The Trace Route to Host page opens 2 Type either the IP address or host name into the IP Address Host Name field Note The host name cannot ex...

Page 197: ...Chapter 6 SX II Administration 190 5 Select the interface in the Network Interface drop down box to trace route on a specified interface Optional...

Page 198: ...ecuted Once this script has been executed you can download the diagnostics messages using the Save to File function Download the device diagnostic log for a snapshot of diagnostics messages from the S...

Page 199: ...Administration 192 4 To create a diagnostics file to send to Raritan Technical Support click Save to File and save the file locally from the Save As dialog 5 Email this file as directed by Raritan Te...

Page 200: ...on is displayed Whether the Ethernet interface is up or down Whether the gateway is pingable or not The LAN port that is currently active To refresh this information Click Refresh Network Statistics P...

Page 201: ...Chapter 6 SX II Administration 194 Statistics Produces a page similar to the one displayed here Interfaces Produces a page similar to the one displayed here...

Page 202: ...ge Your Password Using CLI Note This feature can also be configured from the Remote Console See Change Your Password from the Remote Console on page 27 Important If the administrator password is forgo...

Page 203: ...it is recommended you set the power cycle time to 5 seconds port number SX port number to cycle powerstrip name Name of power strip to access outlet number Outlet number on power strip to cycle off P...

Page 204: ...attributes They can then add users to the groups and each user takes the attributes and permissions of that group Since the group permissions are applied to each individual in the group permissions d...

Page 205: ...security true false Permission to access security commands SSL certificate security settings IP ACL Permitted true denied false manage user true false Permission to access user management commands Us...

Page 206: ...ivate false the user account dialback User s dialback phone number addsshkey The addsshkey command adds SSH key data for the user This data is the rsa_id pub key generated for your client The user mus...

Page 207: ...Remote Console on page 91 SX II requires users be authenticated to access the appliance Authentication is the process of verifying that a user is who he says he is Once a user is authenticated the use...

Page 208: ...arch DN dialback value Dialback search query domain Active Directory Domain Active Directory domain referral true false LDAP search referrals server generic ads Server type Active Directory or Generic...

Page 209: ...sion Id VENDOR Raritan 8267 Standard attribute BEGIN VENDOR Raritan ATTRIBUTE Raritan Vendor Specific 26 string END VENDOR Raritan Update RADIUS users to use the new attribute in the users file which...

Page 210: ...ddress hostname IP Address secret value RADIUS authentication secret authport value RADIUS authentication port acctport value RADIUS accounting port timeout value RADIUS timeout in seconds retries val...

Page 211: ...re details are provided on each setting in this Remote Console topic as well Enter admin Config Modem to access the menu Command Description Parameters dialback Enable dialback enable true false enabl...

Page 212: ...the attribute that is configured as the dialback search string on SX II Dialback with remote LDAP user OpenLdap v 2 v 3 Dialback with remote TACACS user TACACS v 4 0 3a Dial in and Dialback should be...

Page 213: ...tphome config txt user FTP username Optional FTP server user name password FTP password Optional FTP server password Will prompt if missing and user name given scriptrun Runs the autoconfiguration scr...

Page 214: ...dx Set Ethernet Mode to auto detect or force a specified mode rate none 100mb 10mb 5mb 2mb 512kb 256kb 128kb Set a bandwidth limit for the interface IPv6_interface Set IPv6 network parameters and retr...

Page 215: ...an also be configured from the Remote Console See Configure Device Settings from the Remote Console on page 113 These commands provide the ability to configure SX II server services Enter admin config...

Page 216: ...displays the current dpa type Enter admin Config Services to access this menu Command Description Parameters dpa Enable direct port access enable true false DPA access enable true disable false url tr...

Page 217: ...is port OR You are now master for the port If suppress is true the above messages are not displayed and connected directly to the target prompt If suppress is false the above messages are displayed Co...

Page 218: ...traps NA del Delete SNMP traps dest ipaddress hostname Destination IP hostname port port number Destination port delv3 Delete SNMPv3 traps dest ipaddress hostname Destination IP hostname port port nu...

Page 219: ...hrase for privacy enable true disable false Configure Date and Time Settings Using CLI Note These settings can also be configured from the Remote Console See Configure Date and Time Settings from the...

Page 220: ...able false override true false Override DHCP settings for NTP server true false Change the Default GUI Language Setting Using CLI Note This setting can also be configured from the Remote Console See C...

Page 221: ...the SMTP server enable true false SMTP server enable true disable false ip ipaddress hostname SMTP server IP address port port number SMTP server port 1 65535 auth true false SMTP auth required enabl...

Page 222: ...viewed cleared or sent periodically to an FTP server Configuration log commands allow you to manage the logging features of the SX II server Enter admin Config Log to access the menu Command Descripti...

Page 223: ...able false smtp true false SMTP Logging enable true disable false eventlist Display an indexed list of all configurable events NA syslog Configure the syslog server enable true false System event log...

Page 224: ...or storing output log Output implies data sent from target to the SX port block true false Block port access upon NFS failure nfsencrypt Set the encryption key to be used for encrypting port log enabl...

Page 225: ...on and either place it on the Linux machine or compile its source 4 Save the encryption key file dsx encrypt key in the same directory where the decryption application is stored 5 Copy the encrypted p...

Page 226: ...ol none hw sw Port flowcontrol type hw hardware flow control sw X on X off eqtype auto dte dce Equipment type auto AUTO Detection dte Force DTE dce Force DCE Note If the target has the ability to auto...

Page 227: ...no user is connected suppress Determine whether none or all messages should be displayed during a DPA connection such as Authentication successful encoding Target Encoding type DEFAULT US ASCII ISO 8...

Page 228: ...cess The following port command sets an IP address for DPA access to the port which is not the same as DPA by URL The DPA IP address is just an address that goes directly to the port admin Config Port...

Page 229: ...een assigned and a free range of TCP Ports are available for dpa TCP Port mode usage admin Config Port config port 1 32 ssh 7000 telnet 8000 or admin Config Port config port ssh 7000 telnet 8000 In bo...

Page 230: ...hen you log in to SX II via a GUI a banner with a fixed width typeface and a common dimension such as 80x25 appears If the banner is very large that is over 9000 lines the banner displayed on the GUI...

Page 231: ...ed encryption Sets the encryption type and FIPS mode of SX II mode auto aes128 aes256 rc4 Set the encryption mode of the device fips true false Enable disable FIPS 140 2 mode enable true disable false...

Page 232: ...per user Strongpassword Configure strong password rules When creating a password via CLI it cannot begin with a space or end with a space This does not apply to creating passwords in using the Remote...

Page 233: ...d appliance Note If SX II is not used to generate the certificate signing request and an external certificate is used instead encryption needs to be removed from the private key before installing it o...

Page 234: ...false days days Days certificate will be valid getcert Get the certificate from a specific location address ipaddress hostname FTP Server Address port FTP port FTP Server Port default 21 path path to...

Page 235: ...In some cases this data is required for compliance with governmental or company regulations Create a security profile Security Notes Encryption of traffic between the operator console and SX II applia...

Page 236: ...path for upgrade file user FTP username Optional FTP server user name password FTP password Optional FTP server password Will prompt if missing and user name given upgradehistory Get information abou...

Page 237: ...If you choose to revert to the factory settings you will erase all your custom settings and will lose your connection to SX II because upon rebooting the IP address of the appliance is reset to the f...

Page 238: ...D all port port name port number Close sessions on the specified port by name or number address ipaddress Close all sessions from the specified remote address Configure Diagnostic Settings Using CLI N...

Page 239: ...agnostic script from a FTP server address ipaddress hostname Address of FTP Server port FTP port Port of FTP server 1 65535 path path name FTP server path for diagnostic script file user FTP username...

Page 240: ...6 SX II Administration 233 Command Description Parameters vflag vflag Verbose flag timestamp module thread fileline verbose on off Verbose control on off viewstats View module status module module Mod...

Page 241: ...SX II to the PX2 FEATURE Port 235 Connecting the SX II to the PX2 Serial Port In this configuration after the PX is connected to the SX II access the PX using the PX CLI Note that the appliances used...

Page 242: ...the SX II interface like any other powerstrip See Power Control Note that the appliances used in the diagram may not match your specific models However the connections and ports used are the same acro...

Page 243: ...II and Configure Power Control Options 236 You can now add the PX as a managed power strip to the SX II See Configure Power Strips from the Remote Console on page 71 or Configure Power Strips Using C...

Page 244: ...ions 244 SX II Appliance LED Status Indicators 244 Target Cable Connection Distances and Rates 245 SX II Dimensions and Physical Specifications Form factor 1U rack mountable Power 100 240VAC auto swit...

Page 245: ...SX2 48M 48 Maximum Number of Users Session A maximum of 200 users can access a single SX II at the same time This applies to the Remote Console access Direct Port Access and command line interface ac...

Page 246: ...fault this port is used for multiple purposes including the web server for the HTML client the download of client software onto the client s host and the transfer of data streams to the client Port 50...

Page 247: ...via the LDAP LDAPS protocol ports 389 or 636 will be used but the system can also be configured to use any port of your designation Optional Outgoing SNMP Ports 161 and 162 Port 161 is used for inbou...

Page 248: ...r network administrator for site specific information and settings SX II Port Pins Local Terminal Port pin Definition Direction pin 1 RTS Output pin 2 N A pin 3 TXD Output pin 4 Ground pin 5 Ground pi...

Page 249: ...cted by a port range limitation Network Speed Settings SX II network speed setting Network switch port setting Auto 1000 Full 100 Full 100 Half 10 Full 10 Half Auto Highest Available Speed 1000 Full S...

Page 250: ...on product will communicate but collisions will occur Per Ethernet specification these should be no communication however note that the SX II behavior deviates from expected behavior Note For reliable...

Page 251: ...tus appliance status and target connection status There are LEDs located on the front panel and rear panel of the SX II Front Panel LED Status Indicators When SX II boots up only the Power LED turns o...

Page 252: ...e all LEDs blink in unison When you press the SX II s Reset button to reset the appliance or when you perform a reboot from the SX II GUI the Power LED s blinks as the appliance powers down and turns...

Page 253: ...e these user names by returning an attribute named as follows rciusergroup attribute type string This may require a schema extension on your LDAP LDAPS server Consult your authentication server admini...

Page 254: ...ma 1 Right click the Active Directory Schema root node in the left pane of the window and then click Operations Master The Change Schema Master dialog appears 2 Select the Schema can be modified on th...

Page 255: ...LDAP Display Name field 6 Type 1 3 6 1 4 1 13742 50 in the Unique x5000 Object ID field 7 Type a meaningful description in the Description field 8 Click the Syntax drop down arrow and choose Case Ins...

Page 256: ...Updating the LDAP Schema 249 2 Scroll to the user class in the right pane and right click it 3 Choose Properties from the menu The user Properties dialog appears 4 Click the Attributes tab to open it...

Page 257: ...ibutes for User Members To run the Active Directory script on a Windows 2003 server use the script provided by Microsoft available on the Windows 2003 server installation CD These scripts are loaded o...

Page 258: ...Updating the LDAP Schema 251 3 Go to the directory where the support tools were installed Run adsiedit msc The ADSI Edit window opens 4 Open the Domain 5 In the left pane of the window select the CN U...

Page 259: ...in the right pane Right click the user name and select Properties 7 Click the Attribute Editor tab if it is not already open Choose rciusergroup from the Attributes list 8 Click Edit The String Attrib...

Page 260: ...253 Dominion SX II Overview Appendix C FAQs...

Page 261: ...are the same as those on the Dominion KX III What are the SX II s new features New features include Gigabit Ethernet IPv6 networking direct connection to Cisco devices with no rollover cables FIPS 140...

Page 262: ...date after that there will be no more firmware releases for the current SX CommandCenter support will likely continue past the end of support date Existing hardware warrantees will be honored Is ther...

Page 263: ...r 2 dual LAN connections the latter with a failover or b simultaneous operation Both IPv4 and IPv6 are supported Are all SX II models 1U Even the 48 port model Yes all models are 1U and include a rack...

Page 264: ...f TELNET What about emergency access via modem There are two types of modem access supported First an internal telephone modem is optional for each SX II model DSX2 M models Second for 3G 4G cellular...

Page 265: ...F 8 Shift JIS EUC JP EUC CN and EUC KR How many serial devices can be simultaneously accessed through a given SX II A group of users can simultaneously access all the serial devices connected to a SX...

Page 266: ...DCE is used on a modem CSU DSU multiplexer or peripheral A DTE port is typically cabled to a DCE port Connections between like ports must be connected by a specific rollover cable Since SX II is auto...

Page 267: ...Appendix C FAQs 260 Installation Management Configuration...

Page 268: ...these automatic configuration methods must be enabled by the administrator Does the SX II require a FTP Server for firmware upgrades like the current SX No the SX II firmware upgrade process is like t...

Page 269: ...s When using SSH port 22 needs to be open The TCP ports for HTTP HTTPS Telnet SSH are all user configurable These user configured ports will need to be open for access Also TCP port 5000 What type of...

Page 270: ...a For web browser access by the Raritan Serial Console software Java is required Java is not required for CLI access to the SX II via SSH Telnet or an at the rack connection Where can I get documentat...

Page 271: ...SX II Quick Setup Guide which is included with your SX II and can be found on the Support page of Raritan s website http www raritan com support firmware and documentation SX II Online Help SX II onl...

Page 272: ...k the Send Feedback icon in the toolbar An email addressed to the team opens in your default email client Email the Documentation Team a specific topic from the online help Open to the topic in online...

Reviews: