background image

 

  
 

Installation and  
Operations Manual 

SX4 SX32 
SX8 SX48 
SX16 

 

 

Raritan Computer Inc. 

400 Cottontail Lane 

Somerset, NJ  08873 

USA 

Tel. 1-732-764-8886 

Fax. 1-732-764-8887 

E-mail: [email protected] 

http://www.raritan.com 

Raritan Computer Europe, B.V. 

Eglantierbaan 16 

2908 LV Capelle aan den IJssel 

The Netherlands 

Tel. 31-10-284-4040 

Fax. 31-10-284-4049 

E-mail: [email protected]

 

http://www.raritan.com

 

 
Raritan Computer Japan, Inc. 

4th Flr. Shinkawa NS Building 
1-26-2 Shin-kawa, Chuo-ku  
Tokyo 104-0033 
Japan 
Tel. 81-03-3523-5991 
Fax. 81-03-3523-5992 
E-mail: [email protected] 
http://www.raritan.co.jp

 

 
Raritan Computer Taiwan, Inc. 

5F, 121, Lane 235, 

Pao-Chiao Rd., Hsin Tien 

Taipei Hsien  

Taiwan, ROC 

Tel. 886-2-8919-1333 

Fax. 886-2-8919-1338 

E-mail: [email protected] 

http://www.raritan.com.tw

 

 
Raritan Computer France 

120 Rue Jean Jaures 

93200 Levallois-Perret 

France 

Tel. 33-14-756-2039 

Fax. 33-14-756-2061 

E-mail: [email protected] 

http://www.raritan.fr 

 

 
Raritan Computer Deutschland GmbH 

Lichtstraße 2 

D-45127 Essen 

Germany 

Tel. 49-201-747-9820 

Fax. 49-201-747-9850 

E-mail: [email protected]  

http://www.raritan.de 

 

 
Raritan Computer U.K. Ltd. 

36 Great St. Helen's

 

London

 

EC3A

 

6AP 

United Kingdom

 

Tel. 44 20 7614 7700 
Fax. 44 20 7614 7701 
E-mail: [email protected] 
http://www.raritan.com  

 

 
Shanghai Representative Office of 
Raritan Computer, Inc. 

RM 19C-1 Shanghai Shiye Building 

18 Caoxi North Road 

Shanghai China 2000030 

Tel. 86-21-64680475 

Fax. 86-21-64627964 

E-mail: [email protected] 

http://www.raritan.com.tw 

 

L I S T E D

C

U S

L

U

1F61
I.T.E.

 

Copyright ©2004 Raritan Computer, Inc. 
DSX-0G-E 
November 2004  
255-60-2000 

Summary of Contents for DOMINION SX -

Page 1: ...3 Fax 886 2 8919 1338 E mail sales asia raritan com http www raritan com tw Raritan Computer France 120 Rue Jean Jaures 93200 Levallois Perret France Tel 33 14 756 2039 Fax 33 14 756 2061 E mail sales...

Page 2: ......

Page 3: ...osoft Corporation Netscape and Netscape Navigator are registered trademarks of Netscape Communication Corporation Mozilla is a registered trademark of the Mozilla Foundation RC4 is a registered tradem...

Page 4: ...This page intentionally left blank...

Page 5: ...plorer 13 Netscape Navigator 14 Sending a Break Null 14 Chapter 4 Console Features 15 Emulator 15 Settings 15 History 16 Write Access 17 Sending a Break Null 18 User List 19 Close 20 Edit 21 Tools 22...

Page 6: ...me 83 Description 83 Name 84 Description 84 Service Telnet and SSH Configuration 84 Name 84 Description 84 Chapter 11 Firmware Upgrade Instructions 87 Firmware Image Upgrade Instructions for DSX16 DSX...

Page 7: ...Target System 133 Boot Script Support 135 File System 135 File Directory Structure 135 File System API through TCL 135 TCL Commands 136 Accessing TCL Window 137 Resetting TCL Interpreter 137 Editing...

Page 8: ...Logging Command 23 Figure 27 Script Shell Command 24 Figure 28 SecureChat Command and User Chat Window 25 Figure 29 Help Topics Command and Help File Window 26 Figure 30 Sample of About RaritanConsole...

Page 9: ...Wizard Completion Page 98 Figure 80 Internet Options Display 99 Figure 81 Certificate Manager Display 99 Figure 82 Netscape New Site Certificate Window 100 Figure 83 Netscape New Site Certificate Acce...

Page 10: ...New Connection Complete 128 Figure 114 Connect to Window 128 Figure 115 Windows 2000 Network and Dialup Connections 129 Figure 116 Welcome to the Network Connection Wizard 129 Figure 117 Network Conn...

Page 11: ...oubleshoot up to 32 target devices depending on model from any SSH client Web browser while consuming only one IP address Scripting Create store and execute scripts either on demand or on a continuous...

Page 12: ...scheme serial port adapters are available from Raritan Local Access for crash cart applications Simplified User Experience SSH Browser based Interface Graphical User Interface provides intuitive acces...

Page 13: ...lete the configuration of the Dominion SX Obtain all required configuration information prior to performing the configuration steps outlined below If you are uncertain of any information contact your...

Page 14: ...e command line interface of the installation computer enter the command route print b If 192 168 0 192 is on the gateway list proceed to the next step Otherwise add 192 168 0 192 to the gateway list t...

Page 15: ...16 characters in length no spaces The first six characters of the password must contain at least two alpha and one numeric character the first four characters cannot be the same as the user name Conf...

Page 16: ...ser Configuration Window appears enter the information for the first user for Dominion SX By default the first user will have Administrator privileges All fields except for the Information field are r...

Page 17: ...s unit will reside IP Gateway Default gateway for this unit Port Address Default application communication port if accessing the unit through a firewall the TCP port specified during installation must...

Page 18: ...of the certificate Additionally the Syslog and NFS logging features also use the system time for time stamping log entries Figure 9 Time Configuration Display Configuration 1 Set the Current Date and...

Page 19: ...number for this line as it will be necessary later when the user configures a client for dialup networking 7 Connect the male end of the external power cord to the power supply outlet and power ON the...

Page 20: ...10 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 21: ...he target device programmatically Note For the purpose of illustration all discussion in this manual is based on using Internet Explorer as the browser Browser Based Access 1 Using a browser such as I...

Page 22: ...login screen appears enter your Login Name and Password and click on the Login button Figure 12 Login Display 4 When the main display page appears click on the desired Port button to launch that port...

Page 23: ...ialog indicates that the authenticity of the signer Raritan has been verified by VeriSign Inc and it specifies the permissions requested from the user Figure 14 Security Dialog in Internet Explorer Cl...

Page 24: ...being asked for permissions every new session Once the Security screens are completed the console window appears and the user can begin working with the remote target system Figure 17 Console Window S...

Page 25: ...ow Currently the unit supports Terminal Type VT100 ANSI which cannot be changed The Cursor Type can be either Line or Block depending on your preference The default cursor is Line type but can be chan...

Page 26: ...essage history allowing a user to see target device events over time When the size limit is reached the text will wrap overwriting the oldest data with the newest History information can be useful whe...

Page 27: ...in menu 2 Select Get Write Access from the drop down menu Figure 20 Get Write Access Command 3 You now have Write Access to the target device as indicated by the green block located before Write Acces...

Page 28: ...n keyboard Only users with Operator and Administrator privileges can send a break users who are Observers cannot send a break To send an intentional break to a Sun Solaris server 1 Verify that you hav...

Page 29: ...re accessing the same port An asterisk appears before the user who has Write Access to the console To View the User List 1 Click on Emulator in the main menu 2 Select User List from the drop down menu...

Page 30: ...20 DOMINION SX INSTALLATION AND OPERATIONS MANUAL Close To Close RaritanConsole 1 Click on Emulator in the main menu 2 Select Close from the drop down menu Figure 23 Close Command...

Page 31: ...the drop down menu 5 Position the cursor at the location you wish to paste the text and click once to make that location active 6 Click on Edit in the main menu 7 Select Paste from the drop down menu...

Page 32: ...the main menu 2 Select Start Logging from the drop down menu 3 Choose an existing file or provide a new file name in the File Dialog box When an existing file is selected for logging data gets append...

Page 33: ...ER 4 CONSOLE FEATURES 23 Stop Logging 1 Click on Tools in the main menu 2 Select Stop Logging from the drop down menu Figure 26 Stop Logging Command Logging is On until the Stop Logging command is exe...

Page 34: ...ole also comes with User Definable Events that can be generated by TCL scripts Raritan has introduced an extension library to provide an API to the RaritanConsole s functions Additionally the unit com...

Page 35: ...length of a chat message is 80 characters To use SecureChat 1 Click on Chat in the main menu 2 Select User Chat from the drop down menu Figure 28 SecureChat Command and User Chat Window 3 Type a messa...

Page 36: ...lease information about RaritanConsole Help Topics To Access Help Topics 1 Click on Help in the main menu 2 Select Help Topics from the drop down menu Figure 29 Help Topics Command and Help File Windo...

Page 37: ...nformation When contacting Raritan for technical support when performing a software upgrade etc you may be asked for this information To Access About Information 1 Click on Help in the main menu 2 Sel...

Page 38: ...Port number for which a console is required Example For Internet Explorer and Mozilla 1 6 with supported Java version the following command line or entry into the URL field will connect the user to Po...

Page 39: ...on the Login button 4 When the security warning appears only once for the session click on the Yes button 5 The console display will appear Figure 33 Direct Port Access Display To exit the application...

Page 40: ...ominion SX window to exit Dominion SX If changes to the configuration have been made but not saved a screen will prompt you to save changes and log out of the unit Click on the Yes button to save chan...

Page 41: ...been saved already the unit will confirm the request to exit Click on the OK button to log out of the unit Figure 36 Exit Confirmation Display A confirmation screen will indicate disconnection from t...

Page 42: ...te Install custom applications per port In each case dedicated displays are provided to allow the adjustment and configuration of the various parameters Display The display structure is divided into a...

Page 43: ...s have to make modifications to the device Update Many of the Configuration tab screens feature an Update button A user would click on the Update button to notify the system that changes have been mad...

Page 44: ...on button in the left panel 2 Click on the tab s for the screens in which you want to make configuration changes 3 When the status bar displays the Configuration locked message other users cannot modi...

Page 45: ...has been configured which can be useful if debugging or troubleshooting System time and date Ethernet address Network configuration IP address subnet mask and gateway Modem configuration Certificate...

Page 46: ...st be connected 2 The modem PPP connection settings must be configured 3 The dial up networking software on the user s personal computer must be configured to establish a PPP connection from the clien...

Page 47: ...ped The modem is not operational The Initialize Modem button can be used to reset the modem if it is running but not operating properly Note Be sure to verify the above information with your Network A...

Page 48: ...of the phone line connection speed will vary The modem that is installed in the unit is a 56Kbps device generally the connection speed will be approximately 33Kbps At this speed there is a possibilit...

Page 49: ...onal applications Baud rate Baud rate of the serial port should match that of the target device connected to the port valid choices are 1200 1800 2400 4800 9600 19200 28800 38400 57600 115200 Parity D...

Page 50: ...lect an entry to modify 2 Click on the Edit button 3 The selected entry appears in the lower half of the screen 4 Make changes to the fields as needed 5 Click on the Update button to load the changes...

Page 51: ...N CONTROL REMOTE TARGET UPGRADE RESET Administrator All Yes Yes Yes Operator Edit own user record Yes No No Observer Edit own user record No No No Figure 44 Users Tab Display Local Users The unit can...

Page 52: ...an change their passwords after the first time they log on Figure 45 New User Creation To Add a New User 1 Click on the New button 2 Enter the User Name Login Name User Type and Password 3 Retype the...

Page 53: ...Information 1 Click on the User Name to modify that user s information 2 Click on the Edit button 3 Update the desired fields only those fields that you are allowed to change based on your user type a...

Page 54: ...ed and knowledge of the concepts of Access Control Lists ACL is a prerequisite for configuring and administering the Dominion SX IP ACL feature Explaining IPTables is beyond the scope of this document...

Page 55: ...he following figures The user interface provides a front end to the IPTables Once again we suggest the following link for IPTables familiarity http iptables tutorial frozentux net iptables tutorial ht...

Page 56: ...e the IP ACL configuration to the non volatile memory of the Dominion SX This rule allows connections from this address and attempts to connect from all other IP addresses will be denied Please note w...

Page 57: ...sts ipacl status Display the enable disable status Display all configured IPACL rules ipacl enable disable Depending on the parameter enable or disable ipacl USAGE EXAMPLE admin Command ipacl status i...

Page 58: ...If you wish to allow or deny a specific IP address just set the starting and ending IP to that particular address USAGE EXAMPLE admin Command aclcfg add 1 2 3 4 1 2 3 4 0 0 add a rule allowing IP 1 2...

Page 59: ...event the security alert window from appearing After the configuration is completed the unit reboots The server certificate is generated once again this time for the new IP address assigned to the uni...

Page 60: ...ns are available at the bottom of the Certificate screen 1 Generate Default Certificate Click on this button to regenerate the certificate provided by Raritan Please note that generating the certifica...

Page 61: ...te generated may not be valid 3 The unit will reboot Note If you factory reset the unit and there is no user installed certificate in the unit the server Certificate is regenerated for the IP address...

Page 62: ...d to obtain a user certificate to be installed in the unit from a trusted third party source Bit strengths of 512 1024 and 2048 are supported If a user installed certificate is active a CSR cannot be...

Page 63: ...ntry name State province name Locality Organization Organization unit Email address Click on the Generate CSR button to generate and display the request Cut and paste the result into a text file and u...

Page 64: ...er Certificate 1 Open the certificate and the private key file in a text editor If the certificate was generated using CSR only the certificate will be available 2 Under the Certificate Tab click on t...

Page 65: ...lled in the browser Figure 58 Schematic of External Certificate Utilization External Certificate Authority Browser Dominion SX Unit Server Certificate issued by the External Certifying Authority Priva...

Page 66: ...Mechanism RADIUS Authentication occurs when a user tries to log on to the RADIUS client After prompting the user for login name and password the client checks to see if the user is already present in...

Page 67: ...it can store as many users as its disk storage permits If you are using many Dominion SX units you do not have to configure all users on each of the units Configure a user once on your RADIUS server t...

Page 68: ...ned default port number for RADIUS is 1812 6 The Information for the Secondary RADIUS Server is optional This is a mirrored image of the Primary RADIUS Server and it is used only in case the Primary R...

Page 69: ...r and a RADIUS user Only non RADIUS users are listed in the user list on the Users configuration screen under the Users tab This is because every time a RADIUS user logs in authentication comes from t...

Page 70: ...t are based on events that occur within the unit It is also possible to have user defined events sent out as email messages User defined events are defined using the scripting capability Figure 64 Not...

Page 71: ...predefined by Raritan To subscribe to a user defined event type the user defined event name Note This name must match exactly with the event name that has been used when the script was generated 3 Sp...

Page 72: ...es to the entry in the fields that appear in the lower portion of the screen 4 Click on the Update button 5 Click on the Save button Figure 66 Edit Notification Destination Delete a Notification Entry...

Page 73: ...onfig datacom Datacom configuration has been modified event amp notice config users User configuration has been modified event amp notice config ipacl IP address based access control list has been mod...

Page 74: ...he upgrade and a pop up window will notify the user once the upgrade procedure is complete Figure 67 Upgrade Display Upgrades can be done of the complete software AmpAdmin package and the various appl...

Page 75: ...are application package is located 3 Specify the Path to the software package for example pub Dominion AmpApp 4 Enter the Username and Password if required 5 Click on the Upgrade button 6 The unit wil...

Page 76: ...st of logged in users who will be logged out upon reset will be displayed The soft reset is useful when an Administrator wishes to disconnect all users from the unit Figure 68 Confirmation for Reset F...

Page 77: ...or SX4 SX8 and other models with a RESET switch please see the paragraph that follows 1 Power OFF the Dominion SX unit 2 Attach the supplied Factory Reset Connector serial DB9 female to the serial DB9...

Page 78: ...68 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 79: ...ter and CAT5 cable Cisco Catalyst RJ45 CRLVR 15 cable Cisco Router DB25F ASCSDB25M adapter and CAT5 cable Hewlett Packard Unix Server DB9M ASCSDB9F adapter and CAT5 cable Silicon Graphics Origin DB9M...

Page 80: ...70 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 81: ...set on the Dominion SSH server does not conflict with a key sequence required by either the SSH client or the host operating system The Escape key sequence is user configurable A Secure Shell hereina...

Page 82: ...e user has connected to a serial target at port 2 using console_cmd 2 then the escape character can be used to come back to menu prompt RaritanCommand Default Escape Character is CTRL i e Press CTRL k...

Page 83: ...er Type Administrator UserName admin Number Of Accessible Ports 6 Port PortName 1 Port1 2 Port2 SUN 3 Port3 4 Port4 5 Port5 6 Port6 Serial Port 2 Connected Escape characer is Ctrl User admin Is Now Ma...

Page 84: ...target session and come back to Command prompt for an interactive session Figure 71 Sample SSH Session Screen Port Sharing Using SSH It is possible for SSH users to share ports with other authenticate...

Page 85: ...DAP uses TCP port 389 and LDAP S uses TCP port 636 Secret This is the root password to access the directory server manager The name for this field depends on the Directory Server The SUN iPlanet direc...

Page 86: ...ministrator Operator and Observer For Dominion SX both per port Authentication and Authorization are possible with TACACS Cisco Freeware Daemon This daemon is freely available from Cisco at http cisco...

Page 87: ...html 12231 1 Allow new services a Select Interface Configuration b Select TACACS Cisco IOS c Add dominionsx service under the heading New Services 2 When adding or editing a user or group the dominio...

Page 88: ...78 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 89: ...epended to each of the port log files SIZE the maximum size for a log file before a new file is created IP1 the IP address of the NFS shared directory DIR1 the directory on the NFS server to write to...

Page 90: ...port log files Example etc exports entry nfs domlogging 192 168 0 0 16 rw no_root_squash 2 Force all accesses to a certain UID GID Example etc exports entry nfs domlogging 192 168 0 0 16 rw all_squas...

Page 91: ...IP address with an optional space separated port number If a recipient with a port number is to be removed include the port number in the delete command Traps may be sent to multiple ports with the s...

Page 92: ...tion changes require rebooting to take effect TANAKA Command snmp Enabled N Community public Trap Destinations 10 0 0 125 6 6 6 6 TANAKA Command snmp enable Any SNMP configuration changes require rebo...

Page 93: ...local port access usage The modem must be disabled before LPA can be enabled and vice versa Newer SX 4 and SX 8 units may have two serial ports with firmware release 2 2 the port labeled MODEM has to...

Page 94: ...bling Telnet For Dominion SX units that are already running firmware version 2 2 4 or higher the default port is 51000 and telnet can be enabled at any time Note The Dominion SX system must be restart...

Page 95: ...led No SSH Enabled Yes TANAKA Command service telnet enable The system will need to be rebooted for changes to take effect TANAKA Command service ssh disable The system will need to be rebooted for ch...

Page 96: ...86 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 97: ...ove the DOM disk 9 Plug the DOM disk into the Dominion SX unit reconnect the power cable to the DOM close the unit cover install the screws and power ON the unit 10 The Dominion SX unit can be accesse...

Page 98: ...88 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 99: ...ature 32 to 104 C 0 to 40 F Operating Humidity 20 85 RH Remote Connection Network One 1 or two 2 10 100 Ethernet Base T RJ 45 connection Modem 4 8 Dedicated Modem DB9M Port 16 32 48 Integrated 56K V 9...

Page 100: ...90 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 101: ...NTP Disabled Local Port Access Disabled Syslog Disabled Telnet Disabled SSH Enabled SNMP Disabled Logging to NFS Disabled SERIAL DISABLED PORTS Baud Rate 9600 Parity None To initiate access using htt...

Page 102: ...92 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 103: ...certificate authority that issued the certificate and holds administrative information for the CA s use such as version number serial number issuer name etc To View the Certificate 1 Click on File in...

Page 104: ...rust certificates signed by the CA s private key For additional information please see http www cren net ca Figure 73 Hierarchies of Certificate Authorities Root CA USA CA INDIA CA Marketing CA Engn C...

Page 105: ...n its CA list which indicates signed Server Certificates If the verification is successful the Security Alert will not appear Figure 74 Schematic Diagram of Certificate Authentication Scheme Dominion...

Page 106: ...it s IP address The Security Alert window will appear 2 Click on the View Certificate button and the Certificate window will appear Figure 75 Install Session Based Certificate 3 Click on the Install C...

Page 107: ...file by double clicking on it This will open the certificate Figure 76 View of CA_ROOT cer 7 Click on the Install Certificate button to start the Certificate Manager Import wizard Figure 77 Certificat...

Page 108: ...he following store radio button and click on the Browse button to choose a file you prefer Figure 78 Import Wizard Select a Certificate Page 10 Click on the Next button 11 Click on the Finish button F...

Page 109: ...n IE and select Tools Internet Options from the main menu The Internet Options window will appear Figure 80 Internet Options Display 2 Click on the Content tab and click on the Certificates button The...

Page 110: ...ach Dominion SX unit you wish to access To eliminate the appearance of this window for every Dominion SX unit with a particular certificate you must install the root certificate in your browser descri...

Page 111: ...n the Certificate text field 4 Select the text in the Base64 Certificate field and copy it by selecting Edit Copy from the main menu 5 Open Notepad or another text editor and paste the text you have c...

Page 112: ...aved in Step 6 and drag it into an open Netscape Navigator window The New Certificate Authority window should appear 11 Click on the Next button 12 Click on the Next button once more 13 The Certificat...

Page 113: ...ape Navigator and click on either the Security button or on the lock icon in the lower left of the window The Security Info window will appear 2 On the left side of this window locate Certificates and...

Page 114: ...this occurs select the root certificate code copy it and follow the steps outlined in the section Install the Raritan Root Certificate then follow the steps outlined below If the root certificate has...

Page 115: ...n 7 The Certificate Fingerprint will appear providing information about the CA and the root certificate you are downloading It will look similar to the window below Record the Signed by information an...

Page 116: ...106 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 117: ...add users Information about the user is stored as a list of RADIUS protocol attributes and associated values These translate directly into the authentication reply the server will send back to the cl...

Page 118: ...Authentication Service check box and click on the OK button 5 Click on the Next button B Configure IAS Port Information 1 To configure a remote IAS server you must have administrative privileges on th...

Page 119: ...or MS CHAP do not click this option Notes If IAS receives an access request from a RADIUS proxy server IAS cannot detect the manufacturer of the NAS that originated the request This can cause problems...

Page 120: ...ring following the format outlined above must be provided for every Dominion SX box contacting the RADIUS server or else the box will take a default value If the RADIUS Server is not configured for Ve...

Page 121: ...cies Right click the policy for which interim accounting requests are to be generated and select Properties from the drop down menu On the Settings tab click Edit profile On the Advanced tab click Add...

Page 122: ...Routing and Remote Access 2 Right click on the server name for which you want to configure RADIUS authentication and select Properties from the drop down menu 3 Click on the Security tab and under Aut...

Page 123: ...oes not automatically assume the permissions and memberships of the previously deleted account because the security descriptor for each account is unique All permissions and memberships must be manual...

Page 124: ...e Add button h Click on the appropriate group and click on the OK button After these steps are executed a new user can connect to the NAS device and IAS will look at the user name find the group in wh...

Page 125: ...alidated however other versions of the RADIUS server should operate with the unit Only the user s role can be controlled on the unit using the RADIUS IETF option Note Access restrictions to specific p...

Page 126: ...Click on the RADIUS IETF link to edit properties Under the User heading click on the check boxes before Service Type and Framed Protocol Click on the Submit button Figure 94 RADIUS Properties Display...

Page 127: ...RADIUS IETF section Figure 96 User Properties Display 8 Click on the Service Type check box and select the appropriate service type from the drop down menu Administrative User with this Service type w...

Page 128: ...118 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 129: ...dures for the ACE server but assumes that the administrator is familiar with the ACE server and has the ability to set up and configure the application Guidelines are provided to allow SecureID to be...

Page 130: ...option for Dominion SX units e Encryption Type Select DES radio button for Dominion SX units f Open to All Locally Known Users Checking this box makes the Agent Host an open Agent Host which needs no...

Page 131: ...ice Type Profiles and corresponding user roles are as follows Administrative User Users with this profile will have Administrator privileges on the unit they will have read write access to all ports a...

Page 132: ...return to the main menu Figure 103 Add Attribute Display Note Only the user s Role can be controlled on the Dominion SX units using specific Service Type profiles Access restriction to specific ports...

Page 133: ...it Selection Display per User 11 To configure the Dominion SX device to use RSA ACE Server as the RADIUS authentication server log on to the unit with the local administrative account click on the Con...

Page 134: ...formation required to communicate with it check with your LDAP server administrator We recommend you obtain this information before you start configuring LDAP on the Dominion SX 3 Click on the Enable...

Page 135: ...work as the Dominion SX After the dial up connection is established connecting to a Dominion SX is achieved by pointing the web browser to the PPP Server IP Modem installation guidelines are provided...

Page 136: ...modem installed in your workstation Figure 109 New Phone Entry Display 4 Click on the Security tab The Security section allows you to specify the level of security to use with the modem connection Whe...

Page 137: ...Configuring Windows 98 Dialup Networking Figure 112 Make New Connection Connection Name 3 In the Make New Connection window enter a Name Name for the Dominion SX unit you are dialing b Device Device...

Page 138: ...con and in the Connect To window that appears click on the Connect button to establish the connection with the Dominion SX unit No username or password is required for connection as the security is pr...

Page 139: ...p Connections 2 When the Network and Dial Up Connections window appears double click on the Make New Connection icon Figure 115 Windows 2000 Network and Dialup Connections 3 Follow the steps in the Ne...

Page 140: ...Dial up to private network radio button and click on the Next button Figure 117 Network Connection Type 5 Click on the check box before the modem that you want to use to connect to the Dominion SX un...

Page 141: ...box and enter the Area code and Phone number you wish to dial in the fields Click on the Next button Figure 119 Phone Number to Dial 7 In the Connection Availability screen click on the Only for mysel...

Page 142: ...the Dial up connection Figure 121 Network Connection Wizard Completion 9 Click on the Finish button 10 To connect to the remote machine when the Dial Window appears click on the Dial button A window...

Page 143: ...used to audit track and trace the conditions of and modifications to the unit itself This appendix describes the architecture and features of the TCL script engine and provides information to help yo...

Page 144: ...should be affected amplock ampunlock port TCL engine locks the write access for this port GUI users using the Java Console cannot supersede TCL and force TCL unlock by the issuing the Get Write Acces...

Page 145: ...oot scr The boot script can access the RS 232 ports but the user must insure that the write locks are released otherwise no user will be able to get write access to the console of the remote target de...

Page 146: ...orated supports TCL 7 0 All built in TCL commands for TCL 7 0 are supported except exec interp library and TCLvars The following TCL commands are supported append glob pwd array global read break hist...

Page 147: ...button Therefore full software reset from the GUI may be necessary to restart the interpreter When a Reset has been issued to the TCL Interpreter the BOOT SCR will NOT be executed This will prevent e...

Page 148: ...ake input if the script is designed to accept them Automatic Execution of a TCL Script upon Power Up For a TCL script to be executed automatically upon each reboot or power cycle of the unit the scrip...

Page 149: ...port_num 1 ampclear port_num amplock port_num set output pstat httpd port_num ampunlock port_num if output 0 puts HTTP_SERVER_OK port_num amptriggerevent event user httpProcess HTTP service is up and...

Page 150: ...on ampgetconfiguration network modem datacom smtp radius If a specific category is specified then the data for that category will be displayed Usage ampgetconfiguration category port_number Category c...

Page 151: ...listing all the currently configured users and their user account parameters Usage ampgetuser ampgetuser Users Steve Gaumer John Smith Michael White Fredrick Jones Note The names are not shown with an...

Page 152: ...Wright pass1285 1 2 3 4 Unix System Administrator in Training user pwright set ampsave save complete ampgetuser Users Steve Gaumer John Smith Michael White Fredrick Jones Patrick Wright ampgetuser Pat...

Page 153: ...ampupgrade ip_address file_path login password port_number Ip_address location of the files that are to be used in the upgrade File_path location where the files are stored Login optional ampgetversi...

Page 154: ...pacl Either turns on or turns off access based on source IP address Usage ampsetipacl enable disable Enable turns on ip acl Disable turns off ip acl ampsetipacl enable set IP acl successful ampsave sa...

Page 155: ...ing representing the next chunk of console data up to and including the terminator or the end of the data stream when a timeout occurs in seconds whichever comes first Note Issue an ampclear command t...

Page 156: ...to be read by the interpreter calls exec on the input and returns the resulting string to the client ampsave Saves any changes to the system configuration In order for changes network to take effect t...

Page 157: ...0 TCL_OK No message returned 1 TCL_ERROR wrong args should be ampwritesocket socketDescriptor message Command failed Invalid Socket Descriptor s write socket failed ampclosesocket socket_id Closes the...

Page 158: ...ore starting any new operations ampgetmacaddress Returns the Ethernet MAC address of the unit ampsetconfig datacom checkparity value Enables the parity bit if value is 1 disables the parity bit if val...

Page 159: ...nts amplisten checks to see if there is a new command from any client Puts will push back the response to the output buffer ampresponse will push the previous response back to the EXACT client who sen...

Page 160: ...terval Interval at which the TCL script has to do checking To quit out of the script type QUIT and hit enter Default threshold is 2 set thr 2 Default interval is 10 seconds set intr 10 change this mai...

Page 161: ...nt if user process utilization has gone beyond threshold if us thr amptriggerevent event alarm cpu User Process CPU utilization goes beyond threshold thr on port port listen to command inputs from use...

Page 162: ...points Use ampclear to remove all history information for a port Use ampread with n as terminator since the script has to read each line to find out the user process utilization that is on the 10th li...

Page 163: ...lay 10 amplock 1 puts Lock Acquired ampresponse elseif s QUIT amppermission on ampunlock 1 puts Exiting script ampresponse break else Allow observers and operators to issue commands to this TCL Servic...

Page 164: ...INSTALLATION AND OPERATIONS MANUAL puts A TCL script is running rInputs accepted are DATA READ1 READ2 READ3 CONSOLE QUIT ampresponse Input received is not as per expectation Remind user what the expe...

Page 165: ...ing a DNS error and reading that the server is unreachable Remove any installed Dominion SX certificates and restart the browser Unsupported Encryption The unit supports only 128 bit SSL encryption In...

Page 166: ...security warning This is normal behavior The warning message does not affect operation of the unit Login PROBLEM SOLUTION Login Failure To provide additional security the unit login screen expires aft...

Page 167: ...r until a timeout occurs Please wait and allow the FTP Server Unreachable message to appear FTP File Not Found The unit requires a package of upgrade files to be in the directory specified by the upgr...

Page 168: ...158 DOMINION SX INSTALLATION AND OPERATIONS MANUAL...

Page 169: ...set sequence consists of the following A solid green light for about 5 seconds then no light for about 15 20 seconds then another solid green light for about 5 seconds and then 3 green flashes about 1...

Page 170: ...Main Menu screen click Upgrade and then follow the prompts You will need to enter the IP Address and File Path to perform the upgrade What if I forget or lose my password Any Administrator can assign...

Page 171: ...APPENDIX J TECHNICAL FAQS 161...

Page 172: ...162 DOMINION SX INSTALLATION AND OPERATIONS MANUAL 255 60 2000...

Reviews: