Home
/
Raritan
/
Home Security System
/
User Manual

Raritan Home Security System, User Manual, Page: 361 / 384

Share

Page: 361 / 384

Raritan Home Security System User Manual Download Page 361

343

CC-SG can be configured to point to an RSA RADIUS Server that
supports two-factor authentication via an associated RSA Authentication
Manager. CC-SG acts as a RADIUS client and sends user authentication
requests to RSA RADIUS Server. The authentication request includes
user id, a fixed password, and a dynamic token code.

In This Chapter

Supported Environments for Two-Factor Authentication ......................343
Two-Factor Authentication Setup Requirements...................................343
Two-Factor Authentication Known Issues .............................................343

Supported Environments for Two-Factor Authentication

The following two-factor authentication components are known to work
with CC-SG.

•

RSA RADIUS Server 6.1 on Windows Server 2003

•

RSA Authentication Manager 6.1 on Windows Server 2003

•

RSA Secure ID SID700 hardware token

Earlier RSA product versions should also work with CC-SG, but they
have not been verified.

Two-Factor Authentication Setup Requirements

The following tasks must be completed for two-factor authentication
setup. Consult the RSA documentation.

1. Import

tokens.

2. Create a CC-SG user and assign a token to the user.

3. Generate a user password.

4. Create an agent host for the RADIUS server.

5. Create an agent host (type: Communication Server) for CC-SG.

6. Create a RADIUS CC-SG client.

Two-Factor Authentication Known Issues

The RSA RADIUS “New PIN” mode that requires a challenge
password/PIN will not work. Instead, all users in this scheme must be
assigned fixed passwords.

Appendix H Two-Factor Authentication

«
...
359
360
361
362
363
...
»

Summary of Contents for Home Security System

Page 1: ...Copyright 2010 Raritan Inc CCA 0K v4 3 E December 2009 255 80 5140 00 CommandCenter Secure Gateway Administrators Guide Release 4 3...

Page 2: ...emarks are the property of their respective holders FCC Information This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules...

Page 3: ...onfirming IP Address 10 Setting CC SG Server Time 10 Checking the Compatibility Matrix 11 Checking and Upgrading Application Versions 11 Chapter 4 Configuring CC SG with Guided Setup 13 Before You Use...

Page 4: ...s 33 Adding a Device 34 Add a KVM or Serial Device 34 Add a PowerStrip Device 36 Add a Dominion PX Device 36 Editing a Device 37 Editing a PowerStrip Device or a Dominion PX Device 37 Adding Notes to...

Page 5: ...n II System Devices 67 Paragon II System Controller P2 SC 67 IP Reach and UST IP Administration 68 Chapter 7 Managed Powerstrips 69 Configuring Powerstrips that are Managed by Another Device in CC SG...

Page 6: ...Virtual Machines 94 Delete Control Systems and Virtual Hosts 95 Delete a Virtual Machine Node 96 Delete a Virtual Infrastructure 96 Synchronizing the Virtual Infrastructure with CC SG 96 Synchronize t...

Page 7: ...9 Adding Users with CSV File Import 140 Users CSV File Requirements 140 Sample Users CSV File 144 Import Users 144 Export Users 145 Your User Profile 145 Change your password 145 Change your name 146...

Page 8: ...AD Trust Settings 168 Editing an AD Module 168 Importing AD User Groups 169 Synchronizing AD with CC SG 170 Synchronize All User Groups with AD 171 Synchronize All AD Modules 172 Enable or Disable Da...

Page 9: ...roup Data Report 190 AD User Group Report 190 Scheduled Reports 191 Upgrade Device Firmware Report 192 Chapter 14 System Maintenance 193 Maintenance Mode 193 Scheduled Tasks and Maintenance Mode 193 E...

Page 10: ...e 215 Recommended DHCP Configurations for CC SG 217 Configuring Logging Activity 217 Purge CC SG s Internal Log 217 Configuring the CC SG Server Time and Date 218 Connection Modes Direct and Proxy 219...

Page 11: ...ther Task 252 Delete a Task 253 SSH Access to CC SG 253 Get Help for SSH Commands 254 SSH Commands and Parameters 255 Command Tips 257 Create an SSH Connection to a Serial Enabled Device 258 Use SSH t...

Page 12: ...Display with Diagnostic Console 301 Display NTP Status 301 Take a System Snapshot 303 Change the Video Resolution for Diagnostic Console 304 Chapter 17 Power IQ Integration 305 Power Control of Power...

Page 13: ...ent for IPMI iLO RILOE DRAC RSA 318 CC SG and SNMP 318 CC SG Internal Ports 319 CC SG Access via NAT enabled Firewall 319 RDP Access to Nodes 319 VNC Access to Nodes 320 SSH Access to Nodes 320 Remote...

Page 14: ...CC SG Disk Monitoring 340 Appendix H Two Factor Authentication 343 Supported Environments for Two Factor Authentication 343 Two Factor Authentication Setup Requirements 343 Two Factor Authentication...

Page 15: ...rmation 353 Location Information 354 Contact Information 354 Service Accounts 354 Device Information 354 Port Information 355 Associations 355 Administration 355 Appendix L Diagnostic Console Bootup M...

Page 16: ...wer Control Connections on page 103 Interfaces for Power IQ Proxy Power Control Connections on page 105 Nodes CSV File Requirements on page 113 Add a User Group on page 132 Edit a User Group on page 1...

Page 17: ...tors Guide xvii Configuring Power Control of Power IQ IT Devices on page 306 CC SG Clustering on page 315 See the Release Notes for a more detailed explanation of the changes applied to this version o...

Page 18: ......

Page 19: ...not administrators should see Raritan s CommandCenter Secure Gateway User Guide In This Chapter Prerequisites 1 Terminology Acronyms 2 Client Browser Requirements 4 Prerequisites Before configuring a...

Page 20: ...pe which may have elements such as Windows or Unix or Linux CIM Computer Interface Module hardware used to connect a target server and a Raritan device Each target requires a CIM except for the Domini...

Page 21: ...discovered by CC SG they have to be manually added as nodes In this guide the term iLO RILOE includes both iLO RILOE and iLO2 RILOE2 In band Access going through the TCP IP network to correct or troub...

Page 22: ...evice to a node SASL Simple Authentication and Security Layer method for adding authentication support to connection based protocols SSH clients such as PuTTY or OpenSSH that provide a command line in...

Page 23: ...Thick Client Access 6 CC SG Admin Client 8 Browser Based Access via the CC SG Admin Client The CC SG Admin client is a Java based client that provides a GUI for both administrative and access tasks d...

Page 24: ...antage of using the thick client instead of a browser is that the client can outperform the browser in terms of speed and efficiency The minimum Java version required for running the thick client is 1...

Page 25: ...rted Java version or continue with the currently installed version 7 The login screen appears 8 If the Restricted Service Agreement is enabled read the agreement text and then select the I Understand...

Page 26: ...Chapter 2 Accessing CC SG 8 CC SG Admin Client Upon valid login the CC SG Admin Client appears...

Page 27: ...er their parent devices Click the and signs to expand or collapse the tree Click a port to view the Port Profile Right click a port and select Connect to connect to that port You can sort the ports by...

Page 28: ...ake changes if needed See About Network Setup on page 211 Optional 4 Click Update Configuration to submit your changes 5 Click Restart Now to confirm your settings and restart CC SG Setting CC SG Serv...

Page 29: ...figuration to apply the time and date changes to CC SG 4 Click Refresh to reload the new server time in the Current Time field Choose System Maintenance Restart to restart CC SG Checking the Compatibi...

Page 30: ...the list If you do not see the application you must add it first See Add an Application on page 208 3 Click Browse locate and select the application upgrade file from the dialog that appears then clic...

Page 31: ...to CC SG Configure device ports See Device Setup on page 14 Create Groups Categorize the devices and nodes that CC SG manages into groups and create full access policies for each group See Creating G...

Page 32: ...the Elements table To delete an element select its row and then click the Delete Row icon 5 Repeat these steps until you have added all the elements within the category to the Elements table 6 To crea...

Page 33: ...the Discover Devices panel Click the black arrow at the top of the panel to hide the top section expanding your view of the discovery results in the bottom section of the panel 7 In the table of disc...

Page 34: ...ies and elements 18 If you want the Element to apply to the device and to the nodes connected to the device select the Apply to Nodes checkbox 19 If you want to add another device click Apply to save...

Page 35: ...create a table of rules that describe the devices you want to assign to the group b Click the Add New Row icon to add a row to the table c Double click the cell created for each column to activate a...

Page 36: ...to use from each list See Policies for Access Control on page 149 9 Select the Create Full Access Policy for Group checkbox if you want to create a policy for this node group that allows access to al...

Page 37: ...group to have access to In band and Out of band nodes and to Power Management functions Select the checkboxes that correspond to the types of access you want to assign to the group 6 Click the Polici...

Page 38: ...ant the user to be forced to change the assigned password the next time the user logs in 17 Select the Force Password Change Periodically checkbox if you want to specify how often the user will be for...

Page 39: ...ific and Europe in the CC SG interface You can customize the CC SG to organize and display your servers however you like Association Terminology Associations the relationships between categories eleme...

Page 40: ...tasks into an automated interface Guided Setup is recommended for your initial CC SG configuration Once you have completed Guided Setup you can always edit your configurations individually See Configu...

Page 41: ...p down arrow and select the category you want to delete 3 Click Delete in the Category panel of the screen to delete the category The Delete Category window opens 4 Click Yes to delete the category Ad...

Page 42: ...ore elements to an existing category then you do not have to include a row to redefine the category that the new elements belong to Export a file from CC SG to view the Comments which include all tags...

Page 43: ...e and select the CSV file to import Click Open 3 Click Validate The Analysis Report area shows the file contents If the file is not valid an error message appears Click OK and look at the Problems are...

Page 44: ...t categories and elements 1 Choose Administration Export Export Categories 2 Click Export to File 3 Type a name for the file and choose the location where you want to save it 4 Click Save The first ti...

Page 45: ...tion and Contacts to a Device Profile 38 Deleting a Device 39 Configuring Ports 39 Editing a Port 41 Deleting a Port 42 Configuring a Blade Chassis Device Connected to KX2 42 Restore Blade Servers Por...

Page 46: ...ports appear in the list with a symbol Click the or to expand or collapse the list of ports Device and Port Icons For easier identification KVM Serial and Power devices and ports have different icons...

Page 47: ...ort Sorting Options Configured ports are nested under their parent devices in the Devices tab You can change the way ports are sorted Ports arranged by status are sorted alphabetically within their co...

Page 48: ...ice so they will not appear in order with the other KX2 ports unless you restore these blade servers ports to normal KX2 ports See Restore Blade Servers Ports to Normal KX2 Ports on page 47 Device Pro...

Page 49: ...y in the tab with the date username and IP address of the user who added the note If you have the Device Port and Node Management privilege you can clear all notes from the node profile by clicking Cl...

Page 50: ...turn devices as results and will not include port names The method of searching can be configured in My Profile See Change your default search preference on page 146 To search for a device At the bott...

Page 51: ...ck to select more than one device type 5 Select the Include IPMI Agents checkbox to find targets that provide IPMI power control 6 Click Discover to start the search At any time during the discovery y...

Page 52: ...rip Device on page 36 For instructions on adding Dominion PX devices see Add a Dominion PX Device on page 36 Add a KVM or Serial Device KVM and serial devices may support 256 bit AES encryption which...

Page 53: ...uide A Web Browser interface is assigned to a blade chassis node in CC SG by default A virtual blade chassis device will be created in the Devices tab for blade servers that are directly connected to...

Page 54: ...ee Naming Conventions on page 353 for details on CC SG s rules for name lengths 2 Type the IP Address or Hostname of the device in the IP Address Hostname field See Terminology Acronyms on page 2 for...

Page 55: ...Strip Device or a Dominion PX Device You can edit a Managed PowerStrip device or a Dominion PX device to rename it modify its properties and view outlet configuration status To edit a powerstrip devic...

Page 56: ...he Notes list To clear all notes 1 Click the Notes tab 2 Click Clear Notes 3 Click Yes to confirm All notes are deleted from the Notes tab Adding Location and Contacts to a Device Profile Enter detail...

Page 57: ...SG Once you configure ports a node is created in CC SG for each port and the default interface is also created See Nodes Created by Configuring Ports on page 40 Configure a Serial Port To configure a...

Page 58: ...ield to create a new node with an Out of Band interface from this port For ease of use name the node after the target that is connected to the port This means that you will type the same name in the P...

Page 59: ...to use when you connect to this port from the list To allow CC SG to automatically select the correct application based on your browser select Auto Detect 4 Click OK to save your changes To edit a KSX...

Page 60: ...ppears when the port has been deleted Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Overview There are two types of blade chassis devices one is with an integrated KVM switch which...

Page 61: ...lways show two names in the Devices tab the name without the parentheses is retrieved from the KX2 device and the name within the parentheses is the chassis name saved on CC SG To add a blade chassis...

Page 62: ...the blade chassis profile 1 In the Devices tab click the next to the KX2 device that is connected to the blade chassis device 2 Select the blade chassis device whose slots you want to configure 3 In...

Page 63: ...nu to select the one you prefer from the list Click OK to configure the slot Changing the Blade Server Status This section applies only to the blade chassis with an integrated KVM switch such as Dell...

Page 64: ...t to the blade chassis device whose slots you want to delete 3 Right click the blade slot that you want to delete 4 Select Delete Blade and then click OK to delete the slot Edit a Blade Chassis Device...

Page 65: ...sically moving a blade chassis device from one KX2 device or port to another KX2 device or port CC SG cannot detect and automatically update the configuration data of the blade chassis device to the n...

Page 66: ...he only property copied in this process If you have the same type of information existing on any selected devices performing the Bulk Copy command will REPLACE the existing data with newly assigned in...

Page 67: ...to a set The device group will become the basis for a policy either allowing or denying access to this particular set of devices See Adding a Policy on page 150 Devices can be grouped manually using t...

Page 68: ...el 2 Click the New Group icon in the toolbar The Device Group New panel appears 3 In the Group Name field type a name for a device group you want to create See Naming Conventions on page 353 for detai...

Page 69: ...If any blade chassis has been configured in the system a Blade Chassis category is available by default Operator Select a comparison operation to be performed between the Category and Element items T...

Page 70: ...ust create three rules Department Engineering Rule0 Location Philadelphia Rule1 Memory 1GB Rule2 These rules must be arranged in relation to each other Since the device can either belong to the engine...

Page 71: ...elements The advantage of the describe method is that when you add more devices or nodes with the same attributes as described they will be pulled into the group automatically Use the select method w...

Page 72: ...ete Device Group panel appears Click Delete 5 Click Yes in the confirmation message that appears Adding Devices with CSV File Import You can add devices to CC SG by importing a CSV file that contains...

Page 73: ...parameters needed to create a valid CSV file See Export Devices on page 59 Follow the additional requirements for all CSV files See Common CSV File Requirements on page 333 To add a device to the CSV...

Page 74: ...record in the CSV file are configured 11 Allow Direct Access TRUE or FALSE Default is FALSE This setting is for SX and KX2 version 2 2 or later devices only 12 Description Optional To add a port to th...

Page 75: ...he command ADD 2 DEVICE BLADE Enter the tag as shown Tags are not case sensitive 3 Device Name Required field 4 Port Number Required field 5 Blade Number Required field 6 Blade Name Optional If left b...

Page 76: ...est KVM 4 ADD DEVICE CATEGORYELEMENT Lab Test Location Rack17 Import Devices Once you ve created the CSV file validate it to check for errors then import it Duplicate records are skipped and are not a...

Page 77: ...e for the file and choose the location where you want to save it 4 Click Save Upgrading a Device You can upgrade a device when a new versions of device firmware is available Important Check the Compat...

Page 78: ...CC SG to delete the oldest backup file for you This option will appear as an alert when you attempt to do a fourth backup See Restore All Configuration Data to a KX2 KSX2 or KX2 101 Device on page 63...

Page 79: ...to another device of the same model KX2 KSX2 and KX2 101 only Full The entire content of the selected backup file will be restored to the device Custom Allows you to restore Device Setting User and U...

Page 80: ...e to the device 4 Restore Type select Protected 5 Click OK 6 Click Yes to restart the device A message appears when all user and system configuration data has been restored Restore Only Device Setting...

Page 81: ...backup files in the Restore Device Configuration page to a location on your network or local machine If you need to make space for new backups to be stored on CC SG you can delete device backup files...

Page 82: ...device whose configuration you wish to copy to other devices from the Devices tree 2 Choose Devices Device Manager Configuration Copy Configuration 3 Select the configuration copying method To copy c...

Page 83: ...ices Device Manager Ping Device The Ping Device screen appears showing the result of the ping Pausing CC SG s Management of a Device You can pause a device to temporarily suspend CC SG control of it w...

Page 84: ...the SX serial port or the KSX dedicated power port that is providing management of the PowerStrip To view the device power manager 1 In the Devices tab select a PowerStrip device 2 Choose Devices Dev...

Page 85: ...disconnect users 2 Choose Devices Device Manager Disconnect Users 3 Select the users whose session you want to disconnect in the Disconnect users table 4 Click Disconnect to disconnect the users from...

Page 86: ...T IP devices connected to your Paragon System setup directly from the CC SG interface After adding the Paragon System device to CC SG it appears in the Devices tree To access Remote User Station Admin...

Page 87: ...eate power associations between the outlets and the nodes they power See Interfaces for Managed Powerstrip Connections on page 104 Special Note about Dominion PX Regardless of which method you choose...

Page 88: ...hese powerstrips To configure managed powerstrips in CC SG 1 Complete all physical connections between the device the powerstrip and the nodes that are powered by the powerstrip See the RPC Quick Setu...

Page 89: ...ll appear in the Devices tab beneath the device to which it is connected Next Steps 1 Configure outlets See Configuring Outlets on a PowerStrip on page 75 2 Associate each outlet with the node that it...

Page 90: ...a PowerStrip Connected to an SX 3 0 or KSX device 1 Add the SX 3 0 or KSX device to CC SG See Add a KVM or Serial Device on page 34 2 Choose Devices Device Manager Add Device 3 Click the Device type d...

Page 91: ...erstrip is still physically connected If you physically disconnect a powerstrip from the SX 3 0 KSX or P2SC device with which it is associated the powerstrip still appears in the Devices tab beneath t...

Page 92: ...ts the PowerStrip and adds it automatically The PowerStrip will appear in the Devices tab beneath the SX 3 1 device to which it is connected If the SX 3 1 device has already been added to CC SG and th...

Page 93: ...select the PowerStrip you want to delete 2 Choose Devices Device Manager Delete Device 3 Click OK to delete the PowerStrip A message appears when the PowerStrip has been deleted The PowerStrip icon is...

Page 94: ...fault name To configure each outlet individually click the Configure button next to the outlet and then type a name for the outlet in the Port name field Click OK to configure the port To delete an ou...

Page 95: ...Associations Location and Contacts 110 Using Chat 111 Adding Nodes with CSV File Import 112 Adding Editing and Deleting Node Groups 124 Nodes and Interfaces Overview About Nodes Each node represents...

Page 96: ...Server may have an out of band KVM interface for the keyboard mouse and monitor ports and a power interface to manage the outlet to which the server is connected Some interfaces only work in Direct mo...

Page 97: ...Chapter 8 Nodes Node Groups and Interfaces 79 Node Profile Click a Node in the Nodes tab to open the Node Profile page The Node Profile page includes tabs that contain information about the node...

Page 98: ...vice You can change the information in the fields by typing in new information See Adding Location and Contacts to a Node Profile on page 87 Notes tab The Notes tab contains a tool that enables users...

Page 99: ...evice Port and Node Management permission you can Reboot and Force Reboot the virtual host server Virtual Machine Data tab Virtual machine nodes such as VMware s Virtual Machines include the Virtual M...

Page 100: ...apply to the VNC server For Web Browser interfaces the login credentials apply to the form available at the URL specified in the interface To view service accounts Choose Nodes Service Accounts The Se...

Page 101: ...tion field 8 Click OK To edit a service account 1 Choose Nodes Service Accounts The Service Accounts page opens 2 Find the service account you want to edit 3 Edit the fields You cannot edit the Servic...

Page 102: ...You must have the Device Port and Node Management privilege to assign service accounts to interfaces See Adding Editing and Deleting User Groups on page 132 To assign a service account to interfaces...

Page 103: ...rganize this node See Associations Categories and Elements on page 21 Optional For each Category listed click the Element drop down menu and then select the element you want to apply to the node from...

Page 104: ...lick the Nodes tab and then select the node you want to edit The Node Profile appears 2 Edit the fields as needed 3 Click OK to save your changes Note 1 Changing the node name of a blade chassis does...

Page 105: ...aximum 64 characters Telephone Number and Cell Phone Maximum 32 characters 5 Click OK to save your changes Adding Notes to a Node Profile You can use the Notes tab to add notes about a node for other...

Page 106: ...l Machine is a virtual server that resides on a Virtual Host A Virtual Machine can be relocated from one Virtual Host to a different Virtual Host VMware s Virtual Machine or VM VI Client interface Con...

Page 107: ...e configured with a VMW Viewer interface and a VMW Power interface The VMW Viewer interface provides access to the virtual machine s viewer application For VMware virtual machines the VMW Viewer inter...

Page 108: ...ual host node and the virtual machine node select the checkboxes next to the virtual machine Optional To add all virtual machines Select the topmost checkbox in the Configure column to select all virt...

Page 109: ...Click OK CC SG creates One node for each virtual machine Each virtual machine node has a VMW Viewer interface a VMW Power interface and any other in band interfaces you specified Virtual machine node...

Page 110: ...I Client checkbox Optional 11 Click Next CC SG discovers the virtual host s virtual machines Click the column header to sort the table by that attribute in ascending order Click the header again to so...

Page 111: ...de configured Optional Leave these fields blank if you prefer to add names and login credentials to each interface individually The interface will take the name of the node if the field is left blank...

Page 112: ...in descending order Optional 3 Select the control system or virtual host you want to edit 4 Click Edit 5 Change the information as needed See Add a Control System with Virtual Hosts and Virtual Machi...

Page 113: ...checkbox then select the name of the service account or Enter a username and password for the interface type Maximum 64 characters each 11 Click OK Delete Control Systems and Virtual Hosts You can del...

Page 114: ...95 All components of the virtual infrastructure are deleted including control system nodes virtual host nodes and virtual machine nodes and their interfaces Synchronizing the Virtual Infrastructure wi...

Page 115: ...Nodes Virtualization 2 Select the Enable Daily Automatic Synchronization checkbox 3 Enter the time when you want the daily synchronization to occur in the Start Time field 4 Click Update To disable da...

Page 116: ...ndow Virtual nodes that are configured in CC SG display as links Double click a node s link to open the node profile for the virtual node Double click an interface link to either connect to the node D...

Page 117: ...click Add in the Interfaces section If you are adding a new node click Add in the Interfaces section of the Add Node screen The Add Interface Window opens 2 Click the Interface Type drop down menu an...

Page 118: ...s item to create a power control connection to a node with an IPMI connection Power Control Integrity ILO2 Select this item to create a power control connection to an HP Integrity server or other serv...

Page 119: ...Java or Windows then select Console or Remote User When a Console user accesses a node all other users are disconnected Multiple Remote Users can access a node simultaneously 4 Enter authentication i...

Page 120: ...nections To add an Interface for out of band KVM or out of band serial connections 1 Application name select the application you want to use to connect to the node with the interface from the list To...

Page 121: ...Username and Password for authentication 4 Type a description of this interface in the Description field Optional 5 Click OK to save your changes Interfaces for ILO Processor Integrity ILO2 and RSA Po...

Page 122: ...ver when using a Service Account on the interfaces Interfaces for Managed Powerstrip Connections When you create a Managed Power Strip interface that specifies a KX as the managing device the outlet y...

Page 123: ...he service account to use in the Service Account Name menu or Enter a Username and Password for authentication Optional 6 Type a description of this interface in the Description field 7 Click OK to sa...

Page 124: ...a Web Browser interface is automatically added A Web Browser interface can also be used to connect to any web application such as the web application associated with an RSA DRAC or ILO Processor card...

Page 125: ...face on page 107 6 Type a description of this interface in the Description field Optional 7 Click OK to save your changes Tips for Adding a Web Browser Interface To configure the Web Browser Interface...

Page 126: ...nd the Default Interface drop down menu of the Add Node or Node Profile screen You can click the drop down menu to select the default interface to use when making a connection to the node After saving...

Page 127: ...you frequently access a node via a particular interface you can bookmark it so that it is readily available from your browser To bookmark an interface in any browser 1 In the Nodes tab select the inte...

Page 128: ...rect Port Access to a node using the Bookmark Node Interface feature See Bookmarking an Interface on page 109 Bulk Copying for Node Associations Location and Contacts The Bulk Copy command allows you...

Page 129: ...ified data will be copied to multiple nodes in the Selected Nodes list as well as the current node displayed in the Node Name field Optional 8 Click OK to bulk copy A message appears when the selected...

Page 130: ...and export nodes You must be assigned a policy that gives you access to all relevant devices and nodes A full access policy for All Nodes and All Devices is recommended You must be assigned a policy...

Page 131: ...ot be configured in CC SG You cannot import virtual infrastructure nodes and interfaces Use the options in Nodes Virtualization The first interface in the CSV file after the ADD NODE command is assign...

Page 132: ...ame Enter the same value as entered for Raritan Port Name 9 Description Optional To add an out of band serial interface to the CSV file Column number Tag or value Details 1 ADD The first column for al...

Page 133: ...Tags are not case sensitive 3 Node Name Required field 4 Interface Name Required field 5 IP Address or Hostname Required field 6 TCP Port Default is 3389 7 Service Account Name Optional 8 Username Opt...

Page 134: ...rt Default is 22 for SSH Default is 23 for TELNET 7 Service Account Name Optional Leave blank if specifying username and password 8 Username Optional Leave blank if specifying service account 9 Passwo...

Page 135: ...tags is the command ADD 2 NODE DRAC KVM INTERFACE for DRAC KVM interfaces NODE DRAC POWER INTERFACE for DRAC Power interfaces NODE ILO KVM INTERFACE for iLO KVM interfaces NODE ILO POWER INTERFACE fo...

Page 136: ...When importing DRAC ILO and RSA interfaces you must specify both the KVM interface and the Power interface or the import will fail Column number Tag or value Details 1 ADD The first column for all ta...

Page 137: ...D 8 Interval Enter the check interval in seconds Default is 550 9 Service Account Name Leave blank if specifying username and password 10 Username Leave blank if specifying service account 11 Password...

Page 138: ...The first column for all tags is the command ADD 2 NODE WEB INTERFACE Enter the tag as shown Tags are not case sensitive 3 Node Name Required field 4 Interface Name Required field 5 URL Required field...

Page 139: ...er IQ find the external key on the IT device s page in the Data Center tab and enter the text in this field If the IT device has not been added to Power IQ yet enter a text value but make sure to use...

Page 140: ...ed field Sample Nodes CSV File ADD NODE NJSomersetEmailServer Physical Server ADD NODE OOBKVM INTERFACE NJSomersetEmailServer NJSomersetEmailServer DKX2 NY Rack7 NJSomersetEmailServer ADD NODE RDP INT...

Page 141: ...fully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 6 To view more import...

Page 142: ...of existing node groups is displayed on the left while details about the selected node group appear in the main panel A list of existing node groups is displayed on the left Click a node group to view...

Page 143: ...ed into the group automatically Use the select method when you just want to create a group of specific nodes manually New nodes and devices added to CC SG are not pulled into these groups automaticall...

Page 144: ...ibute that will be evaluated in the rule All categories you created in the Association Manager will be available here Also included are Node Name and Interface If any blade chassis has been configured...

Page 145: ...entheses The section within the parentheses is evaluated first before the rest of the description is compared to the node Parenthetical groups can be nested inside another parenthetical group Example...

Page 146: ...cess Policy for Group checkbox 9 When you are done describing the nodes that belong in this group click OK to create the node group The group will be added to the list of Node Groups on the left Edit...

Page 147: ...nal authentication See Remote Authentication on page 161 You must also create policies for access that you can assign to user groups See Policies for Access Control on page 149 In This Chapter The Use...

Page 148: ...s are nested underneath the user groups to which they belong User groups with users assigned to them appear in the list with a symbol next to them Click the to expand or collapse the list Active users...

Page 149: ...Super User group Strong password requirements are Passwords must contain at least one lowercase letter Passwords must contain at least one uppercase letter Passwords must contain at least one number...

Page 150: ...dd User Group screen appears 2 Type a name for the user group in the User Group Name field User Group names must be unique See Naming Conventions on page 353 for details on CC SG s rules for name leng...

Page 151: ...st and then click Remove 10 When you are done configuring policies for this group click Apply to save this group and create another Repeat the steps in this section to add user groups Optional 11 Clic...

Page 152: ...pear 11 For each policy you want to add to the group select policy in the All Policies then click Add to move the policy to the Selected Policies list Policies in the Selected Policies list will allow...

Page 153: ...have high traffic See Access Report on page 184 Limits on number of KVM sessions are set per user group You can enable limits when you add or edit a user group manually in Guided Setup or by CSV impo...

Page 154: ...cess privileges assigned to the user group To add a user 1 In the Users tab select the group to which you want to add a user 2 Choose Users User Manager Add User 3 In the Username field type the user...

Page 155: ...ns 12 In the Telephone Number field type the user s telephone number 13 Click the User Groups drop down menu and select the group to which the user will be added Depending on the user group you select...

Page 156: ...ge on Next Login checkbox if you want to force the user to change the assigned password the next time they log in 6 In the Email address field type a new email address to add or change the user s conf...

Page 157: ...s in group list Select the users you want to remove from the Users in group list and then click the button to remove them Click the button to remove all users from the Users in group list 5 When all t...

Page 158: ...the policy to a user group You cannot create new policies via import User Group names are case sensitive User names are not case sensitive Each USERGROUP defined must have a USERGROUP PERMISSIONS and...

Page 159: ...ROUP PERMISSIONS Enter the tag as shown Tags are not case sensitive 3 User Group Name Required field User Group names are case sensitive 4 CC Setup and Control TRUE or FALSE 5 Device Configuration Upg...

Page 160: ...n Tags are not case sensitive 3 User Group Name Required field User Group names are case sensitive 4 AD Module Name Required field To add a user to CC SG Column number Tag or value Details 1 ADD The f...

Page 161: ...rd Change Periodically TRUE or FALSE 12 Expiration Period If Force Password Change Periodically is set to TRUE specify the number of days after which password must be changed Enter just the number fro...

Page 162: ...CSV file validate it to check for errors then import it Duplicate records are skipped and are not added 1 Choose Administration Import Import Users 2 Click Browse and select the CSV file to import Cl...

Page 163: ...save it 4 Click Save Your User Profile My Profile allows all users to view details about their account change some details and customize usability settings It is the only way for the CC Super User ac...

Page 164: ...d will limit the display of nodes users or devices to all names that contain the search criteria Find Matching String Does not support the use of wildcards and will highlight the closest match in the...

Page 165: ...and the user group that contains a user you want to log out of CCSG and then select the user To select multiple users hold the Shift key as you click additional users 2 Choose Users User Manager Logou...

Page 166: ...s the user whose policies and privileges you want to copy and then select the user 2 Choose Users User Manager Bulk Copy The Username field displays the user whose policies and privileges you are copy...

Page 167: ...all user groups If you completed Guided Setup a number of basic policies may already have been created See Configuring CC SG with Guided Setup on page 13 To control access using policies Create Node...

Page 168: ...r details on CC SG s rules for name lengths 4 Click OK The new policy will be added to the Policy Name list in the Policy Manager screen 5 Click the Device Group drop down arrow and select the Device...

Page 169: ...hat appears Editing a Policy When you edit a policy the changes do not affect users who are currently logged into CC SG The changes will go into effect at the next login To ensure that your changes go...

Page 170: ...mes and days Select Deny to define this policy to deny access to the selected node or device group for the designated times and days 12 If you selected Control in the Device Node Access Permission fie...

Page 171: ...de Dominion KSX II User Guide Dominion KXII 101 User Guide See Adding a Policy on page 150 for details on creating policies to assign virtual media permission to user groups in CC SG Assigning Policie...

Page 172: ...ode groups you specify will appear in the nodes list when a Filter by Node Group custom view is applied The first level of organization is the node group name A node may appear several times in the li...

Page 173: ...des according to the categories you specify 6 Click OK 7 In the Custom View Details section a In the Available list select the item you want to include in the custom view and then click Add to add the...

Page 174: ...he custom view in the Enter new name for custom view field and then click OK The new view name appears in the Name field in the Custom View screen To change the custom view s contents 1 In the Custom...

Page 175: ...iew panel click Set as Default The next time you log in the selected custom view will be used by default Assign a Default Custom View of Nodes for All Users If you have the CC Setup and Control privil...

Page 176: ...you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab Select an item and click the up and down arrow buttons to move the item into the...

Page 177: ...n click Add to add the item to the list Repeat this step to add as many items as you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab...

Page 178: ...will be used by default Assign a Default Custom View of Devices for All Users If you have the Device Port and Node Management privilege you can assign a default custom view for all users To assign a d...

Page 179: ...CC SG can be locally authenticated and authorized on the CC SG or remotely authenticated using the following supported directory servers Microsoft Active Directory AD Netscape s Lightweight Directory...

Page 180: ...entication is disabled See Users and User Groups on page 129 for details on adding users who will be remotely authenticated Note If remote authentication is used users must contact their Administrator...

Page 181: ...rs as modules in CC SG specify whether you want CC SG to use each of them for either authentication authorization or both To specify modules for authentication and authorization 1 Choose Administratio...

Page 182: ...a message that says You are not a member of any group when attempting to login you may have configured duplicate AD modules Check the modules you have configured to see if they describe overlapping d...

Page 183: ...the Use default CC SG DNS checkbox to use the DNS configured in the Configuration Manager section of CC SG See Advanced Administration on page 206 3 Select the Anonymous Bind checkbox if you want to c...

Page 184: ...is 636 3 Select the Secure Connection for LDAP checkbox if you want to use a secure channel for the connection If checked CC SG uses LDAP over SSL to connect to AD This option may not be supported by...

Page 185: ...and password supplied in the applet This second bind assures that the user provided the correct password 7 Click Next to proceed The Groups tab opens AD Group Settings In the Groups tab you can speci...

Page 186: ...lish between the domains Trust directions are updated in all AD modules when you make changes to one AD module Incoming information will be trusted coming in from the domain Outgoing information will...

Page 187: ...rt groups from the AD server See AD Group Settings on page 167 After making a change to imported groups or users you must synchronize the AD user groups you changed so that the imported groups are map...

Page 188: ...ronization of all modules You can enable scheduled synchronization to allow CC SG to synchronize all AD modules daily at the time you choose See Synchronize All AD Modules on page 172 This synchroniza...

Page 189: ...ent the matches and allow you to select which groups in AD you want to associate with CC SG This does not update user access information in CC SG Synchronizing AD User Groups only maps the group names...

Page 190: ...ization and Authentication Servers appear in a table 3 In the On Demand Synchronization list select All Active Directory Modules then click Synchronize Now A confirmation message appears when all AD m...

Page 191: ...n the Synchronization Time field at the bottom of the screen click the up and down arrows to select the time at which you want CC SG to perform the daily synchronization of all AD modules 4 Click Upda...

Page 192: ...e common name organizational unit and domain For example type uid admin ou Administrators ou TopologyManagement o Netscape Root Separate the values with commas but do not use spaces before or after th...

Page 193: ...ocally compare the associated password with the one entered On some LDAP servers the password cannot be retrieved as part of the LDAP object Select the Use bind after search checkbox to instruct CC SG...

Page 194: ...ed Crypt Use Bind Unchecked Use Bind After Search Checked IBM LDAP Configuration Settings If using an IBM LDAP server for remote authentication use this example Parameter Name IBM LDAP Parameters IP A...

Page 195: ...6 Click Next The General tab opens TACACS General Settings 1 Type the IP address or hostname of the TACACS server in the IP Address Hostname Name field See Terminology Acronyms on page 2 for hostname...

Page 196: ...he RADIUS server in the Module name field 6 Click Next to proceed The General tab opens RADIUS General Settings 1 Click the General tab 2 Type the IP address or hostname of the RADIUS server in the IP...

Page 197: ...C SG can make use of two factor authentication schemes with dynamic tokens In such an environment users logs into CC SG by first typing their usernames in the Username field then typing their fixed pa...

Page 198: ...filter for any report is the user policy For example the nodes or devices that the user has no access permission will not display in the reports Sort Report Data Click a column header to sort report d...

Page 199: ...l report including all details for each item Note Printing options work for all CC SG pages To print a screenshot of a report 1 Generate the report you want to print 2 Choose Secure Gateway Print Scre...

Page 200: ...hide the filtering section which will allow the report area to expand To hide or show the report filters Click the Filter toolbar at the top of the screen to hide the filtering section Click the Filt...

Page 201: ...in a series of Error Log files which can be accessed and used to help troubleshoot problems The Error Log includes a subset of the Audit Trail entries that are associated with an error condition To g...

Page 202: ...epted in these fields To limit the report by the message text associated with an activity type the text in the Message field To limit the report to a particular device type the device name in the Devi...

Page 203: ...successful login attempts You can unlock users from the report See Lockout settings on page 238 To generate the Locked Out Users report Choose Reports Users Locked Out Users To unlock a user who has b...

Page 204: ...User Group Data Report The User Group Data report displays data on users and the groups with which they are associated To generate the User Group Data report 1 Choose Reports Users User Group Data 2...

Page 205: ...ect the port states you want to include in the report Selecting more than one checkbox will include ports with all selected states You must select at least one Availability option when a Status option...

Page 206: ...displays node name interface name and type device name and type and node group for all nodes under CC SG management You can filter the report to include only data about nodes that correspond to a spe...

Page 207: ...node you want to disconnect then click Disconnect Node Creation Report The Node Creation report lists all node creation attempts both successful and unsuccessful within a specified time frame You can...

Page 208: ...e AD Users Group report displays all users in groups that were imported into CC SG from AD servers that have been configured for both authentication and authorization The report does not include users...

Page 209: ...ds are not allowed 5 Set the date range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then cli...

Page 210: ...in the Scheduled Reports list This report is generated when an Upgrade Device Firmware task is running View the report to get real time status information about the task Once the task has completed t...

Page 211: ...ed for all users Current users except the administrator who is initiating Maintenance Mode are alerted and logged out after the configurable time period expires While in Maintenance Mode other adminis...

Page 212: ...en CC SG has exited Maintenance Mode All users will now be able to access CC SG normally Backing Up CC SG The best practice is to enter Maintenance Mode before backing up CC SG Entering Maintenance Mo...

Page 213: ...ups under the default home directory enter Backups in the Directory Relative Path field g In the Filename leave blank to use the default filename convention field type a filename for naming the backup...

Page 214: ...include RRC MPC RC and VNC Saving and Deleting Backup Files Use the Restore CommandCenter screen to save and delete backups stored on CC SG Saving backups allows you to maintain a copy of the backup f...

Page 215: ...t in the dialog window You can retrieve the file from anywhere on your client s network c Click Open to upload this file to CC SG When complete the backup file appears in the Available Backups table 3...

Page 216: ...curs 6 In the Broadcast Message field type a message to notify other CC SG users that a restore will occur 7 Click Restore CC SG waits for the time specified before restoring its configuration from th...

Page 217: ...the default username and password admin raritan Save Personality Settings This option can be selected only when you select Full CC SG Database Reset This option saves some previously configured option...

Page 218: ...stem Maintenance Reset 3 Select the reset options 4 Type your CC SG password 5 Broadcast message Type the message that will display to users who will be logged off CC SG 6 Enter the number of minutes...

Page 219: ...the firmware file to your client PC before proceeding with the upgrade Only users with the CC Setup and Control privilege can upgrade CC SG You should back up CC SG before upgrading and send the backu...

Page 220: ...p ccImageUpgradeResults with a success message d The server must reboot The reboot process begins when you see the Linux reboot message in the upgrade log The server will shut down and reboot Note For...

Page 221: ...Applications and Applets checkbox is selected then click OK CC SG Shutdown Shutting down CC SG shuts down the CC SG software but it does not power off the CC SG unit After CC SG shuts down all users...

Page 222: ...wer is restored Important Do not hold the POWER button to forcibly power down CC SG The recommended way to power down CC SG is to use the Diagnostic Console s CC SG System Power OFF command See Power...

Page 223: ...ient window open See Log Out of CC SG on page 205 Exit to end your session and close the client window See Exit CC SG on page 205 Log Out of CC SG 1 Choose Secure Gateway Logout The Logout window open...

Page 224: ...ring a Message of the Day The Message of the Day allows you to provide a message for all users to view upon login You must have the CC Setup and Control privilege to configure the Message of the Day T...

Page 225: ...ion Applications 2 Click the Application name drop down menu to view the list of applications available in CC SG Checking and Upgrading Application Versions Check and upgrade the CC SG applications in...

Page 226: ...n log in again to ensure that the new version of the application is launched Also see Older Version of Application Opens After Upgrading on page 208 Older Version of Application Opens After Upgrading...

Page 227: ...d Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser s Trusted Sites Zone and that Protected Mode is not on when accessing the device...

Page 228: ...ot be changed 5 Select the default application to use when connecting to the selected Interface or Port Type Auto Detect CC SG will automatically select an appropriate application based on the client...

Page 229: ...the IP address of a CC SG unit which is already a Neighborhood member see What is a Neighborhood on page 229 you must remove it from the Neighborhood configuration first Otherwise you are unable to d...

Page 230: ...1 0 Not labeled Top LAN port in set of 2 ports in center of unit back panel Not labeled Bottom LAN port in set of 2 ports in center of unit back panel E1 1 LAN1 Left LAN port LAN2 Right LAN port What...

Page 231: ...ility Optional To configure IP Failover mode in CC SG 1 Choose Administration Configuration 2 Click the Network Setup tab 3 Select IP Failover mode 4 Type the CC SG hostname in the Host name field See...

Page 232: ...ode drop down arrow and select a duplex mode from the list 8 Click Update Configuration to save your changes Your changes will not take effect until CC SG restarts Click Restart Now if you want to aut...

Page 233: ...AN ports on each CC SG model Note Clustering cannot be configured when using IP Isolation mode Setup for IP Isolation mode When implementing IP Isolation mode for your CC SG network Each CC SG LAN por...

Page 234: ...P address Subnet mask and Default gateway fields will be automatically populated if your DHCP server is configured to provide this information once you save this network setup and restart CC SG With t...

Page 235: ...C SG to use type the IP address in the Server Address field under Primary Server 4 Click the Level to Forward drop down arrow and select an event severity level All events of this level or higher will...

Page 236: ...the up and down arrows to select the Year and then click the Day in the calendar area Time use the up and down arrows to set the Hour Minutes and Seconds and then click the Time zone drop down arrow t...

Page 237: ...configuration KVM data is encrypted according to the security setting in the KXII device Encryption is not supported with devices other than Dominion KXII 2 1 10 Both mode allows you to configure CC S...

Page 238: ...Administration Configuration 2 Click the Connection Mode tab 3 Select Both 4 In the Net Address and Net Mask fields specify the client IP address range that should connect to nodes and ports via Direc...

Page 239: ...box to enable a warning message that alerts a user before a requested power operation occurs Only the user who initiated the power operation sees the message The user can cancel the power operation or...

Page 240: ...oad Server Certificate Validation If you do enable AKC Download Server Certificate Validation Administrators must upload a self signed certificate to the CommandCenter Secure Gateway or generate a sel...

Page 241: ...you enable or disable this feature See Backing Up CC SG on page 194 2 Choose Administration Configuration 3 Click the Custom JRE tab 4 Select the Enable Custom JRE for Login checkbox to enable the opt...

Page 242: ...re SNMP in CC SG 1 Choose Administration Configuration 2 Click the SNMP tab 3 Select the Enable SNMP Daemon checkbox to enable SNMP operations 4 To identify the SNMP agent running on CC SG to a third...

Page 243: ...Update Trap Configuration to save your changes MIB Files Because CC SG pushes its own set of Raritan traps you must update all SNMP managers with a custom MIB file that contains Raritan SNMP trap defi...

Page 244: ...o the specific Primary node Create a Cluster You should backup your configuration on both CC SG units before creating a cluster To create a cluster 1 Choose Administration Cluster Configuration 2 The...

Page 245: ...ages The Backup node will restart and the process takes several minutes 10 When the cluster creation is complete a message appears indicating the Backup node is successfully joined Configure Cluster S...

Page 246: ...and Secondary node status If the Primary and Secondary nodes lose communication with one another the Secondary node will assume the role of the Primary node When connectivity resumes you may have two...

Page 247: ...ser password To delete a cluster 1 Choose Administration Cluster Configuration 2 Click Delete Cluster 3 Click Yes to remove the Primary Node and Secondary Node status 4 A message appears when the clus...

Page 248: ...he next empty row or press Tab or up down arrow keys b Type the IP address or hostname of new CC SG unit that you want to add and press Enter See Terminology Acronyms on page 2 for hostname rules c Re...

Page 249: ...the same Neighborhood share the same Neighborhood information Therefore you can log into any CC SG unit in the Neighborhood to change the Neighborhood configuration Note All changes to the members of...

Page 250: ...e Access Client Or you can refresh all members data such as the firmware version or unit status in the Neighborhood configuration To deactivate or rename the CC SG units in the Neighborhood or retriev...

Page 251: ...the Neighborhood 1 Choose Administration Neighborhood 2 Click the CC SG unit that you want to delete and click Remove Member Repeat this step until you remove all CC SG units you want 3 Click Send Upd...

Page 252: ...rules lockout rules the login portal certificates and access control lists Remote Authentication See Remote Authentication on page 161 for detailed instructions on configuring remote authentication s...

Page 253: ...in Windows Vista only It does not support any AES encryption in Windows XP In addition to browser support AES 256 encryption requires the installation of Java Cryptography Extension JCE Unlimited Str...

Page 254: ...inistration Security 2 Open the Encryption tab 3 Select the HTTP or HTTPS SSL option to specify the Browser Connection Protocol you want clients to use when connecting to CC SG 4 Click Update to save...

Page 255: ...least one special character for example an exclamation point or ampersand 8 Click Update to save your changes About CC SG passwords All passwords must meet all criteria that the administrator configur...

Page 256: ...lue by entering a number from 1 to 10 5 Choose a Lockout Strategy Lockout for Period specify the period of time in minutes the user will be locked out before they can login again The default number is...

Page 257: ...rs in the System Administrators user group Select the Other Users checkbox to allow concurrent logins by all other users 3 Click Update to save your changes Configure the Inactivity Timer You can conf...

Page 258: ...users agree to upon accessing the CC SG A user s acceptance of the Restricted Service Agreement is noted in the log files and the audit trail report To add a restricted service agreement to the CC SG...

Page 259: ...ificate option is selected To export current certificate and private key 1 Choose Administration Security 2 Click the Certificate tab 3 Select Export current certificate and private key 4 Click Export...

Page 260: ...vate Key appear in the corresponding fields of the Certificate screen 6 Select the text in the Certificate Request box and then press Ctrl C to copy it Using an ASCII editor such as Notepad paste the...

Page 261: ...nd Server is selected in the Administration Security Encryption screen AES 128 is the default If AES is not required DES 3 is the default b Private Key Length 1024 is the default c Validity Period day...

Page 262: ...ation Security 2 Click the Access Control List tab 3 Click the Add Row icon to add a row to the table 4 Specify a range of IP addresses to which you want to apply the rule by typing the starting IP va...

Page 263: ...ns can be sent from CC SG Notifications are used to email reports that have been scheduled email reports if users are locked out and to email status of failed or successful scheduled tasks See Task Ma...

Page 264: ...a daily weekly monthly or yearly basis A task can be scheduled to run only once or periodically on a specified day of the week and at a specified interval For example you could schedule device backups...

Page 265: ...L for the version of the emailed report All reports that have a Finished status are stored in HTML format on CC SG for 30 days You can view the finished reports in HTML format only by selecting Schedu...

Page 266: ...acking Up CC SG on page 194 Backup Device Configuration See Backing Up a Device Configuration on page 60 Copy Device Configuration See Copying Device Configuration on page 64 Group Power Control See N...

Page 267: ...ox next to each month in which the task should recur on the specified date f Yearly Click the drop down menu and select the month in which the task should execute from the list Use the up and down arr...

Page 268: ...device for estimated upgrade times To schedule a Device Firmware Upgrade 1 Choose Administration Tasks 2 Click New 3 In the Main tab type a name and description for the task The Name you choose will b...

Page 269: ...o proceed 8 Specify whether failed upgrades should be retried a Click the Retry tab b Retry Count Type the number of times CC SG should retry a failed upgrade c Retry Interval Enter the time that shou...

Page 270: ...is similar to a completed task To reschedule a task 1 Choose Administration Tasks 2 In the Task Manager page select the task you want to reschedule Use the filtering criteria to search for the task 3...

Page 271: ...sting authentication and authorization policies are applied to the SSH client The commands available to the SSH client are determined by the permissions for the user groups to which the SSH client use...

Page 272: ...in depth help on a single command at a time To get help for a single SSH command 1 At the shell prompt type the command you want help for followed by a space and h For example connect h 2 Information...

Page 273: ...To backup a device configuration backup device host host id device_id backup_name description To clear the screen clear To establish a connection to a serial port If port_name or device_name contains...

Page 274: ...ist available devices listdevices To list firmware versions available for upgrade listfirmwares id device_id host To list all interfaces listinterfaces id node_id To list all nodes listnodes To list a...

Page 275: ...mmand Tips For commands that pass an IP address such as upgradedevice you can substitute the hostname for an IP address See Terminology Acronyms on page 2 for hostname rules The copydevice and restart...

Page 276: ...cter when establishing a port connection The command is connect e escape_char port_id For example to define m as the escape character when connecting to the port with id 2360 type connect e m 2360 Cre...

Page 277: ...face You can use SSH to connect to a node through its associated serial out of band interface The SSH connection is in proxy mode 1 Type listinterfaces to view the node ids and associated interfaces 2...

Page 278: ...e entire SSH connection to CC SG This command ends the entire SSH connection including any port device or node connections made through CC SG At the prompt type the following command and press the Ent...

Page 279: ...rminal or PuTTY Set the baud rate in the terminal emulation program to match the SX or KSX baud rate V1 Serial Admin Port E1 Serial Admin Port OR About Terminal Emulation Programs HyperTerminal is ava...

Page 280: ...b services client Web Services Client Name Maximum 64 characters License Key Your license key from Raritan Each CC SG unit must have a unique license key IP Address Hostname Maximum 64 characters HTTP...

Page 281: ...G to generate the certificate You do not need to remember it l Password Enter a keystore password Use this password to open the P12 file that you will save in step 7 If you copy the generated certific...

Page 282: ...bindings These appearance settings may differ from those in this documentation In This Chapter Accessing Diagnostic Console 264 Status Console 265 Administrator Console 271 Accessing Diagnostic Consol...

Page 283: ...ways to view the Status Console information VGA keyboard mouse port SSH or web browser Access Status Console via VGA Keyboard Mouse Port or SSH To access Status Console via VGA Keyboard Mouse Port or...

Page 284: ...same information as the Status Console Status Console Information Status Console via VGA Keyboard Mouse Port or SSH After typing status at the login prompt the read only Status Console appears This sc...

Page 285: ...formation Description Host Name CC SG s Fully Qualified Domain Name FQDN It consists of both the unit s hostname and the associated domain name CC SG Version CC SG s current firmware version It consis...

Page 286: ...ses for RAID disks include Active RAID is fully functional RAID Status Degraded One or more disk drives are having problems Contact Raritan Technical Support for assistance Cluster Status CC SG can wo...

Page 287: ...ys Reminder The bottom line on the screen displays the keyboard combination keys for invoking Help and exiting Status Console Status Console will ignore key inputs other than these keys described belo...

Page 288: ...ly Status Console web page appears The web page displays the same information as the Status Console and also updates the information approximately every 5 seconds For information on the links for CC S...

Page 289: ...html based Access Client Changing one of these passwords does not affect the other Access Administrator Console All information displayed in the Administrator Console is static If the configuration c...

Page 290: ...Ctrl X to activate the menu bar or click a menu item using the mouse if you access Administrator Console via the SSH client The File menu provides an alternative option to exit the Diagnostic Console...

Page 291: ...rd combinations to navigate Administrator Console For some sessions the mouse may also be used to navigate However the mouse may not work in all SSH clients or on the KVM console Press To Ctrl X Activ...

Page 292: ...s CC SG via the Web can access the Status Console web page Important Be careful not to lock out all Admin or Field Support access To edit Diagnostic Console configuration 1 Choose Operation Diagnostic...

Page 293: ...ield After you save this field will be updated to reflect the Fully Qualified Domain Name FQDN if known See Terminology Acronyms on page 2 for hostname rules 4 In the Mode field select either IP Isola...

Page 294: ...ions A Warning screen will appear informing you of the impending network reconfiguration and associated CC SG GUI user impact Select YES to proceed System progress can be monitored in a Diagnostic Con...

Page 295: ...tion between your computer and the domain is not working See Edit Static Routes on page 278 6 Press Ctrl C to terminate the session Note Press CTRL Q to display a statistics summary for the session so...

Page 296: ...static routes may actually improve the performance of your network allowing you to conserve bandwidth for important business applications Click with the mouse or use the Tab and arrow keys to navigat...

Page 297: ...Chapter 16 Diagnostic Console 279 Although you can delete all other routes including the Default Gateway doing this will greatly impact the communication with CC SG...

Page 298: ...data or the file size of the logfile Timestamp and file size abbreviations Timestamps s seconds m minutes h hours d days File sizes B Bytes K Kilobytes 1 000 bytes M Megabytes 1 000 000 bytes G Gigab...

Page 299: ...onfigured to buffer all the new information that comes along Remember Selected Items If this box is checked the current logfile selections if any will be remembered Otherwise selection is reset each t...

Page 300: ...utomatically delete them View View the selected log s When View is selected with Individual Windows the LogViewer displays While viewing log files press Q Ctrl Q or Ctrl C to return to the previous sc...

Page 301: ...A to add a regular expression For example to display information on the WARN messages in sg jboss console log log file enter WARN and select match Note This screen also shows the Default Filter Scheme...

Page 302: ...2 Either click Restart CC SG Application or press Enter Confirm the restart in the next screen to proceed Reboot CC SG with Diagnostic Console This option will reboot the entire CC SG which simulates...

Page 303: ...ion will power off the CC SG unit Logged in users will not receive a notification CC SG SSH and Diagnostic Console users including this session will be logged off Any connections to remote target serv...

Page 304: ...CC Super User Password with Diagnostic Console This option will reset the password for the CC Super User account to the factory default value Factory default password raritan Note This is not the pass...

Page 305: ...fault Confirm the password reset in the next screen to proceed Reset CC SG Factory Configuration Admin This option will reset all or parts of the CC SG system back to their factory default values All...

Page 306: ...d Secure Communication between PC Clients and CC SG Enforce Strong Passwords Direct vs Proxy Connections to Out of Band nodes Inactivity Timer setting Network Reset This option changes the network set...

Page 307: ...ates the current reset status and you cannot control CC SG before reset is complete Do NOT power off power cycle or interrupt CC SG when reset is in progress Doing this may result in the loss of CC SG...

Page 308: ...be asked if you want to accept the new password You can either accept by typing in the new password twice or reject the random password You cannot select your own password Strong Enforce strong passw...

Page 309: ...the screen that appears you can view the settings for each account Status Admin FS1 and FS2 This screen is split into three main areas The top displays read only information about the accounts on the...

Page 310: ...r you cannot use Diagnostic Console Min Days The minimum number of days after a password has been changed before it can be changed again Default is 0 Max Days The maximum number of days the password w...

Page 311: ...SG unit 1 Choose Operation Utilities Remote System Monitoring 2 Select Enabled in the Remote Monitoring Service field 3 Enter the IP address of the client PC you want to allow to monitor the CC SG uni...

Page 312: ...lier time and date Data collection starts again when the time and date reaches the original time and date When the time and date is changed to a later time and date the reports show a gap in the data...

Page 313: ...SG 1 Choose Operation Utilities Disk RAID Utilities RAID Status Disk Utilization 2 Either click Refresh or press Enter to refresh the display Refreshing the display is especially useful when upgrading...

Page 314: ...Submit c The test is scheduled and a SMART information screen displays d When the required time has passed as indicated by the screen you can view the results in the Repair Rebuild RAID screen See Rep...

Page 315: ...n view the results in the Repair Rebuild RAID screen See Repair or Rebuild RAID Disks on page 299 If a non zero value displays in the Mis Match column for the given Array indicating that there may be...

Page 316: ...ts be aware of these guidelines Only one test can be performed on a given drive at a time Another test will not be scheduled if a drive is currently under test If two tests are scheduled for the same...

Page 317: ...time for running this test Type a number in the Month Day of Month Day of the Week and Hour fields Day of the Week field uses 1 for Monday through 7 for Sunday Hour must be in 24 Hour format Note A b...

Page 318: ...good system A contrived system showing multiple problems The system will update displayed information when you move between Disk Drive Status RAID Array Status and Potential Operations box using the T...

Page 319: ...the processes running on CC SG 1 Choose Operation Utilities Top Display 2 View the total running sleeping total number and processes that have stopped 3 Type h to view a help screen for the top comma...

Page 320: ...Chapter 16 Diagnostic Console 302 NTP is not enabled or not configured properly NTP is properly configured and running...

Page 321: ...uration shows a list of CC SG data that you can snapshot Snapshot Operations shows a list of operations that can be performed when activating the snapshot operation 5 Usually it is not necessary to ch...

Page 322: ...r the file named snapshot as it is the latest snapshot file The files are already compressed encrypted and signed so you must transfer them in the binary mode 5 When saving the file with IE save it as...

Page 323: ...of Dominion PX devices deployed and you want to get the current IT Device Names into CC SG as nodes you can export a file from Power IQ edit the file to specifications then import it into CC SG See Im...

Page 324: ...the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication 6 Type a short description of this...

Page 325: ...rt a CSV file from Power IQ 1 Login to Power IQ and go to the Dashboard 2 Click Outlet Naming 3 Next to the Import click the link to export a CSV file of the current outlet names 4 Open or save the fi...

Page 326: ...cause a duplicate item already exists or was already imported also show in red text 6 To view more import results details check the Audit Trail report See Audit Trail Entries for Importing on page 334...

Page 327: ...The export file contains three sections Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi tabbed CSV import file See the Power IQ User Guide an...

Page 328: ...me Between Failure MTBF 36 354 hours KVM Admin Port DB15 PS2 or USB Keyboard Mouse Serial Admin Port DB9 Console Port 2 USB 2 0 Ports V1 Environmental Requirements Operating Humidity 8 90 RH Altitude...

Page 329: ...44 09 lbs 20 kg Power SP502 2S Hot Swappable 500W 2U power supply Operating Temperature 0 50 C Mean Time Between Failure MTBF 53 564 hours KVM Admin Port PS 2 keyboard and mouse ports 1 VGA port Seria...

Page 330: ...ure 40 70 C Humidity 5 90 non condensing Altitude Sea level to 40 000 feet Vibration 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X Y and Z Shock 3...

Page 331: ...This Chapter Required Open Ports for CC SG Networks Executive Summary 313 CC SG Communication Channels 314 Required Open Ports for CC SG Networks Executive Summary The following ports should be opene...

Page 332: ...umented For each communication channel the table includes The symbolic IP Addresses used by the communicating parties These addresses must be allowed over any communication path between the entities T...

Page 333: ...tional CC SG clustering feature is used the following ports must be available for the inter connecting sub networks If the optional clustering feature is not used none of these ports has to be open Ea...

Page 334: ...al industry standard services like DHCP DNS and NTP These ports and protocols are used to allow CC SG to communicate with these optional servers Communication Direction Port Number Protocol Configurab...

Page 335: ...Console 23 TCP yes Client server communication SSL AES 128 AES 256 encrypted if configured PC Clients to Nodes Another significant role of CC SG is to connect PC clients to various nodes These nodes c...

Page 336: ...telligent Platform Management Interface IPMI servers can also be controlled by CC SG Dell DRAC and RSA targets can also be managed by CC SG Note Some in band interfaces require additional ports to be...

Page 337: ...an be blocked CC SG Access via NAT enabled Firewall If the firewall is using NAT Network Address Translation along with PAT Port Address Translation then Proxy mode should be used for all connections...

Page 338: ...or 5900 must be open for VNC access to nodes SSH Access to Nodes Port 22 must be open for SSH access to nodes Remote System Monitoring Port When the Remote System Monitoring feature is enabled port 1...

Page 339: ...een None Logout None Exit None Users This menu and the User tree are available only for users with the User Management privilege User Manager Add User User Management Editing users User Management Via...

Page 340: ...Management Bulk Copy Device Port and Node Management Upgrade Device Device Configuration and Upgrade Management Configuration Backup Device Configuration and Upgrade Management Restore Device Configu...

Page 341: ...Management Tree View Device Port and Node Management or Device Configuration and Upgrade Management Port Manager Connect Device Port and Node Management and Node Out of band Access Configure Ports Dev...

Page 342: ...rt and Node Management Editing Nodes Device Port and Node Management Via the Node Profile Delete Node Device Port and Node Management interfaceName Node In band Access or Node Out of band Access Disco...

Page 343: ...Out of band Access or Power Control By Node Status Any of the following Device Port and Node Management or Node In band Access or Node Out of band Access or Node Power Control Chat Start Chat Session...

Page 344: ...te Node Groups User Security Management Includes ability to add modify and delete Policies User Security Management Includes ability to add modify and delete Reports This menu is available for users w...

Page 345: ...anagement Active Directory AD Users Group Report CC Setup and Control or User Management Scheduled Reports CC Setup and Control or Device Configuration and Upgrade Management Access Add Web Services A...

Page 346: ...ent or Device Configuration and Upgrade Management Import Import Categories CC Setup and Control and User Security Management Import Users CC Setup and Control and User Management Import Nodes CC Setu...

Page 347: ...rt Power IQ Data CC Setup and Control and Device Port and Node Management System Maintenance Backup CC Setup and Control Restore CC Setup and Control Reset CC Setup and Control Restart CC Setup and Co...

Page 348: ...ion failure ccLanCardFailure CC SG detected a LAN Card Failure ccHardDiskFailure CC SG detected a hard disk failure ccLeafNodeUnavailable CC SG detected a connection failure to a leaf node ccLeafNodeA...

Page 349: ...with another Dominion PX device ccSystemMonitorNotification CC SG is out of memory ccNeighborhoodActivated CC SG neighborhood has been activated ccNeighborhoodUpdated CC SG neighborhood has been upda...

Page 350: ...section contains more information about CSV file imports In This Chapter Common CSV File Requirements 333 Audit Trail Entries for Importing 334 Troubleshoot CSV File Problems 335 Appendix E CSV File...

Page 351: ...s the file type After that Excel will continue to save the file as CSV If you don t set the file type correctly the file will corrupt and cannot be used to import All import files must be in ASCII tex...

Page 352: ...n entry for each change that occurs when a record is imported These entries are logged between the entries for Import started and Import completed They are logged under a different Message Type depend...

Page 353: ...error includes the line number where the error occurs in the CSV file See the comments at the top of an export file to help you correct errors When the file has been corrected validate the file again...

Page 354: ...at states your client version is different from the server version and that behavior may be unpredictable you should clear the browser s cache and the Java cache and restart the browser See Clear the...

Page 355: ...Failed message that says you have an invalid certificate You can resume access by clearing the invalid certificate from your browser a In Firefox choose Tools Options b Click Advanced c Click the Enc...

Page 356: ...rrow key Press any key to enter the menu Booting CentOS x x x in x seconds 3 Highlight the Memtest86 vX X option where vX X is the current version using the up or down arrow keys and press Enter 4 CC...

Page 357: ...ooting 1 Turn on the debug mode 1 Using a supported Internet browser type this URL http s IP_address 8080 jmx console where IP_address is the IP address of the CC SG For example https 10 20 3 30 8080...

Page 358: ...onfigure Remote System Monitoring on page 293 Important For CC SG units in a cluster configuration you must monitor both CC SG units To monitor the disk space via the Diagnostic Console 1 Log into the...

Page 359: ...apshots 1 Enter the System Snapshot menu see Take a System Snapshot on page 303 2 Deselect SNAP 3 Deselect Package Export 4 Select Clean up tmp 5 Click or select Submit To monitor the disk space via w...

Page 360: ...Diagnostic Utilities 342 Note For file system problems that are not mentioned in this section or when the corrective actions you take cannot resolve the problems contact Raritan Technical Support for...

Page 361: ...RADIUS Server 6 1 on Windows Server 2003 RSA Authentication Manager 6 1 on Windows Server 2003 RSA Secure ID SID700 hardware token Earlier RSA product versions should also work with CC SG but they ha...

Page 362: ...r or manager to access and manage all servers equipment and users from a single device Which Raritan products does CC SG support See the Compatibility Matrix on the Raritan website in the Support sect...

Page 363: ...new node to the CC SG database and assigned it to me How can I see it in my Nodes tree To update the tree and see the newly assigned node click the Refresh shortcut button on the toolbar Remember that...

Page 364: ...ce to the existing node when a message appears Authentication FAQs Question Answer Authentication How many user accounts can be created for CC SG Check your licensing restrictions There is no specifie...

Page 365: ...ew browser and log in again This provides an additional security feature so that no one can recall information stored in the web cache to access the unit How is a password secure Passwords are encrypt...

Page 366: ...SG administrator I added over 500 nodes and assigned all of them to me Now it takes a long time to log into CC SG When you as administrator have many nodes assigned to you CC SG downloads all informat...

Page 367: ...too overloaded to be able to respond to a network login may still support console login So another benefit of console access is the ability to troubleshoot and diagnose system and network problems How...

Page 368: ...8 path box Currently the best possible implementation is to aggregate IP Reach boxes with CC SG In the future Raritan plans to increase simultaneous access paths per box These plans have yet to compl...

Page 369: ...Appendix I FAQs 351...

Page 370: ...following keyboard shortcuts can be used in the Java based Admin Client Operation Keyboard Shortcut Refresh F5 Print panel Ctrl P Help F1 Insert row in Associations table Ctrl I Appendix J Keyboard Sh...

Page 371: ...Device Information 354 Port Information 355 Associations 355 Administration 355 User Information Field in CC SG Number of characters CC SG allows Username 64 Full Name 64 User Password not strong pass...

Page 372: ...characters CC SG allows Primary Contact Name 64 Telephone Number 32 Cell Phone 32 Secondary Contact Name 64 Telephone Number 32 Cell Phone 32 Service Accounts Field in CC SG Number of characters CC S...

Page 373: ...formation Field in CC SG Number of characters CC SG allows Port Name 32 Associations Field in CC SG Number of characters CC SG allows Category Name 32 Element Name 32 Device Group Name 40 Node Group N...

Page 374: ...or The operating system is checking the DVD ROM drive and finds no media when it boots up There are other scenarios that invoke the message as well but will not be described in the section avc The mes...

Page 375: ...9 94 Add a Custom View for Devices 157 Add a Custom View for Nodes 155 Add a Device Group 50 53 149 Add a Dominion PX Device 33 34 36 Add a KVM or Serial Device xvi 33 34 43 72 74 Add a Neighborhood M...

Page 376: ...Blade Chassis with an Integrated KVM Switch 42 Blade Chassis without an Integrated KVM Switch 43 Bookmarking an Interface 109 110 189 Browser Based Access via the CC SG Admin Client 5 Bulk Copying fo...

Page 377: ...Configuring Power IQ Services xvi 106 121 305 Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and P2SC 70 71 Configuring PowerStrips Connected to SX 3 0 and KSX 70 72 Configuring Powerstrips...

Page 378: ...DRAC 5 Connection Details xvi 101 E E1 Environmental Requirements 311 E1 General Specifications 311 E1 Model 311 Edit a Blade Chassis Device 46 86 Edit a Device Group 53 Edit a Neighborhood 231 Edit...

Page 379: ...atibility 5 6 K Keyboard Shortcuts 352 L Launching a Device s Administrative Page 66 LDAP Advanced Settings 174 LDAP General Settings 174 Limit the Number of KVM Sessions per User xvi 19 132 133 135 L...

Page 380: ...ote System Monitoring Port 320 Repair or Rebuild RAID Disks 296 297 298 299 Reports 180 248 Require AES Encryption between Client and CC SG 235 Require strong passwords for all users 237 Required Open...

Page 381: ...ration Settings 175 Support for Virtual Media 153 Supported Environments for Two Factor Authentication 343 Switch the Primary and Secondary Node Status xvi 228 Synchronize All AD Modules 169 170 171 1...

Page 382: ...ngs 236 View Report Details 181 View the Default Application Assignments 210 View Top Display with Diagnostic Console 301 Viewing Devices 28 Viewing Nodes 78 Virtual Nodes Overview 89 VNC Access to No...

Page 383: ......

Page 384: ...India Monday Friday 9 a m 6 p m local time Phone 91 124 410 7881 Japan Monday Friday 9 30 a m 5 30 p m local time Phone 81 3 3523 5991 Email support japan raritan com Europe Europe Monday Friday 8 30...

Reviews:

No comments