manualshive.com logo in svg

Tripp Lite 93-2879, Owner'S Manual, Page: 187 / 224

Share
Download
Tripp Lite 93-2879 Owner'S Manual Download Page 187

 

 

_____________________________________________________________________ 

 

B096-016 B096-048 and B092-016 User Manual 

 

 Page 187

 

Generated keys may be one of two types - RSA or DSA (and it is beyond the scope of this 
document to recommend one over the other). RSA keys will go into the files 

id_rsa

 and

 

id_rsa.pub

. DSA keys will be stored in the files 

id_dsa

 and 

id_dsa.pub

 
For simplicity going forward, the term 

private key

 will be used to refer to either 

id_rsa

 or 

id_dsa

 

and 

public key

 to refer to either 

id_rsa.pub

 or 

id_dsa.pub.

 

 

 
To generate the keys using OpenBSD's OpenSSH suite, we use the 

ssh-keygen

 program: 

 

$ ssh-keygen -t [rsa|dsa] 

Generating public/private [rsa|dsa] key pair. 
Enter file in which to save the key 

(/home/user/.ssh/id_[rsa|dsa]):

 

Enter 

passphrase 

(empty for no passphrase): 

Enter same passphrase again: 
Your identification has been saved in 

/home/user/.ssh/id_[rsa|dsa].  

Your public key has been saved in 

/home/user/.ssh/id_[rsa|dsa].pub. 

The key fingerprint is:

 

  

28:aa:29:38:ba:40:f4:11:5e:3f:d4:fa:e5:36:14:d6 user@server

 

$

 

 
It is advisable to create a new directory to store your generated keys. It is also possible to name 
the files after the device they will be used for. For example: 
 
 

$ mkdir keys 

  

$ ssh-keygen -t rsa 

  

Generating public/private rsa key pair. 
Enter file in which to save the key (/home/user/.ssh/id_rsa):  

/home/user/keys/control_room

 

  

Enter 

passphrase

 (empty for no passphrase): 

  

Enter same 

passphrase

 again: 

Summary of Contents for 93-2879

Page 1: ...sole Server Management Switch Models B096 016 B096 048 Console Server with PowerAlert Model B092 016 Tripp Lite World Headquarters 1111 W 35th Street Chicago IL 60609 USA 773 869 1234 USA 773 869 1212...

Page 2: ...SYSTEM CONFIGURATION 18 3 1 Management Console Connection 18 3 1 1 Connected computer set up 18 3 1 2 Browser connection 19 3 1 3 Initial B092 016 connection 21 3 2 Administrator Password 21 3 3 Netw...

Page 3: ...or dial in 54 5 1 4 Set up earlier Windows clients for dial in 55 5 1 5 Set up Linux clients for dial in 56 5 2 OoB Broadband Access B096 048 016 only 56 5 3 Broadband Ethernet Failover B096 048 016 o...

Page 4: ...wer 86 6 10 Using SDT to IP connect to hosts that are serially attached to the gateway 88 6 10 1 Establish a PPP connection between the host COM port and Console Server 88 6 10 2 Set up SDT Serial Por...

Page 5: ...tication 119 9 1 4 LDAP authentication 120 9 1 5 RADIUS TACACS user configuration 121 9 2 PAM Pluggable Authentication Modules 122 9 3 Secure Management Console Access 123 NAGIOS INTEGRATION 125 10 1...

Page 6: ...agement 147 13 4 Serial Port Terminal Connection 147 13 5 Remote Console Access B092 016 only 149 14 BASIC CONFIGURATION LINUX COMMANDS 151 14 1 The Linux Command line 152 14 2 Administration Configur...

Page 7: ...verview 178 Generating Public Keys Linux 179 Installing the SSH Public Private Keys Clustering 180 Installing SSH Public Key Authentication Linux 180 Generating Public Private keys for SSH Windows 182...

Page 8: ...6 2 Advanced Control Panel 210 16 2 1 System Terminal 210 16 2 2 System Shutdown Reboot 211 16 2 3 System Logout 211 16 2 4 Custom 211 16 2 5 Status 211 16 2 6 Logs 211 16 3 Remote control 212 Appendi...

Page 9: ...equency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likel...

Page 10: ...nd information on this manual 2 Installation Details physical installation of the Console Server and the interconnection of controlled devices 3 System Configuration Describes the initial installation...

Page 11: ...o control all the serial connected devices and network connected devices hosts II Users Embraces those who have been set up by the Administrator with specific limits on their access and control author...

Page 12: ...nd line As an Administrator you can get command line access by connecting through a terminal emulator or communications program to the console serial port or by SSH or Telnet connecting to the Console...

Page 13: ...n action you should take as part of the procedure Bold text indicates text that you type or the name of a screen object e g a menu or button on the Management Console Italic text is also used to indic...

Page 14: ...B096 048 48 2 1 1 Internal Dual AC Universal Input B096 016 16 2 1 1 Internal Dual AC Universal Input B092 016 16 1 1 KVM 4 Single AC Universal Input 2 1 1 Kit components B096 048 and B096 016 Console...

Page 15: ...rack you will need to attach the rack mounting brackets supplied with the unit and install the unit in the rack Take care to heed the Safety Precautions listed earlier Proceed to connect your B092 01...

Page 16: ...e you only connect the LAN port to an Ethernet network that supports 10Base T 100Base T For the initial configuration of the Console Server you must connect a computer to the Console Server s principa...

Page 17: ...into any Console Server USB port 2 6 Rackmount Console KVM Connection B092 016 only B092 016 Console Server with PowerAlert can be connected directly to a rack mount console such as B021 000 17 or B02...

Page 18: ...nsole Server Note For initial configuration it is recommended that the Console Server be connected directly to a single computer However if you choose to connect your LAN before completing the initial...

Page 19: ...with a MAC Address 00 13 C6 00 02 0F designated on the label on the bottom of the unit and we are setting its IP address to 192 168 100 23 The computer issuing the arp command must be on the same net...

Page 20: ...work settings on the System IP page Chapter 3 3 Configure port settings and enable the Serial Network Serial Port page Chapter 4 4 Configure users with access to serial ports on the Serial Network Use...

Page 21: ...2 Administrator Password For security reasons only the administration user named root can initially log into your Console Server Only those people who know the root password can access and reconfigur...

Page 22: ...ssword Note If you are not confident your Console Server has been supplied with the current release of firmware you can upgrade Refer to Upgrade Firmware Chapter 10 3 3 Network IP address It is time t...

Page 23: ...dress By default the Console Server 10 100 LAN port auto detects the Ethernet connection speed However you can use the Media menu to lock the Ethernet to 10 Mb s or 100Mb s and to Full Duplex FD or Ha...

Page 24: ...ection of access protocols that can be used to access the Console Server The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet The User can also use the n...

Page 25: ...rnet HTTP Allows the Administrator basic browser access to the Management Console It is recommended that you disable the HTTP service if the Console Server is to be remotely accessed over the Internet...

Page 26: ...The default TCP IP base port address for Telnet access is 2000 and the range for Telnet is IP Address Port 2000 serial port i e 2001 2048 So if the Administrator were to set 8000 as a secondary base...

Page 27: ...s software for all communications with Console Servers Each Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server SDT Connector is a lightweight...

Page 28: ...similarly simple but you need to use the default port 23 3 5 3 SSHTerm Another common communications package that may be useful is SSHTerm This is an open source package that can be downloaded from h...

Page 29: ...Management Switch as a Management LAN gateway The Management Switch in the B096 048 016 Console Servers can be configured to provide a management LAN gateway With this configuration the B096 048 016 p...

Page 30: ...ncipal Network connection on the System IP menu The B096 048 016 Console Server Management Switches also host a DHCP server which by default is set at disabled The DHCP server enables the automatic di...

Page 31: ...ds The lease time is the time that a dynamically assigned IP address is valid before the client must request it again Click Apply The DHCP server will sequentially issue IP addresses from a specified...

Page 32: ...ver Interface to be used in the event of an outage on the main network This can be o an alternate broadband Ethernet connection or o the B096 048 016 internal modem or o an external serial modem ISDN...

Page 33: ...figuring Serial Ports To configure a serial port you must first set the Common Settings Chapter 4 1 1 that are to be used for the data connection to that port e g baud rate and the mode the port is to...

Page 34: ...is being used These serial port parameters must be set so they match the serial port parameters on the device which is attached to that port Specify a label for the port Select the appropriate Baud Ra...

Page 35: ...t Console Server Mode to enable remote management access to the serial console that is attached to the serial port Logging Level This specifies the level of information to be logged and monitored refe...

Page 36: ...tunneled from their client computers to the serial port on the Console Server with a simple point and click To use SDT Connector to access consoles on the Console Server serial ports configure the SD...

Page 37: ...T Connector with the Console Server as a gateway then as a host and enable SSH service on Port 3000 serial port i e 3001 3048 refer to Chapter 6 You can also use common communications packages like Pu...

Page 38: ...nticated Telnet enables Telnet access to the serial port without requiring the user to provide credentials When a user accesses the Console Server to Telnet to a serial port they are normally given a...

Page 39: ...terruptible Power Supply UPS serial Remote Power Controller Power Distribution Unit RPC or Environmental Monitoring Device EMD Select the desired Device Type UPS RPC or EMD Proceed to the appropriate...

Page 40: ...and then transported over a network to a second Console Server where it is then represented as serial data So the two Console Servers effectively act as a virtual serial cable over an IP network One...

Page 41: ...enable logging of traffic on the selected serial port to a syslog server and to appropriately sort and action those logged messages i e redirect them send alert email etc For example if the computer a...

Page 42: ...trator can reconfigure the access services for any Host or serial port only trusted users should have Administrator access Note For convenience the SDT Connector Retrieve Hosts function retrieves and...

Page 43: ...Group Add a Group name and Description for each new Group then nominate Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any users in this new Group to be able to a...

Page 44: ...Groups in which case they take on the cumulative access privileges of each of those Groups A user does not have to be a member of any Groups but if the User is not even a member of the default user g...

Page 45: ...ices will be port forwarded through to the Host All other services TCP UDP ports will be blocked If the Console Server has been configured with distributed Nagios monitoring enabled then you will also...

Page 46: ...e new rule is to be applied to Then enter the Network Address of the subnet to be permitted access Then specify the range of addresses that are to be permitted by entering a Network Mask for that perm...

Page 47: ...large number of serial ports up to 1000 can be configured and accessed through one IP address and managed through the one Management Console One Console Server the Master controls other Console Serve...

Page 48: ...keys will automatically be uploaded to the Master and connected Salves 4 6 2 Manually generate and upload SSH keys Alternately if you have a RSA or DSA key pair you can manually upload them to the Ma...

Page 49: ...nd upload it to Slave s SSH Authorized Key Click Apply The next step is to Fingerprint each new Slave Master connection This once off step will validate that you are establishing an SSH session with t...

Page 50: ...l the Slaves and the port numbers that have been allocated on the Master If the Master Console Server has 16 ports of its own then ports 1 16 are pre allocated to the Master So the first Slave added w...

Page 51: ...ort related functions it is not master over the Slave network host connections or over the Slave Console Server system itself So Slave functions such as IP SMTP SNMP Settings Date Time DHCP server mus...

Page 52: ...5 1 OoB Dial In Access To enable OoB dial in access first set up the Console Server configuration for dial in PPP access Once the Console Server is so configured it will wait for an incoming connecti...

Page 53: ...described in Chapter 14 Select the Baud Rate and Flow Control that will communicate with the modem Check the Enable Dial In Access box Enter the User name and Password to be used for the dial in PPP...

Page 54: ...tion used on the internet sending a username and password to a server where they are compared with a table of authorized users Whilst most common PAP is the least secure of the authentication options...

Page 55: ...r modem Enter the PPP User Name and Password for have set up for the Console Server 5 1 4 Set up earlier Windows clients for dial in For Windows 2000 the PPP client set up procedure is the same as abo...

Page 56: ...er PPP link as the default for Internet connection 5 2 OoB Broadband Access B096 048 016 only The B096 048 016 Console Server Management Switch has a second Ethernet network port that can be configure...

Page 57: ...ce menu select Management LAN eth1 as the Failover Interface to be used when a fault has been detected with main Network Interface eth0 Specify the Probe Addresses of two sites the Primary and Seconda...

Page 58: ...anagement network When configuring the principal network connection in System IP specify Internal Modem or the Dial Serial DB9 if using an external modem on the Console port as the Failover Interface...

Page 59: ...59...

Page 60: ...inistrator s computer It is recommended that you use the SDT Connector client software supplied with the Console Server to do this SDT Connector is simple to install and it auto configures It provides...

Page 61: ...ked Note Following are some of the TCP Ports used by SDT in the Console Server 22 SSH All SDT Tunneled connections 23 Telnet on local LAN forwarded inside tunnel 80 HTTP on local LAN forwarded inside...

Page 62: ...edit command search for SDT Connector and then remove the directory with this name For Linux and other Unix clients SDTConnector tar gz application will install the sdtcon 1 n jar and the config file...

Page 63: ...or select the File New Gateway menu option Enter the IP or DNS Address of the Console Server and the SSH port that will be used typically 22 Note If SDT Connector is connecting to a remote Console Ser...

Page 64: ...rst be set up on the Console Server and must be authorized to access the specific ports hosts refer to Chapter 5 Only these permitted services will be forwarded through by SDT to the Host All other se...

Page 65: ...user i e they can be members of user or admin or some other group or no group SDT Connector will however not auto configure the root and it is recommended that this account is only used for initial co...

Page 66: ...s routers etc at that site 6 2 5 Manually adding hosts to the SDT Connector gateway For each gateway you can manually specify the network connected hosts that will be accessed through that Console Ser...

Page 67: ...on options are pre configured in the default SDT Connector RDP client VNC client HTTP browser HTTPS browser Telnet client etc However if you wish to add new client applications to this range then proc...

Page 68: ...rom localhost Enter a local TCP port to bind to when creating the local endpoint of the redirection If this is left blank a random port will be selected Note SDT Connector can also tunnel UDP services...

Page 69: ...command line format When launching the client SDT Connector substitutes these keywords with the appropriate values path is path to the executable file i e the previous field host is the local address...

Page 70: ...PP Access section in Chapter 5 Configuring Dial In Access Set up the PPP client software at the remote User computer following the Set up the remote Client section in Chapter 5 Once you have a dial in...

Page 71: ...tion and then forwarding the RDP port over this SSH connection using the PuTTY client software Under the Session tab enter the IP address of the Console Server in the Host Name or IP address field For...

Page 72: ...label 3389 For example if the Label you specified on the SDT enabled serial port on the Console Server is win2k3 then specify the remote host as win2k3 3389 Alternately you can set the Destination as...

Page 73: ...d enterprise VPN connected Client computers using SSH as above This will protect against the risk of the man in the middle attacks to which RDP has a vulnerability http www securiteam com windowsntfoc...

Page 74: ...g on one of the ports which VNC uses Tunneling VNC over a SSH connection ensures all traffic is strongly encrypted Also no VNC port is ever open to the internet so anyone scanning for open VNC ports w...

Page 75: ...agement Console and or click SSH or Telnet to access the gateway command line console Note To enable SDT access to the gateway console you must now configure the Console Server to allow port forwarded...

Page 76: ...nes of Loopback ports or Local serial ports Click OK Click Serial Port 2 icon for Telnet access to the serial console on the device attached to serial port 2 on the gateway To enable SDT Connector to...

Page 77: ...vity is provided by a dial up or wireless modem directly attached to the gateway So out of band access enables you to access the hosts and serial devices on the network diagnose any connectivity issue...

Page 78: ...Out of Band Connection wait min rasdial network_connection disconnect The network_connection in the above is the name of the network connection as displayed in Control Panel Network Connections To sto...

Page 79: ...ool You may use RSA or DSA however it is important that you leave the passphrase field blank PuTTYgen http www chiark greenend org uk sgtatham putty download html OpenSSH http www openssh org OpenSSH...

Page 80: ...ed and encrypted tunnel SDT with RDP also allows remote Users to connect to Windows XP Vista Windows 2003 computers and to Windows 2000 Terminal Servers and to have access to all of the applications f...

Page 81: ...a single computer When the remote user connects to the accessed computer on the console session Remote Desktop automatically locks that computer so no other user can access the applications and files...

Page 82: ...then you would enter 192 168 0 50 7303 Where there is an SSH tunnel over a dial up PPP connection or over a public internet connection or private network connection simply enter the localhost as the I...

Page 83: ...older Windows platforms to remotely connect to a computer running Windows XP Professional or Windows 2003 Server B On a Linux or UNIX client computer Launch the open source rdesktop client rdesktop u...

Page 84: ...urce untar configure make make then install rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http www rdesktop org C On a Macintosh client Downl...

Page 85: ...ows server allowing you to view the desktop of a remote Windows machine on any of these platforms using exactly the same viewer RealVNC was founded by members of the AT T team who originally developed...

Page 86: ...onfigure and connect the VNC Viewer VNC is truly platform independent so a VNC Viewer on any operating system can connect to a VNC Server on any other operating system There are Viewers and Servers fr...

Page 87: ...the VNC Host computer is serially connected to the Console Server then enter the IP address of the Console Server unit with the TCP port that the SDT tunnel will use The TCP port will be 7900 plus th...

Page 88: ...are serially attached to the gateway Network IP protocols like RDP VNC and HTTP can also be used to connect to host devices that are serially connected through their COM port to the Console Server To...

Page 89: ...anced connection and click Next On the Advanced Connection Options screen select Accept Incoming Connections and click Next Select the Connection Device i e the serial COM port on the Windows computer...

Page 90: ...wn in the illustration above From 169 134 13 1 To 169 134 13 2 Alternately you can set the advanced connection and access on the Windows computer to use the Console Server defaults Specify 10 233 111...

Page 91: ...to the Make New Connection button For Windows 2000 click Start and select Settings At the Dial Up Networking Folder click Network and Dial up Connections and click Make New Connection Note you first...

Page 92: ...and VNC forwarding over serial ports is enabled on a Port basis You can add Users who can have access to these ports or reconfigure User profiles by selecting Serial Network User Groups menu tag as d...

Page 93: ...mental monitors UPS and PDU devices The Console Servers can also log access and communications with network attached hosts If port logs are to be maintained on a remote server then the access path to...

Page 94: ...uthentication Similarly you can specify the Subject Line that will be sent with the email Click Apply to activate SMTP 7 1 2 SMS alerts The Console Server uses email to SMS services to send SMS alert...

Page 95: ...age which is contained in full in the body of the email However some SMS gateway service providers require blank subjects or require specific authentication headers to be included in the subject line...

Page 96: ...10 7 2 Activate Alert Events and Notifications The Alert facility monitors the status of the Console Server and connected devices When an alert event is triggered a notification is emailed to a nomina...

Page 97: ...the alert service that will be used to send notification for this event who to notify and what port host device is to be monitored At Add a New Alert enter a Description for this new alert Nominate t...

Page 98: ...erial and or Applicable Host s and or Applicable UPS es and or Applicable RPC s and or Applicable EMD s and or Applicable Alarm Sensor s that are to be monitored for this alert trigger 7 2 2 Select ge...

Page 99: ...tails on selecting and configuring this alert type 7 2 3 Configuring environment and power alert type This alert type will be applied to any UPS s RPC s and EMD temperature and humidity sensors you ha...

Page 100: ...or open sensor you may not wish to activate the sensor alert monitoring during the working day Click Apply 7 3 Remote Log Storage Before activating Serial or Network Port Logging on any port or UPS lo...

Page 101: ...t to be logged Specify the Logging Level of for each port as Level 0 Turns off logging for the selected port Level 1 Logs all connection events to the port Level 2 Logs all data transferred to and fro...

Page 102: ...e used you also must set up the level of logging that is to be maintained for each service Specify the logging level that is to be maintained for that particular TDC UDP port service on that particula...

Page 103: ...rMan and NUT open source management tool RPC s include power distribution units PDU s and IPMI power devices 8 1 1 RPC connection Serial and network connected RPC s must first be connected to and conf...

Page 104: ...d access privileges you will have configured in Serial Networks Users Groups Check Log Status and specify the Log Rate minutes between samples if you wish the status from this RPC to be logged These l...

Page 105: ...the Status RPC Status menu A table with the summary status of all connected RPC hardware will be displayed Click on View Log or select the RPC Logs menu You will be presented with a table of the histo...

Page 106: ...al or USB cable or by the network to the Console Server The Console Server becomes the Master of this UPS and runs a upsd server to allow other computers that are drawing power through the UPS Slaves...

Page 107: ...PS and in the Serial Network Network Hosts menu for each network connected UPS refer to Chapter 4 No such configuration is required for USB connected UPS hardware Select the Serial Network UPS Connect...

Page 108: ...login credentials are not related to the Users and access privileges you will have configured in Serial Networks Users Groups If you have multiple UPS s and require them to be shut down in a specific...

Page 109: ...de an opportunity to perform any last gasp actions before power is lost during a power failure This is achieved by placing a script in etc config scripts ups shutdown You may use the etc scripts ups s...

Page 110: ...ct to the Console Server Refer to the NUT documentation for details on how this is done specifically sections 13 5 to 13 10 http eu1 networkupstools org doc 2 2 0 INSTALL html An example upsmon conf e...

Page 111: ...rmation on the select UPS System Click on any particular All Data for any UPS System in the table for more status and configuration information on the select UPS System Select UPS Logs and you will be...

Page 112: ...rs that draw power through the UPS i e Slaves of the UPS to shutdown gracefully when the battery power reaches critical Additionally one server is designated the Master of the UPS and is responsible f...

Page 113: ...ironmental Monitoring Device EMD model B090 EMD can be connected to any Console Server serial port and each Console Server can support multiple EMD s Each EMD has one temperature and one humidity sens...

Page 114: ...feet 10meters in length Tripp Lite N002 series cables Screw the bare wires on any smoke detector water detector vibration sensor open door sensor or general purpose open close status sensors into the...

Page 115: ...y the Log Rate minutes between samples if you wish the status from this EMD to be logged These logs can be views from the Status Environmental Status screen Click Apply 8 3 2 Environmental alerts You...

Page 116: ...s menu and a table with the summary status of all connected EMD hardware will be displayed Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical...

Page 117: ...le using HTTPS and using OpenSSL and OpenSSH to establish a secure Administration connection to the Console Server 9 1 Authentication Configuration Authentication can be performed locally or remotely...

Page 118: ...ssed Select Serial and Network Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal Enter the Server Address IP or host name of the remote Authentication Authorization serve...

Page 119: ...whenever the Console Server or any of its serial ports or hosts is accessed Select Serial and Network Authentication and check RADIUS or LocalRADIUS or RADIUSLocal or RADIUSDownLocal Enter the Server...

Page 120: ...erial ports or hosts is accessed Select Serial and Network Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal Enter the Server Address IP or host name of the remote Authenticatio...

Page 121: ...ges Example 1 User A is locally added and has access to ports 1 and 2 He is also defined on a remote TACACS server which says he has access to ports 3 and 4 The user may log in with either his local o...

Page 122: ...be added as required Changes may be made to files in etc config pam d which will persist even if the authentication configurator is run Users added on demand When a user attempts to log in but does no...

Page 123: ...nt Console Activate your preferred browser and enter https IP address For example if the Console Server has been set up with an IP address of 200 122 0 12 you need to type https 200 122 0 12 in your a...

Page 124: ...erver is embedded during testing and is not signed by a recognized third party certificate authority Rather it is signed by our own signing authority These warnings do not affect the encryption protec...

Page 125: ...re already familiar with Nagios skip ahead to section 10 3 10 1 Nagios Overview Nagios provides central monitoring of the hosts and services in your distributed network Nagios is freely downloadable o...

Page 126: ...ient PC laptop etc running Windows Linux or Mac OS X Runs Tripp Lite SDT Connector client software 1 5 0 or later Connect to the central Nagios server web UI to view status of monitored hosts and seri...

Page 127: ...S services and one serially attached device the console port of a network router and to send alerts back to the Nagios server when an administrator connects to the router or IIS server While this walk...

Page 128: ...ick Add It is important to remove and re add the service to enable logging Scroll down to Nagios Settings and check Enable Nagios Click New Check and select Check Ping Click check host alive Click New...

Page 129: ...ted monitoring To activate the Console Server s Nagios distributed monitoring Nagios integration must be enabled and a path established to the central upstream Nagios server If the Console Server is t...

Page 130: ...P as entered in System IP In Nagios Server Address enter the IP address or DNS name that the Console Server will use to reach the upstream Nagios monitoring server Check the Disable SDT Nagios Extensi...

Page 131: ...ne which is especially valuable if you are monitoring hundreds or thousands of hosts To enable NRPE Select System Nagios and check NRPE Enabled Enter the details for the user connection to the upstrea...

Page 132: ...cret password and specify a check Interval Refer the sample Nagios configuration section below for some examples of configuring specific NSCA checks 10 3 4 Configure selected Serial Ports for Nagios m...

Page 133: ...ividual Network Hosts connected to the Console Server that is to be monitored must also be configured for Nagios checks Select Serial Network Network Port and click Edit on the Network Host to be moni...

Page 134: ...stream Nagios monitoring host Refer to the Nagios documentation http www nagios org docs for configuring the upstream server The section entitled Distributed Monitoring steps through what is needed to...

Page 135: ...RPE if a check were late For details see the Nagios documentation http www nagios org docs on Service and Host Freshness Checks Host definitions Console Server define host use generic host host_name t...

Page 136: ...plite_nrpe_daemon_dep host_name tripplite dependent_host_name server dependent_service_description Serial Status service_description NRPE Daemon execution_failure_criteria w u c Port Log define comman...

Page 137: ...e server use generic service check_command check_ping_via_tripplite define service service_description host ping server host_name server use generic service check_command check_ping_via_tripplite acti...

Page 138: ...eduled to be run on the Console Server to check the status of a connected host or service This status is then communicated to the upstream Nagios server which uses the results to monitor the current s...

Page 139: ...check_smtp check_snmp check_spop check_ssh check_ssmtp check_swap check_tcp check_time check_udp check_ups check_users There also are bash scripts which can be downloaded and run primarily check_log...

Page 140: ...5 11 1 System Administration and Reset The Administrator can reboot or reset the Console Server to default settings A soft reset is performed by Selecting Reboot in the System Administration menu and...

Page 141: ...ord default 11 2 Upgrade Firmware Before upgrading check if you are already running the most current firmware in your Console Server Your Console Server will not allow you to upgrade to the same or an...

Page 142: ...time stamping log entries while certificate generation depends on a correct Timestamp to check the validity period of the certificate Select the System Date Time menu option Manually set the Year Mont...

Page 143: ...Statistics Support Reports Syslog UPS Status 12 1 Port Access and Active Users The Administrator can see which Users have access privileges to each serial port Select the Status Port Access The Admini...

Page 144: ...you do experience an issue and have to contact Support ensure you include the Support Report with your email support request The Support Report should be generated when the issue is occurring and att...

Page 145: ...ess and port details and then click Apply Local System Logging To view the local Syslog file Select Alerts Logging Syslog To make it easier to find information in the local Syslog file a pattern match...

Page 146: ...les Power control 13 1 Device Management To display all the connected Serial devices Network Hosts and Power devices Select Manage Devices By selecting the Serial Network Power item the display will b...

Page 147: ...r Management Administrator and Users can access and manage the connected power devices Select Manage Power 13 4 Serial Port Terminal Connection Administrator and Users can communicate directly with th...

Page 148: ...the computer from which you are browsing and the Console Server must be added as a gateway as detailed in Chapter 6 The alternative to using SDT Connector and your local Telnet client is to download t...

Page 149: ...al port to be accessed By default 3001 is selected i e Port 1 To access Port 4 this must be changed to 3004 for the Username 13 5 Remote Console Access B092 016 only Administrator and Users can also c...

Page 150: ..._____________________________________________________________________ B096 016 B096 048 and B092 016 User Manual Page 150...

Page 151: ...tion and Services Configuration Serial Port Configuration Serial Port Settings Supported Protocol Configuration Users and Trusted Networks Event Logging Configuration Remote Serial Port Log Storage an...

Page 152: ...ator program to the IP address of the Console Server 192 168 0 1 by default Log on to the Console Server by pressing return a few times The Console Server will request a username and password Enter th...

Page 153: ...ile Specify an alternate configuration file to use The default file is located at etc config config xml r run configurator Run the specified registered configurator Registered configurators are listed...

Page 154: ...in config set config system smtp sender og mydomain com The following command will synchronize the live system with the new configuration bin config run systemsettings The Console Server does not stor...

Page 155: ...mands date 092216452005 05 Format is MMDDhhmm CC YY ss Then the following command will save this new system time to the hardware clock bin hwclock systohc Alternately to change the hardware clock time...

Page 156: ...note that supported interface modes are dhcp and static DHCP To enable a DHCP client on the primary Network interface eth0 from the Console Server command line bin config set config interfaces wan mo...

Page 157: ...es wan dns2 10 1 0 254 The following command will synchronize the live system with the new configuration bin config run ipconfig Dial in Configuration To enable dial in access on the DB9 serial port f...

Page 158: ...re Software and None If you do not wish to use out of band dial in access please note that the procedure for enabling start up messages on the console port is covered in Chapter 15 Accessing the Conso...

Page 159: ...oftware You would need to issue the following commands from the command line to set the port configuration bin config set config ports port5 speed 115200 bin config set config ports port5 parity None...

Page 160: ...fig set config ports port5 ssh on bin config del config ports port5 Telnet bin config del config ports port5 tcp The following command will synchronize the live system with the new configuration bin c...

Page 161: ...ynchronize the live system with the new configuration bin config run users Trusted Networks You can further restrict remote access to serial ports based on the source IP address To configure this via...

Page 162: ...Address 192 168 0 254 Directory C tripplite logs Username cifs_user Password secret Logging level 2 input output logging as well as user connections disconnections The following commands must be issu...

Page 163: ...with user number 1 If you already have 1 alert your new alert will be number 2 etc To configure an email alert to be sent to alert1 domain org when the regular expression Cpu 0 0 id matches logging on...

Page 164: ...s the config below vi etc config config xml users host1 total 3 total host2 address accounts intranet myco com address description Accounts server description users total 1 total user1 John user1 user...

Page 165: ...arball will be saved to the indicated location It will contain the contents of the etc config directory in an uncompressed and unencrypted form Example nfs storage mount t nfs 192 168 0 2 backups mnt...

Page 166: ...sole Server software are licensed under the GNU General Public License version 2 You may obtain a copy of the GNU General Public License at http www fsf org copyleft gpl html and source code will prov...

Page 167: ...tpd ping portmap pppd routed setserial smtpclient stty stunel tcpdump tftp tip traceroute More details on the above Linux commands can found online at http en tldp org HOWTO HOWTO INDEX howtos html ht...

Page 168: ...amples of its use portmanager documentation Scripts and alerts Raw data access to the ports and modems This chapter also describes details how to perform advanced and custom management tasks using Lin...

Page 169: ...nce connected the pmshell command supports a subset of the escape commands that tip cu support For SSH you must prefix the escape with an additional command i e use the escape Send Break Typing the ch...

Page 170: ...s http techpubs sgi com library tpl cgi bin getdoc cgi coll linux db man fname usr share catman man8 chat 8 html pmusers The pmusers command is used to query the portmanager for active user sessions E...

Page 171: ...etc config portmanager conf Signals Sending a SIGHUP signal to the portmanager will cause it to reread its configuration file 15 2 External Scripts and Alerts The portmanager has the ability to execu...

Page 172: ...connects to any port If a file called etc config pmshell start sh exists it is run when a user connects to a port It is provided with 2 arguments the Port number and the Username Here is a simple exam...

Page 173: ...ant to use stty to configure the port you can put stty commands in etc config scripts portXX init which gets run whenever portmanager opens the port Otherwise any setup you do with stty will get lost...

Page 174: ...IP Filtering Standard IP Filter configuration The system uses the iptables utility to provide a stateful firewall of LAN traffic By default rules are automatically inserted to allow access to enabled...

Page 175: ...connections from computers on a C class network 192 168 10 0 will be accepted when this script is installed at etc config filter custom Note that when this script is called any preexisting chains and...

Page 176: ...quest it processes the request s collects the requested information and or performs the requested operation s and returns the information to the sender This includes built in support for a wide range...

Page 177: ...nd any further SNMP servers are added manually using config Log in to the Console Server s command line shell as root or an admin user Refer back to the Management Console UI or user documentation for...

Page 178: ...stem snmp protocol3 config system snmp address3 etc 15 6 Secure Shell SSH Public Key Authentication This section covers the generation of public and private keys in a Linux and Windows environment and...

Page 179: ...The config files are now in etc config e g o etc config sshd_config instead of etc sshd_config o etc config ssh_config instead of etc ssh_config o etc config users username ssh instead of home usernam...

Page 180: ...sword associated with the keys If there is a password then the devices will have no way to supply it as runtime Full documentation for the ssh keygen command can be found at http www openbsd org cgi b...

Page 181: ...ot and type chown fred etc config users fred ssh authorized_keys If the Console Server device selected to be the server will only have one client device then the authorized_keys file is simply a copy...

Page 182: ...ery sshd Generating public private keys for SSH Windows This section describes how to generate and configure SSH keys using Windows First create a new user from the Management Console on the Console S...

Page 183: ...e a recent version of WinSCP available from http winscp net eng download php To generate a SSH key using PuTTY http sourceforge net docs F02 clients Execute the PUTTYGEN EXE program Select the desired...

Page 184: ...sshd_config on the server Makes sure public key authentication is enabled Test the Public Key by logging in as testuser Test the Public Key by logging in as testuser to the client device and typing yo...

Page 185: ...OTE HOST IDENTIFICATION HAS CHANGED IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY Someone could be eavesdropping on you right now man in the middle attack It is also possible that the RSA host...

Page 186: ...Setting Next you will need to set up SSH keys for each end of the tunnel and upload these keys to the Server and Client gateways Client Keys The first step in setting up SSH tunnels is to generate ke...

Page 187: ...rogram ssh keygen t rsa dsa Generating public private rsa dsa key pair Enter file in which to save the key home user ssh id_ rsa dsa Enter passphrase empty for no passphrase Enter same passphrase agai...

Page 188: ...For example assume we already have one server called bridge_server and two sets of keys for the control_room and the plant_entrance ls home user keys control_room control_room pub plant_entrance plan...

Page 189: ...SDT Connector and the Console Server You must configure the SSH client that SDT Connector launches e g Putty OpenSSH and the host s SSH server for public key authentication 15 7 Secure Sockets Layer S...

Page 190: ...be accessed via a known Domain Name you can use the following steps to replace the default SSL Certificate and Private Key with ones tailored for your new address 1 Generating an encryption key To cre...

Page 191: ...as follows scp ssl_key pem root address of unit etc config scp ssl_cert pem root address of unit etc config or using PSCP pscp scp ssl_key pem root address of unit etc config pscp scp ssl_cert pem roo...

Page 192: ...the open source NUT and PowerMan tools and the pmpower utility PowerMan PowerMan provides power management in a data center or compute cluster environment It performs operations such as power on powe...

Page 193: ...device Displays RPC status information If targets are specified only RPC s matching the target list are displayed T telemetry Causes RPC telemetry information to be displayed as commands are processed...

Page 194: ...ost address for the power target u Override the configured username p Override the configured password on This action switches the specified device or outlet s ON off This action switches the specifie...

Page 195: ...for and loads etc config powerstrips xml if it exists The user can add their own support for more devices by putting definitions for them into etc config powerstrips xml This file can be created on a...

Page 196: ...ult settings for the attached device 15 10 IPMItool The Console Server includes the ipmitool utility for managing and configuring devices that support the Intelligent Platform Management Interface IPM...

Page 197: ...luded in standard distributions On Solaris this driver is called BMC and is included in Solaris 10 Management of a remote station requires the IPMI over LAN interface to be enabled and configured Depe...

Page 198: ...current supported OEM types p port Remote server UDP port to connect to Default is 623 P password Remote server password is specified on the command line If supported it will be obscured in the proces...

Page 199: ...rd length is 16 characters Passwords longer than 16 characters will be truncated For IPMI v2 0 the maximum password length is 20 characters longer passwords are truncated COMMANDS help This can be use...

Page 200: ...persist between reboots This script would parse each port log file line by line Each time it sees LOGIN username it adds the username to the list of connected users for that port each time it sees LOG...

Page 201: ...ntrolPath var run cascade h Slavename These are the Slaves that are connected Note The end of the Slaves names will be truncated so the first 5 characters must be unique Alternatively you can write a...

Page 202: ...other managed devices via serial USB or IP over the LAN This chapter provides instructions on configuring the thin clients and using them locally and remotely The thin clients can be controlled from t...

Page 203: ...to the Host Once a Host has been added you can select Edit and update the commands that will be executed in connecting the service to the existing Host The sixteen serial ports are pre configured by d...

Page 204: ...rt A window will be created with a connection to the device on the selected serial port The embedded terminal emulator uses rxvt a color vt102 terminal emulator You can find more details on configurat...

Page 205: ...censed Sun Java JRE Java and all Java based trademarks and logos are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries 16 1 3 Connect VNC Select Connect VNC on...

Page 206: ...nfigure the VNC Viewer Alternately you can select Options by right clicking on the VNC Viewer task Bar icon You can find more details on configuration options in http www realvnc com products free 4 1...

Page 207: ...pmitools program Find more details on configuration options in http ipmitool sourceforge net manpage html The ipmitool program provides a simple command line interface to the BMCs and features the abi...

Page 208: ...etrieve the selected IPMI event log by running ipmitool I lanplus H hostname U username P password sel info 16 1 6 Connect Remote Desktop RDP Select Connect RDP on the control panel and click on the W...

Page 209: ...windows password g 1200x950 ms windows terminal server host name option Description a Color depth 8 16 24 r Device redirection i e Redirect sound on remote machine to local device i e 0 r sound MS Win...

Page 210: ...the control panel The PowerAlert software will be launched 16 2 Advanced Control Panel 16 2 1 System Terminal Selecting System Terminal on the control panel logs you in at the command line to the B092...

Page 211: ...m the B092 016 and then switch the power back ON However if you cycle the power while the unit is writing to flash you could corrupt or lose data so the software Shutdown or Reboot from the control pa...

Page 212: ...mputer which is be used to manage a DRAC service processor or VMware virtual device on a remote server Each B092 016 gateway has an internal VNC server enabling remote administrators to oversee local...

Page 213: ...on FEATURE VALUE Dimensions B096 016 B096 048 17 x 12 x 1 75 in 43 2 x 31 3 x 4 5 cm B092 016 17 x 6 7 x 1 75 in 44 x 17 x 4 5 cm Weight B096 016 B096 048 11 8 lbs 5 4 kg B092 016 8 5 lb 3 9 kg Ambien...

Page 214: ...vention as adopted by Cisco SUN and others Serial Port Pinout The 16 48 RJ45 connectors on the B092 016 Console Server with PowerAlert and the B096 048 016 Console Server Management Switch have the fo...

Page 215: ...l Page 215 Connectors included in Console Server The B092 016 Console Server with PowerAlert and the B096 048 016 Console Server Management Switch ship with a cross over and a straight RJ45 DB9 connec...

Page 216: ...provided that 1 you may not rent lease sell sublicense or lend the Software 2 you may not reverse engineer decompile disassemble or modify the Software except and only to the extent that such activity...

Page 217: ...only be modified by express written consent of both parties If any part of this EULA is held to be unenforceable as written it will be enforced to the maximum extent allowed by applicable law and will...

Page 218: ...out modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaim...

Page 219: ...so meet all of these conditions a You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribu...

Page 220: ...ative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of th...

Page 221: ...THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU SHOULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICA...

Page 222: ...ess expressly licensed for other purposes is provided solely for reference purposes pursuant to the terms of your license Source code may not be redistributed unless expressly provided for in the term...

Page 223: ...EXTENT PROHIBITED BY APPLICABLE LAW ALL IMPLIED WARRANTIES INCLUDING ALL WARRANTIES OF MERCHANTABILITY OR FITNESS ARE LIMITED IN DURATION TO THE WARRANTY PERIOD SET FORTH ABOVE AND THIS WARRANTY EXPR...

Page 224: ...Tripp Lite World Headquarters 1111 W 35th Street Chicago IL 60609 USA 773 869 1234 USA 773 869 1212 International www tripplite com 23 200903108 93 2879_EN...

Reviews:

No comments