manualshive.com logo in svg

Tripp Lite B092-016, Owner'S Manual, Page: 206 / 242

Share
Download
Tripp Lite B092-016 Owner'S Manual Download Page 206

206

http://www.openssl.org/docs/apps/openssl.html

http://www.openssl.org/docs/HOWTO/certificates.txt

15.8 HTTPS

The Management Console can be served using HTTPS by running the webserver

via sslwrap

.

The server can be launched on request using

inetd

.

The HTTP server provided is a slightly modified version of the

fnord-httpd

from

http://www.fefe.de/fnord/

The SSL implementation is provided by the

sslwrap

application compiled with OpenSSL support.

More detailed documentation can be found at

http://www.rickk.com/sslwrap/

If your default network address is changed or the unit is to be accessed via a known Domain
Name, you can use the following steps to replace the default SSL Certificate and Private Key
with ones tailored for your new address.

1. Generating an Encryption Key

To create a 1024-bit RSA key with a password, issue the following command on the command
line of a Linux host with the

openssl

utility installed:

openssl genrsa -des3 -out ssl_key.pem 1024

2. Generating a Self-Signed Certificate with OpenSSL

This example shows how to use OpenSSL to create a self-signed certificate. OpenSSL is available
for most Linux distributions via the default package management mechanism. (Windows users
can check

http://www.openssl.org/related/binaries.html

)

To create a 1024-bit RSA key and a self-signed certificate, send the following

openssl

command

from the host you have

openssl

installed on:

openssl req -x509 -nodes -days 1000 \

-newkey rsa:1024 -keyout ssl_key.pem -out ssl_cert.pem

Summary of Contents for B092-016

Page 1: ...erver Management Switch Models B096 016 B096 048 Console Server with PowerAlert Model B092 016 Console Server Models B095 004 1E B095 003 1E M Tripp Lite World Headquarters 1111 W 35th Street Chicago...

Page 2: ...SB Port Connection 18 2 6 Rackmount Console KVM Connection B092 016 only 18 3 INITIAL SYSTEM CONFIGURATION 19 3 1 Management Console Connection 19 3 1 1 Connected Computer Set Up 19 3 1 2 Browser Conn...

Page 3: ...4 7 1 Install VirtualPort Client 52 4 7 2 Configure the VirtualPort Client 53 4 7 3 Remove a Configured Port 56 4 7 4 Configure the Remote Serial Device Connection 56 4 8 Managed Devices B095 004 003...

Page 4: ...ey Authentication 87 6 8 Setting up SDT for Remote Desktop Access 88 6 8 1 Enable Remote Desktop on the Target Windows Computer to be Accessed 88 6 8 2 Configure the Remote Desktop Connection Client 8...

Page 5: ...Alerts 120 8 2 5 UPS Status 120 8 2 6 Overview of Network UPS Tools NUT 120 8 3 Environmental Monitoring 122 8 3 1 Connecting the EMD 123 8 3 2 Environmental Alerts 124 8 3 3 Environmental Status 124...

Page 6: ...NAGEMENT 149 11 1 System Administration and Reset 149 11 2 Upgrade Firmware 150 11 3 Configure Date and Time 151 11 4 Configuration Backup B095 004 003 only 152 11 5 FIPS Mode B095 004 003 only 154 12...

Page 7: ...guration 179 14 7 1 SDT Host TCP Ports 179 14 8 Configuration Backup and Restore 180 14 9 General Linux Command Usage 181 15 ADVANCED CONFIGURATION 184 15 1 Advanced Portmanager 185 15 2 External Scri...

Page 8: ...l Terminal 220 16 1 2 Connect Browser 220 16 1 3 Connect VNC 221 16 1 4 Connect SSH 222 16 1 5 Connect IPMI 223 16 1 6 Connect Remote Desktop RDP 224 16 1 7 Connect Citrix ICA 225 16 1 8 Connect Power...

Page 9: ...can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a resid...

Page 10: ...nd information on this manual 2 Installation Details physical installation of the Console Server and the interconnection of controlled devices 3 System Configuration Describes the initial installation...

Page 11: ...orts to control all the serial connected devices and network connected devices hosts II Users Embraces those who have been set up by the Administrator with specific limits on their access and control...

Page 12: ...uration at the command line As an Administrator you can get command line access by connecting through a terminal emulator or communications program to the console serial port or by SSH or Telnet conne...

Page 13: ...procedure Bold text indicates text that you type or the name of a screen object e g a menu or button on the Management Console Italic text is also used to indicate a text command to be entered at the...

Page 14: ...Port USB Port Modem Power B096 048 48 2 1 1 Internal Dual AC Universal Input B096 016 16 2 1 1 Internal Dual AC Universal Input B092 016 16 1 1 KVM 4 Single AC Universal Input B095 004 1E 4 1 1 1 Exte...

Page 15: ...blue Connector DB9F RJ45S straight and DB9F RJ45S cross over AC power cable Quick Start Guide and CD ROM Unpack your Console Server and verify you have all the parts shown above and that they all appe...

Page 16: ...h The B096 048 16 Console Server Management Switch has dual universal AC power supplies with auto failover built in These power supplies each accept AC input voltage between 100 and 240 VAC with a fre...

Page 17: ...network that supports 10Base T 100Base T For the initial configuration of the Console Server you must connect a computer to the Console Server s principal network port 2 4 Serial Port Connection The...

Page 18: ...e KVM Connection B092 016 only B092 016 Console Server with PowerAlert can be connected directly to a rackmount console such as B021 000 17 or B021 019 by Tripp Lite to provide direct local management...

Page 19: ...nsole Server Note For initial configuration it is recommended that the Console Server be connected directly to a single computer However if you choose to connect your LAN before completing the initial...

Page 20: ...with a MAC address 00 13 C6 00 02 0F designated on the label on the bottom of the unit and we are setting its IP address to 192 168 100 23 The computer issuing the arp command must be on the same net...

Page 21: ...work settings on the System IP page Chapter 3 3 Configure port settings and enable the Serial Network Serial Port page Chapter 4 4 Configure users with access to serial ports on the Serial Network Use...

Page 22: ...2 Administrator Password For security reasons only the administration user named root can initially log into your Console Server Only those people who know the root password can access and reconfigur...

Page 23: ...ssword Note If you are not confident your Console Server has been supplied with the current release of firmware you can upgrade Refer to Upgrade Firmware Chapter 10 3 3 Network IP Address It is time t...

Page 24: ...dress By default the Console Server 10 100 LAN port auto detects the Ethernet connection speed However you can use the Media menu to lock the Ethernet to 10 Mb s or 100Mb s and to Full Duplex FD or Ha...

Page 25: ...ection of access protocols that can be used to access the Console Server The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet The User can also use the n...

Page 26: ...rnet HTTP Allows the Administrator basic browser access to the Management Console It is recommended that you disable the HTTP service if the Console Server is to be remotely accessed over the Internet...

Page 27: ...The default TCP IP base port address for Telnet access is 2000 and the range for Telnet is IP Address Port 2000 serial port i e 2001 2048 So if the Administrator were to set 8000 as a secondary base...

Page 28: ...s software for all communications with Console Servers Each Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server SDT Connector is a lightweight...

Page 29: ...similarly simple but you need to use the default port 23 3 5 3 SSHTerm Another common communications package that may be useful is SSHTerm This is an open source package that can be downloaded from h...

Page 30: ...Management Switch as a Management LAN Gateway The Management Switch in the B096 048 016 Console Servers can be configured to provide a management LAN gateway With this configuration the B096 048 016 p...

Page 31: ...ncipal Network connection on the System IP menu The B096 048 016 Console Server Management Switches also host a DHCP server which by default is set at disabled The DHCP server enables the automatic di...

Page 32: ...ds The lease time is the time that a dynamically assigned IP address is valid before the client must request it again Click Apply The DHCP server will sequentially issue IP addresses from a specified...

Page 33: ...ver Interface to be used in the event of an outage on the main network This can be o an alternate broadband Ethernet connection or o the B096 048 016 internal modem or o an external serial modem ISDN...

Page 34: ...VirtualPort windows client Managed Devices presents a consolidated view of all the connections version 3 0 firmware and later IPSec enabling VPN connection version 3 0 firmware and later 4 1 Configuri...

Page 35: ...available for each serial port These are independent of the mode in which the port is being used These serial port parameters must be set so they match the serial port parameters on the device which i...

Page 36: ...t Console Server Mode to enable remote management access to the serial console that is attached to the serial port Logging Level This specifies the level of information to be logged and monitored refe...

Page 37: ...nneled from their client computers to the serial port on the Console Server with a simple point and click To use SDT Connector to access consoles on the Console Server serial ports configure the SDT C...

Page 38: ...T Connector with the Console Server as a gateway then as a host and enable SSH service on Port 3000 serial port i e 3001 3048 refer to Chapter 6 You can also use common communications packages like Pu...

Page 39: ...nticated Telnet enables Telnet access to the serial port without requiring the user to provide credentials When a user accesses the Console Server to Telnet to a serial port they are normally given a...

Page 40: ...terruptible Power Supply UPS serial Remote Power Controller Power Distribution Unit RPC or Environmental Monitoring Device EMD Select the desired Device Type UPS RPC or EMD Proceed to the appropriate...

Page 41: ...and then transported over a network to a second Console Server where it is then represented as serial data So the two Console Servers effectively act as a virtual serial cable over an IP network One...

Page 42: ...enable logging of traffic on the selected serial port to a syslog server and to appropriately sort and action those logged messages i e redirect them send alert email etc For example if the computer a...

Page 43: ...trator can reconfigure the access services for any Host or serial port only trusted users should have Administrator access Note For convenience the SDT Connector Retrieve Hosts function retrieves and...

Page 44: ...Group Add a Group name and Description for each new Group then nominate Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any users in this new Group to be able to a...

Page 45: ...Groups in which case they take on the cumulative access privileges of each of those Groups A user does not have to be a member of any Groups but if the User is not even a member of the default user g...

Page 46: ...ices will be port forwarded through to the Host All other services TCP UDP ports will be blocked If the Console Server has been configured with distributed Nagios monitoring enabled then you will also...

Page 47: ...e new rule is to be applied to Then enter the Network Address of the subnet to be permitted access Then specify the range of addresses that are to be permitted by entering a Network Mask for that perm...

Page 48: ...arge number of serial ports up to 1000 can be configured and accessed through one IP address and managed through the one Management Console One Console Server the Master controls other Console Servers...

Page 49: ...keys will automatically be uploaded to the Master and connected Slaves 4 6 2 Manually Generate and Upload SSH Keys Alternately if you have a RSA or DSA key pair you can manually upload them to the Ma...

Page 50: ...nd upload it to Slave s SSH Authorized Key Click Apply The next step is to Fingerprint each new Slave Master connection This once off step will validate that you are establishing an SSH session with t...

Page 51: ...l the Slaves and the port numbers that have been allocated on the Master If the Master Console Server has 16 ports of its own then ports 1 16 are pre allocated to the Master So the first Slave added w...

Page 52: ...ration changes are propagated from the Master Similarly the Slave s Network Host and IPMI settings have to be configured at each Slave Also the Master s Management Console provides a consolidated view...

Page 53: ...stallation process Read the License Agreement then follow the prompts to select the destination path and choose the shortcuts you wish to create Once the installer completes you will have a working Vi...

Page 54: ...ed to enable SSL TLS encryption of the data going to the port You will need to enter a Password Select the starting COM port COM1 to COM4096 Specify the number of ports you want to add Sequential port...

Page 55: ...ackets option tests if the TCP connection is still up when no data has been sent for a while This is done by sending keep alive messages Select this option and specify a period of time in milliseconds...

Page 56: ...baud rate configured by the local Application using the COM port 4 7 3 To Remove a Configured Port At any stage you can delete a single configured COM port or delete the Console Server connection and...

Page 57: ...USB connected IP address if network connected Power PDU outlet details if applicable and any UPS connections Many Devices such as servers will commonly have more than one power connections e g dual p...

Page 58: ...draws power from the outlet the outlet will then take up the name of the powered Managed Device To add a new serially connected Managed Device Configure the serial port using the Serial Network Seria...

Page 59: ...the outlet names on the PDU will by default be Outlet 1 Outlet 2 When you connect a particular Managed Device that draws power from the outlet the outlet will then take up the name of the powered Man...

Page 60: ...Console Server configuration for dial in PPP access Once the Console Server is so configured it will wait for an incoming connection from a dial in at a remote site Then remote Administrator s must b...

Page 61: ...d rate and flow control using the Management Console You can further configure the console modem port settings by editing etc mgetty config files as described in Chapter 14 Select the Baud Rate and Fl...

Page 62: ...ot recommended PAP Password Authentication Protocol PAP is the usual method of user authentication used on the internet sending a username and password to a server where they are compared with a table...

Page 63: ...r modem Enter the PPP User Name and Password for have set up for the Console Server 5 1 4 Set Up Earlier Windows Clients for Dial In For Windows 2000 the PPP client set up procedure is the same as abo...

Page 64: ...er PPP link as the default for Internet connection 5 2 OoB Broadband Access B096 048 016 only The B096 048 016 Console Server Management Switch has a second Ethernet network port that can be configure...

Page 65: ...ce menu select Management LAN eth1 as the Failover Interface to be used when a fault has been detected with main Network Interface eth0 Specify the Probe Addresses of two sites the Primary and Seconda...

Page 66: ...anagement network When configuring the principal network connection in System IP specify Internal Modem or the Dial Serial DB9 if using an external modem on the Console port as the Failover Interface...

Page 67: ...67...

Page 68: ...inistrator s computer It is recommended that you use the SDT Connector client software supplied with the Console Server to do this SDT Connector is simple to install and it auto configures It provides...

Page 69: ...ked Note Following are some of the TCP Ports used by SDT in the Console Server 22 SSH All SDT Tunneled connections 23 Telnet on local LAN forwarded inside tunnel 80 HTTP on local LAN forwarded inside...

Page 70: ...edit command search for SDT Connector and then remove the directory with this name For Linux and other Unix clients SDTConnector tar gz application will install the sdtcon 1 n jar and the config file...

Page 71: ...or select the File New Gateway menu option Enter the IP or DNS Address of the Console Server and the SSH port that will be used typically 22 Note If SDT Connector is connecting to a remote Console Ser...

Page 72: ...rst be set up on the Console Server and must be authorized to access the specific ports hosts refer to Chapter 5 Only these permitted services will be forwarded through by SDT to the Host All other se...

Page 73: ...user i e they can be members of user or admin or some other group or no group SDT Connector will however not auto configure the root and it is recommended that this account is only used for initial co...

Page 74: ...s routers etc at that site 6 2 5 Manually Adding Hosts to the SDT Connector Gateway For each gateway you can manually specify the network connected hosts that will be accessed through that Console Ser...

Page 75: ...on options are pre configured in the default SDT Connector RDP client VNC client HTTP browser HTTPS browser Telnet client etc However if you wish to add new client applications to this range then proc...

Page 76: ...rom localhost Enter a local TCP port to bind to when creating the local endpoint of the redirection If this is left blank a random port will be selected Note SDT Connector can also tunnel UDP services...

Page 77: ...command line format When launching the client SDT Connector substitutes these keywords with the appropriate values path is path to the executable file i e the previous field host is the local address...

Page 78: ...PP Access section in Chapter 5 Configuring Dial In Access Set up the PPP client software at the remote User computer following the Set up the remote Client section in Chapter 5 Once you have a dial in...

Page 79: ...tion and then forwarding the RDP port over this SSH connection using the PuTTY client software Under the Session tab enter the IP address of the Console Server in the Host Name or IP address field For...

Page 80: ...label 3389 For example if the Label you specified on the SDT enabled serial port on the Console Server is win2k3 then specify the remote host as win2k3 3389 Alternately you can set the Destination as...

Page 81: ...d enterprise VPN connected Client computers using SSH as above This will protect against the risk of the man in the middle attacks to which RDP has a vulnerability http www securiteam com windowsntfoc...

Page 82: ...g on one of the ports which VNC uses Tunneling VNC over a SSH connection ensures all traffic is strongly encrypted Also no VNC port is ever open to the internet so anyone scanning for open VNC ports w...

Page 83: ...agement Console and or click SSH or Telnet to access the gateway command line console Note To enable SDT access to the gateway console you must now configure the Console Server to allow port forwarded...

Page 84: ...nes of Loopback ports or Local serial ports Click OK Click Serial Port 2 icon for Telnet access to the serial console on the device attached to serial port 2 on the gateway To enable SDT Connector to...

Page 85: ...vity is provided by a dial up or wireless modem directly attached to the gateway So out of band access enables you to access the hosts and serial devices on the network diagnose any connectivity issue...

Page 86: ...Out of Band Connection wait min rasdial network_connection disconnect The network_connection in the above is the name of the network connection as displayed in Control Panel Network Connections To sto...

Page 87: ...ool You may use RSA or DSA however it is important that you leave the passphrase field blank PuTTYgen http www chiark greenend org uk sgtatham putty download html OpenSSH http www openssh org OpenSSH...

Page 88: ...ed and encrypted tunnel SDT with RDP also allows remote Users to connect to Windows XP Vista Windows 2003 computers and to Windows 2000 Terminal Servers and to have access to all of the applications f...

Page 89: ...a single computer When the remote user connects to the accessed computer on the console session Remote Desktop automatically locks that computer so no other user can access the applications and files...

Page 90: ...then you would enter 192 168 0 50 7303 Where there is an SSH tunnel over a dial up PPP connection or over a public internet connection or private network connection simply enter the localhost as the I...

Page 91: ...older Windows platforms to remotely connect to a computer running Windows XP Professional or Windows 2003 Server B On a Linux or UNIX client computer Launch the open source rdesktop client rdesktop u...

Page 92: ...urce untar configure make make then install rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http www rdesktop org C On a Macintosh client Downl...

Page 93: ...ows server allowing you to view the desktop of a remote Windows machine on any of these platforms using exactly the same viewer RealVNC was founded by members of the AT T team who originally developed...

Page 94: ...onfigure and Connect the VNC Viewer VNC is truly platform independent so a VNC Viewer on any operating system can connect to a VNC Server on any other operating system There are Viewers and Servers fr...

Page 95: ...the VNC Host computer is serially connected to the Console Server then enter the IP address of the Console Server unit with the TCP port that the SDT tunnel will use The TCP port will be 7900 plus th...

Page 96: ...ground on VNC http en wikipedia org wiki VNC 6 10 Using SDT to IP Connect to Hosts that are Serially Attached to the Gateway Network IP protocols like RDP VNC and HTTP can also be used to connect to h...

Page 97: ...rk Connections in Control Panel and click the New Connection Wizard Select Set up an advanced connection and click Next On the Advanced Connection Options screen select Accept Incoming Connections and...

Page 98: ...CP IP addresses on the Incoming TCP IP Properties screen Nominate a From and a To TCP IP address and click Next Note You can choose any TCP IP addresses as long as they are addresses which are not use...

Page 99: ...fault Password is portXX So to use the defaults for an RDP connection to the serial port 2 on the Console Server you would have set up a Windows user named port02 When the PPP connection has been set...

Page 100: ...hich will enable port forwarding and SSH tunneling and enter a Username and User Password Note When you enable SDT this will override all other Configuration protocols on that port Note If you leave t...

Page 101: ...add a New SDT Host In the Host address you need to put portxx where xx the port to which you are connecting Example for port 3 you would have a Host Address of port03 and then select the RDP Service c...

Page 102: ...mental monitors UPS and PDU devices The Console Servers can also log access and communications with network attached hosts If port logs are to be maintained on a remote server then the access path to...

Page 103: ...authentication Similarly you can specify the Subject Line that will be sent with the email Click Apply to activate SMTP 7 1 2 SMS Alerts The Console Server uses email to SMS services to send SMS alert...

Page 104: ...age which is contained in full in the body of the email However some SMS gateway service providers require blank subjects or require specific authentication headers to be included in the subject line...

Page 105: ...10 7 2 Activate Alert Events and Notifications The Alert facility monitors the status of the Console Server and connected devices When an alert event is triggered a notification is emailed to a nomin...

Page 106: ...y the alert service that will be used to send notification for this event who to notify and what port host device is to be monitored At Add a New Alert enter a Description for this new alert Nominate...

Page 107: ...serial and or Applicable Host s and or Applicable UPS es and or Applicable RPC s and or Applicable EMD s and or Applicable Alarm Sensor s that are to be monitored for this alert trigger 7 2 2 Select G...

Page 108: ...etails on selecting and configuring this alert type 7 2 3 Configuring Environment and Power Alert Type This alert type will be applied to any UPS s RPC s and EMD temperature and humidity sensors you h...

Page 109: ...or open sensor you may not wish to activate the sensor alert monitoring during the working day Click Apply 7 3 Remote Log Storage Before activating Serial or Network Port Logging on any port or UPS lo...

Page 110: ...t to be logged Specify the Logging Level of for each port as Level 0 Turns off logging for the selected port Level 1 Logs all connection events to the port Level 2 Logs all data transferred to and fro...

Page 111: ...e used you also must set up the level of logging that is to be maintained for each service Specify the logging level that is to be maintained for that particular TDC UDP port service on that particula...

Page 112: ...dded PowerMan and NUT open source management tool RPC s include power distribution units PDU s and IPMI power devices 8 1 1 RPC Connection Serial and network connected RPC s must first be connected to...

Page 113: ...d access privileges you will have configured in Serial Networks Users Groups Check Log Status and specify the Log Rate minutes between samples if you wish the status from this RPC to be logged These l...

Page 114: ...the Status RPC Status menu A table with the summary status of all connected RPC hardware will be displayed Click on View Log or select the RPC Logs menu You will be presented with a table of the histo...

Page 115: ...al or USB cable or by the network to the Console Server The Console Server becomes the Master of this UPS and runs a upsd server to allow other computers that are drawing power through the UPS Slaves...

Page 116: ...PS and in the Serial Network Network Hosts menu for each network connected UPS refer to Chapter 4 No such configuration is required for USB connected UPS hardware Select the Serial Network UPS Connect...

Page 117: ...login credentials are not related to the Users and access privileges you will have configured in Serial Networks Users Groups If you have multiple UPSs and require them to be shut down in a specific...

Page 118: ...de an opportunity to perform any last gasp actions before power is lost during a power failure This is achieved by placing a script in etc config scripts ups shutdown You may use the etc scripts ups s...

Page 119: ...ct to the Console Server Refer to the NUT documentation for details on how this is done specifically sections 13 5 to 13 10 http eu1 networkupstools org doc 2 2 0 INSTALL html An example upsmon conf e...

Page 120: ...rmation on the select UPS system Click on any particular All Data for any UPS system in the table for more status and configuration information on the select UPS system Select UPS Logs and you will be...

Page 121: ...rs that draw power through the UPS i e Slaves of the UPS to shutdown gracefully when the battery power reaches critical Additionally one server is designated the Master of the UPS and is responsible f...

Page 122: ...l B090 EMD can be connected to any Console Server serial port and each Console Server can support multiple EMD s Each EMD has one temperature and one humidity sensor and one general purpose status sen...

Page 123: ...feet 10meters in length Tripp Lite N002 series cables Screw the bare wires on any smoke detector water detector vibration sensor open door sensor or general purpose open close status sensors into the...

Page 124: ...y the Log Rate minutes between samples if you wish the status from this EMD to be logged These logs can be views from the Status Environmental Status screen Click Apply 8 3 2 Environmental Alerts You...

Page 125: ...menu and a table with the summary status of all connected EMD hardware will be displayed Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical p...

Page 126: ...ole using HTTPS and using OpenSSL and OpenSSH to establish a secure Administration connection to the Console Server 9 1 Authentication Configuration Authentication can be performed locally or remotely...

Page 127: ...ssed Select Serial and Network Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal Enter the Server Address IP or host name of the remote Authentication Authorization serve...

Page 128: ...whenever the Console Server or any of its serial ports or hosts is accessed Select Serial and Network Authentication and check RADIUS or LocalRADIUS or RADIUSLocal or RADIUSDownLocal Enter the Server...

Page 129: ...erial ports or hosts is accessed Select Serial and Network Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal Enter the Server Address IP or host name of the remote Authenticatio...

Page 130: ...ges Example 1 User A is locally added and has access to ports 1 and 2 He is also defined on a remote TACACS server which says he has access to ports 3 and 4 The user may log in with either his local o...

Page 131: ...be added as required Changes may be made to files in etc config pam d which will persist even if the authentication configurator is run Users added on demand When a user attempts to log in but does no...

Page 132: ...nt Console Activate your preferred browser and enter https IP address For example if the Console Server has been set up with an IP address of 200 122 0 12 you need to type https 200 122 0 12 in your a...

Page 133: ...erver is embedded during testing and is not signed by a recognized third party certificate authority Rather it is signed by our own signing authority These warnings do not affect the encryption protec...

Page 134: ...are already familiar with Nagios skip ahead to section 10 3 10 1 Nagios Overview Nagios provides central monitoring of the hosts and services in your distributed network Nagios is freely downloadable...

Page 135: ...ient PC laptop etc running Windows Linux or Mac OS X Runs Tripp Lite SDT Connector client software 1 5 0 or later Connect to the central Nagios server web UI to view status of monitored hosts and seri...

Page 136: ...t of a network router and to send alerts back to the Nagios server when an administrator connects to the router or IIS server While this walk through provides an example details of the configuration o...

Page 137: ...enable logging Scroll down to Nagios Settings and check Enable Nagios Click New Check and select Check Ping Click check host alive Click New Check and select Check Permitted TCP Select Port 3389 Clic...

Page 138: ...ributed monitoring Nagios integration must be enabled and a path established to the central upstream Nagios server If the Console Server is to periodically report on Nagios monitored services then the...

Page 139: ...e IP address or DNS name that the Console Server will use to reach the upstream Nagios monitoring server Check the Disable SDT Nagios Extensions option if you wish to disable the SDT Connector integra...

Page 140: ...eds or thousands of hosts To enable NRPE Select System Nagios and check NRPE Enabled Enter the details for the user connection to the upstream Nagios monitoring server Again refer to the sample Nagios...

Page 141: ...Nagios configuration section below for some examples of configuring specific NSCA checks 10 3 4 Configure Selected Serial Ports for Nagios Monitoring The individual Serial Ports connected to the Cons...

Page 142: ...is to be monitored must also be configured for Nagios checks Select Serial Network Network Port and click Edit on the Network Host to be monitored Select Enable Nagios specify the name of the device a...

Page 143: ...tion http www nagios org docs for configuring the upstream server The section entitled Distributed Monitoring steps through what is needed to configure NSCA on the upstream server under Central Server...

Page 144: ...tation http www nagios org docs on Service and Host Freshness Checks Host definitions Console Server define host use generic host host_name tripplite alias Console Server address 192 168 254 147 Manag...

Page 145: ...me server dependent_service_description Serial Status service_description NRPE Daemon execution_failure_criteria w u c Port Log define command command_name check_port_log command_line USER1 check_nrpe...

Page 146: ...ripplite define service service_description host ping server host_name server use generic service check_command check_ping_via_tripplite active_checks_enabled 0 passive_checks_enabled 1 define service...

Page 147: ...of a connected host or service This status is then communicated to the upstream Nagios server which uses the results to monitor the current status of the distributed network Each Console Server is pre...

Page 148: ...ck_swap check_tcp check_time check_udp check_ups check_users There also are bash scripts which can be downloaded and run primarily check_log sh To configure additional checks the downloaded plug in pr...

Page 149: ...hapter 5 Configuring the Dashboard B095 004 003 only Chapter 12 11 1 System Administration and Reset The Administrator can reboot or reset the Console Server to default settings A soft reset is perfor...

Page 150: ...e root Password default 11 2 Upgrade Firmware Before upgrading check if you are already running the most current firmware in your Console Server Your Console Server will not allow you to upgrade to th...

Page 151: ...sole Your Console Server will have retained all its pre upgrade configuration information 11 3 Configure Date and Time It is recommended that you set the local Date and Time in the Console Server as s...

Page 152: ...box and click Apply 11 4 Configuration Backup B095 004 003 only It is recommended that you back up the Console Server configuration whenever you make significant changes such as adding new Users or M...

Page 153: ...ternal USB flash drive installed To backup and restore using USB Ensure the USB flash is the only USB device attached to the Console Server and click Prepare Storage in the Local Configuration Backup...

Page 154: ...le system on the first partition or the entire disk most USB thumb drives are already formatted this way o The file system must have the volume label OPG_DEFAULT o Insert this USB storage device into...

Page 155: ...ations with your browser are validated When reconnected it will display FIPs mode Enabled in the banner Note To enable FIPS mode from the command line login and run these commands config s config syst...

Page 156: ...Access and Active Users The Administrator can see which Users have access privileges to each serial port Select the Status Port Access The Administrator can also see the current status to identify wh...

Page 157: ...ure you include the Support Report with your email support request The Support Report should be generated when the issue is occurring and attached in plain text format Select the Status Support Report...

Page 158: ...d Specify the Match Pattern that is to be searched for e g the search for Mount is shown below and click Apply The Syslog will then be represented with only those entries that actually include the spe...

Page 159: ...n users other than root log into the Console Server If you log in as John and John is a member of the admin group and there is a dashboard layout configured for John then you will see the dashboard fo...

Page 160: ...scans all these files and displays a summary status in the alerts widget When an alert is deleted the corresponding XML files that belong to that alert are also deleted To configure what is to be disp...

Page 161: ...t The best way to format the output would be to send HTML commands back to the browser by adding echo commands in the script echo table You can of course run any command and its output will be display...

Page 162: ...connected Serial devices Network Hosts and Power devices Select Manage Devices By selecting the Serial Network Power item the display will be reduced to only those devices The user can take a range o...

Page 163: ...the connected power devices Select Manage Power 13 4 Serial Port Terminal Connection Administrator and Users can communicate directly with the Console Server command line and with devices attached to...

Page 164: ...rver must be added as a gateway as detailed in Chapter 6 The alternative to using SDT Connector and your local Telnet client is to download the open source jcterm java terminal applet into your browse...

Page 165: ...1 To access Port 4 this must be changed to 3004 for the Username 13 5 Remote Console Access B092 016 only Administrator and Users can also connect to the B092 016 Console Server with PowerAlert remot...

Page 166: ...166...

Page 167: ...erial Port Settings Supported Protocol Configuration Users and Trusted Networks Event Logging Configuration Remote Serial Port Log Storage and Alert Configuration The config documentation in this chap...

Page 168: ...8 0 1 by default Log on to the Console Server by pressing return a few times The Console Server will request a username and password Enter the username root and the password default You should now see...

Page 169: ...ult file is located at etc config config xml r run configurator Run the specified registered configurator Registered configurators are listed below s set id value Change the value of configuration ele...

Page 170: ...following command will synchronize the live system with the new configuration bin config run systemsettings The Console Server does not store user passwords in plain text so when manually setting the...

Page 171: ...the following command will save this new system time to the hardware clock bin hwclock systohc Alternately to change the hardware clock time you need to issue the following commands bin hwclock set d...

Page 172: ...c DHCP To enable a DHCP client on the primary Network interface eth0 from the Console Server command line bin config set config interfaces wan mode dhcp The following command will then synchronize the...

Page 173: ...the live system with the new configuration bin config run ipconfig 14 4 2 Dial In Configuration To enable dial in access on the DB9 serial port from the command line with the following attributes Loca...

Page 174: ...l in access please note that the procedure for enabling start up messages on the console port is covered in Chapter 15 Accessing the Console Port 14 4 3 Services Configuration You can manually enable...

Page 175: ...port configuration bin config set config ports port5 speed 115200 bin config set config ports port5 parity None bin config set config ports port5 charsize 8 bin config set config ports port5 stop 1 b...

Page 176: ...onfiguration bin config run serialconfig Note bin config commands can be combined into one command for convenience 14 5 3 Users You can add a User to the system from the command line by performing the...

Page 177: ...the following Determine the total number of existing trusted network rules If you have no existing rules you can assume this is 0 bin config get config portaccess total This command should display con...

Page 178: ...bin config set config eventlog server address 192 168 0 254 bin config set config eventlog server path tripplite logs bin config set config eventlog server username cifs_user bin config set config eve...

Page 179: ...o issue the following commands Assuming you have 1 previous alert in place bin config set config alerts alert2 email alert1 domain com bin config set config alerts alert2 pattern 0 0 id bin config set...

Page 180: ...00 Box description users total 1 total user1 John user1 users tcpports tcpport1 23 tcpport1 tcpports host3 hosts sdt config 14 8 Configuration Backup and Restore Before backing up the configuration yo...

Page 181: ...p config e tmp xxxxx config scp tmp xxxxx config 192 168 0 2 backups The config command is also used to restore a backup config i Input File This will extract the contents of the previously created ba...

Page 182: ...ww fsf org copyleft gpl html and source code will provided for any of the components of the Software licensed under the GNU General Public License upon request The Console Servers are built on the 2 4...

Page 183: ...route More details on the above Linux commands can found online at http en tldp org HOWTO HOWTO INDEX howtos html http www faqs org docs Linux HOWTO Remote Serial Console HOWTO html http www stokely c...

Page 184: ...rts Raw data access to the ports and modems This chapter also describes details how to perform advanced and custom management tasks using Linux commands and script iptables modifications and updating...

Page 185: ...scape commands that tip cu support For SSH you must prefix the escape with an additional command i e use the escape Send Break Typing the character sequence b will generate a BREAK on the serial port...

Page 186: ...linux db man fname usr share catman man8 chat 8 html pmusers The pmusers command is used to query the portmanager for active user sessions Example To detect which users are currently active on which...

Page 187: ...l to the portmanager will cause it to reread its configuration file 15 2 External Scripts and Alerts The portmanager has the ability to execute external scripts on certain events These events are I Wh...

Page 188: ...art sh exists it is run when a user connects to a port It is provided with 2 arguments the Port number and the Username Here is a simple example etc config pmshell start sh bin sh PORT 1 USER 2 echo W...

Page 189: ...ands in etc config scripts portXX init which gets run whenever portmanager opens the port Otherwise any setup you do with stty will get lost when the portmanager opens the port The reason that portman...

Page 190: ...es the iptables utility to provide a stateful firewall of LAN traffic By default rules are automatically inserted to allow access to enabled services and serial port access via enabled protocols The c...

Page 191: ...0 will be accepted when this script is installed at etc config filter custom Note that when this script is called any preexisting chains and rules have been flushed from iptables bin sh Set default p...

Page 192: ...ormation and or performs the requested operation s and returns the information to the sender This includes built in support for a wide range of MIB information modules and can be extended using dynami...

Page 193: ...fig Log in to the Console Server s command line shell as root or an admin user Refer back to the Management Console UI or user documentation for descriptions of each field To set the Manager Protocol...

Page 194: ...e Shell SSH Public Key Authentication This section covers the generation of public and private keys in a Linux and Windows environment and configuring SSH for public key authentication The steps to us...

Page 195: ...sshd_config o etc config ssh_config instead of etc ssh_config o etc config users username ssh instead of home username ssh 15 6 2 Generating Public Keys Linux To generate new SSH key pairs use the Li...

Page 196: ...y to supply it as runtime Full documentation for the ssh keygen command can be found at http www openbsd org cgi bin man cgi query ssh keygen 15 6 3 Installing the SSH Public Private Keys Clustering F...

Page 197: ..._keys If the Console Server device selected to be the server will only have one client device then the authorized_keys file is simply a copy of the public key for that device If one or more devices wi...

Page 198: ...lient2 More documentation on OpenSSH can be found at http openssh org portable html http www openbsd org cgi bin man cgi query ssh sektion 1 http www openbsd org cgi bin man cgi query sshd 15 6 5 Gene...

Page 199: ...eng download php To generate a SSH key using PuTTY http sourceforge net docs F02 clients Execute the PUTTYGEN EXE program Select the desired key type SSH2 DSA you may use RSA or DSA within the Parame...

Page 200: ...is enabled Test the Public Key by logging in as testuser Test the Public Key by logging in as testuser to the client device and typing you should not need to enter anything ssh o StrictHostKeyChecking...

Page 201: ...IS DOING SOMETHING NASTY Someone could be eavesdropping on you right now man in the middle attack It is also possible that the RSA host key has just been changed The fingerprint for the RSA key sent...

Page 202: ...of the tunnel and upload these keys to the Server and Client gateways Client Keys The first step in setting up SSH tunnels is to generate keys Ideally you will use a separate secure machine to genera...

Page 203: ...sa key pair Enter file in which to save the key home user ssh id_ rsa dsa Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in home user ssh id_ r...

Page 204: ...rver and two sets of keys for the control_room and the plant_entrance ls home user keys control_room control_room pub plant_entrance plant_entrance pub cat home user keys control_room pub home user ke...

Page 205: ...SSH client that SDT Connector launches e g Putty OpenSSH and the host s SSH server for public key authentication 15 7 Secure Sockets Layer SSL Support Secure Sockets Layer SSL is a protocol developed...

Page 206: ...ng steps to replace the default SSL Certificate and Private Key with ones tailored for your new address 1 Generating an Encryption Key To create a 1024 bit RSA key with a password issue the following...

Page 207: ...scp ssl_cert pem root address of unit etc config or using PSCP pscp scp ssl_key pem root address of unit etc config pscp scp ssl_cert pem root address of unit etc config PuTTY and the PSCP utility can...

Page 208: ...y 15 9 1 PowerMan PowerMan provides power management in a data center or compute cluster environment It performs operations such as power on power off and power cycle via remote power controller RPC d...

Page 209: ...fied only RPC s matching the target list are displayed T telemetry Causes RPC telemetry information to be displayed as commands are processed Useful for debugging device scripts x exprange Expand host...

Page 210: ...username p Override the configured password on This action switches the specified device or outlet s ON off This action switches the specified device or outlet s OFF cycle This action switches the spe...

Page 211: ...user can add their own support for more devices by putting definitions for them into etc config powerstrips xml This file can be created on a host system and copied to the Management Console device us...

Page 212: ...sole Server includes the ipmitool utility for managing and configuring devices that support the Intelligent Platform Management Interface IPMI version 1 5 and version 2 0 specifications IPMI is an ope...

Page 213: ...alled BMC and is included in Solaris 10 Management of a remote station requires the IPMI over LAN interface to be enabled and configured Depending on the particular requirements of each system it may...

Page 214: ...o connect to Default is 623 P password Remote server password is specified on the command line If supported it will be obscured in the process list Note Specifying the password as a command line optio...

Page 215: ...ers will be truncated For IPMI v2 0 the maximum password length is 20 characters longer passwords are truncated Commands help This can be used to get command line help on ipmitool commands It may also...

Page 216: ...og file line by line Each time it sees LOGIN username it adds the username to the list of connected users for that port each time it sees LOGOUT username it removes it from the list The list can then...

Page 217: ...that are connected Note The end of the Slaves names will be truncated so the first 5 characters must be unique Alternatively you can write a custom CGI script as described above The currently connecte...

Page 218: ...s chapter provides instructions on configuring the thin clients and using them locally and remotely The thin clients can be controlled from the rack side using a direct monitor keyboard mouse connecte...

Page 219: ...and update the commands that will be executed in connecting the service to the existing Host The sixteen serial ports are pre configured by default in Console Server mode for the B096 016 B096 048 Con...

Page 220: ...on the selected serial port The embedded terminal emulator uses rxvt a color vt102 terminal emulator You can find more details on configuration options in http www rxvt org manual html 16 1 2 Connect...

Page 221: ...logos are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries 16 1 3 Connect VNC Select Connect VNC on the control panel and click on the VNC server Host to be a...

Page 222: ...y right clicking on the VNC Viewer task Bar icon You can find more details on configuration options in http www realvnc com products free 4 1 man vncviewer html 16 1 4 Connect SSH SSH is typically use...

Page 223: ...in http ipmitool sourceforge net manpage html The ipmitool program provides a simple command line interface to the BMCs and features the ability to read the sensor data repository SDR display the con...

Page 224: ...anplus H hostname U username P password sel info 16 1 6 Connect Remote Desktop RDP Select Connect RDP on the control panel and click on the Windows computer to be accessed The rdesktop program in your...

Page 225: ...name option Description a Color depth 8 16 24 r Device redirection i e Redirect sound on remote machine to local device i e 0 r sound MS Windows 2003 g Geometry widthxheight or 70 screen percentage p...

Page 226: ...16 2 Advanced Control Panel 16 2 1 System Terminal Selecting System Terminal on the control panel logs you in at the command line to the B092 016 Linux kernel As detailed in Chapters 14 and 15 this en...

Page 227: ...you cycle the power while the unit is writing to flash you could corrupt or lose data so the software Shutdown or Reboot from the control panel is the safer option 16 2 3 System Logout Clicking Syste...

Page 228: ...or VMware virtual device on a remote server Each B092 016 gateway has an internal VNC server enabling remote administrators to oversee local activity and giving them the option to access and control a...

Page 229: ...x 1 75 in 44 x 17 x 4 5 cm B095 004 B095 003 4 1x3 4x1 1 in 10 3 x 8 7 x 2 8 cm Weight B096 016 B096 048 11 8 lbs 5 4 kg B092 016 8 5 lb 3 9 kg B095 004 B095 003 2 2 lbs 1 0 kg Ambient operating temp...

Page 230: ...ut The 16 48 RJ45 connectors on the B092 016 Console Server with PowerAlert and the B096 048 016 Console Server Management Switch have the following pinout PIN SIGNAL DEFINITION DIRECTION 1 CTS Clear...

Page 231: ...16 Console Server with PowerAlert and the B096 048 016 Console Server Management Switch ship with a cross over and a straight RJ45 DB9 connector for connecting to other vendor s products O E DB9F RJ45...

Page 232: ...end the Software 2 you may not reverse engineer decompile disassemble or modify the Software except and only to the extent that such activity is expressly permitted by applicable law notwithstanding t...

Page 233: ...If any part of this EULA is held to be unenforceable as written it will be enforced to the maximum extent allowed by applicable law and will not affect the enforceability of any other part Should you...

Page 234: ...conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the abov...

Page 235: ...ed files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is deriv...

Page 236: ...ot accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for co...

Page 237: ...ULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER O...

Page 238: ...y for reference purposes pursuant to the terms of your license Source code may not be redistributed unless expressly provided for in the terms of your license 4 Third Party Code Additional copyright n...

Page 239: ...er must have transportation charges prepaid Mark the RMA number on the outside of the package If the product is within its warranty period enclose a copy of your sales receipt Return the product for s...

Page 240: ...where prohibited Some restrictions apply See website for details WARNING Use of this equipment in life support applications where failure of this equipment can reasonably be expected to cause the fail...

Page 241: ...ne like for like basis this varies depending on the country Send the new equipment back for recycling when this ultimately becomes waste Tripp Lite follows a policy of continuous improvement Product s...

Page 242: ...Tripp Lite World Headquarters 1111 W 35th Street Chicago IL 60609 USA www tripplite com support 2 201001079 93 2879 EN...

Reviews:

No comments