manualshive.com logo in svg

Vertiv Avocent, Installer/User Manual

Share
Download
Vertiv Avocent Installer/User Manual Download Page 77

The appliance uses an embedded cryptographic module that is based on the FIPS 140-2 validated cryptographic module
(s) (certificate numbers 1747 and 1279) running on a Linux PPC platform.

To enable or disable the FIPS 140-2 module: 

1.

From the sidebar, click

Security

.

2.

Under the FIPS 140-2 heading, check the FIPS 140-2 Mode checkbox to enable it.

-or-

If the box is already checked, check it again to disable FIPS 140-2 Mode.

3.

Click

Apply

to restart the appliance.

6.4.3 Address Filter

The appliance supports device access filtering by IP address and/or MAC address. When this feature is enabled, you can
filter addresses by either allowing or disallowing IP and/or MAC addresses. These modes of operation are mutually
exclusive and both actions cannot be enabled at the same time.

By default, the appliance's IP address is always considered to be an allowed address and cannot be added to either section
on the page. When this feature is enabled, devices with addresses added to the Allowed Address section are granted access
to the appliance and those that do not appear on the allowed list are not. Similarily, devices with address added to the
Disallowed Addresses section are not granted access to the appliance, while those that do not appear on the disallowed list
are allowed to access the appliance.

When address filtering is enabled, the mode of operation is active and an address list appears in either the allowed or the
disallowed text box, the address filtering settings are maintained throughout reboots or firmware upgrades of the appliance.

Vertiv

| Avocent® Universal Management Gateway Appliance Installer/User Guide |

71

Summary of Contents for Avocent

Page 1: ...Avocent Universal Management Gateway Appliance Installer User Guide ...

Page 2: ...r any installation or operational issues with your product check the pertinent section of this manual to see if the issue can be resolved by following outlined procedures For additional assistance visit https www VertivCo com en us support ...

Page 3: ...g the Hardware 6 2 3 1 Appliance connectors 6 2 3 2 Connecting targets 8 2 4 Turning On the Appliance 9 2 5 Verifying the Connections 9 2 5 1 Front and rear panel power status LEDs 9 2 5 2 Rear panel Ethernet connection LEDs 10 2 5 3 Rear panel autosensing dedicated IP port LEDs 10 2 6 Configuring the Appliance 10 2 7 Configuration Example 10 2 7 1 Using Telnet or SSH to access a serial target 12 ...

Page 4: ...arget Rights 32 5 6 5 Groups 32 5 7 Targets 36 5 7 1 Licenses 36 5 7 2 Port configuration 36 5 7 3 SP management 43 5 7 4 Firmware upgrade and repository 45 5 7 5 Serial management 48 5 7 6 PDU management 51 5 8 Asset Location 52 5 8 1 RFID tag 52 5 8 2 KVM management 53 5 8 3 Target groups 59 5 9 Startup 59 5 10 Firmware 60 5 10 1 Backing up and restoring appliance configuration 60 5 11 USB Devic...

Page 5: ... 88 7 1 7 Logs 88 7 1 8 IML 88 7 1 9 System Info 88 7 1 10 Node Manager 88 7 2 UMIQ Modules 89 7 3 KVM Session Optimization 89 7 4 Serial Console 90 7 5 PDU 90 7 5 1 Properties 90 7 5 2 Outlets 90 7 5 3 Overview 90 7 5 4 Current Voltage Power Consumption Energy Consumption 91 7 5 5 Settings 91 7 6 Power Outlet 92 7 7 Accessible Targets 92 8 Sensors and Events 93 8 1 Sensors 93 8 2 Events 93 8 2 1 ...

Page 6: ...shooting SPs 100 Appendix G Appliance Troubleshooting 101 Appendix H Troubleshooting From the Appliance Shell 103 Appendix I IP Masquerading for 1 to 1 NAT 105 Appendix J Firewall and NAT Configuration Scenarios 106 Appendix K Video Resolution 108 Vertiv Avocent Universal Management Gateway Appliance Installer User Guide iv ...

Page 7: ...minal or from a computer with a terminal emulation program that is connected to the console port and can use the CLI 1 1 2 Autosense The Avocent Universal Management Gateway 2000 appliance has eight autosensing ports that can be used for either service processor SP or serial connectivity and management It has an additional 32 RJ45 ports which are intended solely for SP connectivity and management ...

Page 8: ...I to create user accounts authorize groups and configure security and ports Authorized users can access connected devices through the web UI to troubleshoot maintain cycle power or to reboot connected devices and change their password For more information on the web UI see Web User Interface on page 19 1 1 4 VGA and USB connections Standard VGA and USB connections can be used to attach an LCD tray...

Page 9: ...able appliances The Avocent Universal Management Gateway appliance allows you to view move or copy data located on virtual media to and from any target device Manage remote systems more efficiently by allowing operating system installation operating system recovery hard drive recovery or duplication BIOS updating and target device backup Smart cards such as the Common Access Card CAC can be used t...

Page 10: ...Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 4 This page intentionally left blank ...

Page 11: ...om each side of the Avocent Universal Management Gateway appliance 2 Position each bracket so it is not covering the side vents of the appliance 3 Secure the mounting brackets to the appliance using the eight chrome screws supplied with the appliance 4 Loosely attach the two slide rail brackets to the front of the rack using the appropriate screws for your rack 5 From the rear of the rack slide th...

Page 12: ... installation This product is not intended to be connected directly or indirectly by any means whatsoever to interfaces of public switched telecommunications networks PSTN Always obey all local and national fire and building codes Be sure to firestop all cables that penetrate a firewall Use plenum rated cable where it is required Do not disable the power grounding plug The grounding plug is an imp...

Page 13: ...wer Indication LED 3 GB2 eth1 10 100M 1G Ethernet port Can be connected to a second network or used for failover 4 Sensors 5 Autosensing ports On the Avocent Universal Management Gateway 4000 and 6000 appliances all ports are autosensing On the Avocent Universal Management Gateway 2000 appliance the eight ports on the left are autosensing and the other 32 are dedicated Table 2 2 Connectors on the ...

Page 14: ...he devices to the appliance using an adaptor if necessary NOTE To comply with EMC requirements use shielded cables for all port connections WARNING Do not turn on the power on the connected devices until after the appliance is turned on To daisy chain PDUs to the appliance NOTE This procedure assumes you have one PDU connected to a port on the appliance 1 Connect one end of a UTP cable with RJ45 c...

Page 15: ...nce 1 Plug the power cables into the appliance and into a power source 2 Turn on the connected devices 2 5 Verifying the Connections 2 5 1 Front and rear panel power status LEDs The front panel of appliance has a dual color general status LED that may illuminate The LED illuminates green when the appliance is turned on and operating normally The LED blinks green when the appliance is booting The L...

Page 16: ...rts All terminal commands are accessed through a terminal or PC running terminal emulation software NOTE To configure the appliance using Avocent DSView software see the Avocent DSView 4 Management Software Installer User Guide To configure using the appliance s web UI see Administration on page 23 To configure using Telnet or SSH see the Avocent Universal Management Gateway appliance Command Refe...

Page 17: ...Figure 2 5 Typical Avocent Universal Management Gateway Appliance Configuration Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 11 ...

Page 18: ...computer from which the connection is made To use Telnet to connect to a target through a serial port For this procedure you need the username configured to access the serial port the target name for example 14 35 60 p 1 device name for example ttyS1 TCP port alias for example 7001 and the hostname of the appliance or its IP address To use a Telnet client enter the information in the dialog boxes ...

Page 19: ...ostname IP_address or ssh l username TCP_Port_Alias hostname IP_address To close an SSH session At the beginning of a line enter the hotkey defined for the SSH client followed by a period The default is Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 13 ...

Page 20: ...Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 14 This page intentionally left blank ...

Page 21: ...pported web browser via the VGA console from an LCD tray or KVM switch or via the CLI Setup port using a serial cable and terminal emulation software Use the provided RJ45 to DB9F adaptor to connect a terminal or workstation to the CLI Setup port Terminal settings are 9600 8 N and 1 with no flow control and ANSI emulation NOTE For instructions on assigning an IP address using the CLI see the Avoce...

Page 22: ...ance by looking at the DHCP leases on the network DHCP server Enter https appliance IP in your browser to connect to the appliance To assign the IP address 1 Log in to the appliance via its console port using admin as both the username and password 2 Click the Administration button 3 Click the Network Settings folder 4 Click the GB1 eth0 entry in the table and change the method to Static 5 Assign ...

Page 23: ...9002 and 47777 48117 must be open for full Trellis Real Time Infrastructure Optimization Platform support ORDER SERVICE ACTION USE CASE RECOMMENDATION 1 any Accept Needed for internal appliance communication Do not disable 2 any Accept Needed for internal appliance communication Do not disable 3 srv WEB UI Accept Needed to access the appliance web UI set to DROP to disable web UI 4 srv PING Accept...

Page 24: ...ware management and monitoring support set to DROP if not using Trellis platform software 29 srv UMG Service 4 Accept Needed for Trellis platform software management and monitoring support set to DROP if not using Trellis platform software 30 srv UMG Service 5 Accept Needed for Trellis platform software management and monitoring support set to DROP if not using Trellis platform software 31 srv UMG...

Page 25: ...mand Reference Guide or the Avocent DSView 4 Management Software Installer User Guide 4 1 Web UI Overview To log into the web UI 1 Open a web browser to the address http appliance IP 2 At the login screen enter your username and password 3 After logging in you will see the Targets tab NOTE When using the VGA console you can choose alternate locales or keyboard types NOTE Adobe Flash Player and Ora...

Page 26: ... 2 Using the Sidebar The sidebar is used to display windows that specify settings or perform operations The contents of the sidebar varies depending on the tab and top navigation bar selections and the window that is displayed 4 2 1 Admin role By default Admins have access to all the tabs of the web UI Admins can access the Targets Sensors Events and Administration tabs of the UI By default the lo...

Page 27: ...otion leak and other supported environmental data For more information see Sensors and Events on page 93 4 3 3 Events The Events tab contains the event and alert logs for the appliance The data shown on this tab is read only except for the ability to clear event and alert entries For more information see Sensors and Events on page 93 4 3 4 Administration The Administration tab contains all the nec...

Page 28: ...Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 22 This page intentionally left blank ...

Page 29: ...s configure email settings You can use the buttons at the top of the screen to reboot shut down or launch an SSH session to the appliance WARNING Always execute the shutdown command through the web UI CLI or DSView software under the Overview Tools node before turning the appliance off then on again This will ensure the reset doesn t occur while the file system in Flash is being accessed and it he...

Page 30: ...ation on page 36 NOTE Changes to the appliance network mode will invalidate default firewall rules and can interrupt communication with the appliance See the following for more information Placing the appliance into Failover mode or adding eth0 or eth1 to a Bridge group will disable the IP addresses currently assigned to some all appliance interfaces New interfaces will be activated Failover bond0...

Page 31: ...Select the appropriate radio button option from the Failover Routed IPv4 Trigger Mode list 7 Click Apply 5 3 2 Bridge Group Configuration An administrator can choose network interfaces to bridge together into a logical bridge group This feature simplifies the creation deletion and maintenance of bridged interfaces You can bridge both physical and virtual interfaces and bridging supports user creat...

Page 32: ...lick Add to add a new host 3 Enter the IP address hostname and alias of the host you want to add then click Apply To delete a host 1 From the sidebar select Network Hosts 2 Click on the name of the hostname you want to delete then click Delete 5 3 4 Routes Proper routing will ensure that traffic flows from clients to the appliance and back The routing table in the appliance shows the networks that...

Page 33: ...D must be unique within the entire OSPF domain 4 Use the drop down menus to set the Interfaces to either Active or Passive OSPF will not speak to any interface set to Passive 5 To add a network enter the address for the network and its area then click Add 6 To edit an existing network check the box next to the network under the Modify an OSPF Network heading When finished click Apply 7 To delete a...

Page 34: ...client for network share 1 From the sidebar of the Administration tab click Network Settings Network Share 2 Under the Settings tab in the External Samba Server field enter the IP address or hostname of the Samba server 3 In the Share Path field enter the subdirectory that represents the network share NOTE The field may be left empty to represent the root directory 4 In the Domain Name field enter...

Page 35: ...are set to expire after one year by default Medium Passwords must contain at least eight characters including one number and one capital letter When a user changes a password it must be different from the old password Passwords are set to expire after 90 days by default Strong Passwords must contain at least 16 characters including one special character one number and one capital letter When a use...

Page 36: ...om the sidebar click Users 2 Click Add to create a new user The Create User screen appears Enter the new username and password and use the drop down menu to define the user role User Power User or Admin or Click the name of a user to modify that user The Modify User screen appears Enter a new password for the User and use the drop down menu to change the user role 3 Define the preemption level 4 C...

Page 37: ...ill use to communicate with the LDAP server e Enter the Bind Password which is the password of the service account f Enter the PAM Attribute which is the user account attribute that will be used by the appliance to authenticate user credentials against the LDAP server NOTE The PAM Attribute is case sensitive Figure 5 2 LDAP Configuration Example You must now create a user group or groups in the ap...

Page 38: ...rs can alter the permissions and access rights of users belonging to the Power User or User groups or create additional groups with custom permissions and access rights Administrators can add delete or modify permissions and access rights for users from any group at any time For example if an administrator configures the appliance to restrict user access to a target the administrator can assign us...

Page 39: ...er users have no access to the ports or power management options and share all of the appliance access rights as admin except for configure user accounts and shell access which are permanently disabled for this group User group Members of the user group have access to target devices unless they are restricted by an administrator but have no access rights for the appliance Administrators can add ap...

Page 40: ...HAS RIGHTS RESULTING TARGET RIGHTS Yes Yes Yes Yes No No No Yes No No No No Table 5 6 Target Rights To manage target rights 1 Under Managed Targets click the target for which you want to manage rights 2 Check the appropriate box to either allow or deny general access rights 3 For serial targets use the drop down menu to select the session access and check the box es to kill a multi session or for ...

Page 41: ...Outlet Properties Off Targets Tab Power Outlet Power Outlet Properties Cycle Targets Tab PDU PDU Outlets On Targets Tab PDU PDU Outlets Off Targets Tab PDU PDU Outlets Cycle Physical KVM If you allow Physical KVM rights you have rights to the following Targets Tab Appliance Remote Access Targets Tab UMIQ KVM switch Connect Virtual KVM If you allow Virtual KVM rights you have rights to the followin...

Page 42: ...ficient licenses to discover or add targets you will receive a low license warning Targets in excess of the available licenses will be ignored 5 7 2 Port configuration An autosense port can operate in either serial or network mode Ports configured for network mode will be assigned to a virtual interface that provides the IP communication with connected devices The appliance contains three preconfi...

Page 43: ...rt Configuration Serial Settings to view or change the default serial interface communication settings To configure serial mode settings 1 For serial devices connected to a port click Targets Port Configuration Serial Settings 2 Select the port and click Serial Port Setting 3 Use the drop down menus to select the state speed parity data size stopbits flow and the serial pinout type NOTE The defaul...

Page 44: ...l rules will need to be created for the interface that will receive the DHCP request to permit FORWARD traffic to the external DHCP server host and back again 3 DHCP leases are defined in days default is 30 4 Dynamic ranges can be added or deleted by clicking Add or Delete Within each dynamic range the gateway field defines the range association with a virtual interface 5 DHCP reservations are cre...

Page 45: ...l interfaces do not have addresses assigned to them by default To assign DHCP ranges to the spm and kvm virtual interfaces to discover and manage certain classes of devices independently the virtual interface must first be assigned an IP The priv virtual interface is by default 192 168 10 1 24 To assign virtual interfaces IP addresses 1 Browse to the Network Settings page located at Administration...

Page 46: ...r the search then enter the IP addresses for the range in the From and To fields 4 Use the drop down menu to either manually or automatically start the search 5 If you want to automatically discover devices on a timed interval you can enter an interval range from 10 minutes to 30 days Enter the time interval in dd hh mm days hours minutes format 6 Use the right and left arrows to select the discov...

Page 47: ...e in the appropriate fields NOTE The range must be between 2000 and 65496 4 Enter a description for the range in the appropriate field 5 Click Apply To delete a TCP port range Check the box next to the range you want to delete and click Delete IPMI and discovery settings An administrator can automatically enable the Intelligent Platform Management Interface IPMI on the appliance during discovery o...

Page 48: ... log displays the results of SP add and SP discovery processes on the appliance The log chronologically displays the status of the add discovery steps and will automatically update as status changes occur To view the discovery log from the Administration tab click Targets Discovery then click the Log tab TYPE DESCRIPTION Filter Options Method Defines whether the SP was discovered manually added or...

Page 49: ...ort the SP type The username password must be provided in the Add SP Wizard Common credentials can be pre populated in the Default Users tab The profile you choose needs to match the SP as closely as possible SPs that use IPMI will use the KG Hex format and Cipher settings to implement a symmetric IPMI 2 0 encryption key to encrypt the UDP based IPMI traffic To ensure all of the SPs capabilities a...

Page 50: ...ll populate within the list of SPs 6 You can click Stop Importing to stop the remainder of the import process To edit an SP 1 From the sidebar click Targets SP Management then click the Service Processors tab 2 Click the name of the SP you want to edit 3 Under the Modify SP tab you can edit the SP s name username password and depending on the profile type the KG cipher SoL data buffering and virtu...

Page 51: ...Targets SP Management then click the Firmware Repository tab The page displays all the firmware stored in either the local or remote repository 2 Click Add to add new firmware to the repository 3 Use the drop down menu to store the firmware locally on the appliance or remotely via the network share 4 Use the drop down menu to select the firmware profile and enter a firmware version or comment as d...

Page 52: ...IML the Pre Defined group will be disabled as well An administrator can change the SP type for the Pre Defined group setting though the group and log source should remain matched To modify an alert group setting 1 From the sidebar of the Administration tab click Targets SP Management then click the Alert Settings tab 2 Check the box next to the SPs you want to modify 3 Use the drop down menu to se...

Page 53: ...n the appliance The target interdiction feature operates in either User mode or Host mode The User mode allows you to manually change the password for the Service Processor In this mode the user creates and confirms the password manually For even more security enable the Host mode which allows the appliance to control the SP by creating and securely storing the password When the SP is in Host mode...

Page 54: ...od field as well as an enabled Change Immediate checkbox To enable User mode or regain control of the SP from Host mode NOTE To regain control of the SP from the appliance you must enable the User mode 1 From the sidebar of the Administration tab click Targets SP Management then click the User Info tab 2 Click the checkbox next to the SP target you want to place in User mode 3 Click the User mode ...

Page 55: ...n Normal the DTR status will depend on the existence of a CAS session Off Interval when the a CAS session is closed the DTR will stay down during this interval Default Normal DTR Off Interval Interval used by DTR Mode Off Interval in milliseconds Default 100 Line Feed Suppression Enables the suppression of the LF character after the CR character Default Disabled Null After CR Suppression Enables t...

Page 56: ...load Logs or The log files can be accessed or downloaded from the appliance shell in the directory log DB CAS profile From the CAS profile page you can configure the serial console features including the host name auto discovery auto speed and auto time out To configure the CAS profile 1 From the sidebar click Targets Serial Management 2 Click the CAS Profile tab 3 Under the Settings heading enter...

Page 57: ...turn power on turn power off and reset devices that are plugged into a connected PDU The following table displays the types of PDUs supported the communication protocols used and the ports that can be connected TYPE PROTOCOL PORTS Avocent PM PDU PM10 20 1000 2000 3000 Serial Any autosense port Liebert MPH MPX MPH2 MPX2 IP SNMP Any appliance port or Remote via LAN infrastructure Table 5 11 PDU Mana...

Page 58: ...lligence Module DCIM along with Remote Frequency Identification RFID tags RFID tags are placed on devices before they are installed in the rack The asset tracking appliance then monitors those devices and can relay their placement and status to a connected server or device Multiple asset tracking appliances can be added to the Avocent Universal Management Gateway appliance To enable asset tracking...

Page 59: ...onfigurable for analog local or digital remote connectivity Enhanced video resolution support up to 1600 x 1200 or 1680 x 1050 wide screen native from target to remote NOTE For a full list of supported resolutions see Video Resolution on page 108 Virtual media capability accessed through USB ports Smart card capability UMIQ module An Avocent UMIQ module is an adaptor that provides traditional VGA ...

Page 60: ...er one can be connected to the appliance and the other can be connected to a dedicated service processor port on the server The cable length can be up to 100 meters long WARNING Never connect a network switch hub firewall router between the appliance and a UMIQ module The appliance sends electricity that will damage anything that is not a UMIQ module LED PATTERN DESCRIPTION Power LED Constant ON P...

Page 61: ...LED on the module is flashing to help you locate it Upgrading UMIQ modules The UMIQ module Flash upgrade feature allows appliance administrators to update UMIQ modules with the latest firmware available After the Flash memory is reprogrammed with the upgrade the appliance performs a soft reset which terminates all UMIQ module sessions A target device experiencing an UMIQ module firmware update may...

Page 62: ... The Session Connection Timeout sets the maximum amount of time allowed to try to establish a KVM session before timing out when another session is waiting to be connected Under most circumstances the default Normal is the preferred setting Using Normal will ensure the system is responsive and will avoid Path Blocked warnings The longer time out settings can be used for special circumstances such ...

Page 63: ...ption Control specifies whether the user will be notified before the KVM session is preempted If Session Preemption Control is enabled the Session Preemption Timeout specifies the number of seconds to wait after notifying a user the KVM to preempt the session For more information on preemption see Preemption Levels on page 29 Virtual media Under the Virtual Media heading you can enable virtual med...

Page 64: ... time from 1 to 120 seconds that a prompt will be displayed to inform you that your session is going to be preempted c Check the box if you want to enable PPP 7 For Virtual Media a Check the box es to enable virtual media lock to KVM session or allow reserved sessions b From the drop down menu select the Virtual Media Access Mode 8 Select the checkbox to enable Smart Card access 9 Click Apply EDID...

Page 65: ...rming a factory restore will reset the pass through mode to its default state To enable UMIQ pass through 1 Click KVM Management UMIQ Pass Through 2 Check the box to enable UMIQ pass through mode and click Apply 3 Click Firewall and NAT from the sidebar Select the box next to Forwarding Rule 512 and use the drop down menu to change the rule state to Not Active Click Apply 4 Create a static routing...

Page 66: ...minutes to two hours During this time the appliance will appear to be offline If the session times out during the upgrade the upgrade will be canceled For this reason it is recommended you first disable the session time out before upgrading the firmware To disable the session time out 1 From the sidebar click Users 2 Click on the user performing the upgrade 3 Uncheck the Session Times Out box 4 Cl...

Page 67: ...ed an IP address must be configured before the backup configuration file can be applied See Booting from the Network on page 98 for Netboot application steps To delete a configuration file 1 From the sidebar of the Administration tab click Firmware 2 Under the File List heading check the box next to the configuration file you want to delete and click Delete File NOTE Deleting the configuration fil...

Page 68: ...sius Fahrenheit Humidity RH Door Status Active Inactive Leak Status Active Inactive Motion Status Active Inactive Vibration Status Active Inactive Smoke Status Active Inactive Table 5 15 Environmental Measurements 5 12 1 Com Digital Input The COM digital input DI sensors view and monitor motion and smoke They can be connected to the DI1 DI2 ports on the back of the appliance PROPERTY DESCRIPTION D...

Page 69: ...on the back of the appliance PROPERTY DESCRIPTION DEFAULT VALUE Sensor Sensor ID Read Only System Defined Value Enabled Enable or Disable Enabled Name Name of the sensor Sensor ID Default State Closed or Open Open Location The sensor s location or position Blank Type Type of sensor Custom smoke leak or motion Custom Address The serial number of the sensor Read Only Information from Sensor Table 5 ...

Page 70: ...ture Address The serial number of the sensor Read Only Information from Sensor Location The sensor s location or position Blank Table 5 19 RS485 Environmental Sensor Properties To add enable or remove an RS485 environment sensor 1 Click Administration Sensors RS485 Environment Sensor 2 Use the drop down menus to select the Type and Address for the sensor 3 Enter the name for the sensor and if appl...

Page 71: ...e PDU Temperature Sensors Delta table To view the delta calculation click the Sensors tab then click Delta The delta appears in the PDU Temperature Sensors Delta table To delete a delta calculation 1 From the sidebar click Sensors PDU Temperature Sensors Delta 2 Check the box next to the delta you want to delete then click Delete Vertiv Avocent Universal Management Gateway Appliance Installer User...

Page 72: ...Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 66 This page intentionally left blank ...

Page 73: ...ou create using SNMP version 3 are encrypted and stored on the appliance The following table provides the options that are available using SNMP version 3 SECURITY LEVEL AUTHENTICATION TYPE PRIVACY TYPE NO_AUTH_NO_PRIV Open None None AUTH_NO_PRIV Authentication Only SHA None AUTH_PRIV Authentication and Privacy SHA AES Table 6 2 SNMP Version 3 Security Levels To configure SNMP protocol 1 In the nav...

Page 74: ... name 5 The Tag field is optional and will filter messages that do not match the Tag string 6 Under the Facility heading use the arrows to select the local facilities 7 Under the Severity heading use the arrows to select the severity 8 Click Apply 6 1 3 Email You can configure the appliance to send alerts to an email address To configure email alerts 1 From the sidebar go to Appliance Settings Ema...

Page 75: ...n sessions on the appliance To delete a session 1 From the sidebar click Sessions The sessions screen appears and lists all appliance and target sessions to the appliance 2 Select the checkbox next to the session you want to delete then click the Delete button After a few seconds the sessions screen will redisplay the open sessions minus the one you deleted 6 3 Support From the sidebar click Suppo...

Page 76: ...nce 6 4 2 FIPS 140 2 The appliance follows the guidelines set forth by the FIPS 140 2 program The FIPS mode of operation can be enabled or disabled via the web UI and is executed after a reboot When the FIPS module is enabled a reboot of the switch requires approximately two additional minutes to complete a FIPS mode integrity check Also when FIPS is enabled if the keyboard mouse or video encrypti...

Page 77: ...exclusive and both actions cannot be enabled at the same time By default the appliance s IP address is always considered to be an allowed address and cannot be added to either section on the page When this feature is enabled devices with addresses added to the Allowed Address section are granted access to the appliance and those that do not appear on the allowed list are not Similarily devices wit...

Page 78: ...esses in each text box or Select the Disallowed Address radio button then click the IP Address and or MAC Address checkbox and list the appropriate addresses in each text box 4 Click Apply NOTE Any action initiated by the appliance including firmware upgrades messaging or the addition of an new target is allowed even if the device s address involved in the action appears on the disallowed address ...

Page 79: ...inally defining the hosts and services Each of these are described in the next sections The appliance will already have knowledge of various hosts networks and interfaces these objects will be created at the time they are defined or discovered by the appliance For example upon connecting a UMIQ module to the appliance a host definition will be created matching the name assigned to the UMIQ module ...

Page 80: ...he appliance s Linux shell type cd then type usr bin fwnatdirectory 2 The fwnat alias sh script can be used to create IP aliases on the eth0 eth1 bond0 bridge group interfaces NOTE Created IP aliases will appear on the Interfaces tab within the firewall Syntax for the script is fwnat alias h c add del mod i eth0 eth1 n ifname a cidr formated IP b broadcast address m cidr formated IP broadcast addr...

Page 81: ...ust be unique names between 3 and 40 alphanumeric characters 4 In the IP Address field enter a valid subnet ID for the network in CIDR format 5 Click Apply To modify or delete a defined network 1 From the sidebar click Firewall and NAT then click the Networks tab 2 Under the Defined Networks heading check the box next to the network you wish to modify or delete 3 Make your changes and click Apply ...

Page 82: ...AT rules could allow outside administrators to access the rack PDU web management interfaces Each NAT rule would use a unique service definition to represent the TCP port of the rack PDU web management interfaces on the public outside IP of the appliance For example a service definition of 8080 would translate to 80 for the first rack PDU and 8081 would translate to 80 for the second rack PDU The ...

Page 83: ...tion will be displayed in the user defined service definition table To modify or delete a user defined service definition 1 From the sidebar click Firewall NAT then click the Services tab 2 In the User Defined Services table check the box next to the service you want to modify or delete 3 Make your changes and click Apply or Click Delete to delete the service definition 6 5 5 Policy An administrat...

Page 84: ... host behind one of them The benefit of a NAT rule is that the same IP network subnet can be repeated for private ports hosts on multiple appliances without the same routing conflict The appliance supports two forms of NAT 1 to 1 NAT IP masquerading and port address translation PAT NAT overload For successful end to end communication leveraging an IP forward policy rule the private host must treat...

Page 85: ... interface Table 6 4 NAT Flow Table Descriptions Firewall flow Traffic entering the appliance input is subject to filter rules after it has passed through NAT rules and routing decisions Traffic exiting the appliance output is subject to filter rules before routing decisions are made and NAT rules perform any translation Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 79...

Page 86: ... patterns appropriately Translation happens before filtering when traffic is entering the appliance and filtering happens before translation when traffic is exiting the appliance For example if input traffic passes through an incoming NAT rule which has translated the destination address then the only way for the filter rule to match a destination address is to have the filter rule match the patte...

Page 87: ...n inside interface before outgoing NAT on the same inside interface 6 Output filter on an outside interface before outgoing NAT on the same outside interface 7 Incoming NAT on an inside interface before input filter on the same inside interface 8 Incoming NAT on an outside interface before input filter on the same outside interface Table 6 6 Firewall and NAT Flow Descriptions Vertiv Avocent Univer...

Page 88: ...this NAT policy pattern If the destination port is not intended to be translated then type any in this field Table 6 7 NAT Setup Definitions To add a NAT Policy 1 From the sidebar click Firewall and NAT then click the Policy tab 2 In the NAT Setup section under the Add a NAT Policy heading you can add a NAT policy by use the drop down menu to select either Outgoing or Incoming under Direction 3 En...

Page 89: ... the Policy drop down menu The selected action is performed on an IP packet that matches all the criteria specified in the rule If LOG is selected from the drop down menu it will create entries in syslog about the traffic matching this rule without performing a specific ACCEPT REJECT or DROP action In order to log and ACCEPT or log and REJECT DROP a second rule must follow the log rule with the sa...

Page 90: ...naged SP 1 From the sidebar click Firewall NAT then click the 1 to 1 NAT tab 2 Click Add 3 From the NAT wizard window click the No radio button then click Next 4 Complete the field s on the following NAT wizard windows then click Next to proceed to the next step 5 Click Finish to confirm the parameters you selected throughout the wizard NOTE Contact your network administrator for the appropriate e...

Page 91: ...fault when the user logs out The targets can be viewed in three formats list view group view or type view depending on the selection made The list view is a flat list of targets grouped under a parent appliance node Selecting the appliance list item shows a target summary screen The type view shows all targets grouped by their target types The group view shows only the defined target groups and th...

Page 92: ...le on managed target devices manage power turn the LED on and off remotely and view and control the time setting To view and control the power status 1 Click an SP name 2 Click the System tab The system information window appears and displays the current power status of the target device 3 From the drop down list select the desired power action 4 Click Apply To view and control the SP s indicator ...

Page 93: ...initiates an SP Access session the appliance will open a small TCP port range to facilitate communication between the client and the SP The client PC will open a pop up browser window and will connect to the IP of the appliance using one of the ports allocated for the session If the session type being launched is a SP Access Browser session the appliance will FWD the traffic from the client pop up...

Page 94: ...er to server 7 1 6 Sensors Click on the Sensors tab to view the sensor information for the target device Click Refresh to refresh the sensors information 7 1 7 Logs Click the Logs tab to download the SOL data buffering log or to clear all data log history The log files can be accessed or downloaded from the appliance shell in the log directory 7 1 8 IML The IML tab displays all of the Integrated M...

Page 95: ... Sec on the performance monitor when there is not any activity on the target server NOTE Adjusting the screen resolution and screen refresh rate can have a significant effect on the cleanliness of the video signal and the speed of the resulting KVM session For best results try different combinations of these two settings followed by an auto video adjustment to improve the session speed The amount ...

Page 96: ... and or modify its configuration settings For read only information on the PDU circuits and outlets view the following tabs Properties Outlets Overview Current Voltage Power Consumption Energy Consumption and Environment To modify configuration of outlets the PDU phases circuits or environment click the Settings tab 7 5 1 Properties From the Properties tab you can view information about the PDU an...

Page 97: ...Us you want to configure and click Edit You can configure Cold Start Delay as well as High Critical High Warning Low Warning and Low Critical thresholds and Estimated Power Factor 5 Click Apply when finished To configure Phases settings 1 Select a PDU to manage 2 Click on the Settings tab 3 Click Phases 4 Select the phases you want to configure and click Edit You can configure High Critical High W...

Page 98: ...een displays accessible IP based targets that the appliance can discover but not manage Accessible targets may be supported devices that are configured not to be managed or unsupported devices that the appliance cannot manage but can still access Selecting a device under Accessible Targets displays its session information in the content area NOTE If you have not configured the appliance to automat...

Page 99: ... will reset any associated digital output to its non active state ALERT DEFAULT THRESHOLD Fan 5000 RPM Temperature Front sensor Greater than 50 C Temperature Back Sensors Greater than 66 C Power Off CPU Greater than 98 Data Partition Greater than 90 Default settings are hard coded Table 8 1 Alert Default Thresholds 8 2 1 Fan If a fan is not working or goes below a hard coded threshold you will get...

Page 100: ...Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 94 This page intentionally left blank ...

Page 101: ...0 VAC appliance and UMIQ AC Frequency 50 60 Hz appliance and UMIQ AC Input Current Rating 2A Ambient Atmospheric Condition Ratings Temperature 0 50 Celsius Humidity 20 85 percent non condensing Safety and EMC Standards Approvals and Markings Safety certifications and EMC certifications for this product are obtained under one or more of the following designations CMN Certification Model Number MPN ...

Page 102: ...ettings Routes page to ensure the IP network assigned to the priv interface is unique within your organization If it isn t access the Targets Port Configuration Network Settings page and change the IP addresses assigned to the virtual private interfaces to organizationally unique ones Be sure to create new DHCP dynamic ranges to match the virtual private interface IPs you changed SeeNetwork Settin...

Page 103: ...ator accounts contact technical support with the appliance serial number Technical support will supply a key that will reset the appliance to the factory default with default accounts Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 97 ...

Page 104: ...etboot Recovery file on the FTP server To perform a Netboot Recovery 1 Turn on or reboot the appliance 2 Select Netboot Recovery 3 Enter udhcpc to request a DHCP address for the appliance via GB1 eth0 or If a static IP needs to be assigned to either GB1 eth0 or GB2 eth1 enter the following command NETBOOT ifconfig eth x IP address NETBOOT route add default gw gateway_ip eth x 4 After the appliance...

Page 105: ...54 0 root calvin drac7 192 168 10 130 0 admin pass word ilo2 PARAMETER DESCRIPTION Used to create a comment if desired If you add a comment you must type as the first character on the line with the comment IP The IP address of the SP target Port Not currently used Enter 0 for this parameter Username The admin name for the SP Password The admin password for the SP Profile The type of SP If the SP t...

Page 106: ... to This can often be tested by using a ping from the appliance command shell If you cannot ping the SP the SP may only allow communication via IPMI If the username password and network routing are all correct the appliance will be able to communicate with IPMI only SPs DHCP works in request respond fashion The SP must request a DHCP address before the appliance can provide one Many SPs will retai...

Page 107: ... will increase the total number of packets that get created but they will be small enough to cross the WAN link without being discarded and should improve the situation Don t do this unless you are sure that the appliance traffic is being discarded by the customer WAN router because of fragmentation G 3 Launching a KVM session If the ActiveX KVM viewer does not install when launching a KVM session...

Page 108: ...operly TYPE COMMAND Fan Failure cat sys devices platform dcima_hwmon 2560 fan Temp Issues cat sys devices platform dcima_hwmon 2560 temp Power Supply issues cat sys devices platform dcima_hwmon 2560 voltage Table G 1 Shell Hardware Diagnostic Commands If the diagnostic test reveals a hardware failure contact Vertiv Technical Support Firmware bugs can be resolved through a clean load of firmware vi...

Page 109: ... hdd and memory load This is useful to help identify if a bad memory module or hard drive is affecting performance iostat To perform in depth network traffic analysis the tcpdump command can be used to capture traffic to a file which can be imported into third party tools tcpdump w networkcapture cap It s possible to create elaborate scripts which can significantly aid in the troubleshooting proce...

Page 110: ...stat t p grep tcp sort k SORTQ g r netstatDETAIL lst clear cat netstatHEAD lst head n TOPN netstatDETAIL lst echo echo Status Counts echo cat netstatDETAIL lst grep tcp cut c 77 88 sort u while read netstatSTATUS do statusCnt cat netstatDETAIL lst grep netstatSTATUS wc l echo netstatSTATUS statusCnt done sleep SLEEP done Vertiv Avocent Universal Management Gateway Appliance Installer User Guide 10...

Page 111: ...he command syntax c Adds deletes or modifies an aliased interface i Alias for eth0 eth1 n Name of the alias up to eight characters a IP address in CIDR format b Broadcast address Table I 1 Virtual Public Interface Syntax and Options For example Use the following command to create the public IP alias for the appliance to listen for incoming traffic usr bin fwnat fwnat alias sh c add i eth0 n ILOali...

Page 112: ... For more information see Interfaces on page 73 NOTE Use eth0 for outside and priv for inside 4 Click Networks to add a network definition that will encompass the IP of the SP that was added Enter a definition name associated interface name and network address Click Apply when done For more information see Defined networks on page 74 5 Click Policy to add an outbound NAT Policy by entering the fol...

Page 113: ...gs COLUMN PARAMETER Action Accept Rule State Active Destination any Interface any Direction Forward Order Lowest unused number Example 53 Source Name of network definition Example PrivNet Connection Status Not needed Table J 3 Firewall Policy Parameters 7 Click Apply when done 8 From the SP test sending traps and validate the successful configuration Vertiv Avocent Universal Management Gateway App...

Page 114: ...x x x x x x x 768 x 576 72 Hz x x x x x x x 800 x 500 60 Hz x x x x x x x 800 x 600 56 Hz x x x x x x x 800 x 600 60 Hz x x x x x x x 800 x 600 72 Hz x x x x x x x 800 x 600 75 Hz x x x x x x x 832 x 624 75 Hz x x x x x x x 853 x 480 60 Hz x x x x x x x 896 x 672 60 Hz x x x x x x x 896 x 672 75 Hz x x x x x x x 896 x 672 85 Hz x x x x x x x 960 x 720 60 Hz x x x x x x x 960 x 720 75 Hz x x x x x ...

Page 115: ...00 75 Hz x x x x x x 1280 x 960 60 Hz x x x x x 1280 x 960 75 Hz x x x x x 1280 x 1024 60 Hz x x x x x 1280 x 1024 75 Hz x x x x x 1360 x 768 60 Hz x x x x 1366 x 768 60 Hz x x x x 1400 x 1050 60 Hz x x x x 1400 x 1050 72 Hz x x x x 1400 x 1050 75 Hz x x x x 1400 x 1050 85 Hz x x x x 1440 x 900 60 Hz x x x x 1440 x 900 75 Hz x x x x 1600 x 900 60 Hz x x x x 1600 x 900 75 Hz x x x x 1600 x 900 85 H...

Page 116: ......

Page 117: ... names and logos referred to are trade names trademarks or registered trademarks of their respective owners While every precaution has been taken to ensure accuracy and completeness herein Vertiv Co assumes no responsibility and disclaims all liability for damages resulting from use of this information or for any errors or omissions Specifications are subject to change without notice 590 1508 501B...

Reviews:

No comments

Brands by name

Popular brands

Load more brands