manualshive.com logo in svg

Xtreme XPRT-SNMP2, User & Installation Manual

Share
Download
Xtreme XPRT-SNMP2 User & Installation Manual Download Page 39

Xtreme Power Conversion Corporation

Web/SNMP Cards

Page 39

UPS Management

First of all, in order to verify the actual certificate, its fingerprint (sometimes also knows as thumbprint) can be 

checked against the one provided by the SNMP/Web adapter. Particularly, select View Certificate and look for the 

fingerprint/thumbprint:

On the console interface inject the ssl-fingerprint command. Below is a sample output of the ssl- fingerprint com-

mand:

GEDE> ssl-fingerprint

MD5 Fingerprint=8F:A1:CE:8B:B3:04:E7:07:90:6D:02:77:6F:EE:9E:22

SHA1 Fingerprint=F5:D2:CA:27:BF:DA:98:31:39:6F:18:8C:C5:9C:BC:6C:D3:62:15:AC

It can be seen that the thumbprint shown by the web browser (with thumbprint algorithm shown as

sha1) matches the SHA1 fingerprint as shown by the ssl-fingerprint command.

Furthermore, the SNMP/Web adapters are provided with two different certificates: the server certificate and the 

CA Root Certificate (the latter has been used to sign the server certificate). The server certificate does not have the 

digital signature of a commercial CA, trusted by the browser. By installing the CA Root Certificate in the trusted CA 

repository, the web browser will not show the security warning about trusting the Certificate Authority.

The CA Root Certificate can be downloaded from the embedded web server (in the Utility section), and then it can 

be installed in the trusted CA repository.

NOTE:

 It is not mandatory to install the CA Root Certificate – installing it will prevent the browser from generating 

a security warning message.

Finally, the server certificate‟s common name will not match the DNS name or the IP address of the SNMP/Web 

adapter. Although the communication is secure, with the adapter controlling the access to the web interface and 

the client being able to verify the fingerprint/thumbprint of the certificate, the browser may still issue a warning.

In order to clear this final warning the user may generate a new server certificate so that the common name 

matches the DNS name / IP address of the SNMP/Web adapter. The server certificate is generated by injecting 

Summary of Contents for XPRT-SNMP2

Page 1: ...XPRT SNMP2 UPS Management User Installation Manual www xpcc com 2015 Xtreme Power Conversion Corporation All rights reserved Rev 3 12 15 ...

Page 2: ...mmand List 8 Web Interface 20 Introduction 20 Navigation Bar21 UPS Section 21 System Section 24 SNMP Section 25 SMTP Section 26 Log Section 26 Utility Section 26 Save Section 27 User Section 27 SNMP Agent 27 MIB Structure 27 RFC1628 MIB Objects 28 Network Configuration 29 Ethernet Connection 29 TCP IP Configuration 29 DNS Configuration 30 Hostname 30 Multi Server Network Shutdown RCCMD 30 ...

Page 3: ...ion 36 Customer Responsibility 40 Other Functionalities 41 System Time 41 Serial bypass 41 HTTP Based Monitoring 41 Maintenance 43 Software Upgrade 43 Configuration File 43 Logs 43 Troubleshooting 44 Troubleshooting UPS Connection 44 Troubleshooting Local Connection 44 Troubleshooting Network Connection 45 Troubleshooting Web Access 46 Troubleshooting Date Time NTP 46 Troubleshooting E Mail Notifi...

Page 4: ...readings alarm logging over different interfaces Digital outputs open collector outputs for relay drive 1 ph plug in version only SNMP Traps and E mail notification upon UPS alarm Multi server network shutdown Modbus TCP slave license required Advanced security features Overview XPRT SNMP2 1 2 3 4 Front panel user interface view 1 RJ45 Connector Ethernet connection 10Base T or 100Base TX 2 LEDs Re...

Page 5: ...ty All maintenance and service work should be performed by qualified service personnel only Please read carefully the Installation Manual before installing or operating the adapters For more information on the UPS system please refer to the applicable Installation and User Manual Particularly refer to Safety Rules Warnings and Cautions as laid out in the cited document The knowledge of and FULL co...

Page 6: ...ection or remotely Telnet SSH Local connection Local access requires a local computer connected to the adapter serial port using an RJ45 DB9 serial cable Connect the SNMP adapter to a computer using the RJ45 DB9 serial communication cable provided with the snmp web adapter Run a terminal simulator e g HyperTerminal on a PC running Windows Configure the terminal simulator as follows 115 200bps 8 da...

Page 7: ...same regardless of the service interface used Below is a sample SSH session using a popular SSH client putty Start the SSH client application putty exe o In the Host Name section specify the card hostname or the IP address o In the Connection Type section select SSH o Select Open to launch the SSH session NOTES The SNMP Web adapters use the standard SSH port The SNMP Web adapters support both SSH ...

Page 8: ...e available Saving the settings Apart from some network parameters most setting are immediately active However the adapter will revert to the last save settings at reboot Therefore in order to permanently modify the SNMP Web adapter setting remember to save the configuration after every change Command List The various commands are split in different groups depending on the involved functionality a...

Page 9: ...length is limited to 8 chars The command line interface may accept longer passwords although only the first 8 characters are significant ping hostname X X X X Ping IP address or hostname hostname fully qualified hostname X X X X IP address nvdefault Reset the configuration to factory default nvsave Save changes to non volatile memory nvdump Dump configuration file gedeups cfg to FTP area nvupdate ...

Page 10: ...Running this command shows the negotiated media speedduplex auto 100baseTx FD 100baseTx HD 10baseT FD 10baseT HD As most network devices SNMP Web adapters use an auto negotiation protocol to communicate what media tech nologies they support and then select the fastest mutually supported media technology Some passive devices such as single speed hubs are unable to auto negotiate To handle such devi...

Page 11: ...the DNS server first and then add the new one deldnssrv X X X X Delete a DNS Server X X X X DNS server IP address nslookup host server Test DNS settings address resolution host hostname server DNS server IP address optional RESULT Successful Server DNS server hostname Address DNS server IP address Name host Address Resolved IP address for the host Unsuccessful host No address associated with the n...

Page 12: ...for the password which needs to be re confirmed Mind that the password length is limited to 8 chars The command line interface may accept longer passwords although only the first 8 characters are significant deluser name Delete a user name User to be deleted moduser user http telnet ftp access Modify services and access rights for a user user username for the new user telnet 1 access allowed 0 not...

Page 13: ...OTE SSH encryption enables disables both SSH Secure SHell and SFTP Secure FTP ftp server on off Enable disable FTP server port 21 on FTP server enabled off FTP server disabled telnet server on off Enable disable Telnet server port 23 on Telnet server enabled off Telnet server disabled makecert sitename Create new digital certificate for the HTTPS server sitename The DNS name IP address of the adap...

Page 14: ...s DNS connection ntpdate Force clock synchronisation with NTP server tmzone Set the time zone NOTE the time zone controls both the time difference with respect to GMT and the daylight saving settings As the time zone is specified as a Region Country pair selecting the correct time zone will ensure that the adapter computes the correct time settime MMDDhhmm CC YY ss Set the date time MM month DD da...

Page 15: ... authen on off Enable disable authentication for email server on E mail server requires authentication off E mail server does not require authentication email account user Set email server account user Username for e mail server authentication email passwd pwd Set email server password pwd Password for e mail server authentication smtp sendername sender Set the mail from header sender E mail addre...

Page 16: ...NOTE The syslocation parameter is the identification of the physical location of the managed node getcommunity community Defines the community name for receiving SNMP information GET community community name NOTE The get community name controls access to the SNMP Agent the community in the request must match the get community parameter The default value is public setcommunity community Defines the...

Page 17: ...FC1628 function on Trap sending enabled off Trap sending disabled sendgetrap on off Enable disable send trap GE MIB function on Trap sending enabled off Trap sending disabled NOTE 3 ph version ONLY addtraptgt X X X X v1 v2 community port Add a trap address X X X X IP address of the trap target v1 v2 SNMP version optional default v1 community community name optional default public port port to whic...

Page 18: ... ideal value and shall not be changed unless instructed to do so serialbypass on off Enable disable the serialbypass functionality NOTE This command is offered for UPS service access ONLY It use outside of this scope is not recommended enabling this functionality stops the UPS monitoring cardaddress address Show Set card address on the IMV bus address Card address in the range 0 54 57 NOTE 3 ph ve...

Page 19: ...n on Network Shutdown enabled off Network Shutdown disabled add ip port cond Add an RCCMD Client ip IP address of the trap target port Port on which the client is listening cond Shutdown condition aXX after XX minutes on battery bXX at XX min remain batt time test num Send an RCCMD test message to a specific RCCMD client row RCCMD client reference del num Delete an RCCMD Client row RCCMD client re...

Page 20: ...Changing this setting while RM D agent is running not effective To change this setting reboot the adapter make the changes and reactivate service Web Interface Introduction The SNMP Web adapters provide a web interface by implementing an embedded web server This interface allows to configure the adapter in order to monitor and manage the UPS Supported browsers The use of non standard deprecated HT...

Page 21: ...raphs will detail each single section UPS Section The UPS pages can be split in two different sections UPS monitoring and UPS control The Identification Battery Status Alarms and PMAD pages are part of the UPS monitoring section These pages allow to remotely access the UPS status and measurements Please note that each specific UPS model may implement a subset of the available measurement data not ...

Page 22: ...emperature The ambient temperature of the UPS batteries in C Battery Ripple The RSM ripple on the DC link in Vrms UPS Status page The UPS status page shows the following information for each of the input output bypass lines Parameter Name Description Frequency Line frequency in Hertz Voltage Line RMS voltage in Volts Current Line RMS current in Amperes Power True Power Line True Power in Watt Load...

Page 23: ... Off the UPS will not restart after the shutdown Caution These commands may switch off the UPS output therefore leaving the load with no power Make sure you fully understand the effect on the UPS and on the load before injecting any of these commands Make sure that it is safe to perform the described operation for both the UPS and the load UPS Config page The page lists the main UPS configuration ...

Page 24: ...on this page will only take effect after a reboot of the card Date Time page Through this page it is possible to configure the adapter date and time settings The SNMP Web adapter features an internal real time clock and provides different ways to synchronize its clock with the actual time NTP server the card will periodically re synch its internal date and time with the NTP server Manual the card ...

Page 25: ...on GET The get com munity name controls access to the SNMP Agent the community in the request must match the getcommunity parameter The default value is public Set Community Defines the community name for writing SNMP information SET The set commu nity name controls access to the SNMP Agent the community in the request must match the setcommunity parameter The default value is private Trap setting...

Page 26: ... settings should be Configured and for Remote Monitoring RM D Service should be activated Log Section This section offers access to the System and the UPS log The System log collects information on user activity while the UPS log lists UPS alarms Both the logs can be exported by copying the relevant text from the page Highlight button gollowed by CTRL C Utility Section This section includes some u...

Page 27: ...o OIDs according to the MIB structure and may generate traps at the occurrence of specific events This allows one or more NMSs Network Management Systems to monitor manage and control the UPS The SNMP Agent complies with the standard UPS MIB as specified in RFC1628 Limited to the 3 ph SNMP Web plug in adapter additional information is available with the GESingle and GEParallel MIBs The SNMP Web ad...

Page 28: ...TestSpinLock upsTestResultSummary upsTestResultsDetails upsTestStartTime upsTestElapsedTime upsControl Group upsShutdownType upsShutdownAfterDelay upsStartUpAfterDelay upsRebootWithDuration upsAutoRestart upsTrap Group UpsTrapOnBattery UpsTrapTestCompleted UpsTrapAlarmEntryAdded UpsTrapAlarmEntryRemoved upsWellKnownAlarms group UpsAlarmBatteryBad UpsAlarmOnBattery UpsAlarmLowBattery UpsAlarmDeplet...

Page 29: ...de instead of auto negotiating TCP IP Configuration TCP IP configuration refers to the settings needed by an SNMP Web adapter to operate in a TCP IP network The selection of the boot method is critical for successful SNMP Web adapter configuration The SNMP Web adapters support the following boot methods Static IP BOOTP DHCP The default configuration is DHCP support Static IP address In this case t...

Page 30: ...h the console interface using the dhcphost command Multi Server Network Shutdown RCCMD The SNMP Web adapters include a module for Multi Server Network Shutdown This module allows the configura tion of a shutdown strategy for several servers powered by the UPS when the batteries are running low following a prolonged mains failure Network Shutdown With RCCMD RCCMD Remote Console Command is a mechani...

Page 31: ...s running on battery At X minutes of estimated minutes remaining of battery autonomy When the UPS signals a low battery condition Note that a low battery condition will force the shutdown of the configured RCCMD Clients regardless of the cho sen shutdown condition The configuration of the clients can be tested the SNMP Web adapter includes a Test function This allows to send either a test message ...

Page 32: ...en using this feature make sure that traffic towards this port is enabled in your network NOTE The SNMP Web adapter will only reply to Alive Check messages if the Network Shutdown is enabled on the adapter RCCMD Client Relay The maximum number of RCCMD Clients that can be managed by the SNMP Web adapter is limited In order to reach a higher number of RCCMD Clients one or more of these clients can ...

Page 33: ...omptly save the configuration If the configuration is not saved at reboot the adapter will revert to the last saved configuration and RM D Service will be disabled to re enable enter the Key other Configurations as explained below once again Without Unlocking the RM D Service Console commands and RM D Webpage will be available but will not ac cept user inputs NOTE The Key is linked to the SNMP Web...

Page 34: ... Web adapter RM D service activation using GPRS Router is described as following Step 1 Get a pre activated SIM card with GPRS enabled You can choose your preferred Network carrier for select ing the SIM card The Data plan GPRS Usage Charges is as per your choice In the default configuration assum ing 1 hour as Data Sending rate by RM D Service approximately 10MB UPS Month will be the uploaded dat...

Page 35: ... of the available interfaces Most of the supported protocols implement a username password pair as a mean for user identification This is different from authorisation which means verifying whether a user is allowed to have access to data or specific services The SNMP Web adapters allow making full use of both protection mechanisms User Management The adapters come with a predefined supervisor user...

Page 36: ...via user pwd pair Plain text SFTP SSH FTP Authentication via user pwd pair Encrypted communication Web interface HTTP Authentication via user pwd pair Plain text HTTPS SSL Authentication via user pwd pair Encrypted communication Encryption As stated above the SNMP Web adapter offers interfaces providing encryption for protecting data confidentiality and integrity and particularly the following SSH...

Page 37: ...d as follows Key SSH version Cryptography algorithm ssh_host_rsa_key pub v2 RSA ssh_host_dsa_key pub v2 DSA ssh_host_key pub v1 RSA It can be seen in the above example that the fingerprint shown by SSH matches the RSA key for SSH v2 on the ssh fingerprint output The SNMP Web adapter supports both version 1 and version 2 of the SSH protocol It is recommended to use SSH v2 if possible as SSH v1 is g...

Page 38: ...normally equipped with a set of CA root certificates of commercial authorities The web browsers perform a set of verifications over the digital certificate in order to validate the certificate and start the HTTPS communication The main checks are substantially the following The client verifies that the issuing Certificate Authority CA is on its list of trusted CAs The client checks the server s ce...

Page 39: ... sign the server certificate The server certificate does not have the digital signature of a commercial CA trusted by the browser By installing the CA Root Certificate in the trusted CA repository the web browser will not show the security warning about trusting the Certificate Authority The CA Root Certificate can be downloaded from the embedded web server in the Utility section and then it can b...

Page 40: ...ated with a specific port The default configuration uses the standard port for each protocol e g 161 for SNMP If the user specifies a non standard port for a service this increases security by hiding the relevant interface to malicious users Further to this SNMP access is controlled by read and set community settings These respectively de fault to public and private Once again changing these setti...

Page 41: ...er The serial bypass is one of these features and it is introduced here only for completeness With the serial bypass functionality the SNMP Web adapter are configured in transparent mode That is the adapter acts as a relay between its serial port DB9F local console port and the serial connection to the UPS con trol board This functionality is activated by injecting a serialbypass on command throug...

Page 42: ...s Description load_alert_thres 1 5 100 This command controls the UPS Load Alert The UPS output per cent load is monitored and when the drops is above the specified threshold is will report a UpsLoadAlert condition The parameter is expressed in percentage of the UPS rating the threshold can be set to a value between 5 and 100 Setting it to 1 disables the functionality Default value 15 load_alert_ti...

Page 43: ...b adapter settings are stored in non volatile memory It is possible to store the settings in a file download it or even upload a new configuration file To store the settings in a file inject the nvdump command at the console This will create a gedeups cfg file in the FTP area The file can then be downloaded via ftp or sftp Also the web interface offers access to the SNMP Web adapter configuration ...

Page 44: ...ocal serial console connection to the adapter refer to the following table Problem Recommended resolution Port already in use e g Windows HyperTerminal reports the following problem Close all applications and services that are currently using the port selected for the connection to the device Attempt a new connection Cannot connect to the adapter Check the serial cable a straight 1 1 serial cable ...

Page 45: ...d the relevant network node belong to different subnets check the gateway settings Credentials are not limited to username and password but for example also include SNMP community name port etc Also make sure the relevant user configuration allows access to the adapter using the selected interface Should you consider contacting your support interface for addressing network connection issues pls at...

Page 46: ... is valid The adapter IP Address DNS name matches the name on the certifi cate If one of these checks fails the browser will issue a security alert The ENCRYPTION section explains out to download the CA Root Certificate for installation in the browser trusted CA repository Troubleshooting Date Time NTP When NTP server connection is configured and enabled the SNMP Web adapter will periodically re s...

Page 47: ...s section aims to give basic troubleshooting guidance For details on SMTP proto col refer to RFC 821 RFC 1123 and RFC 2821 If the adapter and the SMTP server belong to different subnets check the gateway settings Particularly If the SMTP server supports logging enable the log functionality Server error messages may give useful hints on the nature of the problem Check the SNMP Web adapter hostname ...

Page 48: ...NMP Web adapter may successfully send the test message but this can be ignored by the RCCMD Client The network configuration of the devices can be critical It is highly recommended to assign static IP addresses to the involved devices SNMP Web adapter and RCCMD Clients In a DHCP environment the DHCP Server should be configured to always assign the same address to these devices It is also recommend...

Reviews:

No comments

Brands by name

Popular brands

Load more brands