Black Box 1101 Скачать руководство пользователя | Manualshive

Страница: 87 / 165

background image

Chapter 9: Authentication

724-746-5500 | blackbox.com

87

9. Authentication

The

console server

is a dedicated Linux computer with a myriad of popular and proven Linux software modules for networking, secure access

(OpenSSH), and communications (OpenSSL), and sophisticated user authentication (PAM, RADIUS, , and LDAP).

This chapter details how the

Administrator

can use the Management Console to establish remote AAA authentication for all connections to the

console server

and attached serial and network host devices.

This chapter also covers how to establish a secure link to the Management Console using HTTPS and using OpenSSL and OpenSSH to establish a
secure Administration connection to the

console server.

9.1 Authentication Configuration

Authentication can be performed locally, or remotely using an LDAP, Radius, or authentication server.

The default authentication method

for the

console server

is Local.

Figure 9-1. Authentication screen.

Any authentication method that is configured will be used for authentication of any user who attempts to log in through Telnet, SSH, or the Web
Manager to the

console server

and any connected serial port or network host devices.

You can configure the

console server

to the default (

Local

) or using an alternate authentication method (

TACACS

,

RADIUS,

or

LDAP

). Optionally,

you can select the order in which local and remote authentication is used:

Local

TACACS

/RADIUS/LDAP

: Tries local authentication first, falling back to remote if local fails.

TACACS /RADIUS/

LDAP

Local

: Tries remote authentication first, falling back to local if remote fails.

TACACS /RADIUS/

LDAP

Down Local

: Tries remote authentication first, falling back to local if the remote authentication returns an error condition

(for example, if the remote authentication server is down or inaccessible).

9.1.1 Local Authentication

Select

Serial and Network: Authentication

and check

Local

.

Click

Apply.

9.1.2 TACACS Authentication

Perform the following procedure to configure the authentication method to use whenever the

console server

or any of its serial ports or

hosts is accessed:

Select

Serial and Network: Authentication

and check

TACAS

or

LocalTACACS

or

TACACSLocal

or

TACACSDownLocal

«
...
85
86
87
88
89
...
»

Содержание 1101

Страница 1: ...ally across your management LAN or through the local serial console port Remotely across the Internet or private network Customer Support Information Order toll free in the U S Call 877 877 BBOX outside U S call 724 746 5500 FREE technical support 24 hours a day 7 days a week Call 724 746 5500 or fax 724 746 0746 Mailing address Black Box Corporation 1000 Park Drive Lawrence PA 15055 1018 Web site...

Страница 2: ...when the equipment is operated in a commercial environment Operation of this equipment in a residential area is likely to cause interference in which case the user at his own expense will be required to take whatever measures may be necessary to correct the interference Changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operat...

Страница 3: ...os incluyendo amplificadores que producen calor 11 El aparato eléctrico deberá ser connectado a una fuente de poder sólo del tipo descrito en el instructivo de operación o como se indique en el aparato 12 Precaución debe ser tomada de tal manera que la tierra fisica y la polarización del equipo no sea eliminada 13 Los cables de la fuente de poder deben ser guiados de tal manera que no sean pisados...

Страница 4: ...ux is a registered trademark of Linus Torvalds Internet Explorer Windows Windows Me Windows NT and Windows Vista are a registered trademarks of Microsoft Corporation Nagios is a registered trademark of Nagios Enterprises LLC Java and Solaris are trademarks of Sun Microsystems Inc Unix is a registered trademark of X Open Company Ltd Any other trademarks mentioned in this manual are acknowledged to ...

Страница 5: ...rm 25 5 Serial Port Host Device and User Configuration 26 5 1 Configure Serial Ports 26 5 1 1 Common Settings 27 5 1 2 Console Server Mode 28 5 1 3 SDT Mode 31 5 1 4 Device RPC UPS EMD Mode 32 5 1 5 Terminal Server Mode 32 5 1 6 Serial Bridging Mode 32 5 1 7 Syslog 33 5 2 Add Edit Users 34 5 3 Authentication 36 5 4 Network Hosts 36 5 5 Trusted Networks 37 5 6 Serial Port Redirection 37 5 7 Managed...

Страница 6: ...er Alert Type 72 7 3 Remote Log Storage 73 7 4 Serial Port Logging 73 7 5 Network TCP or UDP Port Logging 73 8 Power Management 75 8 1 Remote Power Control RPC 75 8 1 1 RPC Connection 75 8 1 2 RPC Access Privileges and Alerts 77 8 1 3 User Power Management 77 8 1 4 RPC Status 78 8 2 Uninterruptible Power Supply Control UPS 78 8 2 1 Managed UPS Connections 79 8 2 2 Remote UPS Management 82 8 2 3 Co...

Страница 7: ... Networks 126 14 8 Cascaded Ports 127 14 9 UPS Connections 127 14 10 RPC Connections 128 14 11 Managed Devices 129 14 12 Port Log 129 14 13 Alerts 130 14 14 SMTP and SMS 131 14 15 SNMP 132 14 16 Administration 132 14 17 IP Settings 132 14 18 Date and Time Settings 133 14 19 DHCP Server 134 14 20 Services 134 14 21 NAGIOS 135 15 Advanced Configuration 136 15 1 Custom Scripting 136 15 1 1 Custom Scr...

Страница 8: ...ngerprinting 151 15 6 7 SSH Tunneled Serial Bridging 152 15 6 8 SDT Connector Public Key Authentication 153 15 7 Secure Sockets Layer SSL Support 154 15 8 HTTPS 154 15 8 1 Generating an Encryption Key 154 15 8 2 Generating a Self Signed Certificate with OpenSSL 154 15 8 3 Installing the Key and Certificate 155 15 8 4 Launching the HTTPS Server 155 15 9 Power Strip Control 155 15 9 1 The PowerMan T...

Страница 9: ...SE T Ethernet Indicators LES1101A R2 4 LEDs Power Activity On RJ 45 Connectivity Activity LES1102A 5 LEDs Power Serial 1 Serial 2 On RJ 45 Connectivity Activity Temperature Tolerance Operating 41 to 122 F 5 to 50 C Storage 20 to 140 F 30 to 60 C Humidity Tolerance 5 to 90 Power 1 12 VDC universal input external wallmount power supply 100 240 VAC 50 60 Hz Size LES1101A R2 4 H x 1 75 W x 1 D 10 2 x ...

Страница 10: ...ontrol Chapter 9 Authentication Access to the console server requires usernames and passwords that are locally or externally authenticated Chapter 10 Nagios Integration Describes how to set Nagios central management with SDT extensions and configure the console server as a distributed Nagios server Chapter 11 System Management Covers access to and configuration of services that will run on the con...

Страница 11: ...rver and all the connected devices Administrators can use any browser to log into the Management Console either locally or from a remote location They can then use Management Console to manage the console server the users the serial ports and serially connected devices network connected hosts and connected power devices and to view associated logs and configure alerts Figure 2 1 Login screen for t...

Страница 12: ...3 Reset button Resets the unit back to factory default RS 232 mode 4 RJ 45 LED Ethernet Connectivity LED 5 RJ 45 LED Ethernet Activity LED 2 5 2 LES1101A R2 Front Panel Figure 2 3 shows the LES1101A R2 front panel Table 2 2 describes its components Figure 2 3 LES1101A R2 front panel Table 2 2 LES1101A R2 front panel components Number Component Description 6 DB9 connector Serial connector RS 232 RS...

Страница 13: ...sition Phoenix connector Port 2 RS 422 485 3 RJ 45 connector Links to 10 100 Mbps Ethernet 4 RJ 45 LED left side of connector Ethernet Connectivity LED 5 RJ 45 LED right side of connector Ethernet Activity LED 2 5 4 LES1102A Front Panel Figure 2 5 shows the LES1102A front panel Table 2 4 describes its components Figure 2 5 LES1102A front panel Table 2 4 LES1102A front panel components Number Compo...

Страница 14: ... 746 5500 or info blackbox com 2 6 1 LES1101A R2 1101 Secure Device Server Universal input 12 VDC wallmount power supply Printed Quick Start Guide CD ROM containing SDT Connector and PortShare software 2 6 2 LES1102A 1101 Secure Device Server 2 UTP cables 2 DB9 F to RJ 45 S adapters Universal input 12 VDC wallmount power supply Printed Quick Start Guide CD ROM containing SDT Connector and PortShar...

Страница 15: ...cal and Serial LEDs will flash alternately The LES1102A can also be powered directly from any 9V DC to 48V DC power source by connecting the DC power lines to the IN GND and VIN screw jacks Power connector Figure 3 1 Power connector 3 2 Network Connection The RJ 45 LAN ports are located on the side of the LES1101A R2 and LES1102A units All physical connections are made using industry standard CAT5...

Страница 16: ... Clear To Send RI 9 Ring Indicator 3 3 1 Non RS 232 Serial Port Pinouts LES1102A Port 2 on the LES1102A can also be software selected to be an RS 485 or RS 422 port connected through the screw terminal block pinout shown in Table 3 2 Table 3 2 Non RS 232 serial port pinout for the LES1102A 1 V DC IN 2 GND 3 RX 4 RX 5 TX 6 TX 7 3 3V DC OUT 8 GND Figure 3 2 Front panel of the LES1102A showing pinout...

Страница 17: ...ta and returns to receive mode This eliminates the possibility of collisions with other devices that share the RS 485 bus and avoids receiving stale echoed data Figure 3 3 RS 485 wiring diagram for LES1102A 3 3 2 Non RS 232 Serial Port Pinouts LES1101A R2 The one DB9 serial port on the LES1101A R2 can be used as an RS 232 RS 485 or RS 422 port By default the LES1101A R2 is configured in RS 232 mod...

Страница 18: ...station are on the same LAN segment with no interposed router appliances 4 1 1 Connected PC Workstation Setup To configure the console server with a browser the connected PC workstation should have an IP address in the same range as the console server for example 192 168 0 100 To configure the IP Address of your Linux or Unix PC workstation simply run ifconfig For Windows PCs Win9x Me 2000 XP Wind...

Страница 19: ...console server that is have an IP address of 192 168 100 xxx Type arp s 192 168 100 23 00 13 C6 00 02 0F Note for UNIX the syntax is arp s 192 168 100 23 00 13 C6 00 02 0F Type ping t 192 18 100 23 to start a continuous ping to the new IP Address Turn on the console server and wait for it to configure itself with the new IP address It will start replying to the ping at this point Type arp d to flu...

Страница 20: ...ion list by clicking in the top left corner of the screen on the Black Box logo NOTE If you are not able to connect to the Management Console at 192 168 0 1 or if the default Username Password were not accepted then reset your console server refer to Chapter 11 4 2 Administrator Password For security reasons only the administrator user named root can initially log into your console server Only peo...

Страница 21: ...can contain up to 254 characters However only the first eight System Password characters are used to make the password hash 4 Click Apply Since you have changed the password you will be prompted to log in again This time use the new password NOTE If you are not confident that your console server has the current firmware release you can upgrade Refer to Upgrade Firmware Chapter 11 4 3 Network IP Ad...

Страница 22: ...plex FD or Half Duplex HD NOTE If you changed the console server IP address you may need to reconfigure your PC workstation so it has an IP address that is in the same network range as this new address Click Apply Enter http new IP address to reconnect the browser on the PC workstation that is connected to the console server IPv6 configuration You can also configure the console server management L...

Страница 23: ...ll be remotely accessed over the Internet Telnet This gives the Administrator Telnet access to the system command line shell Linux commands This may be suitable for a local direct connection over a management LAN By default Telnet is disabled We recommend that this service remain disabled if you will remotely administer the console server SSH This service provides secure SSH access to the Linux co...

Страница 24: ...ations software tools set up on the Administrator and User PC workstation Black Box provides the SDT Connector Java applet as the recommended client software tool You can use other generic tools such as PuTTY and SSHTerm These tools are all described below as well 4 5 1 SDT Connector Each console server has an unlimited number of SDT Connector licenses to use with that console server Figure 4 7 SD...

Страница 25: ...so receive a Security Alert that the host s key is not cached Choose yes to continue Using the Telnet protocol is similarly simple but you use the default port 23 Figure 4 8 PuTTY screen 4 5 3 SSHTerm Another popular communications package you can use is SSHTerm an open source package that you can download from http sourceforge net projects sshtools To use SSHTerm for an SSH terminal session from ...

Страница 26: ...Cascading and Redirection of Serial Console Ports Connecting to Power UPS PDU and IPMI and Environmental Monitoring EMD devices Managed Devices presents a consolidated view of all the connections 5 1 Configure Serial Ports To configure a serial port you must first set the Common Settings the protocols and the RS 232 parameters such as baud rate that will be used for the data connection to that por...

Страница 27: ... at once click Edit Multiple Ports and select which ports you want to configure as a group If the console server has been configured with distributed Nagios monitoring enabled then you will also be presented with Nagios Settings options to enable nominated services on the Host to be monitored refer Chapter 10 Nagios Integration 5 1 1 Common Settings There are a number of common settings that you c...

Страница 28: ...gement access to the serial console that is attached to this serial port Figure 5 4 Console Server settings screen Logging Level This specifies the level of information to be logged and monitored referto Chapter 7 Alerts and Logging Telnet When the Telnet service is enabled on the console server a Telnet client on a User or Administrator s computer can connect to a serial device attached to this s...

Страница 29: ...er as a gateway then configure it as a host Next you enable Telnet service on Port 2000 serial port i e 2001 2002 Refer to Chapter 6 for more details on using SDT Connector for Telnet and SSH access to devices that are attached to the console server serial ports You can also use standard communications packages like PuTTY to set a direct Telnet or SSH connection to the serial ports refer to the No...

Страница 30: ...way then as a host and enable SSH service on Port 3000 serial port i e 3001 3002 Chapter 6 Secure Tunneling has more information on using SDT Connector for SSH access to devices that are attached to the console server serial ports You can also use common communications packages like PuTTY or SSHTerm to SSH connect directly to port address IP Address _ Port 3000 serial port for example 3001 3002 SS...

Страница 31: ...th unauthenticated telnet the user connects directly through to a port with any console server login This mode is mainly used when you have an external system such as conserver managing user authentication and access privileges at the serial device level For Unauthenticated Telnet the default port address is IP Address _ Port 6000 serial port i e 6001 6002 Accumulation Period By default once a con...

Страница 32: ...een The getty will then configure the port and wait for a connection to be made An active connection on a serial device is usually indicated by the Data Carrier Detect DCD pin on the serial device being raised When a connection is detected the getty program issues a login prompt and then invokes the login program to handle the actual system login NOTE Selecting Terminal Server mode will disable Po...

Страница 33: ...twork attached management accesses as covered in Chapter 7 Alerts and Logging you can also configure the console server to support the remote syslog protocol on a per serial port basis Select the Syslog Facility Priority fields to enable logging of traffic on the selected serial port to a syslog server and to appropriately sort and action those logged messages that is redirect them send alert emai...

Страница 34: ...t or serial port Only trusted users should have Administrator access NOTE For convenience the SDT Connector Retrieve Hosts function retrieves and auto configures checked serial ports and checked hosts only even for admin group users 2 Members of the user group have limited access to the console server and connected Hosts and serial devices These Users can access only the Management section of the ...

Страница 35: ...k Devices Ports and RPC Outlets you nominated as accessible Plus if the user is a Group member he can also access any other device port outlet that was set up as accessible to the Group NOTE There are no specific limits on the number of users you can set up nor on the number of users per serial port or host Multiple users Users and Administrators can control monitor one port or host There are no s...

Страница 36: ...s screen Enter the IP Address or DNS Name and a Host Name up to 254 alphanumeric characters for the new network connected Host and optionally enter a Description Add or edit the Permitted Services or TCP UDP port numbers that are authorized to be used in controlling this host Only these permitted services will be forwarded through by SDT to the Host All other services TCP UDP ports will be blocked...

Страница 37: ...permitted by entering a Network Mask for that permitted IP range for example To permit all the users located with a particular Class C network for example 204 15 5 0 connection to the nominated port then you would add the following Trusted Network New Rule Network Address 204 15 5 0 Network Mask 255 255 255 0 If you want to permit only the one user who is located at a specific IP address for examp...

Страница 38: ... 5 7 Managed Devices Managed Devices presents a consolidated view of all the connections to a device that you can access and monitor through the console server To view the connections to the devices Select Serial Network Managed Devices Figure 5 20 Managed Devices screen This screen displays all the Managed Devices with their Description Notes It also lists all the configured Connections that is S...

Страница 39: ...fer Chapter 8 Power Management NOTE The outlet names on this newly created PDU will by default be Outlet 1 and Outlet 2 When you connect a particular Managed Device that draws power from the outlet then the outlet will take the powered Managed Device s name To add a new serially connected Managed Device Configure the serial port using the Serial Network Serial Port menu refer to Section 5 1 Config...

Страница 40: ...cess to all the systems and devices in the secure network With one click SDT Connector sets up a secure SSH tunnel from the client to the selected console server then establishes a port forward connection to the target network connected host or serial connected device Next it executes the client application that it uses in communicating with the host This chapter details the basic SDT Connector op...

Страница 41: ...or can first set up Groups with group access permissions then Users can be classified as members of particular Groups 6 2 SDT Connector Client Configuration The SDT Connector client works with all Black Box console servers Each of these remote console servers has an embedded OpenSSH based server that you can configure to port forward connections from the SDT Connector client to hosts on their loca...

Страница 42: ...tion 6 2 6 Then manually configure clients to run on the PC that will use the service to connect to the hosts and serial port devices refer to Section 6 2 6 2 2 Configuring a New Console Server Gateway in the SDT Connector Client To create a secure SSH tunnel to a new console server Click the New Gateway icon or select the File New Gateway menu option Figure 6 4 New Gateway menu option Enter the I...

Страница 43: ...rough by SSH to the Host All other services TCP UDP ports will be blocked 6 2 3 Auto configure SDT Connector Client with the User s Access Privileges Each user on the console server has an access profile that was configured with those specific connected hosts and serial port devices the user has authority to access and a specific set of the enabled services for each of these You can upload this co...

Страница 44: ...figure each Gateway to port forward to an unlimited number of locally networked Hosts There is no limit on the number of SDT Connector clients that can be configured to access the one Gateway Nor are there limits on the number of Host connections that an SDT Connector client can concurrently have open through the one Gateway tunnel There is a limit on the number of SDT Connector SSH tunnels that c...

Страница 45: ...dding a new service then return here Or enter a Descriptive Name for the host to display instead of the IP or DNS address and any Notes or a Description of this host such as its operating system release or anything special about its configuration Click OK 6 2 6 Manually Adding New Services to the New Hosts To extend the range of services that you can use when accessing hosts with SDT Connector Sel...

Страница 46: ...ed with them An example is the Dell RAC service The first redirection is for the HTTPS connection to the RAC server it has a client associated with it web browser that it launches immediately when you click the button for this service The second redirection is for the VNC service that you may choose to later launch from the RAC web console It automatically loads in a Java client served through the...

Страница 47: ... the host This will also be the local UDP port that SDT Connector binds as the local endpoint of the tunnel For UDP services you still need to specify a TCP port under General This will be an arbitrary TCP port that is not in use on the gateway An example of this is the SOL Proxy service It redirects local UDP port 623 to remote UDP port 623 over the arbitrary TCP port 6667 6 2 7 Adding a Client P...

Страница 48: ...is bound that is the Local Address field for the Service redirection Advanced options port is the local port to which the local endpoint of the redirection is bound that is the Local TCP Port field for the Service redirection Advanced options If this port is unspecified that is Any the appropriate randomly selected port will be substituted For example SDT Connector is preconfigured for Windows ins...

Страница 49: ...er and select Network Hosts from Serial Network click Add Host and in the IP Address DNS Name field enter 127 0 0 1 this is the Black Box network loopback address Then enter Loopback in Description Remove all entries under Permitted Services except for those that you will use to access the Management Console 80 http or 443 https or the command line 22 ssh or 23 telnet Scroll to the bottom and clic...

Страница 50: ...ve all entries under Permitted Services select TCP and enter 200n in Port This configures the Telnet port enabled in the previous step so for Port 2 you would enter 2002 Click Add then scroll to the bottom and click Apply Administrators by default have gateway and serial port access privileges however for Users to access the gateway and the serial port you will need to give those Users the require...

Страница 51: ...ction is the name of the network connection as displayed in Control Panel Network Connections login is the dial in username and password is the dial in password for the connection To initiate a pre configured dial up connection under Linux use the following Start Command pon network_connection where network_connection is the name of the connection Enter the command or path to a script to stop the ...

Страница 52: ...thentication SDT Connector can authenticate against an SSH gateway using your SSH key pair instead of requiring you to enter your password This is known as public key authentication To use public key authentication with SDT Connector first you must add the public part of your SSH key pair to your SSH gateway Make sure the SSH gateway allows public key authentication this is typically the default b...

Страница 53: ...Microsoft Remote Desktop Protocol RDP enables the system manager to securely access and manage remote Windows computers to reconfigure applications and user profiles upgrade the server s operating system reboot the machine etc Black Box s Secure Tunneling uses SSH tunneling so this RDP traffic is securely transferred through an authenticated and encrypted tunnel SDT with RDP also allows remote Use...

Страница 54: ...than one user can have active sessions on a single computer When the remote user connects to the accessed computer on the console session Remote Desktop automatically locks that computer no other user can access the applications and files When you come back to your computer at work you can unlock it by typing CTRL ALT DEL 6 8 2 Configure the Remote Desktop Connection Client Now that you have the C...

Страница 55: ...ommend that you not use over 256 colors In Local Resources specify the peripherals on the remote Windows computer that are to be controlled printer serial port etc Figure 6 25 Remote Desktop Connection General tab Click Connect NOTES The Remote Desktop Connection software is pre installed with Windows XP Vista and Server 2003 2008 For earlier Windows PCs you need to download the RDP client Go to t...

Страница 56: ... Download Microsoft s free Remote Desktop Connection client for Mac OS X http www microsoft com mac otherproducts otherproducts aspx pid remotedesktopclientSDT SSH Tunnel for VNC 6 9 SDT SSH Tunnel for VNC With SDT and Virtual Network Computing VNC Users and Administrators can securely access and control Windows 98 NT 2000 XP 2003 Linux Macintosh Solaris and UNIX computers There s a range of popul...

Страница 57: ...ndows Unix and Linux and compatible with the standard Real VNC UltraVNC http ultravnc com is easy to use fast and free VNC software that has pioneered and perfected features that the other flavors have consistently refused or been very slow to implement for cross platform and minimalist reasons UltraVNC runs under Windows operating systems 95 98 Me NT4 2000 XP 2003 Download UltraVNC from Sourcefor...

Страница 58: ...onnection NOTE To make VNC faster when you set up the Viewer Set encoding to ZRLE if you have a fast enough CPU Decrease color level e g 64 bit Disable the background transmission on the Server or use a plain wallpaper Refer to http doc uvnc com for detailed configuration instructions To establish the VNC connection first configure the VNC Viewer entering the VNC Server IP address When the Viewer ...

Страница 59: ...wsxp using mobility rdfaq mspx Secure remote access of a home network using SSH Remote Desktop and VNC for the home user http theillustratednetwork mvps org RemoteDesktop SSH RDP VNC RemoteDesktopVNCandSSH html Taking your desktop virtual with VNC Red Hat magazine http www redhat com magazine 006apr05 features vnc and http www redhat com magazine 007may05 features vnc Wikipedia general background ...

Страница 60: ...nection between the Windows computer through its COM port to the console server Both Windows 2003 and Windows XP Professional allow you to create a simple dial in service which can be used for the Remote Desktop VNC HTTP X connection to the console server Open Network Connections in Control Panel and click the New Connection Wizard Figure 6 31 New Connection Wizard screen Select Set up an advanced...

Страница 61: ...Properties screen select TCP IP Nominate a From and a To TCP IP address and click Next NOTES You can choose any TCP IP addresses so long as they are addresses that are not used anywhere else on your network The From address will be assigned to the Windows XP 2003 computer and the To address will be used by the console server For simplicity use the IP address as shown in the illustration above From...

Страница 62: ...option to Set up an advanced connection is not available in Windows 2003 if RRAS is configured If RRAS has been configured you can enable the null modem connection for the dial in configuration For earlier version Windows computers follow the steps in Section B above To get to the Make New Connection button For Windows 2000 click Start and select Settings At the Dial Up Networking Folder click Net...

Страница 63: ...and a username password for a user you set up on the console server that has access to the desired port Next add a New SDT Host In the Host address put portxx where xx the port you are connecting to Example for port 1 you would have a Host Address of port01 Then select the RDP Service check box 6 11 SSH Tunneling Using other SSH Clients for example PuTTY As covered in the previous sections of this...

Страница 64: ...d in Add new forwarded port enter any high unused port number for the Source port for example 54321 Set the Destination IP details If your destination device is network connected to the console server and you are connecting using RDP set the Destination as Managed Device IP address DNS Name 3389 For example if when setting up the Managed Device as Network Host on the console server you specified i...

Страница 65: ...lick the Add button Click Open to SSH connect the Client PC to the console server You will now be prompted for the Username Password for the console server user Figure 6 38 Enter username and password If you are connecting as a User in the users group then you can only SSH tunnel to Hosts and Serial Ports where you have specific access permission If you are connecting as an Administrator in the ad...

Страница 66: ...alicious user could snoop your VNC session There are also VNC scanning programs available which will scan a subnet looking for PCs that are listening on one of the ports that VNC uses Tunneling VNC over a SSH connection ensures all traffic is strongly encrypted No VNC port is ever open to the internet so anyone scanning for open VNC ports will not be able to find your computers When tunneling VNC ...

Страница 67: ...tion Section 7 3 Then you need to activate and set the desired levels of logging for each serial Section 7 4 and or network port Section 7 5 and or power UPS refer to Chapter 8 7 1 Configure SMTP SMS SNMP Nagios Alert Service The Alerts facility monitors nominated ports hosts UPSs PDUs EMDs etc for trigger conditions When triggered the facility sends an alert notification over the nominated alert ...

Страница 68: ...en the email has been received from authorized senders You might need to assign a specific authorized email address for the console server You may also enter a Username and Password because some SMS gateway service providers use SMTP servers which require authentication You can specify the specific Subject Line that will be sent with the email Generally the email subject will contain a truncated v...

Страница 69: ...uration for more details 7 1 4 Nagios Alerts To notify the central Nagios server of Alerts NSCA must be enabled under System Nagios and Nagios must be enabled for each applicable host or port under Serial Network Network Hosts or Serial Network Serial Ports refer to Chapter 10 7 2 Activate Alert Events and Notifications The Alert facility monitors the status of the console server and connected dev...

Страница 70: ...r this event In a SDT Nagios centrally managed environment you can check the Nagios alert option On the trigger condition for matched patterns logins power events and signal changes an NSCA check warning result will be sent to the central Nagios server This condition is displayed on the Nagios status screen and triggers a notification which can cause the Nagios central server itself to send out an...

Страница 71: ...u must specify the particular Signal Type DSR DCD or CTS trigger condition and the Applicable Ports s Figure 7 7 Serial port signal alert Serial Port Pattern Match Alert This alert will be triggered if a regular expression is found in the serial ports character stream that matches the regular expression you enter in the Pattern field This alert type will only be applied to serial ports selected as...

Страница 72: ...wer Alert Type This alert type monitors UPSes RPCs and power devices Figure 7 9 Power alert Select Power Alert to activate Specify which Sensor Type to alert on Power Load and Battery Charge Set the levels at which Critical and or Warning alerts are to be sent You can also specify High and or Low Set Points for sending alerts and the Hysteresis to be applied before resetting the alerts NOTE Specif...

Страница 73: ...rns off logging for the selected port Level 1 Logs all connection events to the port Level 2 Logs all data transferred to and from the port all changes in hardware flow control status and all User connection events Click Apply NOTE A cache of the most recent 8K of logged data per serial port is maintained locally in addition to the Logs that are transmitted for remote USB flash storage To view the...

Страница 74: ...1101 and 1102 Secure Device Servers 724 746 5500 blackbox com 74 Level 2 Logs all data transferred to and from the port Click Add then click Apply ...

Страница 75: ...er for example with SDT as detailed in Chapter 6 3 an SNMP management package or using the vendor supplied control software Servers and network attached appliances with embedded IPMI service processors or BMCs invariably have their own management tools like SoL that provide secure management when connected with SDT Connector For simplicity you can now control all these devices through one window u...

Страница 76: ...s the Name and Description for the power device Or if you select to Connect Via a Serial connection enter a Name and Description for the power device Figure 8 2 Add RPC screen Select the appropriate RPC Type for the PDU or IPMI being connected If you are connecting to the RPC via the network you will be presented with the IPMI protocol options and the SNMP RPC Types currently supported by the embe...

Страница 77: ...rvers support most popular network and serial PDUs If your PDU is not on the default list then you can add support directly as covered in Chapter 15 Advanced Configurations or add the PDU support to either the Network UPS Tools or PowerMan open source projects Configure IPMI service processors and BMCs so that all authorized users can use the Management Console to remotely cycle power and reboot c...

Страница 78: ...will be displayed Click on View Log or select the RPCLogs menu and you will be presented with a table of the history and detailed graphical information on the selected RPC Click Manage to query or control the individual power outlet This will take you to the Manage Power screen 8 2 Uninterruptible Power Supply Control UPS You can configure all Black Box console servers to manage locally and remote...

Страница 79: ...other computers that are drawing power through the UPS slaves to monitor the UPS status and take appropriate action such as shutdown when the UPS battery is low Figure 8 6 Managed UPS connections The console server may or may not be drawing power itself through the Managed UPS When the UPS s battery power reaches critical the console server signals and waits for slaves to shut down then powers off...

Страница 80: ...ith the RS 232 properties etc required by the UPS refer to Chapter 5 1 1 Common Settings Then select UPS as the Device Type For each network connected UPS go to the Serial Network Network Hosts menu and configure the UPS as a connected Host by specifying it as Device Type UPS and clicking Apply No such configuration is required for USB connected UPS hardware Figure 8 7 UPS connections Select the S...

Страница 81: ... and Password is used by slaves of this UPS that is other computers that are drawing power through this UPS to connect to the console server to monitor the UPS status so they can shut themselves down when battery power is low Monitoring will typically be performed using the upsmon client running on the slave server refer to Section 8 2 3 NOTE These login credentials are not related to the Users an...

Страница 82: ...n also customize the upsmon upsd and upsc settings for this UPS hardware directly from the command line 8 2 2 Remote UPS Management A Remote UPS is a UPS that is connected as a Managed Device to a remote console server that is monitored but not managed by your console server You can configure the upsc and upslog clients in the Black Box console server to monitor remote servers that are running Net...

Страница 83: ...onitor the console server that is managing their UPS This will set the specific conditions that will be used to initiate a power down of the computer Non critical servers may be powered down some seconds after the UPS starts running on battery In contrast more critical servers may not be shut down until a low battery warning is received Refer to the online NUT documentation for details on how to d...

Страница 84: ...ll the Managed and Monitored UPS systems This information will be logged for all UPSes that were configured with Log Status checked The information is also presented graphically Figure 8 12 Log table 8 2 6 Overview of Network UPS Tools NUT NUT is built on a networked model with a layered scheme of drivers server and clients Configure NUT using the Management Console as described above or configure...

Страница 85: ...cripts and other programs that need UPS data but don t want to include the full interface The upsmon client enables servers that draw power through the UPS to shutdown gracefully when the battery power reaches critical There are also logging clients upslog and third party interface clients Big Sister Cacti Nagios Windows and more Refer to The latest release of NUT 2 4 also controls PDU systems It ...

Страница 86: ...distributed throughout the data center across a campus or around the world NUT supports the more complex power architectures found in data centers communications centers and distributed office environments where many UPSes from many vendors power many systems with many clients Each of the larger UPSes power multiple devices and many of these devices are in turn dual powered ...

Страница 87: ...ill be used for authentication of any user who attempts to log in through Telnet SSH or the Web Manager to the console server and any connected serial port or network host devices You can configure the console server to the default Local or using an alternate authentication method TACACS RADIUS or LDAP Optionally you can select the order in which local and remote authentication is used Local TACAC...

Страница 88: ...or on the network depending on the capabilities of the daemon There is a draft RFC detailing this protocol You can find further information on configuring remote TACACS servers at the following sites http www cisco com en US tech tk59 technologies_tech_note09186a0080094e99 shtml http www cisco com en US products sw secursw ps4911 products_user_guide_chapter09186a00800eb6d6 html http cio cisco com ...

Страница 89: ...ccount Click Apply LDAP remote authentication will now be used for all user access to console server and serially or network attached devices LDAP The Lightweight Directory Access Protocol LDAP is based on the X 500 standard but is significantly simpler and more readily adapted to meet custom needs The core LDAP specifications are all defined in RFCs LDAP is a protocol used to access information s...

Страница 90: ...on the local system setup and is at the discretion of the local Administrator The console server family supports PAM with the following modules added for remote authentication RADIUS pam_radius_auth TACACS pam_tacplus LDAP pam_ldap Further modules can be added as required Changes may be made to files in etc config pam d that will persist even if the authentication configurator runs Users added on ...

Страница 91: ...ies the security certificate is valid but notes that it is not necessarily verified by a certifying authority To proceed you need to click yes if you are using Internet Explorer or select accept this certificate permanently or temporarily if you are using Mozilla Firefox You will then be prompted for the Administrator account and password as normal We recommend that you generate and install a new ...

Страница 92: ...rmany or US for the USA Note Enter the country code in CAPITAL LETTERS Email The email address of a contact person that is responsible for the console server and its security Challenge Password Some certification authorities require a challenge password to authorize later changes on the certificate for example revocation of the certificate The password must be at least 4 characters long Confirm Ch...

Страница 93: ...9 6 Upload button After completing these steps the console server has its own certificate that is used for identifying the console server to its users NOTE You can find information on issuing certificates and configuring HTTPS from the command line in Chapter 14 ...

Страница 94: ...etwork and serial hosts from a central location NOTE If you have an existing Nagios deployment you may want to use the console server gateways in a distributed monitoring server capacity only If this case and you are already familiar with Nagios skip ahead to Section 10 3 10 1 Nagios Overview Nagios provides central monitoring of the hosts and services in your distributed network Nagios is freely ...

Страница 95: ... add ons but not a full Nagios server Clients Typically a client PC laptop etc running Windows Linux or Mac OS X Runs SDT Connector client software 1 5 0 or later Possibly remote to the central Nagios server or distributed console servers i e a road warrior May receive alert emails from the central Nagios server or distributed console servers Connects to the central Nagios server web UI to view st...

Страница 96: ...ices it monitors by default you are ready to continue 10 2 2 Setup Distributed Console Servers This section provides a brief walkthrough on configuring a single console server to monitor the status of one attached network host a Windows IIS server running HTTP and HTTPS services and one serially attached device the console port of a network router and to send alerts back to the Nagios server when ...

Страница 97: ...rt 80 Click New Check and select Check TCP Select Port 443 Click Apply Similarly you now must configure the serial port to the router to be monitored by Nagios Select Serial Port from the Serial Network menu Locate the serial port that has the router console port attached and click Edit Make sure the serial port settings under Common Settings are correct and match the attached router s console por...

Страница 98: ...nnected to the console server that you want to monitor must have Nagios enabled and any specific Nagios checks configured Configure the central upstream Nagios monitoring host 10 3 1 Enable Nagios on the Console Server Select System Nagios on the console server Management Console and tick the Nagios service Enabled Enter the Nagios Host Name that the Console server will be referred to in the Nagio...

Страница 99: ...RPE checks By default the console server will accept a connection between the upstream Nagios monitoring server and the NRPE server with SSL encryption without SSL or tunneled through SSH The security for the connection is configured at the Nagios server 10 3 3 Enable NSCA Monitoring Figure 10 6 NCSA monitoring structure NSCA is the mechanism that allows you to send passive check results from the ...

Страница 100: ...to determine whether the network host itself is up or down Typically this will be Check Ping although in some cases the host will be configured not to respond to pings If no check host alive check is selected the host will always be assumed to be up You may deselect check host alive by clicking Clear check host alive If required customize the selected Nagios Checks to use custom arguments Click Ap...

Страница 101: ... 168 254 147 p 5666 c check_serial_ HOSTNAME define service service_description Serial Status host_name server use generic service check_command check_serial_status define service service_description serial signals server host_name server use generic service check_command check_serial_status active_checks_enabled 0 passive_checks_enabled 1 define servicedependency name Black Box_nrpe_daemon_dep ho...

Страница 102: ...Ping host_name server use generic service check_command check_ping_via_Black Box define service service_description host ping server host_name server use generic service check_command check_ping_via_Black Box active_checks_enabled 0 passive_checks_enabled 1 define servicedependency name Black Box_nrpe_daemon_dep host_name Black Box dependent_host_name server dependent_service_description Host Ping...

Страница 103: ...also play a part The table below shows the performance of three of the console servers Time No encryption 3DES SSH tunnel NSCA for single check second second second NSCA for 100 sequential checks 100 seconds 100 seconds 100 seconds NSCA for 10 sequential checks batched upload 1 seconds 2 seconds 1 second NSCA for 100 sequential checks batched upload 7 seconds 11 seconds 6 seconds No encryption SSL...

Страница 104: ...ol the power supply to the managed devices Figure 10 7 Using Nagios in a local office Remote site In this scenario configure the console server NRPE server or NSCA client to actively check configured services and upload the checks to the Nagios server that s waiting passively You can also configure it to service NRPE commands to perform checks on demand In this situation the console server will pe...

Страница 105: ...agios server to run NRPE commands Figure 10 9 Using Nagios in a remote site with a restrictive firewall Remote site with no network access In this scenario the console server allows dial in access for the Nagios server Periodically the Nagios server will establish a connection to the console server and execute any NRPE commands before dropping the connection SSH travel initiated for remote site NR...

Страница 106: ...eway to default settings A soft reset is affected by Selecting Reboot in the System Administration menu and clicking Apply Figure 11 1 Reboot the gateway The console server reboots with all settings for example the assigned network IP address preserved This soft reset disconnects all users and ends any established SSH sessions A soft reset will also occur when you switch OFF power from the console...

Страница 107: ...rver will not allow you to upgrade to the same or an earlier version The Firmware version is displayed in each page s header Or select Status Support Report and note the Firmware Version Figure 11 3 Firmware version To upgrade you first must download the latest firmware image from the Black Box web site Save this downloaded firmware image file to a system on the same subnet as the console server D...

Страница 108: ...ck Apply The gateway can synchronize its system time with a remote time server using the Network Time Protocol NTP Configuring the NTP time server ensures that the console server clock will be accurate soon after the Internet connection is established Also if NTP is not used the system clock will reset randomly every time the console server is powered up To set the system time using NTP Select the...

Страница 109: ...t an alternate default configuration check Load On Erase and click Apply NOTE Before selecting Load On Erase make sure that you have tested your alternate default configuration by clicking Restore If your alternate default configuration causes the console server to not boot recover your unit to factory settings using the following steps If the configuration is stored on an external USB storage dev...

Страница 110: ... 2 RPC Status Chapter 8 1 12 1 Port Access and Active Users The Administrator can see which Users have access privileges with which serial ports Select the Status Port Access Figure 12 1 Port access status screen The Administrator can also see the current status as to Users who have active sessions on those ports Select the Status Active Users 12 2 Statistics The Statistics report provides a snaps...

Страница 111: ...pport team to solve any problems you may experience with your console server If you do experience a problem and have to contact tech support make sure you include the Support Report with your email support request The Support Report is generated when the issue is occurring and is attached in plain text format Figure 12 3 Support report Select Status Support Report and you will be presented with a ...

Страница 112: ...Select Status Syslog To make it easier to find information in the local Syslog file use the provided pattern matching filter tool Specify the Match Pattern that you want to search for for example the search for mount is shown below and click Apply The Syslog will then be represented with only those entries that actually include the specified pattern Figure 12 4 Syslog specified by match pattern 12...

Страница 113: ... but there is an admin group dashboard configured then you will see the admin group dashboard instead If there is no user dashboard or admin group dashboard configured then you will see the default dashboard The root user does not have its own dashboard Use the above configuration options to enable admin users to setup their own custom dashboards The Dashboard displays six widgets These widgets in...

Страница 114: ...fig scripts where name can be anything You can have as many custom dashboard files as you want Inside this file you can put any code you want When configuring the dashboard choose widget name sh in the dropdown list The dashboard will run the script and display the output of the script commands directly on the screen inside the specific widget The best way to format the output would be to send HTM...

Страница 115: ...d with a list of all configured Managed Devices whereas the User will only see the Managed Devices they or their Group has been given access privileges for Figure 13 1 Managed devices screen Select Serial Network or Power for a view of the specific connections The user can then take a range of actions using these serial network or power connections by selecting the Action icon or the related Manag...

Страница 116: ...ed to the console server serial ports using SDT Connector and their local tenet client or use a java terminal in their browser Select Manage Terminal Figure 13 4 Managing terminal Click Connect to SDT Connector to access the console server s command line shell or the serial ports via SDT Connector This will to activate the SDT Connector client on the computer you are browsing from and load your lo...

Страница 117: ...terminal will be displayed Select File Open SHELL Session from the jcterm menu to access the command line using SSH To access the console server s command line enter its TCP address e g 192 168 254 198 as hostname and the Username for example root 192 168 254 198 Then enter the Password To access the console server s serial ports append serial to the username With the gateway s TCP address for exa...

Страница 118: ...nd applications such as ifconfig gettyd stty powerman nut etc Without care these configurations may not withstand a power cycle reset or reconfigure Black Box provides a number of custom command line utilities and scripts to make it simple to configure the console server and make sure the changes are stored in the console server s flash memory etc In particular the config utility allows you to man...

Страница 119: ... To display the entire config tree type config g config To display the help text for the config command type config h The config application resides in the bin directory The environmental variable called PATH contains a route to the bin directory This allows a user to simply type config at the command prompt instead of the full path bin config Options a run all Run all registered configurators Thi...

Страница 120: ...istrators must make sure of the spelling when typing config commands Incorrect spelling for a node will not be flagged Most configurations made to the XML file will be immediately active To make sure that all configuration changes are active especially when editing user passwords run all the configurators bin config a For information on backing up and restoring the configuration file refer to Chap...

Страница 121: ...n period 100 ms Escape character default is log level 2 default is 0 Shell power command menu Enabled RFC2217 access Enabled Limit pot to 1 connection Enabled SSH access Enabled TCP access Enabled telnet access Disabled Unauthorized telnet access Disabled config s config ports port5 delay 100 config s config ports port5 escapechar config s config ports port5 loglevel 2 config s config ports port5 ...

Страница 122: ...7 service 2500 config s config ports port5 bridge address 192 168 3 3 config s config ports port5 bridge port 2500 To enable RFC 2217 access config s config ports port5 bridge rfc2217 on To redirect the serial bridge over an SSH tunnel to the server config s config ports port5 bridge ssh enabled on Syslog settings Additionally the global system log settings can be set for any specific port in any ...

Страница 123: ... left blank or simply config d config users user2 port1 The port number can be anything from 1 to 48 depending on the available ports on the specific console server For example assume we have an RPC device connected to port 1 on the console server and the RPC is configured To give this user access to RPC outlet number 3 on the RPC device run the 2 commands below config s config ports port1 power o...

Страница 124: ... given access to this power outlet then increment the config ports port1 power outlet3 groups total element accordingly To give this group access to network host 5 config s config sdt hosts host5 groups group1 Group7 config s config sdt hosts host5 groups total 1 total number of groups having access to host To give another group called Group8 access to the same host config s config sdt hosts host5...

Страница 125: ...config s config auth radius password password The following command will synchronize the live system with the new configuration config r auth 14 6 Network Hosts To determine the total number of currently configured hosts config g config sdt hosts total Assume this value is equal to 3 If you add another host make sure you increment the total number of hosts from 3 to 4 config s config sdt hosts tot...

Страница 126: ...onnections connection1 name 192 168 3 10 config s config devices device2 connections connection1 type Host config s config devices device2 name OfficePC config s config devices device2 description MyPC config s config devices total 2 The following command will synchronize the live system with the new configuration config hosts 14 7 Trusted Networks You can further restrict remote access to serial ...

Страница 127: ...rk refer to Chapter 6 The following command will synchronize the live system with the new configuration config r cascade 14 9 UPS Connections Managed UPSes Before adding a managed UPS make sure that at least 1 port has been configured to run in device mode and that the device is set to ups To add a managed UPS with the following values Connected via Port 1 UPS name My UPS Description UPS in room 5...

Страница 128: ...owing details assuming this is our first remote UPS UPS name oldUPS Description UPS in room 2 Address 192 168 50 50 Log status Disabled Log rate 240 seconds Run shutdown script Enabled config s config ups remotes remote1 name oldUPS config s config ups remotes remote1 description UPS in room 2 config s config ups remotes remote1 address 192 168 50 50 config d config ups remotes remote1 log enabled...

Страница 129: ...onfig devices total 3 The following command will synchronize the live system with the new configuration config a 14 11 Managed Devices To add a managed device also see UPS RPC connections and Environmental config s config devices device8 name my device config s config devices device8 description The eighth device config s config devices device8 connections connection1 name my device config s confi...

Страница 130: ...config alerts alert2 description MySecondAlert config s config alerts alert2 email john Black Box com config s config alerts alert2 email2 peter Black Box com To use NAGIOS to notify of this alert config s config alerts alert2 nsca enabled on To use SNMP to notify of this alert config s config alerts alert2 snmp enabled on Increment the total alerts config s config alerts total 2 Below are the spe...

Страница 131: ...alerts alert2 rpc RPC name config s config alerts alert2 sensor temp humid load charge config s config alerts alert2 signal DSR config s config alerts alert2 type enviro config s config alerts alert2 ups1 UPSname hostname Example To configure a load sensor alert for outlets 2 and 4 for an RPC called RPCInRoom20 config s config alerts alert2 outlet1 RPCname outlet2 config s config alerts alert2 out...

Страница 132: ...following command will synchronize the live system with the new configuration config a 14 16 Administration To change the administration settings to System Name og mydomain com System Password root account secret Description Device in office 2 config s config system name og mydomain com config P config system password will prompt user for a password config s config system location Device in office...

Страница 133: ...es can also be configured automatically config s config interfaces wan mode dhcp config s config interfaces lan mode dhcp The following command will synchronize the live system with the new configuration bin config run ipconfig The following command will synchronize the live system with the new configuration config r ipconfig 14 18 Date and Time Settings To enable NTP using a server at pool ntp or...

Страница 134: ...faces lan dhcpd pools total 1 config s config interfaces lan dhcpd staticips staticip1 ip 192 168 0 50 config s config interfaces lan dhcpd staticips staticip1 mac 00 1e 67 82 72 d9 config s config interfaces lan dhcpd staticips staticip1 host John PC config s config interfaces lan dhcpd staticips total 1 The following command will synchronize the live system with the new configuration config a 14...

Страница 135: ...gs NRPE port 5600 port to listen on for nrpe Defualts to 5666 NRPE user user1 User to run as Defaults to nrpe NRPE group group1 Group to run as Defaults to nobody Allow command arguments Enabled config s config system nagios nrpe enabled on config s config system nagios nrpe port 5600 config s config system nagios user user1 config s config system nagios nrpe group group1 config s config system na...

Страница 136: ...ment kit The console server supports GNU bash shell commands refer to the Appendix enabling the Administrator to run custom scripts The etc config rc local script runs whenever the system boots By default this script file is empty You can add any commands to this file if you want them to run at boot time for example if you wanted to display hello world bin sh echo Hello World If this script has be...

Страница 137: ...file or add any additional scripting to the file For example we have an RPC PDU connected to port 1 on a console server and also have some telecommunications device connected to port 2 which is powered by the RPC outlet 3 Now assume the telecom device transmits a character stream EMERGENCY out on its serial console port every time that it encounters some specific error and the only way to fix this...

Страница 138: ... deleted may have You are responsible for making sure that any references and dependencies connected to the deleted node are removed or corrected in the config xml file The script treats all nodes the same The syntax to run the script is delete node node name To remove user 3 delete node config users user3 The delete node script bin bash User must provide the node to be removed For example config ...

Страница 139: ...onfig s TOTALNODE 0 echo Done exit 0 elif NUMBER lt TOTAL more than one item exists then Modify the users list so user numbers are sequential by shifting the users into the gap one at a time echo Deleting 1 LASTFIELDTEXT echo LASTFIELD sed s 0 9 g CHECKTOTAL config g ROOTNODE LASTFIELDTEXT TOTAL if z CHECKTOTAL then echo WARNING TOTALNODE greater than number of items fi COUNTER 1 while COUNTER TOT...

Страница 140: ...192 168 22 2 bin bash c pmpower l port01 o 3 cycle date tmp output log The above command will cause the ping detect script to continuously ping the host at 192 168 22 2 which is the router If the router crashes it will no longer respond to ping requests If this happens the two commands pmpower and date will run The output from these commands is sent to the file tmp output log so that we have a rec...

Страница 141: ...tom script exists You can then add any commands to the custom script and they will be invoked after the configurator runs The custom scripts must be in the correct location etc config scripts config post To create an alerts custom script cd etc config scripts touch config post alerts vi config post alerts You could use this script to recover a specific backup config or overwrite a config or make c...

Страница 142: ...is mounted tmp is not a good location for the backup except as a temporary location before transferring it off box The tmp directory will not survive a reboot The etc config directory is not a good place either because it will not survive a restore Backup and restore should be done by the root user to make sure correct file permissions are set The config command is used to create a backup tarball ...

Страница 143: ... Set RTS to 1 run the command pmshell rts 1 Show all signals pmshell signals DSR 1 DTR 1 CTS 1 RTS 1 DCD 0 Read a line of text from the serial port pmshell getline pmchat The pmchat command acts similar to the standard chat command but all serial port access is directed via the portmanager Example To run a chat script via the portmanager pmchat v f etc config scripts port08 chat dev port08 For mor...

Страница 144: ...ipt is run with STDIN containing the data which triggered the alert and STDOUT redirected to dev null NOT to the serial port If you want to communicate with the port use pmshell or pmchat from within the script If the script cannot be executed then the alert will be mailed to the address configured in the system administration section When a user connects to any port If a file called etc config pm...

Страница 145: ...mgetty options are supported Enabling Boot Messages on the Console If you are not using a modem on the DB9 console port and instead want to connect to it directly via a Null Modem cable enable verbose mode which allows you to see the standard linux start up messages Follow these commands bin config set config console debug on bin config run console reboo t If at some point in the future you chose ...

Страница 146: ... about using the iptables command at the Linux netfilter website There are also many high quality tutorials and HOWTOs available via the netfilter website in particular peruse the tutorials listed on the netfilter HOWTO page To add more than one SNMP server for alert traps add the first SNMP server using the Management Console or the command line config tool Secondary and any further SNMP servers ...

Страница 147: ... another It provides strong authentication and secure communications over insecure channels OpenSSH the de facto open source SSH application encrypts all traffic including passwords to effectively eliminate these risks Additionally OpenSSH provides a myriad of secure tunneling capabilities as well as a variety of authentication methods OpenSSH is the port of OpenBSD s excellent OpenSSH 0 to Linux ...

Страница 148: ...ack Box devices will have no way to supply it as runtime Full documentation for the ssh keygen command can be found at For Black Box console servers the keys can be simply uploaded through the web interface on the System Administration page This enables you to upload stored RSA or DSA Public Key pairs to the Master and apply the Authorized key to the slave and is described in Chapter 4 Once comple...

Страница 149: ...s_bridge_server Figure 15 2 More documentation on OpenSSH can be found at http openssh org portable html Master Slave Slave Master Master authorized_key ssh rsa AAAAB3NzaC1yC2Efg4 t GHIAAA name client1 id_rsa BEGIN RSA PRIVATE KEY MIBogIDAAKCAQEA yIPGsNf5 aOLnPUMc nujXXPGIQGyD3b79 KZg3UZMjZI525sCy Opv4TjTvTK6a7QIYt GYTByUdl authorized_key ssh rsa AAAAB3NzaC1yC2Efg4 t GHIAAA name client1 id_rsa pub...

Страница 150: ...Ygen make sure you have a recent version of the puttygen exe available from Make sure you have a recent version of WinSCP available from To generate a SSH key using PuTTY Execute the PUTTYGEN EXE program Select the desired key type SSH2 DSA you may use RSA or DSA within the Parameters section It is important that you leave the passphrase field blank Click on the Generate button Follow the instruct...

Страница 151: ...re connections This fingerprint is related to the host key of the remote server Fingerprints are stored in ssh known_hosts To receive the fingerprint from the remote server log in to the client as the required user usually root and establish a connection to the remote host ssh remhost The authenticity of host remhost 192 168 0 1 can t be established RSA key fingerprint is 8d 11 e0 7e 8a 6f ad f1 9...

Страница 152: ...load these keys to the Server and Client console servers Client Keys The first step in setting up ssh tunnels is to generate keys Ideally you will use a separate secure machine to generate and store all keys to be used on the console servers If this is not ideal for your situation keys may be generated on the console servers themselves It is possible to generate only one set of keys and reuse them...

Страница 153: ...aa 29 38 ba 40 f4 11 5e 3f d4 fa e5 36 14 d6 user server You should ensure there is no password associated with the keys If there is a password then the console servers will have no way to supply it as runtime Authorized Keys If the console server selected to be the server will only have one client device then the authorized_keys file is simply a copy of the public key for that device If one or mo...

Страница 154: ...hat s transferred over the SSL connection The console server includes OpenSSL The OpenSSL Project is a collaborative effort to develop a robust commercial grade full featured and Open Source toolkit implementing the Secure Sockets Layer SSL v2 v3 and Transport Layer Security TLS v1 protocols as well as a full strength general purpose cryptography library The project is managed by a worldwide commu...

Страница 155: ...cumentation on the PSCP can be found Note that the easiest way to enable the HTTPS server is from the web Management Console Simply click the appropriate checkbox in Network Services HTTPS Server and the HTTPS server will be activated assuming the ssl_key pem ssl_cert pem files exist in the etc config directory Alternatively inetd can be configured to launch the secure fnord server from the comman...

Страница 156: ...ry responses For more details refer Also refer documentation and Target Specification powerman target hostnames may be specified as comma separated or space separated hostnames or host ranges Host ranges are of the general form prefix n m l k where n m and l k etc This form should not be confused with regular expression character classes also denoted by For example foo 19 does not represent foo1 o...

Страница 157: ...ips xml if it exists The user can add his own support for more devices by putting definitions for them into etc config powerstrips xml This file can be created on a host system and copied to the Management Console device using scp Alternatively login to the Management Console and use ftp or wget to transfer files Here is a brief description of the elements of the XML entries in etc config powerstr...

Страница 158: ...OpenIPMI and it is included in standard distributions On Solaris this driver is called BMC and is included in Solaris 10 Management of a remote station requires the IPMI over LAN interface to be enabled and configured Depending on the particular requirements of each system it may be possible to enable the LAN interface using ipmitool over the system interface OPTIONS a Prompt for the remote server...

Страница 159: ...h an console server Further we strongly advise that you do not enable IPMI for remote access without setting a password and that password should not be the same as any other password on that system When an IPMI password is changed on a remote machine with the IPMIv1 5 lan interface the new password is sent across the network as clear text This could be observed and then used to attack the remote s...

Страница 160: ...x NOTE The CDK is free When the console servers are cascaded the Master is in control of the serial ports on the Slaves and the Master s Management Console provides a consolidated view of the settings for its own and all the Slave s serial ports The Master does not provide a fully consolidated view for example Status Active Users only displays those users active on the Master s ports and you will ...

Страница 161: ...ncatenate FILE s and print them to stdout chat Useful for interacting with a modem connected to stdin stdout chgrp Change file access permissions chmod Change file access permissions chown Change file owner and group config Black Box tool to manipulate and query the system configuration from the command line cp Copy files and directories date Print or set the system date and time dd Convert and co...

Страница 162: ...l NTP daemon pgrep Display process es selected by regex pattern pidof Find the process ID of a running program ping Send ICMP ECHO_REQUEST packets to network hosts ping6 IPv6 ping pkill Sends a signal to process es selected by regex pattern pmchat Black Box command similar to the standard chat command via portmanager pmdeny pminetd pmloggerd pmshell Black Box command similar to the standard tip or...

Страница 163: ...e vconfig Create and remove virtual ethernet devices vi Busybox clone of the VI text editor w Show who is logged on and what they are doing zcat Identical to gunzip c Commands above which are appended with come from BusyBox the Swiss Army Knife of embedded Linux Others are generic Linux commands and most commands the h or help argument to provide a terse runtime description of their behavior More ...

Страница 164: ...uilt in the console server is a Port Manager application and Configuration tools as described in Chapters 15 and 16 These both are proprietary to Black Box but open to customers as above The console server also supports GNU bash shell script enabling the Administrator to run custom scripts GNU bash version 2 05 0 1 release arm Black Box linux gnu offers the following shell commands alias p name va...

Страница 165: ...Tech support available in 30 seconds or less Copyright 2013 Black Box Corporation All rights reserved Black Box and the Double Diamond logo are registered trademarks of BB Technologies Inc Any third party trademarks appearing in this manual are acknowledged to be the property of their respective owners Black Box Tech Support FREE Live 24 7 Tech support the way it should be Great tech support is ju...

Отзывы:

Нет отзывов

Похожие инструкции для 1101

Бренд: Korenix Страницы: 2

Бренд: EXAGATE Страницы: 8

Бренд: Opengear Страницы: 4

Бренд: 3onedata Страницы: 4

Бренд: Intel Страницы: 100

Бренд: Syscom Video Страницы: 19

Бренд: Gigabyte Страницы: 118

Бренд: Oracle Страницы: 6

Exadata Storage Server X6-2 High Capacity

Бренд: Oracle Страницы: 70

Бренд: Inspur Страницы: 276

Бренд: Oracle Страницы: 190

Бренд: Oracle Страницы: 206

SPARC Enterprise M4000

Бренд: Oracle Страницы: 182

SPARC Enterprise M3000

Бренд: Oracle Страницы: 552

301161U - Ethernet Disk RAID NAS Server

Бренд: LaCie Страницы: 140

FusionServer 1288H V7

Бренд: xFusion Digital Technologies Страницы: 106

Call Center Telephone

Бренд: Nortel Страницы: 191

Бренд: MC Technologies Страницы: 48

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды