Cyclades AlterPath OnBoard Скачать руководство пользователя страница 68 | Manualshive

Страница: 68 / 460

background image

VPN on the OnBoard

32

AlterPath OnBoard Administrator’s Guide

VPN on the OnBoard

As described in the

AlterPath OnBoard User’s Guide

, for security reasons an

authorized user must establish a trusted connection with the OnBoard before
accessing certain management features that are available on connected service
processors. (In the user’s guide, see “Native IP” for details about the service
processor management actions that require a trusted connection and see
“Making VPN Connections” for what the user needs to know and do.)

Users can access devices only if an OnBoard administrator has authorized
them to do so. For example, user sherlock may be authorized to access the
OnBoard and two connected devices on the private network, deviceA and
deviceB, while user jedgar may be authorized to access deviceA, deviceC, and
deviceD.

Caution!

Once a user has been authenticated and the user’s authorizations to

access a device have been checked, the user with a VPN connection has
unlimited access to the device. Since the OnBoard cannot control whether a
connected device allows unrestricted access to the rest of the network, the
administrators of connected devices must take care to configure the connected
devices in such a way as to control the access of individual users on individual
devices to maintain the security of the network.

VPN connections establish encrypted communications between the OnBoard
and the remote host. The encryption creates a security tunnel for
communications through an intermediate network which is untrustworthy.
The remote host and the OnBoard take care of encryption and decryption on
their end.

The remote host must have support for one of the following types of VPN:

•

IPSec

•

PPTP

«
...
66
67
68
69
70
...
»

Содержание AlterPath OnBoard

Страница 1: ...rd Administrator sGuide Cyclades Corporation 3541 Gateway Boulevard Fremont CA 94538 USA 1 888 CYCLADES 292 5233 1 510 771 6100 1 510 771 6200 fax http www cyclades com Release Date February 2006 Part...

Страница 2: ...registered or registration pending trademarks of Cyclades Corporation in the United States and other countries Cyclades and AlterPath All trademarks trade names logos and service marks referenced here...

Страница 3: ...Configuring Users 10 Configuring Groups 10 Tasks for Configuring Users and Groups 11 Planning Access to Connected Devices 11 Understanding Security Profiles 12 Understanding Services on the OnBoard 1...

Страница 4: ...er Management 46 Service Processor Power Management 47 Tasks for Configuring Power Management 47 Configuring the User s Console Login Menu 48 New Menu Item Example 50 Understanding Routing on the OnBo...

Страница 5: ...anager 74 Features of Administrator s Screens 77 Overview of Web Manager Menus 79 Chapter 3 Web Manager Wizard 81 Using the Wizard 82 Changing the Administrative User s Password Wizard 84 Selecting a...

Страница 6: ...IPDU Power Management 132 Configuring Over Current Protection for an IPDU 133 Configuring Users to Manage Power Outlets on a Connected IPDU 135 Configuring Names and Power Up Intervals for Outlets on...

Страница 7: ...on Server 188 Configuring a TACACS Authentication Server 190 Configuring an Authentication Method for the OnBoard 192 Configuring Notifications 194 Configuring SNMP Trap Notifications 195 Configuring...

Страница 8: ...econdary Ethernet Ports 236 Configuring Firewall Rules for OnBoard Packet Filtering 239 Adding a Rule 240 Configuring Hosts 242 Configuring Static Routes 244 Configuring VPN Connections 246 Configurin...

Страница 9: ...OnBoard 274 Chapter 9 Using the cycli Utility 275 Accessing the Command Line 276 cycli Utility Overview 277 Execution Modes 277 Command Line Mode 278 Interactive Mode 278 Batch Mode 278 cycli Options...

Страница 10: ...oot Authentication Failure 304 Restarting the Web Manager 306 Replacing a Boot Image for Troubleshooting 307 Using the create_cf Command When Troubleshooting 307 Appendix A Advanced Device Configurati...

Страница 11: ...guration for Example 2 346 IPSec VPN Configuration for Example 2 349 PPTP VPN Configuration for Example 2 352 Enabling Native IP and Accessing a Device s Native Features Using Real IP Addresses for Ex...

Страница 12: ...e 376 Network Boot Options and Caveats 378 Options for the create_cf Command 381 Examples for create_cf Command Usage 383 Saving an Image to a Flash PCMCIA Card 383 Saving an Image into the Image2 are...

Страница 13: ...gure 3 2 Cancel Wizard Button Dialog 83 Figure 3 3 Wizard Confirm Changes Screen 83 Figure 3 4 Wizard Configure Administrator Password Screen 84 Figure 3 5 Config Security Profile Screen With the Mode...

Страница 14: ...a Regular User Screen Wizard 107 Figure 4 1 Access Menu Options 112 Figure 4 2 Administrative User Console Session Window Initial Connection from an IP Address 113 Figure 4 3 OnBoard Console Login Dia...

Страница 15: ...DU Users With a User Added 136 Figure 5 16 Settings IPDU Outlets Screen 138 Figure 5 17 Outlet Name Dialog 138 Figure 5 18 Outlet Power Up Interval Dialog 138 Figure 5 19 Settings PCMCIA Screen 139 Fi...

Страница 16: ...fig Devices Screen 163 Figure 6 3 Fields in the Add New Device or Edit Dialog 164 Figure 6 4 Config Users and Groups Screen 169 Figure 6 5 Add New User or Edit Dialog 170 Figure 6 6 Add or Edit a User...

Страница 17: ...05 Figure 6 29 Config Sensor Alarms Pager Message Fields 207 Figure 6 30 Config Sensor Alarms Email Message Fields 208 Figure 6 31 Config SNMP Configuration Screen 210 Figure 6 32 Config SNMP Edit OnB...

Страница 18: ...led 236 Figure 7 4 Network Host Settings Screen With Both Interfaces Enabled and DHCP Disabled 237 Figure 7 5 Network Firewall Screen 239 Figure 7 6 Network Firewall Add Rule Dialog 240 Figure 7 7 Net...

Страница 19: ...e A 3 Private Subnet Configuration Example 343 Figure A 4 Example 1 Device Configuration Example 344 Figure A 5 ifconfig Output Showing a priv0 Private Subnet Alias 344 Figure A 6 Example 2 Two Privat...

Страница 20: ...re A 15 Example Values for Configuring Two Private Subnets With a Virtual Network 360 Figure A 16 Example 1 Device Configuration Example 361 Figure A 17 Access Devices Screen With Virtual IP Addresses...

Страница 21: ...Services Features 13 Table 1 9 Services and Other Functions in the Custom Security Profile 14 Table 1 10 Services That Require Additional Configuration 17 Table 1 11 Tasks for Changing the Default tel...

Страница 22: ...ministrative Users 78 Table 3 1 Wizard Steps and Where They are Described 84 Table 3 2 Network Interfaces Configuration Values 92 Table 3 3 Ethernet Port Settings 93 Table 3 4 Fields on the Private Su...

Страница 23: ...ion Values 234 Table 7 3 Fields and Menus for Configuring Static Routes 245 Table 7 4 Fields for Configuring a PPTP Profile 249 Table 7 5 Fields on the Private Subnet Configuration Dialog 252 Table 7...

Страница 24: ...A 7 Expect Script Related Application Notes 331 Table A 8 Expect Script Exit Codes 335 Table A 9 Tasks for Creating Addresses to Assign to Connected Devices 336 Table A 10 IP Address Ranges Reserved f...

Страница 25: ...ntroduction 73 T To Log Into the Web Manager 75 T To Disable Web Manager Timeouts 76 Chapter 3 Web Manager Wizard 81 T To Change the Administrative User s Password Wizard 85 T To Select or Configure a...

Страница 26: ...CIA Card 149 T To Configure System Date and Time 151 T To Configure OnBoard Boot 155 T To Specify a New Location for OnBoard Help Files 157 Chapter 6 Web Manager Config Menu Options 159 T To Add a Dev...

Страница 27: ...ed Service Processors 223 T To Select the OnBoard s Security Profile 229 T To Configure Services 230 Chapter 7 Web Manager Network Menu Options 231 T To Configure OnBoard Network Interfaces 237 T To A...

Страница 28: ...ew Template 318 T To Use the onbdtemplate Utility to Test a Template 320 T To Create a Custom IPMI Expect Script 333 T To Create a Custom Expect Script 336 Advanced B Boot and Backup Configuration Inf...

Страница 29: ...s Guide is for administrators who are authorized to configure access to service processors and other devices connected to the OnBoard during installation For installation details see the AlterPath OnB...

Страница 30: ...the Web Manager and for disabling timeouts 3 Web Manager Wizard Describes and provides procedures for how the administrative user uses the Web Manager Wizard to perform basic configuration 4 Web Manag...

Страница 31: ...inux command line on the AlterPath OnBoard and can use the cycli utility 6 Troubleshooting Provides troubleshooting procedures A Advanced Device Configuration Describes and provides advanced procedure...

Страница 32: ...specific models of devices and firmware levels that are also listed in the release notes Before configuring a device check the release notes to ensure that both the device you want to connect to the...

Страница 33: ...leases new versions of the software See Additional Resources on page xxxv for information about free software upgrades Typographic and Other Conventions The following table describes the typographic c...

Страница 34: ...sequentially Ctrl k p entered while the user is connected to a KVM port brings up an IPDU power management screen Ctrl and k must be pressed at the same time followed by p pressed by itself Ctrl Shif...

Страница 35: ...to training cyclades com Cyclades Software Upgrades Cyclades offers periodic software upgrades for the AlterPath products free of charge to current Cyclades customers You may want to check http www c...

Страница 36: ...xxxvi AlterPath OnBoard Administrator s Guide...

Страница 37: ...chapters in this administrator s guide The following table lists the topics in this chapter Overview of OnBoard Features for Administrators Page 3 Understanding Authentication on the OnBoard Page 4 Un...

Страница 38: ...Alarms Page 52 Understanding Device Configuration Page 53 Understanding Private Subnets on the OnBoard Page 61 Tasks for Configuring IP Addresses Page 62 Example and Demo Scripts and Application Notes...

Страница 39: ...ed devices while only OnBoard administrators can configure access and security on the OnBoard The OnBoard provides a set of security features not available in any service processor management product...

Страница 40: ...cusses only the types of authentication used for controlling who can access the OnBoard and connected devices Other authentication methods that are used by SNMP PPTP IPSec or PPP are described in the...

Страница 41: ...one No login required X Local Uses local user password for local authentication on the OnBoard X X Kerberos Uses Kerberos network authentication protocol X X Kerberos Down Local Uses local authenticat...

Страница 42: ...wn X X RADIUS Local Uses local authentication if RADIUS authentication fails X X Local RADIUS Uses RADIUS authentication if local authentication fails X X SMB Uses SMB authentication for Microsoft Win...

Страница 43: ...tion method specified Each authentication server must be configured and operational The administrator configuring the OnBoard needs to work with the administrator of each authentication server to get...

Страница 44: ...e information needed to configure the servers on the OnBoard and to make sure the required accounts are set up on the servers N A On the OnBoard configure an authentication server for each authenticat...

Страница 45: ...ard users separately When setting up a user account the administrator can do the following Authorize the user to access the OnBoard by creating a user account and assigning a password to the account T...

Страница 46: ...one or more connected devices Table 1 4 User Configuration Settings Settings Notes Username Login name required for the user account Full name Administratively defined name to identify the user Passwo...

Страница 47: ...ake a note of the outlets where the devices will be plugged you need to supply the outlet numbers when configuring IPDU power management Create a list of user accounts that specifies which type of acc...

Страница 48: ...cked bypassing authorizations is not available in any of the default security profiles but it can be selected in a custom security profile The administrative user defines the security profile during i...

Страница 49: ...es Features Enabled Services Features Disabled Services Features HTTPS HTTP SSH v2 ICMP Default authentication type to access devices set to Local IPSEC PPTP RPC SNMP v1 SNMP v2c SNMP v3 SSH v1 Telnet...

Страница 50: ...profile IPSec PPTP RPC SNMP v1 SNMP v2 SNMP v3 SSH v1 SSH v2 Telnet to OnBoard Default authentication type to access devices set to Local Table 1 9 Services and Other Functions in the Custom Security...

Страница 51: ...to SSH HTTP HTTPS Options Redirect HTTP to HTTPS HTTP allow or disallow HTTP port number Assign an alternate port to HTTP HTTPS allow or disallow HTTPS port number Assign an alternate port to HTTPS Ov...

Страница 52: ...uently None Local or NIS Kerberos Kerberos Down Local Kerberos Local Local Kerberos LDAP LDAP Down Local LDAP Local Local LDAP Radius Radius Down Local Radius Local Local Radius SMB SMB Down Local SMB...

Страница 53: ...een then shows the service as disabled and vice versa Similarly if a service is enabled using either the Web Manager or the cycli utility the cycli utility detects it However if the root user turns se...

Страница 54: ...sor supports the command The user is authorized to use that command for that service processor For details about the service processor management commands see the AlterPath OnBoard User s Guide PPTP V...

Страница 55: ...specific service processor management commands cannot be passed as parameters to telnet on the command line Telnet can be enabled by an administrative user on the Web Manager Config Services page or b...

Страница 56: ...ions The root user can configure ssh to be used instead of Telnet on service processors that support SSH An OnBoard administrator who knows the root password and can connect to the console can follow...

Страница 57: ...to use ssh or bidilink to communicate with iLO type devices copy the contents of talk_ilo exp into the talk_custom1 exp file 5 Open the custom expect script for editing and find the line that sources...

Страница 58: ...or every service processor configured to use ssh by doing the following steps a Use ssh to connect to the service processor as an administrator A dialog similar to the following appears b If the finge...

Страница 59: ...the Self Signed Certificate With an SSL Certificate From a Certificate Authority 1 Log into the OnBoard console as root 2 Use openssl with the req parameter to create a private key and a public CSR c...

Страница 60: ...ry whenever the saveconf command is run or the administrative user saves the configuration files using the Save button on the Mgmt Backup restore screen State or Province Name full name Some State The...

Страница 61: ...bled on the OnBoard by default The OnBoard administrator may want to enable the DHCP server to provide fixed IP addresses for connected devices that are running DHCP client software The fixed IP addre...

Страница 62: ...dhcpd conf file and performing other steps described under Configuring the DHCP Server on page 26 Considerations When Deciding Whether to Use DHCP to Configure Device Addresses Before deciding whether...

Страница 63: ...vice by performing the following steps a Find the line that begins host MySP and replace MySP with a hostname alias for the device for example host sp1 SAMPLE CONFIGURATION subnet 192 168 0 0 netmask...

Страница 64: ...s for example fixed address 192 168 0 21 For example see the following edited host entry d Copy and paste the three lines that define the IP address for a device as many times as needed and then make...

Страница 65: ...or restarting dhcpd This file defines the dhcpd service configuration ENABLE NO Must be NO or YES uppercase DNAME dhcpd daemon name DPATH usr sbin daemon path ShellInit Performs any required initializ...

Страница 66: ...it provides authentication and encryption of data that is lacking in v1 and v2c The OnBoard provides proxied access to SNMP data from service processors The administrator can configure the following...

Страница 67: ...self For compatibility with other clients unencrypted transfer of data is possible with SNMP v3 connections but unencrypted data transfer is strongly discouraged Caution Because of the risks in unencr...

Страница 68: ...e user jedgar may be authorized to access deviceA deviceC and deviceD Caution Once a user has been authenticated and the user s authorizations to access a device have been checked the user with a VPN...

Страница 69: ...Windows 95 with DUN1 3 update Supported authentication method MS CHAPv2 Note Only local or RADIUS authentication types can be used because the MS CHAPv2 protocol does not work with other authenticati...

Страница 70: ...o enable the user s workstation and the OnBoard to exchange packets specify it in the IPSec connection profile or create a route manually Before attempting to access the Native IP feature on the OnBoa...

Страница 71: ...information username and password and connection keys or certificates is needed If the RSA public key authentication method is chosen the generated keys are different on each end When shared secret i...

Страница 72: ...user Local Left ID OnBoard_name IP address Public IP address of the OnBoard Next hop Leave blank if the user s workstation and the OnBoard are able to exchange packets If a route must be set up to ena...

Страница 73: ...ds the relevant portions of the ipsec conf file from the OnBoard s IPSec configuration use it to replace the same section in the workstation s ipsec conf file Ensure that routes are in place to allow...

Страница 74: ...is address when connecting to the OnBoard to enable native IP access to a device Authorize the user for PPTP access and provide the user with the PPTP password which may be different from the password...

Страница 75: ...native IP before closing the PPTP VPN connection to prevent other users from potentially being able to obtain unauthorized and unauthenticated access to native IP features of the device Message Loggi...

Страница 76: ...must know the IP address of the syslog server Tasks for Configuring Syslog Messages The following table lists the tasks related to configuring syslog messages and destinations Table 1 17 Tasks for Co...

Страница 77: ...private Ethernet port may require multiple IP addresses All communication among private Ethernet ports are blocked unless priv0 is the sending or receiving port Public Ethernet Ports On the public sid...

Страница 78: ...sections that describe how to perform that tasks using the Web Manager root ONB ifconfig bond0 Link encap Ethernet HWaddr 00 60 2E 00 4F 97 inet addr 172 20 0 131 Bcast 172 20 255 255 Mask 255 255 0...

Страница 79: ...callback access to the OnBoard The following table lists the modem configuration tasks for the two types of modems with links to where they are documented Note Administrators can also configure modem...

Страница 80: ...e modem configuration options that apply whether the modem is being configured through the Web Manager or the cycli utility Table 1 20 Modem Configuration Field and Menu Definitions Sheet 1 of 3 Field...

Страница 81: ...ion between the local and the remote modem By default the IP address of the OnBoard is used Use the default unless you have a specific reason to use another IP address Remote IP Address The remote IP...

Страница 82: ...device that is plugged into an AlterPath PM intelligent power distribution unit IPDU when the IPDU is connected to the OnBoard s AUX port and an administrator has configured the AUX port for power man...

Страница 83: ...nt The following table lists the tasks for configuring power management and where they are described Table 1 21 Tasks for Configuring Power Management Task Where Documented Configure IPDU power manage...

Страница 84: ...menu to display other options including links to additional submenus or commands by modifying the etc menu ini file The default etc menu ini file is shown in the following screen example Figure 1 1 De...

Страница 85: ...ehavior on for successful programs and off for unsuccessful ones are provided in the configuration file The OnBoard administrator assigns the usr bin rmenush shell to users as appropriate by editing t...

Страница 86: ...en example Figure 1 2 Example Onetime Password Option Added to menu ini Table 1 22 Example Option Added to Menu for Regular Users New Option Function and Submenu Onetime Password Displays the onetime...

Страница 87: ...ng types of routes using either the Web Manager or the cycli utility default See Default Route Configuration host or network See Host or Network Route Configuration on page 51 Default Route Configurat...

Страница 88: ...ing System daemons such as messages from the cron daemon crond Out of range sensor readings from sensors on service processors Table 1 23 Tasks for Configuring Routes Task Where Described Description...

Страница 89: ...figure notifications and alarms and email Configuring Notifications on page 194 Configuring Sensor Alarms on page 201 Configuring an Address for System Emails on page 250 Understanding Device Configur...

Страница 90: ...t is configured as recommended Figure 1 3 illustrates connecting two servers that have service processors with the service processors indicated by gray boxes The same recommendations apply to connecti...

Страница 91: ...rted types of devices are connected to the private Ethernet ports on the OnBoard Each connected device s dedicated Ethernet port needs an internal IP address assigned on the OnBoard and configured for...

Страница 92: ...168 49 61 from a private subnet network IP range of 192 168 49 0 24 Note The IP addresses assigned to the servers primary Ethernet ports on the production network are not covered in this document serv...

Страница 93: ...s needed for planning and implementing IP addresses The referenced section describes the following topics that the administrator needs to understand Why one or more private subnets must be created Whe...

Страница 94: ...m row of rack 1 The assigned name can be used to access the device by entering the name with the ssh command on the command line See the AlterPath OnBoard User s Guide for the syntax for using ssh wit...

Страница 95: ...1 and Why Define Private Subnets on page 339 for more information about planning and implementing subnets and assigning them to devices Private subnets can be configured in the Web Manager on the Wiza...

Страница 96: ...f authorized users Users who have native IP access service processor console or device console access cannot be prevented from discovering the IP address of the dedicated Ethernet port that is connect...

Страница 97: ...ddress within the private subnet s address range to be used by devices when communicating with the OnBoard If a device is not assigned a private subnet the OnBoard attempts to contact the device using...

Страница 98: ...in local files on the OnBoard s resident flash memory on the hard disk of an external server or on a PCMCIA flash memory card When data buffering is configured data is stored in logs under var log co...

Страница 99: ...all the Web Manager menu option under Network is titled Firewall The cycli utility provides the iptables command to do the same tasks because when rules are added edited or deleted the corresponding i...

Страница 100: ...the type of packets they handle as shown in the following lists The first three chains listed below are in the iptables filter table INPUT OUTPUT FORWARD The three chains listed below are in the nat...

Страница 101: ...You can select a protocol for filtering from one of the following options ALL TCP UDP ICMP GRE ESP AH Source IP mask Destination IP mask A host IP address or subnetwork IP address in the form hostIPa...

Страница 102: ...r existing chains Edit or delete administrator added rules The following table lists the tasks related to configuring packet filtering and where the Web Manager procedures for performing the tasks are...

Страница 103: ...iguration files Unless changes are saved in configuration files they do not persist after a reboot The OnBoard administrator can back up changed configuration files at any time Like other AlterPath pr...

Страница 104: ...gz Any compressed configuration file that already resides in the directory is overwritten Table 1 27 Options for Saving Configuration File Changes Environment Action Web Manager On any Web Manager sc...

Страница 105: ...le by performing the actions shown in the following table Table 1 29 Options for Saving Configuration File Changes Environment Action Web Manager While logged in as an administrative user go to the Mg...

Страница 106: ...ipt to the system make sure to add the file s pathname to the config_files file T To Configure an Added Script or Other File for Backup and Restoration 1 Log into the OnBoard command line as root 2 Ch...

Страница 107: ...ides links to where the tasks and options for restoring configuration files are described To Restore the OnBoard Configuration Files to the Last Saved Version Page 380 To Restore the OnBoard Configura...

Страница 108: ...Understanding How Configuration Changes Are Handled 72 AlterPath OnBoard Administrator s Guide...

Страница 109: ...user The information is provided in the following sections This chapter provides the procedures listed in the following table Logging Into the Web Manager Page 74 Features of Administrator s Screens...

Страница 110: ...like regular users can access the Web Manager from a browser using HTTP or HTTPS either over the Internet or through a dial in or callback PPP connection Like regular users administrative users can us...

Страница 111: ...Cyclades Web Manager for background about the Web Manager and Prerequisites for Using the Web Manager for the required browsers preparation and browser plug ins T To Log Into the Web Manager This pro...

Страница 112: ...is 1800 seconds 30 minutes The value can be changed to any number of seconds up to 213 up to sixty years 1 Connect to the OnBoard s console and log in as root 2 Change to the etc cacpd directory and o...

Страница 113: ...administrative user logs in Figure 2 2 Administrative User Options on the Web Manager Selecting an item from the top menu changes the list of menu options displayed in the left menu Settings tab Acces...

Страница 114: ...example The grayed out options and buttons become active only after the administrative user clicks either the OK or Cancel button The administrative user may need to click other types of buttons to e...

Страница 115: ...ons Chapter 6 Web Manager Config Menu Options Chapter 7 Web Manager Network Menu Options Chapter 8 Web Manager Info and Mgmt Menu Options Access Devices OnBoard IPDU Password Network Host settings Fir...

Страница 116: ...Overview of Web Manager Menus 80 AlterPath OnBoard Administrator s Guide...

Страница 117: ...sted in the following table Using the Wizard Page 82 Changing the Administrative User s Password Wizard Page 84 Selecting a Security Profile Wizard Page 85 Configuring Network Interfaces Wizard Page 9...

Страница 118: ...y in Wizard mode A Next button appears on all Wizard pages in a series except the last A Previous button shown in Figure 3 3 appears on all pages in a series except the first When a Wizard configurati...

Страница 119: ...user can click the Save and apply changes button to save the changes before cancelling the Wizard again Press OK to exit the Wizard and lose any unsaved changes After the Next button is clicked on th...

Страница 120: ...Wizard Configure Administrator Password Screen Table 3 1 Wizard Steps and Where They are Described Wizard Step Where Described Change the administrative user s password Changing the Administrative Use...

Страница 121: ...he administrative user in the Password field and retype it in the Retype password field 4 Click the Set Password button to save the password Selecting a Security Profile Wizard Figure 3 1 shows the sc...

Страница 122: ...rity Profile Configuration Dialog With Moderate Profile Selected An administrative user can use the dialog shown in Figure 3 6 to select one of the default security profiles or configure a custom secu...

Страница 123: ...links and the Security Profile screen reappears showing the newly selected security profile s name The following figure illustrates the screen after the security profile s name is changed to secured a...

Страница 124: ...ty profile Figure 3 8 Secured Profile Dialog Note Follow the reminder at the bottom of the screen shown in Figure 3 8 by making sure to notify all users that they must use HTTPS when bringing up the W...

Страница 125: ...ollowing figure shows the lists of enabled and disabled features in the dialog for the Open security profile Figure 3 9 Open Security Profile Dialog The features in the Open security profile are descr...

Страница 126: ...bed in Table 1 9 Services and Other Functions in the Custom Security Profile on page 14 Note Selecting a default authentication type means that the specified authentication type is selected by default...

Страница 127: ...u select the Custom profile make sure the checkboxes are checked next to services and features you want to be enabled and make sure the checkboxes are clear next to services and features you want to b...

Страница 128: ...dary Ethernet Ports on page 94 Table 3 2 Network Interfaces Configuration Values Settings Notes Host name Default OnBoard Domain name Domain name used on the domain name server DNS Primary DNS server...

Страница 129: ...d the administrative user should go to the Network Static routes screen Table 3 3 Ethernet Port Settings Settings Notes DHCP DHCP is enabled by default on the OnBoard s interfaces If DHCP is enabled t...

Страница 130: ...dary Ethernet interface becomes active only if the primary Ethernet port is not available As a result the values entered in the fields on the screen shown in Figure 3 12 apply to the single bond0 inte...

Страница 131: ...ing the primary Ethernet port as it appears when both the Enable and DHCP checkboxes are checked Figure 3 14 Configure Primary Ethernet Connection Enabled With DHCP Figure 3 15 shows the screen for co...

Страница 132: ...Configure OnBoard Network Interfaces Wizard 1 Log into the Web Manager as an administrative user See To Log Into the Web Manager on page 75 if needed 2 Click the Wizard button Click the Network interf...

Страница 133: ...ation screens by clicking the DHCP checkbox 10 If desired configure the selected Ethernet port to use a static IP address by performing the following steps a Disable DHCP by making sure the DHCP check...

Страница 134: ...ontact the device the OnBoard tries to use the default route After changing or deleting a private subnet to avoid making devices unavailable make sure to reassign all affected devices to the correct p...

Страница 135: ...Virtual Network on page 102 Configuring Private Subnets Clicking the Add Subnet button on the Configure Subnets screen brings up the Private Subnet configuration dialog shown in the following screen e...

Страница 136: ...ws a private subnet name of net1 an OnBoard side IP address of 192 168 0 254 and a subnet netmask of 255 255 255 0 The private subnet address derived from this configuration is 192 168 0 0 Figure 3 18...

Страница 137: ...e To Log Into the Web Manager on page 75 if needed 2 Click the Wizard button 3 Click the Subnets option in the left menu bar 4 Click the Add Subnet button 5 Enter a meaningful name for the private sub...

Страница 138: ...ork Address Translation DNAT must be defined in the following cases When multiple subnets must be supported as when connected devices are previously configured with IP addresses from multiple address...

Страница 139: ...in the virtual network s network address range in the Address field 5 Enter a netmask in the Netmask field 6 Click Save and apply changes 7 Click the Next button if desired to go to the next Wizard st...

Страница 140: ...and Edit and Delete buttons appear next to each device s entry The Add new device button always appears on the screen Figure 3 20 Configure Devices Screen Wizard Clicking the Add new device button br...

Страница 141: ...er that if the default route is assigned the device could only be accessed if it is connected to the public interface of the OnBoard a highly unlikely scenario and not recommended Table 1 24 Device Co...

Страница 142: ...in text commands that are used to interact with connected service processors devices The following table lists the default command templates and describes the types of devices to which they apply See...

Страница 143: ...ent authorizations on all configured devices For example giving the user the Native IP authorization on this screen gives the user native IP access to all configured devices To configure a user accoun...

Страница 144: ...d field 7 Enter the password again in the Retype password field Full name Administratively defined name to identify the user Password Password used for accessing the OnBoard Retype Password As stated...

Страница 145: ...ccess menu With any option other than None selected additional fields appear for entering the PPP or PPTP password 10 If you selected any option other than None do the following steps a Enter a passwo...

Страница 146: ...Configuring Regular Users Wizard 110 AlterPath OnBoard Administrator s Guide...

Страница 147: ...Chapter 2 Web Manager Introduction if needed This chapter covers the topics in the following sections This chapter provides the procedures listed in the following table Access Options Only for Adminis...

Страница 148: ...Access Menu Options The menu options that are available when the Access option is highlighted in the top menu for administrative users are the same options that are available to regular users except t...

Страница 149: ...ser clicks the OnBoard option under Access a MindTerm window appears with an encrypted SSH connection between the user s computer and the console The following figure shows an example Figure 4 2 Admin...

Страница 150: ...s up the login prompt for the OnBoard console as shown in the following screen example Figure 4 4 OnBoard Console Login Prompt for Administrative Users After an administrative user enters the correct...

Страница 151: ...time you accessed the console the login prompt for the OnBoard appears Go to Step 4 3 If this is the first time you are accessing the OnBoard s console do the following steps a Press Enter at the prom...

Страница 152: ...following three tabs appear as shown in the previous figure Outlets Manager View IPDU Info Software Upgrade Access to the first two tabs listed above is the same for administrative and authorized use...

Страница 153: ...displays the version number of the software that is currently installed on the IPDU The Refresh button also appears on the screen Figure 4 6 shows entries for a Master Unit which has software version...

Страница 154: ...igure 4 7 Upgrade Button on the IPDU Software Upgrade Screen Pressing the Upgrade button starts the upgrade process The top of the screen shown in the following figure shows the message that displays...

Страница 155: ...ote Updated versions of related documents can also be found on the Cyclades website under Support Downloads Documentation After downloading the software onto the OnBoard by following this procedure th...

Страница 156: ...p directory into which the software needs to be downloaded 3 Enter the ftp command to access ftp cyclades com 4 Enter anonymous when prompted for the Name and press Enter when prompted for the passwor...

Страница 157: ...SV 150 Here comes the directory listing drwxr xr x 2 1006 100 4096 Sep 06 2003 V_1 1 0 drwxr xr x 2 1006 100 4096 Feb 23 2004 V_1 2 1 drwxr xr x 2 1006 100 4096 Mar 04 2004 V_1 2 2 drwxr xr x 2 1006 1...

Страница 158: ...nd got to To Upgrade Software on a Connected IPDU T To Upgrade Software on a Connected IPDU Perform this procedure to upgrade the software on all connected AlterPath PM IPDUs This procedure requires t...

Страница 159: ...lick the Refresh button If a tmp pmfirmware file exists containing a more recent version of the PM software than the one currently installed the following changes occur on the screen The value next to...

Страница 160: ...Upgrading AlterPath PM IPDU Software 124 AlterPath OnBoard Administrator s Guide...

Страница 161: ...iguring the AUX Port for Modem or Power Management Page 127 Configuring the AUX Port for IPDU Power Management Page 128 Configuring IPDU Power Management Page 132 Configuring PCMCIA Cards Page 139 Con...

Страница 162: ...that appear when an administrative user clicks Settings and provides links to where the options are described To Configure a Modem PCMCIA Card Page 145 To Configure a Compact Flash PCMCIA Card Page 14...

Страница 163: ...een to configure either of the following types of optional devices if they are connected to the AUX port One or more AlterPath PM IPDUs An external modem For how to connect IPDUs and external modems s...

Страница 164: ...on the Settings AUX port screen Figure 5 3 Settings AUX Port Power Management T To Configure an AUX Port for IPDU Power Management This procedure assumes that an AlterPath PM IPDU is connected to the...

Страница 165: ...le 1 20 on page 44 for descriptions of the valid values to be entered on the modem configuration screen Figure 5 4 shows the fields and pull down menus that appear when Autodetect is selected from the...

Страница 166: ...ttings AUX Port Modem When the Use Callback checkbox is checked the Callback Number field appears as shown in the following figure Figure 5 6 Callback Number Field Under Settings AUX Port Modem When t...

Страница 167: ...he Profile menu 4 Choose Autodetect Login or PPP from the Modem access menu 5 Select a baud rate from the Baud Rate pull down menu 6 If you chose Autodetect or Login select an option from the Flow Con...

Страница 168: ...y changes Configuring IPDU Power Management When an administrative user clicks the IPDU option under Settings a screen like the one shown in the following figure appears Figure 5 8 Settings IPDU Scree...

Страница 169: ...re described Configuring Over Current Protection for an IPDU The Settings IPDU General tab displays a warning and three options with checkboxes as shown in the following screen example Figure 5 10 Set...

Страница 170: ...g or Enable buzzer or both are checked Checking Enable syslog causes syslog messages to be sent to the console if the maximum current is exceeded Checking Enable buzzer causes a buzzer to sound on the...

Страница 171: ...shold for IPDU Dialog appears b Enter the appropriate number of Amps for the selected type of AlterPath PM in the Alarm Threshold field c Click OK 4 Check Enable syslog to enable messages to be sent t...

Страница 172: ...d one or more outlets Figure 5 14 Settings IPDU Users Add User Dialog A comma can be used to separate outlet numbers and a hyphen can be used to indicate a range of outlets for example 1 3 5 6 8 After...

Страница 173: ...IPDU Users 3 Click the Add User button 4 Enter the name of a user in the Username field 5 Enter the outlets to manage in the Outlets field 6 Click OK 7 Click Save and apply changes Configuring Names a...

Страница 174: ...t power up interval dialog box appears with the field shown in the following figure Figure 5 18 Outlet Power Up Interval Dialog Intervals can be specified using numbers or numbers followed by decimals...

Страница 175: ...in the Outlet N power up interval field c Click OK 5 Click Save and apply changes Configuring PCMCIA Cards When an administrative user clicks the PCMCIA option under Settings a screen appears like th...

Страница 176: ...button on an entry for a PCMCIA card slot brings up a dialog like the one shown in the following figure Figure 5 20 Insert PCMCIA Query After the card is inserted clicking YES in the dialog causes in...

Страница 177: ...gure 5 21 Example PCMCIA Ethernet Card inserted in Slot 1 Ejecting a PCMCIA Card Clicking an Eject button brings up a screen like the one shown in the following figure Figure 5 22 Eject PCMCIA Dialog...

Страница 178: ...f the slots on the front of the OnBoard See the Advanced Procedures chapter in the AlterPath OnBoard Installation Guide for guidance about the order of insertion and other hardware specific instructio...

Страница 179: ...rd through an installed modem PCMCIA card and to optionally enable callback The values to select or to enter for modem configuration are described in Table 1 20 Modem Configuration Field and Menu Defi...

Страница 180: ...PCMCIA Configure Modem Callback If Login is selected from the Modem Access Type pull down menu the following fields and checkbox appear Figure 5 25 Settings PCMCIA Configure Modem Login If PPP is sele...

Страница 181: ...figuration Field and Menu Definitions on page 44 for the values that an administrative user needs to select or to enter for modem configuration if needed 1 Make sure that Modem is selected from the Ca...

Страница 182: ...ccept the default provided in the Remote IP address field Only change the remote IP address if you have a specific reason to do so c Enable or disable authentication during modem access by checking or...

Страница 183: ...rk mask and gateway when the DHCP checkbox is not checked Figure 5 28 Settings PCMCIA Configure Ethernet Dialog Without DHCP T To Configure an Ethernet PCMCIA Card This procedure assumes that an Ether...

Страница 184: ...er none in the Gateway field 4 Click OK 5 Click Save and apply changes Configuring a Compact Flash PCMCIA Card When a compact flash card is inserted in the selected slot clicking the Configure button...

Страница 185: ...assumes that a compact flash card is inserted into a PCMCIA slot on the OnBoard and the steps under To Begin Configuring a PCMCIA Card on page 142 are complete 1 Make sure that Compact Flash is selec...

Страница 186: ...owing figure Figure 5 31 Settings Date time Screen An administrative user can use the Settings Date time screen for configuring the timezone and for specifying how the OnBoard sets its time and date T...

Страница 187: ...l menu Date and Time configuration fields appear as shown in Figure 5 31 for an administrative user to enter the date and time manually Figure 5 34 Settings Date time Screen T To Configure System Date...

Страница 188: ...efine the location from which the OnBoard boots By default the OnBoard boots from a boot file in the on board Flash memory Booting from the resident software is strongly recommended Network boots shou...

Страница 189: ...re image referred to as Image1 The first time a new software version is downloaded and installed from Cyclades the new image is stored as Image2 in the flash memory and the configuration is changed so...

Страница 190: ...other image than the one currently selected you can select that image from the Unit boot from menu Network Boot Options Network boots are recommended only for troubleshooting or for possible downloads...

Страница 191: ...or Active 4 Choose the desired image or Network from the Unit boot from menu Table 5 4 Boot Configuration Fields and Options Field or Value Name Description OnBoard IP address A new IP address for the...

Страница 192: ...anges Configuring an Alternate Help File Location When an administrative user selects the Help option under Settings a screen appears like the one shown in the following figure Figure 5 37 Settings He...

Страница 193: ...for OnBoard Help Files 1 Download the help files from www cyclades com online help onb v_1 0 0 and install them on a publicly accessible web server 2 Log into the Web Manager as admin and go to Settin...

Страница 194: ...Configuring an Alternate Help File Location 158 AlterPath OnBoard Administrator s Guide...

Страница 195: ...cedures listed in the following table Options Under Config Page 161 Configuring Devices Page 163 Configuring Users and Groups Page 169 Configuring Authentication Page 178 Configuring Notifications Pag...

Страница 196: ...gins Page 193 To Configure SNMP Trap Notifications Page 196 To Configure Pager Notifications Page 198 To Configure an Email Notification Page 200 To Begin Configuring a Sensor Alarm Page 202 To Config...

Страница 197: ...n in the following figure Figure 6 1 Config Menu Options The following table lists the options that appear when an administrative user clicks Config and provides links to where the options are describ...

Страница 198: ...on page 194 Sensor alarms Configuring Sensor Alarms on page 201 SNMP Configuring SNMP on page 209 Syslog Configuring SNMP on page 209 Event log backend Configuring the Event Log Backend on page 222 Se...

Страница 199: ...igured devices and Edit and Delete buttons appear next to each device s entry The Add new device button always appears on the screen Figure 6 2 Config Devices Screen An administrative user can use the...

Страница 200: ...private subnet the device can only be accessed if it is connected to the public interface of the OnBoard a highly unlikely scenario and not recommended Table 1 24 Device Configuration Parameters on pa...

Страница 201: ...nd device types iLO RSA II DRAC IPMI 1 5 device console Three additional custom types may be assigned but only if OnBoard administrators have created customized scripts custom1 custom2 custom3 Note In...

Страница 202: ...late Works With a New Device on page 317 to find out if a default command template works with the new device and to create a new command template if needed You know the username and password pair that...

Страница 203: ...DRAC IPMI 1 5 device console custom 1 custom 2 custom 3 7 Select a command template or no template from the Command template pull down menu 8 Select a private subnet name from the Private subnet name...

Страница 204: ...ot 2 Enter the cycli command 3 Make sure the primary Ethernet interface eth0 is active 4 Save the changes 5 Exit from the cycli utility 6 Log out and bring up the Web Manager Config Devices screen The...

Страница 205: ...in the following figure appears Figure 6 4 Config Users and Groups Screen The administrative user can use the Config Users and groups screen for adding and configuring users and groups who can access...

Страница 206: ...the screens that appear when the Add a regular user option is selected Table 6 3 User Configuration Settings Settings Notes User Name Login name required for the user account Full name Administrativel...

Страница 207: ...red devices remain to be assigned to the user the Add new device button does not appear Clicking the Add new device or Edit Sensors Event log Device Con sole Power Service Processor Con sole Native IP...

Страница 208: ...s and menu options shown in the following figure Figure 6 7 Add New Device or Edit Device Dialog On the dialog shown in Figure 6 7 the following device management actions are available to assign for t...

Страница 209: ...th the fields shown in the following figure Figure 6 8 Add New Group or Edit Dialog Clicking the Delete button shown in Figure 6 9 deletes the group without bringing up a confirmation dialog Figure 6...

Страница 210: ...ice button shown in Figure 6 10 does not appear Clicking the Add new device button brings up a screen with the fields and menu options shown in the following figure Figure 6 11 Add New Device to a Gro...

Страница 211: ...ord field and re enter it in the Retype password field 4 Assign device access to a user by performing the following steps a Click the Device Access button b Click the Add new device button The Adding...

Страница 212: ...cess pull down menu g If you select any option except None from the PPP PPTP access pull down menu enter a password in the PPP PPTP password field and re enter it in the Retype password field h Click...

Страница 213: ...spaces e Click OK The Edit groupname s device access privileges screen appears 3 Assign device access to a group by performing the following steps a Click the Device Access button on the line with th...

Страница 214: ...ntication Configuration Task Where Documented Configure authentication servers Configuring Authentication Servers on page 179 Configuring a Kerberos Authentication Server on page 180 Configuring an LD...

Страница 215: ...od is selected additional fields appear on the screen for specifying the information that is required to set up communications with an authentication server of the selected type Note If NIS is configu...

Страница 216: ...os authentication server which is also referred to as a Key Distribution Center or KDC has previously been configured in either of the authentication configuration screens the fields are filled in wit...

Страница 217: ...ministrators of the OnBoard and connected devices know the passwords assigned to the accounts An account for admin or other administrative user If Kerberos authentication is specified for the OnBoard...

Страница 218: ...e the same NTP server a Follow the procedure under To Configure System Date and Time on page 151 to set the timezone date and time b Work with the authentication server s administrator to synchronize...

Страница 219: ...If the LDAP authentication server has previously been configured the fields are filled in with the previously configured values To configure an LDAP server the administrative user must obtain the nee...

Страница 220: ...or users who need access to the connected devices 1 Log into the Web Manager as an administrative user 2 Go to Config Authentication and select LDAP from the Authentication Type pull down menu The LDA...

Страница 221: ...rver by filling in these fields that display when the NIS authentication type is selected NIS Domain Name NIS Server IP Note If you select NIS authentication for the OnBoard or for any device NIS must...

Страница 222: ...es 1 Log into the Web Manager as an administrative user 2 Go to Config Authentication and select NIS from the Authentication Type pull down menu The NIS fields display 3 Enter the NIS domain name in t...

Страница 223: ...rk with the Radius server s administrator to ensure that following types of accounts are set up on the Radius server and that the administrators of the OnBoard and connected devices know the passwords...

Страница 224: ...ive user goes to Config Authentication and selects SMB from the Authentication Type pull down menu the fields shown in the following figure appear Figure 6 17 Config Authentication SMB The administrat...

Страница 225: ...swords assigned to the accounts An account for admin or other administrative user If SMB authentication is specified for the OnBoard accounts for all users who need to log into the OnBoard If SMB auth...

Страница 226: ...ig Authentication TACACS The administrative user must obtain the needed information about the TACACS server from the server s administrator The administrative user must configure the server by filling...

Страница 227: ...og into the OnBoard If TACACS authentication is specified for devices accounts for users who need access to the connected devices 1 Log into the Web Manager as an administrative user 2 Go to Config Au...

Страница 228: ...the OnBoard When an administrative user goes to Config Unit Authentication the screen shown in the following figure appears The administrative user uses this screen to configure the authentication me...

Страница 229: ...configured for the selected method the fields contain the appropriate information If the fields are empty the administrative user needs to configure the authentication server for the selected method...

Страница 230: ...en for defining alarm triggers to generate notifications when they occur The administrative user specifies the notices to be sent by one of the following methods SNMP trap Pager Email Figure 6 21 Defa...

Страница 231: ...ement Protocol SNMP service is enabled on the OnBoard the OnBoard administrator can use the dialog shown in Figure 6 22 to send notifications about significant events or traps to an SNMP management ap...

Страница 232: ...me for the trigger in the Name field 5 Enter an event to trigger the alarm in the Alarm trigger field Alarm trigger The event you want to trigger a notification OID Type value The number of the OID ty...

Страница 233: ...y name in the Community field 9 Enter an SNMP server IP address or DNS name in the SNMP server field 10 Enter any desired text in the Body field 11 Click OK 12 Click Save and apply changes Configuring...

Страница 234: ...atches 4 Enter a name for the notification in the Name field 5 Enter an event to trigger the alarm in the Alarm trigger field 6 Enter a pager or phone number in the Pager phone number field 7 Enter th...

Страница 235: ...ing figure shows the fields that appear when the Email option is selected and the Add button is clicked Figure 6 24 Default Config Notifications Email Add Dialog The email notification method dialog h...

Страница 236: ...he notification in the Name field 5 Enter an event to trigger the alarm in the Alarm trigger field 6 Enter a destination email address in the To field 7 Enter a source email address in the From field...

Страница 237: ...service processors and to configure alarms to be sent if the sensor readings are not within certain specified values Figure 6 25 Default Config Sensor Alarms Screen Figure 6 25 shows the screen as it...

Страница 238: ...he sensor to monitor in the Sensor field 4 Select a condition to trigger the sensor alarm from the Condition pull down menu 5 When the condition is inside or outside a range specify the range in the R...

Страница 239: ...on which option is selected from the Action menu in Step 7 Configuring a Syslog Message Sensor Alarm Action The following figure shows the fields that appear when Syslog Message is selected on the Act...

Страница 240: ...a priority from the Priority menu 3 Enter text as desired in the Body field 4 Click OK 5 Click Save and apply changes Configuring the SNMP Trap Sensor Alarm Action The following figure shows the field...

Страница 241: ...cribes the fields in Figure 6 28 Table 6 10 Fields for Configuring a SNMP Trap Sensor Alarms Field or Menu Name Description Protocol SNMP v1 SNMP v2c SNMP v3 OID Object Identifier Each managed object...

Страница 242: ...an authentication type from the Authentication Type pull down menu iii Enter the authentication password in the Password field iv Select an encryption method from the Encryption pull down menu Communi...

Страница 243: ...ollowing figure shows the fields that appear when Pager is selected on the Action menu on the Config Sensor Alarms screen that is shown in Figure 6 26 Figure 6 29 Config Sensor Alarms Pager Message Fi...

Страница 244: ...ber field 3 Enter the user name required for authentication in the SMS username field 4 Enter the IP address of the SMS server in the SMS server field 5 Enter the SMS port number in the SMS port field...

Страница 245: ...planatory message for the alarm in the Body field 6 Click OK 7 Click Save and apply changes Configuring SNMP The OnBoard administrator can use this screen to configure Simple Network Management Protoc...

Страница 246: ...the SNMP service is active by checking the Config Services screen If the security profile in effect enables SNMP you do not need to activate SNMP on the Services screen The following table lists the t...

Страница 247: ...ed values The Edit button brings up the screen shown in the following figure Figure 6 32 Config SNMP Edit OnBoard Information Settings T To Configure OnBoard SNMP Information 1 Log into the Web Manage...

Страница 248: ...or Sun Net Manager As shown in Figure 6 33 the names of all configured devices that have service processors are listed under the Servers SNMP configuration heading on the Config SNMP screen Figure 6...

Страница 249: ...34 a screen appears like the one shown in the following figure when v1 is selected from the SNMP version menu Figure 6 35 Config SNMP Device SNMP Access Dialog With V1 Selected When the administrative...

Страница 250: ...ith V2c Selected When the administrative user clicks the Edit button under the Service Processor SNMP setting heading shown in Figure 6 33 a screen appears like the one shown in the following figure w...

Страница 251: ...he following figure Figure 6 38 Config SNMP Device SNMP Access Dialog With V1 Selected The fields on the screen shown in Figure 6 38 vary according to which SNMP protocol type is selected Figure 6 38...

Страница 252: ...Identifier Each managed object has a unique identifier SNMP version v1 v2c v3 Community SNMP v1 and v2c only The community name is sent in every communication between the client and the server and the...

Страница 253: ...t identifier in the OID field c Select a version from the SNMP version pull down menu d If either the v1 or v2c version is selected in Step c enter a community name in the Community field e If the v3...

Страница 254: ...a Read view and Write view from the Security level pull down menus d If the v3 version is selected in Step b do the following steps i Configure users as desired by clicking the Add user button and fi...

Страница 255: ...any entries as desired with an OID and Mask and select the desired Include and Exclude options from the pull down menu on the left of each entry v Click OK f Click OK 7 Click OK 8 Click Save and apply...

Страница 256: ...istrative user can use the Config Syslog screen to tell the OnBoard to send syslog messages to one or all of the following Console Root user if the root user is configured to receive syslog messages m...

Страница 257: ...configure messages to be sent to a syslog server add a syslog server to the Syslog servers list by doing the following steps i Enter a syslog server s IP address in the New syslog server field ii Cli...

Страница 258: ...n entry appears for each configured device with an Edit button next to each device s entry Figure 6 42 Config Event Log Backend Screen An administrative user can use the Config Event log backend scree...

Страница 259: ...he Edit button to edit event logging for a device The Edit OnBoard Event Log Settings for Device displays 4 Select On or Off from the Logging Status pull down menu or accept the currently selected men...

Страница 260: ...igure appears Figure 6 44 Config Security Profile Screen The note at the bottom of the security profile configuration screen is a reminder that putting another security profile into effect could disab...

Страница 261: ...re a custom security profile for the OnBoard See Understanding Security Profiles on page 12 for important background information The features in the Moderate security profile are described in Table 1...

Страница 262: ...6 46 Config Security Profile Dialog With the Secured Profile Enabled Note Follow the reminder at the bottom of the screen shown in Figure 6 46 by making sure to notify all users that they must use HT...

Страница 263: ...Open The following figure shows the lists of enabled and disabled features in the dialog for the Open security profile Figure 6 47 Open Security Profile Dialog The features in the Open security profil...

Страница 264: ...described in Table 1 9 Services and Other Functions in the Custom Security Profile on page 14 Note Selecting a default authentication type means that the specified authentication type is selected by d...

Страница 265: ...abled and make sure the checkboxes are clear next to services and features you want to be disabled 6 Click OK The security profile confirmation screen appears 7 Click the Save and apply changes button...

Страница 266: ...ervices 1 Log into the Web Manager as an administrative user 2 Go to Config Services The Services screen displays 3 Click to check a checkbox next to each service you want to enable 4 Click to leave u...

Страница 267: ...ures listed in the following table Options Under Network Page 232 Configuring Network Interfaces Page 233 Configuring Firewall Rules for OnBoard Packet Filtering Page 239 Configuring Hosts Page 242 Co...

Страница 268: ...Network When an administrative user clicks the Network option in the top menu of the Web Manager seven options appear in the left menu as shown in the following figure Figure 7 1 Network Menu Options...

Страница 269: ...re appears Figure 7 2 Network Host Settings Screen Table 7 1 Options Under Network Option Where Described Host Settings Configuring Network Interfaces on page 233 Firewall Configuring Firewall Rules f...

Страница 270: ...he following table Table 7 2 Network Interfaces Configuration Values Settings Notes Failover Selecting enabled from the pull down menu configures failover from the primary to the secondary Ethernet po...

Страница 271: ...assigned two different IP addresses both interfaces are reachable through either IP address even if the cable is disconnected from one of the interfaces Configuring Routes Configuring the network inte...

Страница 272: ...the primary Ethernet interface and the secondary Ethernet interface becomes active only if the primary Ethernet port is not available As a result the values entered in the fields on the screen shown...

Страница 273: ...to the Ethernet port s Configuring DNS Figure 7 4 Network Host Settings Screen With Both Interfaces Enabled and DHCP Disabled T To Configure OnBoard Network Interfaces 1 Log into the Web Manager as an...

Страница 274: ...address for a network gateway in the Gateway IP field Note The IP address entered in the Gateway IP field is used for the OnBoard s default route e Enter or modify a broadcast IP address in the Broadc...

Страница 275: ...igure The administrative user can use this screen to configure packet filtering as described in this section See Understanding Firewall Packet Filtering on the OnBoard on page 63 for background inform...

Страница 276: ...atively defined rule for the filter table INPUT chain The number 0 is assigned automatically As shown an Edit and Delete button appear next to the entry for each administrator defined rule The adminis...

Страница 277: ...destination IP and subnet mask in the form hostIPaddress or networkIPaddress NN d Depending on which chain you selected select an input or output interface from the Input interface or Output interfac...

Страница 278: ...selected from the Input interface or Output interface pull down menu e Accept or change the types of packets to be filtered selected from the Fragments pull down menu f Accept or change the target sel...

Страница 279: ...a host the administrative user must enter the information in the top two bullets below IP address Name Alias The Alias is optional T To Add a New Host 1 Log into the Web Manager as an administrative...

Страница 280: ...in the following figure appears Figure 7 9 Network Static Routes Screen The administrative user can use the Static routes screen to manually add a static route or to edit or delete existing static ro...

Страница 281: ...ld 6 Click Apply 7 Click the Save and apply changes button Table 7 3 Fields and Menus for Configuring Static Routes Field or Menu Name Definition Network Address Enter the IP address of the destinatio...

Страница 282: ...users create a VPN connection from their remote computers to enable access native IP features on an SP Also see Example 2 Two Private Subnets and VPN Configuration on page 345 The Web Manager Network...

Страница 283: ...ns T To Configure IPSec VPN Make sure that the IPsec service is enabled See Table 1 16 IPSec VPN Configuration Information for Administrators and Users on page 35 if needed for details about the value...

Страница 284: ...tHop field d Enter the netmask for the subnet in the Subnet Mask field 10 If RSA public keys is selected in Step 7 do one of the following steps a When configuring the left host generate the key for t...

Страница 285: ...an administrative user See To Log Into the Web Manager on page 75 if needed 2 Got to Network VPN connections 3 Enter a single IP address or a pool of IP addresses in the PPP local address pool field 4...

Страница 286: ...ch as those generated by the cron daemon The Web Manager Network Outbound email screen appears as shown in the following figure Figure 7 14 Network Outbound Email Screen T To Configure Outbound Email...

Страница 287: ...Private subnets screen appears as shown in the following figure Figure 7 15 Network Private Subnets Screen The administrator must define at least one subnet as described under Adding Private Subnets...

Страница 288: ...reen the Private Subnet configuration dialog appears as shown in the following screen example Figure 7 16 Network Private Subnets Add Subnet Dialog A subnet is defined by configuring the following The...

Страница 289: ...t address is 192 168 0 255 by convention and the OnBoard s address is 192 168 0 254 the administrator can assign an address between 192 168 0 1 and 192 168 0 253 when configuring a connected device Co...

Страница 290: ...rivate subnet in the Private subnet name field 4 Enter an IP address for the OnBoard within the private subnet s network address range in the Onboard side IP address field 5 Enter a netmask for the pr...

Страница 291: ...r as an administrative user See To Log Into the Web Manager on page 75 if needed 2 Under Virtual Network DNAT configuration enter a virtual IP address to assign to the OnBoard from the virtual network...

Страница 292: ...Configuring Private Subnets and Virtual Networks 256 AlterPath OnBoard Administrator s Guide...

Страница 293: ...ocedures listed in the following table Options Under Info Page 258 Viewing System Information Page 259 Viewing System Information Page 260 Viewing Information About Detected Devices Page 263 Options U...

Страница 294: ...n the following figure Figure 8 1 Info Menu Options The options that appear when an administrative user clicks Info are described in the sections listed below Table 8 1 Options Under Info Option Where...

Страница 295: ...vice may be accessed through a single OnBoard private port for that reason configuration is done on devices not on ports This screen is the only place where the port to which a device is connected is...

Страница 296: ...erPath OnBoard Administrator s Guide Viewing System Information When an administrative user goes to Info System information a screen appears like the one shown in the following figure Figure 8 3 Info...

Страница 297: ...available on the system information screen Table 8 3 Information on the System Information Screen Heading Listed Information System Information Kernel Version Date Up Time Power Supply State CPU Info...

Страница 298: ...Active InActive HighTotal HighFree LowTotal LowFree SwapTotal SwapFree Committed_AS VmallocTotal VmallocUsed VmallocChunk PCMCIA Information Socket 0 Ident ity Socket 0 Config Socket 0 Status Socket 1...

Страница 299: ...e describes the information provided on the Info Detected devices screen RAM Disk Usage Lists the partitions under the following headings Table 8 4 Information on the Info Detected Devices Screen Head...

Страница 300: ...cases the column is empty DHCP Hostname If a DHCP server is enabled as described in Configuring the DHCP Server on page 26 the OnBoard administrator usually assigns a fixed IP address along with a DH...

Страница 301: ...screen example Figure 8 5 Mgmt Options The following table describes the Menu Options under Mgmt and provides links to procedures Table 8 5 Tasks Performed Under the Web Manager Mgmt Tab Task Option...

Страница 302: ...ny previous backup file Clicking the Load button overwrites the current state of the configuration files with the last backup copy that was made See Understanding How Configuration Changes Are Handled...

Страница 303: ...ore Backed up Configuration Files 1 Bring up the Web Manager and log in See To Log Into the Web Manager on page 75 if needed 2 Go to Mgmt Backup restore 3 Click the Restore button to restore any previ...

Страница 304: ...irst The Cyclades ftp site address is ftp cyclades com See To Download OnBoard Firmware From Cyclades on page 269 for how to download the firmware for upgrading from a local ftp server Username Userna...

Страница 305: ...After downloading the software onto the OnBoard by following this procedure the administrative user needs to perform the procedure under To Upgrade the OnBoard s Operating System Applications and Conf...

Страница 306: ...umber and change to binary mode As shown in the previous screen example the directory contains a binary file zImage_onb_version_number bin for the latest software version and a checksum file Image_onb...

Страница 307: ...ole session and got to To Upgrade the OnBoard s Operating System Applications and Configuration Files Special Considerations if the Last Boot Was a Network Boot If the OnBoard was last booted over the...

Страница 308: ...the following three choices Install into image 1 preserving image 2 Install into image 2 preserving image 1 Erase Flash and install into image 1 The Configuration to install menu provides the followin...

Страница 309: ...Configuration to install menu c Click the Upgrade Now button 5 To upgrade using an image from an ftp server do the following steps a Enter the IP address or DNS name of the ftp server in the FTP site...

Страница 310: ...ration files after the upgrade the new software runs with the configuration files that were last saved before the upgrade was done Restarting the OnBoard When an administrative user goes to Mgmt Resta...

Страница 311: ...owing table Accessing the Command Line Page 276 cycli Utility Overview Page 277 Execution Modes Page 277 Command Line Mode Page 278 Batch Mode Page 278 Interactive Mode Page 278 cycli Options Page 279...

Страница 312: ...ole port using a terminal or computer running a terminal emulation program as illustrated in the following figure By remote logins using SSH or PPP or a terminal emulation program Remote users can acc...

Страница 313: ...ood use of the cycli utility Example scripts are provided in libexec example_scripts The cycli utility provides a set of commands described under cycli Commands on page 285 The commands act on paramet...

Страница 314: ...h mode from the specified file or script See Batch Mode on page 278 Interactive Mode Entered by invoking cycli on the command line The cli prompt appears and the administrator performs configuration b...

Страница 315: ...accepted when setting Table 9 1 cycli Utility Options Option Description 1 When entered either in command line or in batch mode with commands that act on a single parameter speeds up response time C C...

Страница 316: ...meter No parameters are nested under failover Figure 9 1 Example Branch in the cycli Parameter Tree In this branch the only commands supported are get and set All of the parameters in a branch are ent...

Страница 317: ...the following parameters in interactive mode to turn on Ethernet failover Entering a Command in Command Mode Based on the branch in Figure 9 1 you could enter the set command to turn on Ethernet fail...

Страница 318: ...he following screen example You could then make the script executable and execute it on the command line as shown in the following screen example If you want to run a cycli command from the same scrip...

Страница 319: ...ollowing screen example You can put one or more commands in a plain text file without invoking any shell as shown in the following screen example And then you can invoke the cycli command with the f f...

Страница 320: ...parameters as shown in the following screen example Pressing the Tab key once after partially typing a parameter name automatically completes the parameter name unless there is more than one paramete...

Страница 321: ...ne TAB cli set network TAB TAB hostname hosts interface resolv smtp st_routes cli set network i TAB cli set network interface eth0 TAB TAB active address broadcast gateway method mtu netmask cli set...

Страница 322: ...ers causes one or more related parameters to be added For example in the case where an IP address is added to the hosts list empty hostname and alias parameters are also added Until values are set for...

Страница 323: ...160 11 name fruitbat ERR result 5 No such file or directory cli get network hosts 192 168 160 11 name fruitbat ERR result 5 No such file or directory cli add network hosts 192 168 160 11 OK cli get n...

Страница 324: ...associated parameters For instance if an IP address is deleted from the host list other parameters associated with a host name alias are also deleted delete parameter s cli cd network network get host...

Страница 325: ...Example When get is entered with a partial parameter all the subtrees display In the output if a value is assigned the parameter preceding the value ends with a semicolon cli get network hosts 192 16...

Страница 326: ...ace eth1 broadcast network interface eth1 gateway none network interface eth1 mtu 1500 network interface bond0 active no network interface bond0 method static network interface bond0 address 192 168 1...

Страница 327: ...es that are currently stored in the RAM memory not the actual value stored in the affected configuration file list List available parameters With no parameters listed the whole parameter tree is displ...

Страница 328: ...sult in a whole subtree of parameters being moved For instance if an IP address in the host list is changed all parameters associated with that host name alias are moved under the new name cli list ne...

Страница 329: ...e of the values are changed set parameter s value s cli get network hosts 192 168 160 11 network hosts name fruitbat alias cli rename network hosts 192 168 160 11 192 168 160 222 OK cli get network ho...

Страница 330: ...kes an entry for a host with the specified IP address in the hosts list Parameters for this new host can be changed with the set command set network hosts IP address name hostname shell Escape to shel...

Страница 331: ...d the parameters that need to be added using the add command first before using the set command to set additional parameters and values cli set Tab Tab auth httpd notifications profile syslog auxport...

Страница 332: ...Tab Tab shows the boot configuration parameters to set cards Use the set command to configure PCMCIA cards set cards Tab Tab shows the cardtypes and set cards cardtype Tab Tab shows the configuration...

Страница 333: ...the add command to add a VPN IPSec connection name add ipsec conn connectionname Use the set command to configure the connection parameters set ipsec conn connection_name Tab Tab shows the configurat...

Страница 334: ...rk interface interface_name Tab Tab lists the parameters to configure network ipv4 Use the set command to configure ipv4 set network ipv4 Tab Tab lists the parameters to configure network resolv Use t...

Страница 335: ..._method onboard global security encrypt passwords Use the set command to configure whether passwords are encrypted the default is no set onboard global security encrypt_passwords yes no onboard global...

Страница 336: ...he add onboard user command to authorize a user to use a device that has been previously configured possibly with set onboard server devicename add onboard user username devicename Use the set onboard...

Страница 337: ...ch snmpd access com2sec group user view Use the add snmpd command to add access com2sec group user and view add snmpd access com2sec group user view Use the set snmpd command to configure the paramete...

Страница 338: ...as the passwd set user username Tab Tab shows the parameters to set web Use the set web command to specify a user accessible server where the help files have been downloaded set web Tab Tab shows the...

Страница 339: ...anced Device Configuration for procedures to use if you have trouble getting connected devices to communicate with the OnBoard Connection Methods for Troubleshooting Page 304 Recovering from root Auth...

Страница 340: ...Board s console after establishing a dial in connection from a terminal emulation program to an external modem optionally connected to the OnBoard Local OnBoard administrators can connect to the OnBoa...

Страница 341: ...d group databases whose lines do not start with the pound sign For example in the portion of the nsswitch conf file in the following screen example no pound signs appear before the entries for the pas...

Страница 342: ...rt the Apache web server T To Restart the Web Manager 1 Enter the http k start command as shown in the following screen example 2 Enter the ps command with the ef option and look for a line with apach...

Страница 343: ...rk boots are recommended for troubleshooting For example if you want to test a new release of the software to make sure a problem is fixed or if the removable flash memory becomes corrupted you could...

Страница 344: ...Using the create_cf Command When Troubleshooting 308 AlterPath OnBoard Administrator s Guide...

Страница 345: ...Tasks for Configuring New Devices Page 310 Understanding How the OnBoard Manages Communications With Devices Page 311 Understanding Address Configuration for Connected Devices Page 336 To Find Out if...

Страница 346: ...ddress which hides the real IP address of the device from users and which requires the configuration of a virtual network DNAT The following table lists the sections that apply to each requirement Tab...

Страница 347: ...clades com support downloads under the product name AlterPath OnBoard Creating and assigning IP addresses of the following types A device IP address A virtual IP address A private subnet A optional vi...

Страница 348: ...mmand differences An OnBoard administrator root or an administrative user can use the onbdtemplate utility on the command line to test the default command templates when configuring a device and to cr...

Страница 349: ...rocessors with the IPMI 2 0 RCMP encrypted protocol in either of the two following ways Identify the service processor as a IPMI 1 5 type which enables the OnBoard to communicate with the 2 0 type ser...

Страница 350: ...of some firmware versions for various platforms follows for example 1 07 x235 was released before 1 03 x306 1 03 x360 is very different from 1 03 x205 1 03 x205 supports neither event log nor sensors...

Страница 351: ...tory SSH_Access txt bidilink_Access txt In addition see the notes in the following files in the libexec onboard directory bidi_login exp ssh_login exp Interact with the web interface of a service proc...

Страница 352: ...only for Native IP access When adding any other kind of new device the OnBoard administrator needs to do the following Find out if the new device and its firmware have been tested and proven to work...

Страница 353: ...ated 3 Check for updated application notes at http www cyclades com support downloads php under the product name AlterPath OnBoard and if any are found review those notes for additional tips about the...

Страница 354: ...can get to the server b If you cannot access the server check the network configuration and fix the problem that is preventing access 10 If you can access the server but still cannot access the servic...

Страница 355: ...you are editing Note Sensors may not be supported If any command is not supported leave it commented out in the template 5 Enter the login prompt in the form login_prompt login_prompt 6 Enter the pass...

Страница 356: ...e whether or not they are authorized 19 Save and quit the file 20 Enter the saveconf command 21 Logout from the console 22 Log into the Web Manager as an administrative user and go to Config Devices W...

Страница 357: ...sed when logging into the OnBoard 8 Go to To Use the onbdtemplate Utility to Create a New Template on page 268 Command Templates Command templates are stored in the etc onboard_templates ini file The...

Страница 358: ...he configuration parameters for each configured device except for the username and password information for each device which are stored in the etc onboard_server_auth ini file By default neither file...

Страница 359: ...ip 192 168 0 2 local_ip 192 168 0 254 virtual_ip 10 0 0 2 netmask 255 255 255 0 authtype local template ilo default description Compaq Proliant iLO 1 82 server rack1_dev3_dell_drac type drac ip 10 0 0...

Страница 360: ...oes not have a template rack1_dev4_newisys_ipmi type ipmi_1 5 ip 10 0 0 4 real_ip 172 10 0 2 local_ip 172 10 0 254 virtual_ip 10 0 0 4 netmask 255 255 255 0 authtype local description Newisys IPMI 1 5...

Страница 361: ...Template Works With a New Device on page 317 describes steps the OnBoard administrator can follow to find out whether one of the default RSA templates works and if neither template works to create a n...

Страница 362: ...tion menu shown in the following screen example Selecting New from the Action menu brings up an editor with a template file open for you to configure Selecting View Edit Copy Test or Rename from the A...

Страница 363: ...he first time you select any action to test you are prompted to enter a username and password If local authentication is specified for the device enter the username and password that you entered to ac...

Страница 364: ...t The administrator tests the rsa default command template on a server called rack3_ibm_e306_rsa which is configured for local authentication The administrator must enter the same username password pa...

Страница 365: ...xpect scripts associated with each of the custom types By default the talk_customN exp scripts contain warnings that they have not been configured along with some brief instructions on how to get them...

Страница 366: ...pect scripts The administrator should set the file permissions to allow reading and execution by all users and writing by members of the admin group The format of a custom Expect script s file name sh...

Страница 367: ...ore configuring expect scripts see the notes under usr share docs OnBoard Application_Notes Service_Processor_ Related The following table lists the subdirectories and describes the contents Table A 7...

Страница 368: ...le of Creating a Custom IPMI Type Script The OnBoard uses ipmitool commands to communicate with IPMI 1 5 type service processors The OnBoard administrator can create a custom script to communicate wit...

Страница 369: ...to the two argument format occurs when the action is spconsole When the second argument is spconsole any other number of arguments may follow all arguments entered after the spconsole action are colle...

Страница 370: ...way to handle an unexpected action argument sensors Asks the service processor for a sensor reading and display service processor sensor output on standard output poweron Asks the service processor t...

Страница 371: ...er or on a server or other device that supports device console access through its Ethernet port Note ssh must be invoked with the t option when this mode is used log_sensors Retrieves sensor data in a...

Страница 372: ...in Preparing an Addressing Scheme on page 55 the OnBoard administrator must plan and implement an IP addressing scheme to create a pool of private IP addresses to assign when configuring connected dev...

Страница 373: ...ration file Options for Assigning IP Addresses to Connected Devices on page 368 A virtual network should be created in the following cases To hide a device s private IP addresses from non administrati...

Страница 374: ...uirements for Native IP Access on page 341 IPSec VPN Configuration for Example 2 on page 349 PPTP VPN Configuration for Example 2 on page 352 Enabling Native IP and Accessing a Device s Native Feature...

Страница 375: ...To enable communications between remote user s workstations on the Internet or local user s on the same LAN and connected devices on the private management network via the OnBoard s Native IP access...

Страница 376: ...ator must define IP address or addresses for priv0 by defining private subnet s When multiple private subnets exist their IP addresses are assigned to aliases of priv0 such as priv0 sub1 and priv0 sub...

Страница 377: ...long with the IP address assigned to the OnBoard in the form inet addr OnBoardIPaddr If multiple private subnets are configured multiple priv0 private_subnet name interfaces exist each with its admini...

Страница 378: ...349 PPTP VPN Configuration for Example 2 on page 352 IPSec VPN Configuration for Example 3 on page 362 and PPTP VPN Configuration for Example 3 on page 364 which discuss routing requirements for the t...

Страница 379: ...subnet shown in Figure A 2 Figure A 3 Private Subnet Configuration Example Figure A 3 shows the following values entered in the dialog that appears when the Add Subnet button is clicked on the Network...

Страница 380: ...iguration Example As shown in the following screen example the new private subnet name and the OnBoard side IP address and subnet mask from Figure A 3 are assigned to the priv0 interface Figure A 5 if...

Страница 381: ...re not in the same network range as the other two devices Configuration details follow including how to set up VPN connections Figure A 6 Example 2 Two Private Subnets OnBoard side IP 192 168 1 1 Alte...

Страница 382: ...Figure A 6 and listed here Private subnet sub1 OnBoard side IP address 192 168 1 1 Subnet mask 255 255 255 0 The above values define a range between 197 168 1 0 and 192 168 1 255 256 addresses of whi...

Страница 383: ...ivate subnet sub1 so its IP address in the same range 192 168 1 3 sp3 is on private subnet sub2 It has previously been assigned the IP address 192 168 4 21 which cannot be changed sp4 is also on priva...

Страница 384: ...e to create the VPN tunnel Make sure the user who needs the VPN access has an account that is authorized for native IP access to the devices The following screen example shows the configuration inform...

Страница 385: ...1 and sp2 The second connection supports the IPSec VPN tunnel to sp3 and sp4 The OnBoard administrator must also do the following to enable an IPSec client to access the private subnets where the devi...

Страница 386: ...policy equipment compatibility and site routing requirements Note In some circumstances for example if packets are being blocked by a firewall on the client s default gateway the user s workstation an...

Страница 387: ...anager for the user to insert into the ipsec conf file on the user s workstation The authorized user must do the following to enable the IPSec client running on the user s workstation to bring up the...

Страница 388: ...ompleted a VPN connection must be created This example shows the configuration steps that must be performed by the OnBoard administrator and by a user on a remote workstation for setting up an PPTP VP...

Страница 389: ...is authorized for native IP access to sp1 sp2 sp3 and sp4 as shown in Figure A 10 The user s account is configured for PPTP access to the OnBoard as shown in Figure A 13 The following figure shows an...

Страница 390: ...station to discover the IP address assigned to the OnBoard s end of the PPTP VPN tunnel When the PPTP tunnel is being activated the OnBoard chooses an IP address from each of the address pools for the...

Страница 391: ...or the appropriate private subnet to access the OnBoard and then enables Native IP access to the desired device Enabling Native IP Access In this example to enable native IP access on sp1 or sp2 on su...

Страница 392: ...browser On the user s workstation on the command line entering the ssh command with the name alias of the device along with the IP address of the OnBoard side address for the subnet where the device r...

Страница 393: ...the following cases To hide the addresses of the connected devices from users by the use of virtual IP addresses Caution When an authorized user has service processor access device console access or...

Страница 394: ...management actions Power commands Sensor commands System event log commands As stated elsewhere users who have the following types of access to a device cannot be prevented from seeing the real IP ad...

Страница 395: ...ddresses in the 172 20 0 1 range to hide the real private subnet IP addresses Figure A 14 Example 3 Virtual Network Configuration AlterPath OnBoard Primary Ethernet port eth0 IP 203 1 2 3 Subnet mask...

Страница 396: ...evice named sp3 a virtual IP of 172 20 0 4 The device named sp4 with IP 192 168 4 22 does not work with virtual network DNAT addressing so it cannot be contacted using a virtual IP address Therefore t...

Страница 397: ...address 172 20 0 2 assigned to the device sp1 on the Web Manager Config Devices screen to implement the configuration shown in Figure A 14 Figure A 16 Example 1 Device Configuration Example Figure A 1...

Страница 398: ...c VPN connection must be configured to create the IPSec VPN tunnel from the user s workstation to sp1 sp2 and sp3 which are on both private subnets in example 3 Configuration of connSub2 would be stil...

Страница 399: ...ction Configuration for Access to sub1 Private Subnet and sp1 and sp2 Devices As in the earlier example the OnBoard administrator must do the following to enable the IPSec client to access the subnets...

Страница 400: ...described under Enabling Native IP and Accessing a Device s Native Features Using Real IP Addresses for Example 2 on page 355 PPTP VPN Configuration for Example 3 After the private subnets device and...

Страница 401: ...Enabling native IP and accessing the device s native features is the same as described under Enabling Native IP and Accessing a Device s Native Features Using Real IP Addresses for Example 2 on page 3...

Страница 402: ...menush menu in one of the following ways ssh username 172 20 0 1 ssh t username 172 20 0 menu Select Access Devices from the menu Select either sp1 sp2 or sp3 from the devices menu Select Enable nativ...

Страница 403: ...e user s workstation by bringing it up from there If the management application resides on the service processor and is an executable that can be invoked on the command line by accessing the service p...

Страница 404: ...h a default IP address would not be used Instead an IP address of the OnBoard administrator s choosing would probably be assigned from the site s private side device IP addressing scheme using one of...

Страница 405: ...Appendix A Advanced Device Configuration 369 Understanding Address Configuration for Connected Devices ssh_tunnel pdf tftp pdf...

Страница 406: ...Understanding Address Configuration for Connected Devices 370 AlterPath OnBoard Administrator s Guide...

Страница 407: ...Network Boot Options and Caveats Page 378 Options for the create_cf Command Page 381 Options for the restoreconf Command Page 384 To Boot from an Alternate Image Using cycli Page 375 To Boot in U Boo...

Страница 408: ...systems mounted on three Linux partitions The first partition for each image contains the kernel the second partition contains the root filesystem mounted read only and the third partition contains th...

Страница 409: ...partition which is mounted read write contains the configuration files Figure B 1 Boot Partitions The previous figure also shows a configuration backup partition dev hda3 in removable flash This part...

Страница 410: ...so that the system boots from the new image Do a network boot from the image and then save it onto the removable flash The U Boot monitor command net_boot boots the image from the TFTP server specifie...

Страница 411: ...ity See To Boot from an Alternate Image Using cycli on page 375 Boot in U Boot monitor mode and use the available boot commands See To Boot in U Boot Monitor Mode on page 377 T To Boot from an Alterna...

Страница 412: ...ny key before the timer expires brings the OnBoard to U Boot monitor mode If boot fails the OnBoard automatically enters U Boot monitor mode The U Boot hw_boot command boots from either the first or s...

Страница 413: ...ime elapses to stop the boot The U Boot monitor prompt appears 4 Enter help to see a list of supported commands T To Boot from an Alternate Image in U Boot Monitor Mode 1 Go to U Boot monitor mode See...

Страница 414: ...ooting and must not be used for normal operation of the OnBoard For example if you want to test a new release of the software to make sure a problem is fixed or if the removable flash memory becomes c...

Страница 415: ...d ipaddr environment variables using the boot filename the TFTP boot server s IP address and the IP address of the OnBoard to use for network booting The format of the boot filename is zmppcons vversi...

Страница 416: ...te Image in U Boot Monitor Mode on page 377 if needed 9 Enter the reboot command T To Restore the OnBoard Configuration Files to the Last Saved Version This procedure assumes that you or a previous ad...

Страница 417: ...reate_cf command with the factory_default option Options for the create_cf Command You can use the create_cf command when troubleshooting problems with the boot image as described under To Replace a B...

Страница 418: ...the factory default configuration d device Creates the image on the specified device The default device is dev hda the removable flash memory Make sure the filesystem is not mounted Use the d device o...

Страница 419: ...RAM into the flash memory PCMCIA card in PCMCIA slot 1 Saving an Image into the Image2 area and Restoring the Factory Default Configuration The following command saves the image from RAM into the imag...

Страница 420: ...conf subcommands are shown in the following screen example restoreconf Usage Restore from flash restoreconf Restore from factory default restoreconf factory_default Restore from storage device restore...

Страница 421: ...r security policies See also authentication authorization and encryption ActiveX A set of technologies developed by Microsoft from its previous OLE object linking and embedding and COM component objec...

Страница 422: ...de a specific function such as an ASIC chip that serves as a BMC authentication The process by which a user s identity is checked usually by checking a user supplied username and password before the u...

Страница 423: ...e Cyclades products save configuration changes in the affected configuration files while maintaining a backed up compressed set of configuration files in a separate directory The backup directory s co...

Страница 424: ...not operable Sits on the server s baseboard motherboard on an internal circuit board or on the chassis of a blade server Monitors on board instrumentation Provides remote reset or power cycle capabili...

Страница 425: ...d presses the Enter or Return key The computer processes the command displays output when appropriate and displays another prompt Users can save a series of frequently used commands in a script Being...

Страница 426: ...e community name must be also configured on the SNMP server For security reasons the default community name public cannot be used console A computer mode that gives access to a computer s command line...

Страница 427: ...HCP dynamic host configuration protocol A service that can automatically assign an IP address to a device on a network which saves administrator s time and reduces the number of IP addresses needed Ot...

Страница 428: ...servers may include an independent DRAC system controller Several incompatible version types exist DRAC II DRAC III DRAC III XT DRAC IV along with several incompatible firmware versions All controller...

Страница 429: ...used by IPSec AH is the other ESP encrypts and authenticates data flowing over the connection Does not define the authentication method that must be used DES 3DES AES and Blowfish are commonly used wi...

Страница 430: ...any reason When the primary component becomes available it takes over the work again Automatically and transparently redirects requests from the unavailable component to the backup component Used to...

Страница 431: ...assigns MIB numbers to organizations iLO Integrated Lights Out Hewlett Packard s proprietary service processor pronounced EYE loh Even though HP is a major supporter of IPMI the company also provides...

Страница 432: ...it can function even if the operating system is unavailable or if the system is powered down The OnBoard supports IPMI version 1 5 OnBoard administrators can create custom Expect scripts to support IP...

Страница 433: ...y servers that are connected to the switch Cyclades AlterPath KVM analog switches are one component of the out of band infrastructure KVM over IP switch A KVM switch that supports remote access over a...

Страница 434: ...need for a site visit management software Each server company that offers a service processor produces its own client side software to access the servers management features through the service proce...

Страница 435: ...of one set of IP addresses for internal traffic and another set of IP addresses for traffic over the public network The AlterPath OnBoard uses NAT to allow access to service processors and managed dev...

Страница 436: ...native web interface A service processor feature that allows browser access to the service processor s information management configuration and actions by means of a HTTP HTTPS server running on the s...

Страница 437: ...with a high accuracy network time protocol server OID A unique indentifier for each object in an SNMP MIB The OID naming scheme is in the form of an inverted tree with branches pointing downward The...

Страница 438: ...lidated console and KVM ports AlterPath PM IPDUs the AlterPath OnBoard service processor manager and the AlterPath Manager for centralized control of and access through multiple AlterPath devices to u...

Страница 439: ...ion as PPP production network The network on which the primary computing work of an organization is done Users on a production network expect 24 7 365 availability with access to data and resources as...

Страница 440: ...remote media to control power and to manage the console through a web browser using a built in Web server Provides more options than the IPMI service processor that is available on IBM xseries e325 a...

Страница 441: ...f access through a single Ethernet address see IP address consolidation to services that are provided by service processors from several different vendors and to the console of certain servers and oth...

Страница 442: ...P agent software send data from management information bases MIBs to the SNMP manager software On certain Cyclades devices administrators can enable SNMP to allow a remote administrator to manage the...

Страница 443: ...nistrator and an internal baseboard management controller BMC that enables the management features Management features can include serial console emulation using Telnet or IPMI KVM over IP power contr...

Страница 444: ...andards NIST and the Canadian government s Communications Security Establishment CSE Authorized users on the AlterPath OnBoard can enter an OnBoard specific set of commands such as poweron poweroff po...

Страница 445: ...that is physically connected to the remote administrator s computer to VPN virtual private network A mechanism enabling two computers to securely transfer information over an otherwise untrusted netw...

Страница 446: ...410 AlterPath OnBoard Administrator s Guide...

Страница 447: ...n 3 4 configuring with cycli 7 default method 8 default type for devices 13 local fallback option 7 method 8 modem 45 supported methods 5 supported types for IPSec 33 type selecting a default 90 authe...

Страница 448: ...ivate subnets 98 when changing the default rmenu sh menu 49 51 when creating a command template 320 when creating filtering rules 63 certificate signing request generating 23 certification authorities...

Страница 449: ...severity level 39 crond daemon 52 currentimage environment variable 374 383 curses commands 313 custom security profile 8 14 bypassing authorizations 12 customizing command templates 312 expect script...

Страница 450: ...ot 2 device name 382 devconsole default command template 106 321 device configuration 310 unique tasks 310 device console 105 device management 3 device management actions event log 313 power 313 serv...

Страница 451: ...d up restored 70 certificate files pre added to 24 etc httpd conf ssl key server key file 24 etc menu ini login shell configuration file 48 etc onboard_templates ini file 320 321 eth0 42 eth1 42 Ether...

Страница 452: ...clades 269 flash memory 62 272 378 partitions 381 PCMCIA card 383 configuration form 139 flow control 44 format storage media while creating a boot image 382 FORWARD packet filtering chain 64 ftp serv...

Страница 453: ...oderate security profile 12 VPN connections 35 iptables introduction 64 67 K Kerberos authentication 5 7 33 181 kernel version 261 keys conventions for hot keys escape keys and keyboard shortcuts xxxi...

Страница 454: ...ation 318 configuring basic parameters Web Manager 237 network interfaces configuring 233 234 configuring a default route 51 93 235 configuring Web Manager 234 configuring Wizard 84 91 network route 5...

Страница 455: ...devices and outlets 11 power management commands 312 318 325 configuring 46 device 313 on IBM servers using RSA II cards 314 power on 312 power supply state 261 PPP 4 10 45 74 configuring options 46...

Страница 456: ...261 rmenush login shell configuring 48 root user 51 cannot log in 304 routes default configuring for the OnBoard 51 93 235 routing for the OnBoard understanding 51 specifying the OnBoard s default ro...

Страница 457: ...n LDAP configuring 184 NIS configuring 185 RADIUS configuring 187 SMB configuring 189 TACACS configuring 191 syslog 40 service processors 41 53 54 console 313 318 hiding vulnerable protocols used by 3...

Страница 458: ..._ipmi exp Expectscript 313 talk_rsa_I exp Expect script 313 325 tasks configuration using the Wizard 84 device configuration 310 for administering packet filtering 66 for assigning a command template...

Страница 459: ...management 47 configuring Wizard 84 107 planning device and IPDU outlet access 11 users and groups authorizations 3 usr bin rmenush login shell configuring 48 V var log console devicename log 62 vendo...

Страница 460: ...424 AlterPath OnBoard Administrator s Guide...

Отзывы:

Нет отзывов

Похожие инструкции для AlterPath OnBoard

Бренд: ICP DAS USA Страницы: 14

Бренд: ICP DAS USA Страницы: 25

Бренд: ICP DAS USA Страницы: 15

Бренд: ICP DAS USA Страницы: 8

Бренд: ICP Страницы: 14

Бренд: Quick Eagle Networks Страницы: 4

SAFETank Series

Бренд: Raidon Страницы: 49

Бренд: X-Micro Страницы: 9

Бренд: X-Micro Страницы: 19

Бренд: D-Link Страницы: 213

Бренд: peplink Страницы: 2

Бренд: Belkin Страницы: 2

Бренд: ekwb Страницы: 11

EK-FC750 GTX Series

Бренд: ekwb Страницы: 2

Comet 3356P-LAN

Бренд: ZyXEL Communications Страницы: 38

Бренд: Icy Box Страницы: 2

Бренд: LevelOne Страницы: 11

netHOST NHST-T100

Бренд: hilscher Страницы: 75

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды