background image

196 C

OMMAND

C

ENTER 

S

ECURE 

G

ATEWAY 

A

DMINISTRATOR 

G

UIDE

 

 

 

 

4.

 

To view the history of a task, select a task and click 

Task History

.  

 

Figure 243 Task History 

5.

 

To view details of a task, double-click on a task.  

 

Figure 244 Task Details 

 

Note: If a task is changed or updated, its prior history no longer applies and the “Last Execution 
Date” will be blank. 

 

Содержание Command Center CC-SG

Страница 1: ...CommandCenter Secure Gateway CC SG Administrator Guide Release 3 0 Copyright 2006 Raritan Inc CCA 0B E May 2006 255 80 5140 00...

Страница 2: ...This page intentionally left blank...

Страница 3: ...e FCC Rules These limits are designed to provide reasonable protection against harmful interference in a commercial installation This equipment generates uses and can radiate radio frequency energy an...

Страница 4: ...In Raritan products which require Rack Mounting please follow these precautions Operation temperature in a closed rack environment may be greater than room temperature Do not exceed the rated maximum...

Страница 5: ...Add Devices 22 Configure Ports 24 Serial Port 24 KVM Port 26 Add Users to System Administrators Group 27 Control User Access 28 Create User Groups 28 Create Edit Port Groups 30 Create Edit Policies 3...

Страница 6: ...73 Disconnect Users 74 Chapter 6 Configuring Ports and Port Groups 75 Port Manager 75 Port Icons 77 Configure Port 78 Edit Port 88 Port Group Manager 91 Chapter 7 Adding Users and User Groups 93 Add U...

Страница 7: ...gned Certificate Request 133 IP ACL 134 Chapter 10 Generating Reports 135 Active Users Report 135 Active Ports Report 136 Asset Management Report 137 Audit Trail Report 138 Error Log Report 140 Ping R...

Страница 8: ...sk Details of a Task and Task History 195 Notification Manager 197 SSH Access to CC SG 198 Command Tips 200 Create a SSH Connection to an SX Device 201 Connect to a Serial Port 202 Exit a Session 203...

Страница 9: ...ty and Open Port Scans 235 Appendix C Initial Setup Process Overview 237 Appendix D User Group Privileges 239 Appendix E SNMP Traps 243 Appendix F Troubleshooting 245 Client Browser Requirements 245 I...

Страница 10: ...iguration Ports 24 Figure 24 Configure Serial Ports 25 Figure 25 Configure Ports 26 Figure 26 Configure KVM Port 26 Figure 27 Add User Screen 27 Figure 28 Add User Group Screen 29 Figure 29 Port Group...

Страница 11: ...ow 64 Figure 76 Remote User Station Admin Option 65 Figure 77 IP Reach Administration Screen 65 Figure 78 Device Power Manager Screen 66 Figure 79 Discover Devices Screen 67 Figure 80 Discovered Devic...

Страница 12: ...licy Manager Screen 110 Figure 133 Add Appliance Policy Window 110 Figure 134 Update Policy Window 111 Figure 135 Edit Appliance Policy Window 111 Figure 136 Update Policy Window 111 Figure 137 Delete...

Страница 13: ...183 Browse to Upload a Backup of CC SG 155 Figure 184 Refresh Shortcut Button 156 Figure 185 Upgrade CC SG Screen 157 Figure 186 Restart Screen 157 Figure 187 Info Window 158 Figure 188 Shutdown CC S...

Страница 14: ...Figure 234 Cluster Configuration Set Secondary CC SG 189 Figure 235 Recovering a node from Waiting status 190 Figure 236 Cluster Configuration Advanced Settings 191 Figure 237 Task Manager 193 Figure...

Страница 15: ...og File 216 Figure 277 Getting Help F1 217 Figure 278 Selecting CC SG Restart in Diagnostic Console 217 Figure 279 Restarting CC SG in Diagnostic Console 218 Figure 280 Selecting CC SG System Reboot i...

Страница 16: ......

Страница 17: ...he IP network and presenting the serial console and KVM ports of all the target devices within the managed network Prerequisites Before configuring a CC SG according to the procedures in this document...

Страница 18: ...basis Supports primary and secondary servers Fallback authentication through local database Single IP Address Access Reduces the complexities of managing multiple IP addresses with associated user nam...

Страница 19: ...bility Ease of Use Administrator Presentation Enhanced system setup entirely through graphical user interface state of the art UI standards with professional look and feel Designed for High Availabili...

Страница 20: ...s enabled see section Network Configuration in Chapter 12 Advanced Administration for additional information The hostname and its Fully Qualified Domain Name FQDN Hostname Suffix cannot exceed 257 cha...

Страница 21: ...ine interface to CC SG Only a subset of CC SG commands is provided via SSH to administer devices and CC SG itself please see Chapter 12 Advanced Administration for additional information Target Userna...

Страница 22: ...ic Ports Page 78 81 83 Disconnect Users from Port Page 74 Search for Users Page 104 Active Directory Enhancements Page 115 Query Port Report Enhancements Page 148 View Stored Report Page 149 Locked Ou...

Страница 23: ...s exactly like the downloaded applet Through SSH Please note that remote devices connected via the serial port can be accessed using this approach Please see Chapter 12 Advanced Administration for add...

Страница 24: ...on and click OK The Login window appears Figure 4 Login Window 3 Type your Username and Password and click Login 4 Upon valid login the CC SG application window appears The menu bar and tool bar which...

Страница 25: ...hine Once you have connected to a CC SG server its IP address is automatically saved in the client s History file and can be selected from the drop down menu in the future 4 After the standalone clien...

Страница 26: ...u select About Raritan CommandCenter 3 If the version is not current you must upgrade your firmware by following the next few steps 4 On the Setup menu click Upgrade CommandCenter Figure 8 Upgrade CC...

Страница 27: ...hment to a specific port 7 Edit the version field to reflect the new version uploaded and then click Update 8 Click Close to close the Application Manager screen Connection to Console and KVM Manageme...

Страница 28: ...ritanConsole Application Warning The security warning display appearing in IE only appears the first time the user connects to a serial port Click Yes when this display appears if you click No the con...

Страница 29: ...ill receive a short broadcast message Users logged into CC SG via the GUI or SSH will not receive a message 3 If removing the AC power cord let the power down process completely finish before removing...

Страница 30: ...as screens and screens may be broken down into panels 7 User ID Identification of current logged in user 8 Language Information Indication of which language version of CC SG you are currently using 9...

Страница 31: ...n arrange listed ports by name or status by right clicking on the tree and selecting the desired Port Sorting Option Administrators must configure Ports Users and Devices in the CC SG system upon setu...

Страница 32: ...lay the information under the all tabs Create and define users with appropriate privileges and devices they can manage please see Chapter 7 Adding Users and User Groups for additional information Esta...

Страница 33: ...ity Matrix on the Devices menu click Compatibility Matrix Figure 14 Compatibility Matrix CC SG checks against this data whenever you add a device upgrade device firmware or select an application for u...

Страница 34: ...18 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 35: ...tion Wizard guides you through steps to create categories and their associated elements The Wizard then automatically creates a port group for each element and a policy for each port group 1 On the As...

Страница 36: ...lements Screen 3 Type the name of a category you wish to organize your ports by for example Location in the Category field 4 Type the name of each element in that category in the Elements fields below...

Страница 37: ...to cycle through them Figure 17 Adding Another Category 6 When you are done creating categories click Next at the bottom of the screen The Confirm Choices screen of the Wizard appears Figure 18 Associ...

Страница 38: ...izard from the Associations menu click Association Manager To make changes to any of the policies click Policy Manager from the Associations menu By default the Association Wizard sets the policy for...

Страница 39: ...ice Name field Do not use spaces 6 Type the device description in the Description field 7 Type the Device IP address when you prepared the device and use the previously created CC SG Username and Pass...

Страница 40: ...rts for each device you just added The port is the connection to the actual target system or server After adding ports you can change the configuration of individual ports by clicking the Ports tab ri...

Страница 41: ...sole RC is used to manage the target system 6 Click on the Baud Rate drop down arrow and select a rate 7 Click on the Parity Data Bits drop down arrow and select a parity value 8 Click on the Flow Con...

Страница 42: ...orts Alternatively you can right click on the device and select Configure Ports The Configure Ports screen appears Figure 25 Configure Ports 3 Click Configure next to the KVM port line item you wish t...

Страница 43: ...and policies to control user access If you do not put users in the default System Administrators group you will need to complete the additional sections that follow this one After adding a user they...

Страница 44: ...istrator s user group Control User Access You can control user access to devices ports and CC SG administration through user groups and policies User groups define a user s privileges and polices spec...

Страница 45: ...description for example based on department region or assignment in the Description field 5 In the Select Privileges section check the corresponding boxes in the Has it column to add those privileges...

Страница 46: ...ate Associations earlier in this chapter for additional information These port groups contain general rules so you may want to edit these port groups and add more specific rules 1 On the Associations...

Страница 47: ...and grant full access to the ports Once created you will then apply the policy to a user group 1 On the Associations menu click Policy Manager The Policy Manager screen appears Figure 31 Policy Manag...

Страница 48: ...accessed by the group and a policy does Therefore you need to apply a policy to a user group 1 Click on the Users tab and select a group 2 On the User menu click Edit User Group Policies Alternatively...

Страница 49: ...mote Authentication check box only if the user should be authenticated by TACACS RADIUS LDAP or AD Note Checking the Remote Authentication box implies that a remote server is being used for authentica...

Страница 50: ...this user in the Email Address field if desired 13 Click OK to add this user to the system A User Created successfully message indicates the user has been added to the system 14 Drag the new user ico...

Страница 51: ...es and Elements An important concept in CC SG is categories and elements Categories and elements are defined with the Association Wizard or Association Manager Raritan devices and ports are organized...

Страница 52: ...w you want to control user access to the ports As you add devices and ports you link them to your predefined categories and elements When you create port and device groups to include in a policy you w...

Страница 53: ...iations with the Association Manager This will require you to manually create policies Association Manager Association Manager commands allow you to add modify or delete Categories and Elements In CC...

Страница 54: ...Add Category Window 3 Type a category name in the Category Name field Maximum length is 31 characters 4 Click on the Value Type drop down arrow to select a value type of String or Integer 5 Click on t...

Страница 55: ...or Cancel to exit without editing The updated category name appears in the Category Name field 7 Click Close to close the Association Manager screen 8 Repeat steps 1 through 7 to edit other categorie...

Страница 56: ...dd in the Element for Category panel to add a new element The Add Element window appears Figure 41 Add Element Window 3 Type the new element name in the Enter Value for Element field 4 Click OK to add...

Страница 57: ...through 5 to edit other elements Delete Element Deleting an element removes that element from all Port associations leaving association fields blank 1 On the Associations menu click Association Manage...

Страница 58: ...tion Wizard Overview 2 After reading the overview click Next The Category and Elements screen of the Wizard appears Figure 45 Association Wizard Category And Elements Screen 3 Type the name of a categ...

Страница 59: ...Category 6 When you are done creating categories click Next at the bottom of the screen The Confirm Choices screen of the Wizard appears Figure 47 Association Wizard Confirm Choices 7 Review the list...

Страница 60: ...w created a port group for each element and a policy for each port group If the element names were not unique the default port groups and policies cannot be created see Appendix F Troubleshooting for...

Страница 61: ...e file The devices specified in the CSV file must have been added to CC SG prior to importing please see Add Device in Chapter 5 Adding Devices and Device Groups Also the ports specified in the CSV fi...

Страница 62: ...Number Port Name Category Name Element Name For each port and for each category that applies to it For iLO RILOE PowerStrip and IPMI device the port number will be used for all other devices the Rari...

Страница 63: ...CHAPTER 4 CREATING ASSOCIATIONS 47 Once successfully imported you should see something like Figure 50 Analysis Report Screen If necessary refer to Appendix F Troubleshooting for problem resolution...

Страница 64: ...48 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 65: ...on a port by port basis in order to easily access remote target devices When you click on the Devices tab and select a device from the Devices tree the View Device screen will automatically appear dis...

Страница 66: ...t connected Serial port connected in current user session Serial port busy other user connected to port Serial port unavailable device is down and unavailable Serial port paused because device is paus...

Страница 67: ...Device Type drop down arrow and select a type of device from the list 4 Click Next to proceed The Add Device description screen appears Depending on the type of device you selected you will see a dev...

Страница 68: ...52 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE Figure 54 Add Device Screen for Raritan Devices Figure 55 Add Device Screen for iLO RILOE...

Страница 69: ...tween the new device and CC SG in the Heartbeat timeout sec field 12 For IPMI Servers enter an Interval that is used to check for availability and an Authentication Method which needs to match what ha...

Страница 70: ...Use this command to rename a device and or modify its properties 1 Click on the Devices tab and select a device from Devices tree 2 On the Devices menu click Device Manager and then click Edit Device...

Страница 71: ...Please note that categories and elements are the only properties copied in this process 1 Click on the Devices tab and select a device from Devices tree 2 On the Devices menu click Device Manager and...

Страница 72: ...sage confirms that device configuration has been backed up 4 Repeat steps 1 through 3 to back up other device configurations Restore Device Configuration This command allows you to restore a previousl...

Страница 73: ...and click the right arrow to move them to the Copy Configuration To column The left arrow moves selected devices out of the Copy Configuration To column 5 Click OK to copy the configuration to the de...

Страница 74: ...ermine if the device is available in your network 1 Click on the Devices tab and select a device from the Devices tree 2 On the Devices menu click Device Manager and then click Ping Device The Ping De...

Страница 75: ...evice Manager and then click Resume Management The device icon changes from the red paused state to a grey active state View Devices Regular View Select this command to view devices in the Devices tre...

Страница 76: ...w click on the Name drop down arrow and select a custom view that has already been saved in the database Details of the View categories appear in the Custom View Details field 4 Click Set Current to a...

Страница 77: ...User Details panel select a detail and use the Up and Down buttons to arrange details in the order you want devices sorted To remove a detail from the list select the detail and click the Delete butt...

Страница 78: ...ustom view A Custom View Updated Successfully message confirms that the custom view has been updated 8 Click Set Current to arrange the Devices tree to reflect the selected custom view 9 Click Close t...

Страница 79: ...ck on the Devices tab and select a device from the Devices tree 2 On the Devices menu click Topological View The Topological View for the selected device appears Figure 73 Topological View Screen 3 Na...

Страница 80: ...Admin please see Raritan s Paragon II System Controller User Guide After adding your Paragon System device the Paragon System includes the P2 SC device connected UMT units and connected IP Reach units...

Страница 81: ...C SG it appears in the Devices tree Right click on the device icon in the Devices tree and select Remote User Station Admin The Remote User Station Admin screen appears listing all connected IP Reach...

Страница 82: ...ices menu click Device Power Manager The Device Power Manager screen appears Figure 78 Device Power Manager Screen 2 The outlets will be listed in the Outlets Status panel You may have to scroll to vi...

Страница 83: ...the range of IP addresses where you expect to find the devices in the From Address and To Address fields The To Address should be larger than the From Address Specify a mask to apply to the range If...

Страница 84: ...vice in the Username and Password fields to allow CC SG to authenticate the device when communicating with it in the future Select a Category or Element to apply to the device 9 Click OK to add the ne...

Страница 85: ...click Groups Manager and then click Device Group Manager The Device Group Manager screen appears Figure 82 Device Groups Manager Screen 2 Click Add in the Groups panel The Add Device Group window app...

Страница 86: ...drop down arrow and select the group to be edited from the list Click Edit and the Edit Device Group window appears Figure 85 Edit Device Group Window 3 Type the new name for the device group in the...

Страница 87: ...screen 5 Repeat steps 1 through 4 to delete other devices Add Device Rule After adding a device group apply one or more rules to the group so that devices can be grouped by matching parameters and you...

Страница 88: ...al expression of the rule in the lower field of the screen 2 Click Update to update the device group The new rule is associated with this device group from now on and any new devices will also comply...

Страница 89: ...press ENTER Navigation Tips When a device has been found and is highlighted in the Devices tree use the and keys to navigate to the next device When a device is highlighted in the Devices tree press t...

Страница 90: ...grading the firmware of a device The administrator however will remain logged into CC SG Note Firmware upgrades and device configuration backups and restores are allowed to complete before the user s...

Страница 91: ...PMI servers and KVM devices in your CC SG Once configured CC SG provides centralized access to the target devices s attached to Dominion and IP Reach units CC SG supports Raritan products as listed in...

Страница 92: ...the View Port screen to appear Ports are arranged alphabetically by name or grouped by availability status Ports arranged by status are sorted alphabetically within their availability grouping To swi...

Страница 93: ...a record of it remains KVM port connected in current user session Port paused because device is paused Port unavailable because device is unavailable Port busy other user connected to port Serial port...

Страница 94: ...ce from the Devices tree 1 On the Devices menu click Port Manager and then click Configure Ports The Configure Ports screen appears Figure 94 Configure Ports Screen 2 To make ports easier to find clic...

Страница 95: ...t an application name 6 Click on the Baud Rate drop down arrow and select a rate 7 Click on the Parity Data Bits drop down arrow and select a parity value 8 Click on the Flow Control drop down arrow a...

Страница 96: ...band application in Target TCP Port and type a username that is used to login to the in band application in the Target Username field Click OK to save the In band parameter settings or Cancel to exit...

Страница 97: ...The Configure Ports screen appears Figure 98 Configure Ports Screen 3 To make ports easier to find click on a column header to sort the ports by that attribute in ascending order Click on the header...

Страница 98: ...lication drop down arrow and select either RemoteDesktop Viewer SSH Client VNC Viewer Type the IP address of the target associated with this port in the Target IP Address field type the port used by t...

Страница 99: ...ure Ports The Configure Ports screen appears Figure 102 Configure Ports Screen 3 Click the Configure button that corresponds to the Generic port line item you wish to configure The Configure Generic P...

Страница 100: ...exit with configuring A Port Configured Successfully message confirms that port has been created 10 Repeat steps 1 through 9 to configure other Generic ports Configure an Outlet Port Outlet ports can...

Страница 101: ...ame the port after the server that is connected to the port 5 If you want to associate this port with another port click on the Associated Port drop down arrow and select a port name For example an ou...

Страница 102: ...vice 1 Click on the Ports tab and select a port to be deleted 2 On the Devices menu click Port Manager and then click Delete Port The Delete Port screen appears Figure 107 Delete Port Screen 3 Click O...

Страница 103: ...3 In the All Ports list select the port name s that will be adopting the profile of the port listed in the Port Name field above 4 Click to move a port name to the Selected Ports list 5 To remove a po...

Страница 104: ...and select a new rate 6 Click on the Parity Data Bits drop down arrow and select a new value 7 Click on the Parity Check checkbox to enable or disable 8 Click on the Recv Xmit Pace check box to enabl...

Страница 105: ...it KVM Port Screen 3 Type a new port name in the Port Name field 4 Click on the Application Name drop down arrow and select an application from the list 5 Select a new category and element from the Po...

Страница 106: ...he Port Name field 4 Click on the In band application name drop down arrow and select an application from the list 5 Type a new port number in the TCP port number field 6 Type a new username in the Ta...

Страница 107: ...rs Figure 112 Port Groups Manager Screen 2 Click Add in the Group panel to add a new group The Add Port Group window appears Figure 113 Add Port Group Window 3 Type the name for the new Port Group in...

Страница 108: ...the change or Cancel to close the window 5 Click Close to close the Port Groups Manager screen 6 Repeat steps 1 through 5 to edit other port groups Delete Port Group 1 On the Associations menu click...

Страница 109: ...alphanumeric characters or underscores no spaces for locally authenticated users and no length restriction for users authenticated remotely 3 Check the Remote Authentication check box only if the user...

Страница 110: ...eckbox which will add the user to the Users Not in Group user group The user can then be moved to the desired user group 13 Click OK to add this user to the system or Cancel to exit without saving A U...

Страница 111: ...ge any user s password 1 Click on the Users tab and select a user from the Users tree 2 On the User menu click Change User Password The Change User Password screen appears Figure 118 Change User Passw...

Страница 112: ...swords minimum length is 6 characters For non strong passwords minimum length is 4 characters See section Configure Security in Chapter 12 Advanced Administration for additional information Delete Use...

Страница 113: ...the Users tree Note To select more than one user hold the CTRL key and click on additional users 2 On the Users menu click Logoff User s The Logoff Users screen appears Figure 121 Logoff Users Screen...

Страница 114: ...rs Figure 122 Bulk Copy Screen 3 In the All Users list select the user name s that will be adopting the profile of the user listed in the Username field 4 Click to move a user name to the Selected Use...

Страница 115: ...ic category shown at the base of the Users tree 1 Click on the Users tab and select a user to be deleted 2 On the Users menu click Delete User From Group The Delete User From Group screen appears Figu...

Страница 116: ...oup has to be assigned the Device and Port Management feature To view other events that occur in the system those privileges must be selected upon Adding or Editing a User Group This chapter explains...

Страница 117: ...On the Users menu click Edit User Group The Edit User Group screen appears Figure 126 Edit User Group Screen 3 Type a new group name in the User Group Name field 4 Type a new description in the Descri...

Страница 118: ...olicies screen appears Figure 127 Edit User Group Policies Screen 3 Click on a line item in the Policies list under the All Policies panel that you wish to assign to the group Scroll up or down to vie...

Страница 119: ...rms that group has been deleted 4 Repeat steps 1 through 3 to delete other groups Assign Users to Group Use this command to assign users who are members of one group to a different group Users can be...

Страница 120: ...in the search box Searches are case insensitive 1 Click on the Users tab Figure 130 Search for Users 2 At the bottom of the window enter a search string in Search For User 3 Click Go or press ENTER Na...

Страница 121: ...are supported WILDCARD DESCRIPTION Indicates any character Indicates a character in range Indicates zero or more characters Example EXAMPLE DESCRIPTION root Locates root1 and rootN but not root1N ccro...

Страница 122: ...106 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 123: ...oint you can add individual users to the user group so they are governed by the policies This method allows you to choose a policy you created as opposed to using the default policy created in the Ass...

Страница 124: ...u link them to your predefined categories and elements When you create a port group you will use your categories and elements to define which ports go in each group You could create a port group of al...

Страница 125: ...er that polices do not specify the user group Therefore you need to apply the policies to a user group Apply Policies to User Group By applying a policy to a user group you have specified which users...

Страница 126: ...ck OK to add the new policy or Cancel to close the window If you clicked OK the new policy name appears in the Name field 5 Click on the Device Group drop down arrow and select a device group 6 Click...

Страница 127: ...pears 2 Click on the Name drop down arrow to select a policy to edit Click Edit to edit the policy The Edit Policy screen appears Figure 135 Edit Appliance Policy Window 3 Type a new name for the poli...

Страница 128: ...w to select a policy to be deleted Click Delete to delete the policy The Delete Policy window appears Figure 137 Delete Appliance Policy Window 3 Click Yes to delete the policy or No to close the wind...

Страница 129: ...d matches a group or users not in group and grants privileges per the assigned policy In the case of Active Directory authorization the server returns a list of group names that were assigned a policy...

Страница 130: ...to use that module for user authorization as well 5 Click Update to update the changes 6 Click Close to close the Security Manager screen Distinguished Names for LDAP and Active Directory Configuratio...

Страница 131: ...administer their networked resources Active Directory is a directory server that is LDAP compliant and may be used for both authentication and authorization If your configuration uses both there is no...

Страница 132: ...e of joe raritan can be different from the CC SG login user name for example jraritan Figure 140 Active Directory Users 3 On the Active Directory server assign CC SG users to a group such as CC Users...

Страница 133: ...the Add Module screen select AD from the Module Type pulldown menu Figure 142 Specifying a Name for Active Directory Server 3 Specify a name for the Active Directory server in Module name The name is...

Страница 134: ...sed on the permissions of each object 3 If not using anonymous binding type a User name The user name needs to be a valid user entry in the Active Directory directory structure and should have permiss...

Страница 135: ...ontroller it will have a single realm whose name is the same as that of the domain controller For example if the Domain Controller is dc raritan dc com then the default realm will be raritan com If a...

Страница 136: ...d password supplied in the applet However if a username pattern is specified in Bind username pattern the pattern will be merged with the username supplied in the applet and the merged username will b...

Страница 137: ...com The search query for the user in the group will be made over the whole directory structure cn Administrators cn Users dc raritan dc com The search query for the user in the group will be performed...

Страница 138: ...roups you want to import you can manually add the user groups in CC SG instead as long as the name and case of the user group is the same see Chapter 7 Adding Users and User Groups for details Then as...

Страница 139: ...Policies Look under Selected Policies to confirm the policy that the correct policy was assigned to the group Figure 148 Viewing Policy of Imported Group 11 When the user such as jraritan logs in they...

Страница 140: ...G or directly to the LDAP server If the username and password match those in the LDAP directory the user is authenticated The user will then be authorized against the local user groups on the LDAP ser...

Страница 141: ...vers do allow certain anonymous operations whose query results are based on the permissions of each object 7 If not using anonymous binding type a User name and Password Enter a Distinguished Name DN...

Страница 142: ...tion of user passwords 15 Type the user attribute and group membership attribute parameters in the User Attribute and Group Membership Attribute fields These values should be obtained from your LDAP d...

Страница 143: ...Passwords Advanced Screen Plain Text Password Default Digest Advanced SHA Use Bind unchecked Use Bind After Search Checked OpenLDAP eDirectory Configuration Settings If using an OpenLDAP server for re...

Страница 144: ...on the TACACS server and on CC SG must be the same although the passwords may be different Please see Chapter 7 Adding Users and User Groups for additional information on adding users who will be remo...

Страница 145: ...a TACACS Server 3 Type the IP address or hostname of the TACACS server in the IP Address Hostname Name field For hostname rules see Terminology Acronyms in Chapter 1 Introduction 4 Type the port numbe...

Страница 146: ...s may be different Please see Chapter 7 Adding Users and User Groups for additional information on adding users who will be remotely authenticated 1 On the Setup menu click Security Manager When the S...

Страница 147: ...y to apply for a digital identity certificate Before creating a CSR the applicant first generates a key pair keeping the private key secret The CSR contains information identifying the applicant such...

Страница 148: ...creen Figure 159 Certificate Request Generated 4 Using an ASCII editor for example Notepad copy and paste the CSR into a file and save it with a cer extension 5 Using an ASCII editor for example Notep...

Страница 149: ...e this copy and paste both root and subroot certificate into one file and then import it Generate Self Signed Certificate Request Click on the Generate Self Signed Certificate option button and click...

Страница 150: ...line item and click Up or Down Connecting users will be allowed or denied according to the first rule that applies from top to bottom 3 To add a new item to the list specify a range to apply the rule...

Страница 151: ...ader row until it becomes a double headed arrow Click and drag the arrow to the left or right to adjust column width The sorting value and column width you use becomes the default report view the next...

Страница 152: ...rt displays ports that are currently in use You can view or disconnect ports from this report 1 On the Reports menu click Active Ports The Active Ports report is generated Figure 164 Active Ports Repo...

Страница 153: ...Select one and click Apply to run the report 3 Press Refresh to update the query and generate a new report Please note that the report may take several minutes based on the size of your system configu...

Страница 154: ...creen appears Figure 166 Audit Trail Screen 2 Select the date range for the report by either typing the date and time in the Start Date and End Date fields using the format yyyy mm dd hh mm ss or by u...

Страница 155: ...or print the report Click Save to save the records that are displayed to a CSV file or click Save All to save all records Click Print to print the records that are displayed or Print All to print all...

Страница 156: ...r Log screen appears Figure 168 Error Log Screen 2 Select the date range for the report by either typing the date and time in the Start Date and End Date fields using the format yyyy mm dd hh mm ss or...

Страница 157: ...r print the report Click Save to save the records that are displayed to a CSV file or click Save All to save all records Click Print to print the records that are displayed or Print All to print all r...

Страница 158: ...ll devices on your system and will supply information that could be useful in case troubleshooting is necessary 1 On the Reports menu click Ping Report The Ping Report is generated Figure 170 Ping Rep...

Страница 159: ...s screen appears Figure 171 Accessed Devices Screen 2 Select the date range for the report by either typing the date and time in the Start Date and End Date fields using the format yyyy mm dd hh mm ss...

Страница 160: ...ge Report Data to save or print the report Click Save to save the records that are displayed to a CSV file or click Save All to save all records Click Print to print the records that are displayed or...

Страница 161: ...ough the lists and view all entries Figure 173 Groups Report 2 Click on the button next to a line entry to display either the policies associated with the user group or the list of ports that satisfy...

Страница 162: ...bled field you can see information if check box Login is enabled From Password Expiration you can see password expiration period in days 1 On the Reports menu click User Data The All Users Data report...

Страница 163: ...sers In Groups The Users In Groups report is generated Use the scroll bar to scroll through the list and view all entries Figure 175 Users In Groups Report 2 Click Manage Report Data to save or print...

Страница 164: ...lable Available Port has been configured and connection to port is possible Unavailable Connection to port is not possible since the device is down and unavailable Busy A user is connected to this por...

Страница 165: ...ayed you can select a particular Report Type such as Active Ports Report or Report Owner or alter the start and end dates in Reports generated between by highlighting the month date year or time field...

Страница 166: ...rom this report 1 On the Reports menu click Locked Out Users Figure 178 Locked Out Users Report 2 Highlight the user you want to unlock and click Unlock User An email notification is sent to the email...

Страница 167: ...ts from the CC SG database from this report 1 On the Reports menu click CC NOC Synchronization Figure 179 CC NOC Synchronization Report 2 Select a Last Discovered Date and click Get Targets The target...

Страница 168: ...152 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 169: ...A success message will appear to confirm the reset Important Using the Reset command will flush the database of CC SG All Devices Ports and Users will be removed from the CC SG Authentication is also...

Страница 170: ...appears check Do not restore logs if you do not want the log files restored Check Restore Data only if you only want the configuration data devices ports users restored Check Restore Firmware binaries...

Страница 171: ...d 2 Specify a location to save your CC SG backup file 3 To upload a backup to a CC SG unit click Upload on the Restore CommandCenter screen and browse your system for the backup of your CC SG configur...

Страница 172: ...are not reflected in the system until the database is updated If you are logged in while another user is updating the database you will not see these changes unless you refresh your screen or log out...

Страница 173: ...der CC SG click Browse and navigate to the current location of your CC files 3 Click OK Restart CC SG 1 On the Setup menu click Restart CommandCenter The Restart CommandCenter screen appears Figure 18...

Страница 174: ...period to finish their tasks in CC SG and tell them when they can expect the system to be functional again All users will be disconnected when you shutdown CC SG 4 Type how much time in minutes shoul...

Страница 175: ...Yes to exit CC SG or No to close the Exit window and continue working Maintenance Mode This mode restricts access to CC SG so that an administrator can perform various operations without disruption Op...

Страница 176: ...Entering Maintenance Mode To enter Maintenance Mode 1 On the Setup menu click Maintenance Mode 2 Click Enter Maintenance Mode Figure 191 Enter Maintenance Mode 3 Type a broadcast message or accept th...

Страница 177: ...eflect the Fully Qualified Domain Name FQDN if a domain server and domain suffix has been configured 3 Click either Primary Backup Mode or Active Active Mode A standard CC SG provides two Network Inte...

Страница 178: ...assigned possibly by DHCP IP address to LAN2 LAN2 will be used until LAN1 is repaired and returned to service When this happens CC SG reverts to using LAN1 As long as one interface is viable a PC clie...

Страница 179: ...n using Active Active mode 4 Click on the Configuration drop down arrow and select either DHCP or Static from the list If you choose DHCP and your DHCP server has been configured correctly then type a...

Страница 180: ...the Configuration Manager screen Inactivity Timer Configuration Use this screen to time out inactive user sessions 1 On the Setup menu click Configuration Manager When the Configuration Manager screen...

Страница 181: ...up down arrows to set the Hour Minutes and Seconds and then click on the Time Zone drop down arrow to select the time zone in which you are operating CC SG b To set the date and time via NTP Click on...

Страница 182: ...SG 4 Type the Client Phone that is if using call back dialing this is the call back number that CC SG dials to connect to the client 5 Click Update Configuration to save the modem information to the...

Страница 183: ...indows not to close the started Modem connection process when the modem connection is closed from the other dialed in side Click OK to save the settings Configure the Dial Up Connection The following...

Страница 184: ...e CommandCenter Figure 203 Connection Name 8 Type the phone number used to connect to CC SG and click Next This is NOT the dial back number that was configured as the Client phone under the Modem tab...

Страница 185: ...cript file for call back 1 On the start menu click My Network Places 2 Click view network connections under Network Tasks 3 Right click on the CommandCenter connection and click Properties 4 Click the...

Страница 186: ...ns under Network Tasks 3 Double click on the CommandCenter connection Figure 206 Connecting to CC SG 4 Type a username of ccclient and password of cbupass Figure 207 Entering username and password 5 I...

Страница 187: ...ack Connection earlier in this chapter then a window similar to the one below will be displayed Figure 208 After Dial Terminal 8 Wait 1 or 2 minutes and in a supported browser enter the IP address of...

Страница 188: ...tion Manager When the Configuration Manager screen appears click on the Connection Mode tab 2 Click on the radio button for the connection mode you prefer a Click on the Direct Mode radio button to co...

Страница 189: ...173 iii Click the Add button to add the Net Address and Mask to the screen You may have to use the scroll bar on the right side of the screen to view the Add Remove Update buttons Figure 210 Configura...

Страница 190: ...Port value Type the new Default Port value and press the Enter key 3 To update device timeout duration double click on the Heartbeat sec value at the bottom of the screen Type new timeout duration for...

Страница 191: ...ded with your CC SG unit and also under Firmware Upgrades on http www raritan com support Configuring SNMP in CC SG 1 On the Setup menu click Configuration Manager When the Configuration Manager scree...

Страница 192: ...managers that can be set in this list 9 When SNMP traps and their destinations are configured click Update Trap Configuration Configure Security The General properties allow you to configure SSL for...

Страница 193: ...henticated by external servers see Chapter 9 Configuring Remote Authentication for additional information Failed login attempts due to insufficient user licenses also do not apply Note By default the...

Страница 194: ...Error User Being Locked Out Screen Application Manager Add Application You can upload different custom applications to CC SG and assign the applications to different ports in order to access them ind...

Страница 195: ...or configuration and attachment to a specific port 7 Click Close to close the Application Manager screen Note Once the application has been loaded into CC SG and assigned to a port verify that the app...

Страница 196: ...ck Application Manager The Application Manager screen appears 2 Click on the Application Name drop down arrow and select the application to be deleted 3 Click the Delete button in the Applications pan...

Страница 197: ...delete the firmware or No to close the window 5 Click Close to close the Firmware Manager screen CommandCenter NOC Adding a CommandCenter NOC CC NOC to your setup will expand your target management c...

Страница 198: ...eving this synchronization it to use a common NTP Network Time Protocol server For this reason the CC NOC and CC SG are required to be configured to use an NTP server 1 On the CommandCenter NOC menu c...

Страница 199: ...sents the range of addresses CC SG is interested in and instructs CC NOC to send events for these devices to CC SG This range is related to the discovery range that is configured in the CC NOC see Rar...

Страница 200: ...e so synchronization will not affect the performance of other processes 8 For Heartbeat Interval enter how often in seconds CC SG sends a heartbeat message to CC NOC This confirms if CC NOC if still u...

Страница 201: ...tter protection against automated interception 12 Once the certificate exchange process is complete a secure channel has been established between CC NOC and CC SG The CC NOC data will be copied to CC...

Страница 202: ...uration screen appears Figure 229 Edit CC NOC Configuration Screen 3 Refer to the previous section Add a CC NOC for field details Launch CC NOC To launch CC NOC from CC SG 1 In the CC NOC Configuratio...

Страница 203: ...is replicated between the two nodes The primary and secondary nodes in a cluster must be running the same version of software Unless defined by the user CC SG will assign a default name to each clust...

Страница 204: ...SG appliances on the same subset as your one you are currently using Alternatively you can add a CC SG perhaps from a different subnet by specifying an IP address in CommandCenter address in the botto...

Страница 205: ...must match the primary node s version 3 Type a valid user name and password for the backup node Figure 234 Cluster Configuration Set Secondary CC SG 4 Click Join Backup Node 5 A confirmation message...

Страница 206: ...luster 2 When the confirmation message appears click Yes to remove Primary Node status or click No to cancel Note Clicking Remove Cluster does not delete the Primary CC SG unit from your configuration...

Страница 207: ...recovered 6 Click OK to save the settings or Cancel to exit without saving Note Changing the time zone is disabled in a cluster configuration Task Manager Use Task Manager to schedule CC SG tasks on a...

Страница 208: ...confirm that the correct versions of firmware were upgraded Email Notifications Upon completion of a task an email message can be sent to a specified recipient How the email is sent such as if it is...

Страница 209: ...hedule a new task 1 On the Setup menu click Task Manager Figure 237 Task Manager 2 Click New Figure 238 Create Task 3 In the Main tab type a name 1 32 characters alphanumeric characters or underscores...

Страница 210: ...e periodic daily weekly monthly yearly For periods that do include an initial starting time for example Weekly enter a Start at time based on the CC SG server time as displayed near the top of the mai...

Страница 211: ...sful or On Failure to have the recipient be notified if the task failed or both View a Task Details of a Task and Task History To view a task 1 On the Setup menu click Task Manager Figure 242 View a T...

Страница 212: ...istory of a task select a task and click Task History Figure 243 Task History 5 To view details of a task double click on a task Figure 244 Task Details Note If a task is changed or updated its prior...

Страница 213: ...ger Figure 245 Notification Manager 2 Ensure Enable SMTP Notification is selected and type the SMTP host For hostname rules see Terminology Acronyms in Chapter 1 Introduction 3 Type a valid SMTP port...

Страница 214: ...termined by the permissions for the user group s to which the SSH client user belongs Administrators who use SSH to access CC SG cannot logout a ccroot SSH user but are able to log out all other SSH c...

Страница 215: ...NISTRATION 199 4 A shell prompt appears Type ls to display all commands available from SSH Figure 248 CC SG Commands via SSH 5 Typing help or provides the syntax and description of all available comma...

Страница 216: ...ollowing describes several nuances of the SSH commands For commands that pass an IP address such as upgradedevice you can substitute the hostname for an IP address For hostname rules see Terminology A...

Страница 217: ...mands supported by the SX device are available Note Before you can connect ensure that the SX device has been added to the CC SG 1 Type listdevices to ensure the SX has been added to CC SG Figure 251...

Страница 218: ...et server You can access serial ports on a SX KSX or IP Reach device The SSH connection to the serial ports are in proxy mode 1 Type listports to view the port ids Figure 253 Listing Ports on CC SG 2...

Страница 219: ...to execute commands at target server while browser user can only observe proceedings in the port get_history gh Gets History Displays the last few commands and results at target server send_break sb S...

Страница 220: ...formation to ascertain the health of CC SG The admin account allows you to set initial parameters view log files and perform some limited diagnostics such as changing the IP address of the CC SG or re...

Страница 221: ...t corner of the screen is the last time on the CC SG the data was polled Figure 257 Status Console Important information to hone in on includes the Up status for CC SG and other sub components such as...

Страница 222: ...nistrator Console 1 After login as type admin Figure 258 Login to Administrator Console 2 Type the CC SG password raritan is the default Re enter this password and when prompted type a new password Se...

Страница 223: ...Console The Pre Login message appears in the Administrator Console after entering any login username and before entering the password The Message of the Day MOTD appears at the top of the Status Cons...

Страница 224: ...ve Message with the contents of the Admin Console screen All new users will see the new message Editing Status Console Configuration Status Console The Diagnostic Console can be accessed from a serial...

Страница 225: ...ion Network Interfaces In Network Interface Configuration you can perform initial setup tasks such as setting the hostname and IP address of the CC SG Click with the mouse or use the TAB keys to navig...

Страница 226: ...mary Backup Mode or Active Active Mode See section Network Configuration earlier in this chapter for details 5 Click either DHCP or Static from the list If you choose DHCP and your DHCP server has bee...

Страница 227: ...e Timing Adaptive ping Interpacket interval adapts to round trip time so that effectively not more than one unanswered probes present in the network Minimal interval is 200 msec 4 Optionally type valu...

Страница 228: ...which lists received ICMP packets other than TIME_EXCEEDED and UNREACHABLEs No DNS Resolution Does not resolve addresses to host names Use ICMP vs normal UDP Use ICMP ECHO instead of UDP datagrams 4...

Страница 229: ...1 To view or change static routes click Operation Network Interfaces then Static Routes Figure 268 Selecting Static Routes 2 The current IP routing table is displayed You can add a host or network ro...

Страница 230: ...og will appear and the item will be de selected for you Figure 271 Selecting Log Files to View OPTION DESCRIPTION Individual Windows Display the selected logs in separate windows Merged Windows Merge...

Страница 231: ...og file to highlight what is important Type c to change colors of a log file and select a log from the list if you have chosen to view several Once color choices are displayed type q to exit the windo...

Страница 232: ...regular expression and select a log from the list if you have chosen to view several Figure 275 Adding Expressions in Log Files 8 Type a to add a regular expression For example if you want to display...

Страница 233: ...d terminate their sessions to remote target servers Important It is is HIGHLY recommended to restart CC SG in the CC SG GUI instead unless it is absolutely necessary to restart it here See section Res...

Страница 234: ...option will reboot the entire CC SG which simulates a power cycle Users will NOT receive a notification at all CC SG SSH and Diagnostic Console users including this session will be logged off Any con...

Страница 235: ...figure the strength of passwords status and admin and allows you to configure password attributes such as the setting maximum number of days that must lapse before you need to change the password whic...

Страница 236: ...mum password size in bits minimum is 14 maximum is 70 default is 20 and number of retries default is 10 which is the number of times you will be asked if you want to accept the new password You can ei...

Страница 237: ...the settings for each account that is Status Admin FS1 and FS2 Figure 285 Configuring Accounts 3 If you want to require a password for the Status account select Enabled underneath it This screen is s...

Страница 238: ...t can be changed again Default is 0 Max Days The maximum number of days the password will stay in affect Default is 99999 Warning The number of days that warning messages are issued before the passwor...

Страница 239: ...f CC SG in Diagnostic Console The disk drives are fully synchronized and full RAID 1 protection is available when you see a screen as shown above note the status of both md0 and md1 arrays are UU Disp...

Страница 240: ...tal number and processes that have stopped Figure 289 Displaying CC SG Processes in Diagnostic Console 3 Type h to bring up an extensive help screen for the top command The standard F1 help key is not...

Страница 241: ...ocessor Intel Pentium III 1 GHz Memory 512 MB Network Interfaces 2 10 100 Ethernet RJ45 Hard Disk Controller 2 40 GB IDE 7200 rpm RAID 1 CD ROM Drive CD ROM 40x Read Only IPMI N A Remote Connection Mo...

Страница 242: ...Vibration 5 55 5 HZ 0 38mm 1 minutes per cycle 30 minutes for each axis X Y Z Shock N A Electrical Specifications INPUT Nominal Frequencies 50 60 Hz Nominal Voltage Range 100 240 VAC Maximum Current...

Страница 243: ...ations Processor AMD Opteron 146 Memory 2 GB Network Interfaces 2 10 100 1000 Ethernet RJ45 Hard Disk Controller 2 80 GB SATA 7200 rpm RAID 1 CD ROM Drive DVD ROM Remote Connection Modem Not Applicabl...

Страница 244: ...X Y Z Shock N A Electrical Specifications INPUT Nominal Frequencies 50 60 Hz Nominal Voltage Range 100 240 VAC Maximum Current AC RMS 3A AC Operating Range 100 to 240 VAC 10 50 60 Hz OUTPUT 5 VDC 12V...

Страница 245: ...security policies are to be enforced by the network Executive Summary In the sections below a very complete and thorough analysis of the communications and port usage by CC SG and its associated comp...

Страница 246: ...DE Figure 290 CC SG Deployment Elements Internet Unsecured Network CC SG Cluster Peer CC Clients Internal Network Firewall CC NOC CC Clients Raritan Device Serial KVM Out of Band Target Access In Band...

Страница 247: ...urpose of the port Indicates if the port is Configurable which means the GUI or Diagnostic Console provides a field where you can change the port number to a different value from the default listed du...

Страница 248: ...no CC SG CC SG 3232 TCP SNMP no Access to Infrastructure Services The CC SG can be configured to use several industry standard services like DHCP DNS and NTP In order for CC SG to communicate with the...

Страница 249: ...ll SSH Another facet of PC client to target communication is whether The PC client connects directly to the target either via a Raritan device or In Band access which is called Direct Mode Or if the P...

Страница 250: ...orts is not required and can be further blocked The ports currently in use are 1088 1098 2222 4444 4445 8009 8083 and 8093 In addition to these ports CC SG may have a couple of TCP and UDP ports in th...

Страница 251: ...et server shut the connection abruptly when given a long username followed by a password Traditionally port 23 is used for telnet services However CC SG uses this port for SSH V2 Diagnostic Console se...

Страница 252: ......

Страница 253: ...entified Add Ports with Category Element clearly identified Create Group s Add User s 1 Add Device Group with rule based on Category Element 2 Add Port Group with rule based on Category Element 3 Add...

Страница 254: ...238 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 255: ...NOC Users are able to view and configure CommandCenter NOC parameters CC Setup And Control Cross Compatibility Matrix Users are able to view Compatibility Matrix Backup Device Configuration Users are...

Страница 256: ...ify port name and parameters Active Ports Users are able to view active ports report Asset Management Report Users are able to view asset management report Ping Report Users are able to view ping repo...

Страница 257: ...able to modify user name and parameters Change User Password Users are able to change other user password Delete User Users are able to delete user from the system Logoff User Users are able to logof...

Страница 258: ...242 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 259: ...cationFailure CC SG user authentication failure CCUserDeleted CC SG a user deleted CCUserLogin CC SG user Log in CCUserLogout CC SG user Log out CCUserModified CC SG user modified CCAvailable CC SG ap...

Страница 260: ...244 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE...

Страница 261: ...ersions If the network interface cable is disconnected between the device and CC SG wait for the configured heartbeat minutes and then plug the network interface cable back in During the configured he...

Страница 262: ...ps and policies created in the Association Wizard are named after the elements of a category If the element names are not unique the default port groups and policies cannot be created see the screen b...

Страница 263: ...wer Yes as long has PDA has a Java enabled browser and supports 128 bit or lower strength for some geographies SSL encryption Call Raritan Tech Support for further information No testing has been done...

Страница 264: ...ication If there is firewall between two cluster nodes the following ports should be opened for cluster to be worked properly 8732 for cluster nodes heartbeat 5432 for cluster nodes DB replication Wha...

Страница 265: ...How is a password secure Passwords are encrypted using MD5 encryption which is a one way hash This provides additional security to prevent unauthorized users from accessing the password list Sometimes...

Страница 266: ...g admin over network interfaces A console is generally considered a secure and reliable access path of last resort Some UNIX systems allow root login only on the console For security reasons other sys...

Страница 267: ...or remote authentication only not authorization User Experience How will I know if someone else is logged in to leaf nodes CC SG can present the list of users logged in to leaf devices and can show wh...

Страница 268: ...252 COMMANDCENTER SECURE GATEWAY ADMINISTRATOR GUIDE 255 80 5140 00...

Страница 269: ...APPENDIX G FAQS 253...

Страница 270: ...Raritan Osaka 1 15 8 Nishihonmachi Nishi ku Osaka 550 0005 Japan Tel 81 6 4391 7752 Fax 81 6 4391 7761 Email sales raritan co jp Website Raritan co jp Asia Pacific Headquarters Raritan Taiwan 5F 121...

Отзывы: