Raritan Home Security System Скачать руководство пользователя страница 335 | Manualshive

Страница: 335 / 384

Raritan Home Security System Скачать руководство пользователя страница 335

Appendix B: CC-SG and Network Configuration

317

Communication
Direction

Port
Number

Protocol

Configurable?

Details

PC Client to CC-SG

443

TCP

no

Client-server communication.

SSL/AES-128/AES-256
encrypted if configured.

PC Client to CC-SG

80

TCP

no

Client-server communication.

Not encrypted. If SSL is
enabled, Port 80 is redirected
to 443.

PC Client to CC-SG

8080

TCP

no

Client-server communication.

SSL/AES-128/AES-256
encrypted if configured.

Port 8080 is open on CC-SG,
not on the PC client.

PC Client to CLI SSH

22

TCP

yes

Client-server communication.

SSL/AES-128/AES-256
encrypted if configured.

PC Client to
Diagnostic Console

23 TCP yes

Client-server

communication.

SSL/AES-128/AES-256
encrypted if configured.

PC Clients to Nodes

Another significant role of CC-SG is to connect PC clients to various
nodes. These nodes can be serial or KVM console connections to
Raritan devices (called Out-of-Band connections). Another mode is to
use In-Band access methods such as VNC, RDP, or SSH.

Another facet of PC client to node communication is whether:

•

The PC client connects directly to the node either via a Raritan
device or In-Band access. This is called Direct Mode.

•

The PC client connects to the node through CC-SG, which acts as
an application firewall. This is called Proxy Mode.

Communication
Direction

Port Number

Protocol

Configurable?

Details

Client to CC-SG via
Proxy to Node

2400

(on CC-SG)

TCP no

Client-server
communication.

Not encrypted.

«
...
333
334
335
336
337
...
»

Содержание Home Security System

Страница 1: ...Copyright 2010 Raritan Inc CCA 0K v4 3 E December 2009 255 80 5140 00 CommandCenter Secure Gateway Administrators Guide Release 4 3...

Страница 2: ...emarks are the property of their respective holders FCC Information This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules...

Страница 3: ...onfirming IP Address 10 Setting CC SG Server Time 10 Checking the Compatibility Matrix 11 Checking and Upgrading Application Versions 11 Chapter 4 Configuring CC SG with Guided Setup 13 Before You Use...

Страница 4: ...s 33 Adding a Device 34 Add a KVM or Serial Device 34 Add a PowerStrip Device 36 Add a Dominion PX Device 36 Editing a Device 37 Editing a PowerStrip Device or a Dominion PX Device 37 Adding Notes to...

Страница 5: ...n II System Devices 67 Paragon II System Controller P2 SC 67 IP Reach and UST IP Administration 68 Chapter 7 Managed Powerstrips 69 Configuring Powerstrips that are Managed by Another Device in CC SG...

Страница 6: ...Virtual Machines 94 Delete Control Systems and Virtual Hosts 95 Delete a Virtual Machine Node 96 Delete a Virtual Infrastructure 96 Synchronizing the Virtual Infrastructure with CC SG 96 Synchronize t...

Страница 7: ...9 Adding Users with CSV File Import 140 Users CSV File Requirements 140 Sample Users CSV File 144 Import Users 144 Export Users 145 Your User Profile 145 Change your password 145 Change your name 146...

Страница 8: ...AD Trust Settings 168 Editing an AD Module 168 Importing AD User Groups 169 Synchronizing AD with CC SG 170 Synchronize All User Groups with AD 171 Synchronize All AD Modules 172 Enable or Disable Da...

Страница 9: ...roup Data Report 190 AD User Group Report 190 Scheduled Reports 191 Upgrade Device Firmware Report 192 Chapter 14 System Maintenance 193 Maintenance Mode 193 Scheduled Tasks and Maintenance Mode 193 E...

Страница 10: ...e 215 Recommended DHCP Configurations for CC SG 217 Configuring Logging Activity 217 Purge CC SG s Internal Log 217 Configuring the CC SG Server Time and Date 218 Connection Modes Direct and Proxy 219...

Страница 11: ...ther Task 252 Delete a Task 253 SSH Access to CC SG 253 Get Help for SSH Commands 254 SSH Commands and Parameters 255 Command Tips 257 Create an SSH Connection to a Serial Enabled Device 258 Use SSH t...

Страница 12: ...Display with Diagnostic Console 301 Display NTP Status 301 Take a System Snapshot 303 Change the Video Resolution for Diagnostic Console 304 Chapter 17 Power IQ Integration 305 Power Control of Power...

Страница 13: ...ent for IPMI iLO RILOE DRAC RSA 318 CC SG and SNMP 318 CC SG Internal Ports 319 CC SG Access via NAT enabled Firewall 319 RDP Access to Nodes 319 VNC Access to Nodes 320 SSH Access to Nodes 320 Remote...

Страница 14: ...CC SG Disk Monitoring 340 Appendix H Two Factor Authentication 343 Supported Environments for Two Factor Authentication 343 Two Factor Authentication Setup Requirements 343 Two Factor Authentication...

Страница 15: ...rmation 353 Location Information 354 Contact Information 354 Service Accounts 354 Device Information 354 Port Information 355 Associations 355 Administration 355 Appendix L Diagnostic Console Bootup M...

Страница 16: ...wer Control Connections on page 103 Interfaces for Power IQ Proxy Power Control Connections on page 105 Nodes CSV File Requirements on page 113 Add a User Group on page 132 Edit a User Group on page 1...

Страница 17: ...tors Guide xvii Configuring Power Control of Power IQ IT Devices on page 306 CC SG Clustering on page 315 See the Release Notes for a more detailed explanation of the changes applied to this version o...

Страница 18: ......

Страница 19: ...not administrators should see Raritan s CommandCenter Secure Gateway User Guide In This Chapter Prerequisites 1 Terminology Acronyms 2 Client Browser Requirements 4 Prerequisites Before configuring a...

Страница 20: ...pe which may have elements such as Windows or Unix or Linux CIM Computer Interface Module hardware used to connect a target server and a Raritan device Each target requires a CIM except for the Domini...

Страница 21: ...discovered by CC SG they have to be manually added as nodes In this guide the term iLO RILOE includes both iLO RILOE and iLO2 RILOE2 In band Access going through the TCP IP network to correct or troub...

Страница 22: ...evice to a node SASL Simple Authentication and Security Layer method for adding authentication support to connection based protocols SSH clients such as PuTTY or OpenSSH that provide a command line in...

Страница 23: ...Thick Client Access 6 CC SG Admin Client 8 Browser Based Access via the CC SG Admin Client The CC SG Admin client is a Java based client that provides a GUI for both administrative and access tasks d...

Страница 24: ...antage of using the thick client instead of a browser is that the client can outperform the browser in terms of speed and efficiency The minimum Java version required for running the thick client is 1...

Страница 25: ...rted Java version or continue with the currently installed version 7 The login screen appears 8 If the Restricted Service Agreement is enabled read the agreement text and then select the I Understand...

Страница 26: ...Chapter 2 Accessing CC SG 8 CC SG Admin Client Upon valid login the CC SG Admin Client appears...

Страница 27: ...er their parent devices Click the and signs to expand or collapse the tree Click a port to view the Port Profile Right click a port and select Connect to connect to that port You can sort the ports by...

Страница 28: ...ake changes if needed See About Network Setup on page 211 Optional 4 Click Update Configuration to submit your changes 5 Click Restart Now to confirm your settings and restart CC SG Setting CC SG Serv...

Страница 29: ...figuration to apply the time and date changes to CC SG 4 Click Refresh to reload the new server time in the Current Time field Choose System Maintenance Restart to restart CC SG Checking the Compatibi...

Страница 30: ...the list If you do not see the application you must add it first See Add an Application on page 208 3 Click Browse locate and select the application upgrade file from the dialog that appears then clic...

Страница 31: ...to CC SG Configure device ports See Device Setup on page 14 Create Groups Categorize the devices and nodes that CC SG manages into groups and create full access policies for each group See Creating G...

Страница 32: ...the Elements table To delete an element select its row and then click the Delete Row icon 5 Repeat these steps until you have added all the elements within the category to the Elements table 6 To crea...

Страница 33: ...the Discover Devices panel Click the black arrow at the top of the panel to hide the top section expanding your view of the discovery results in the bottom section of the panel 7 In the table of disc...

Страница 34: ...ies and elements 18 If you want the Element to apply to the device and to the nodes connected to the device select the Apply to Nodes checkbox 19 If you want to add another device click Apply to save...

Страница 35: ...create a table of rules that describe the devices you want to assign to the group b Click the Add New Row icon to add a row to the table c Double click the cell created for each column to activate a...

Страница 36: ...to use from each list See Policies for Access Control on page 149 9 Select the Create Full Access Policy for Group checkbox if you want to create a policy for this node group that allows access to al...

Страница 37: ...group to have access to In band and Out of band nodes and to Power Management functions Select the checkboxes that correspond to the types of access you want to assign to the group 6 Click the Polici...

Страница 38: ...ant the user to be forced to change the assigned password the next time the user logs in 17 Select the Force Password Change Periodically checkbox if you want to specify how often the user will be for...

Страница 39: ...ific and Europe in the CC SG interface You can customize the CC SG to organize and display your servers however you like Association Terminology Associations the relationships between categories eleme...

Страница 40: ...tasks into an automated interface Guided Setup is recommended for your initial CC SG configuration Once you have completed Guided Setup you can always edit your configurations individually See Configu...

Страница 41: ...p down arrow and select the category you want to delete 3 Click Delete in the Category panel of the screen to delete the category The Delete Category window opens 4 Click Yes to delete the category Ad...

Страница 42: ...ore elements to an existing category then you do not have to include a row to redefine the category that the new elements belong to Export a file from CC SG to view the Comments which include all tags...

Страница 43: ...e and select the CSV file to import Click Open 3 Click Validate The Analysis Report area shows the file contents If the file is not valid an error message appears Click OK and look at the Problems are...

Страница 44: ...t categories and elements 1 Choose Administration Export Export Categories 2 Click Export to File 3 Type a name for the file and choose the location where you want to save it 4 Click Save The first ti...

Страница 45: ...tion and Contacts to a Device Profile 38 Deleting a Device 39 Configuring Ports 39 Editing a Port 41 Deleting a Port 42 Configuring a Blade Chassis Device Connected to KX2 42 Restore Blade Servers Por...

Страница 46: ...ports appear in the list with a symbol Click the or to expand or collapse the list of ports Device and Port Icons For easier identification KVM Serial and Power devices and ports have different icons...

Страница 47: ...ort Sorting Options Configured ports are nested under their parent devices in the Devices tab You can change the way ports are sorted Ports arranged by status are sorted alphabetically within their co...

Страница 48: ...ice so they will not appear in order with the other KX2 ports unless you restore these blade servers ports to normal KX2 ports See Restore Blade Servers Ports to Normal KX2 Ports on page 47 Device Pro...

Страница 49: ...y in the tab with the date username and IP address of the user who added the note If you have the Device Port and Node Management privilege you can clear all notes from the node profile by clicking Cl...

Страница 50: ...turn devices as results and will not include port names The method of searching can be configured in My Profile See Change your default search preference on page 146 To search for a device At the bott...

Страница 51: ...ck to select more than one device type 5 Select the Include IPMI Agents checkbox to find targets that provide IPMI power control 6 Click Discover to start the search At any time during the discovery y...

Страница 52: ...rip Device on page 36 For instructions on adding Dominion PX devices see Add a Dominion PX Device on page 36 Add a KVM or Serial Device KVM and serial devices may support 256 bit AES encryption which...

Страница 53: ...uide A Web Browser interface is assigned to a blade chassis node in CC SG by default A virtual blade chassis device will be created in the Devices tab for blade servers that are directly connected to...

Страница 54: ...ee Naming Conventions on page 353 for details on CC SG s rules for name lengths 2 Type the IP Address or Hostname of the device in the IP Address Hostname field See Terminology Acronyms on page 2 for...

Страница 55: ...Strip Device or a Dominion PX Device You can edit a Managed PowerStrip device or a Dominion PX device to rename it modify its properties and view outlet configuration status To edit a powerstrip devic...

Страница 56: ...he Notes list To clear all notes 1 Click the Notes tab 2 Click Clear Notes 3 Click Yes to confirm All notes are deleted from the Notes tab Adding Location and Contacts to a Device Profile Enter detail...

Страница 57: ...SG Once you configure ports a node is created in CC SG for each port and the default interface is also created See Nodes Created by Configuring Ports on page 40 Configure a Serial Port To configure a...

Страница 58: ...ield to create a new node with an Out of Band interface from this port For ease of use name the node after the target that is connected to the port This means that you will type the same name in the P...

Страница 59: ...to use when you connect to this port from the list To allow CC SG to automatically select the correct application based on your browser select Auto Detect 4 Click OK to save your changes To edit a KSX...

Страница 60: ...ppears when the port has been deleted Configuring a Blade Chassis Device Connected to KX2 Blade Chassis Overview There are two types of blade chassis devices one is with an integrated KVM switch which...

Страница 61: ...lways show two names in the Devices tab the name without the parentheses is retrieved from the KX2 device and the name within the parentheses is the chassis name saved on CC SG To add a blade chassis...

Страница 62: ...the blade chassis profile 1 In the Devices tab click the next to the KX2 device that is connected to the blade chassis device 2 Select the blade chassis device whose slots you want to configure 3 In...

Страница 63: ...nu to select the one you prefer from the list Click OK to configure the slot Changing the Blade Server Status This section applies only to the blade chassis with an integrated KVM switch such as Dell...

Страница 64: ...t to the blade chassis device whose slots you want to delete 3 Right click the blade slot that you want to delete 4 Select Delete Blade and then click OK to delete the slot Edit a Blade Chassis Device...

Страница 65: ...sically moving a blade chassis device from one KX2 device or port to another KX2 device or port CC SG cannot detect and automatically update the configuration data of the blade chassis device to the n...

Страница 66: ...he only property copied in this process If you have the same type of information existing on any selected devices performing the Bulk Copy command will REPLACE the existing data with newly assigned in...

Страница 67: ...to a set The device group will become the basis for a policy either allowing or denying access to this particular set of devices See Adding a Policy on page 150 Devices can be grouped manually using t...

Страница 68: ...el 2 Click the New Group icon in the toolbar The Device Group New panel appears 3 In the Group Name field type a name for a device group you want to create See Naming Conventions on page 353 for detai...

Страница 69: ...If any blade chassis has been configured in the system a Blade Chassis category is available by default Operator Select a comparison operation to be performed between the Category and Element items T...

Страница 70: ...ust create three rules Department Engineering Rule0 Location Philadelphia Rule1 Memory 1GB Rule2 These rules must be arranged in relation to each other Since the device can either belong to the engine...

Страница 71: ...elements The advantage of the describe method is that when you add more devices or nodes with the same attributes as described they will be pulled into the group automatically Use the select method w...

Страница 72: ...ete Device Group panel appears Click Delete 5 Click Yes in the confirmation message that appears Adding Devices with CSV File Import You can add devices to CC SG by importing a CSV file that contains...

Страница 73: ...parameters needed to create a valid CSV file See Export Devices on page 59 Follow the additional requirements for all CSV files See Common CSV File Requirements on page 333 To add a device to the CSV...

Страница 74: ...record in the CSV file are configured 11 Allow Direct Access TRUE or FALSE Default is FALSE This setting is for SX and KX2 version 2 2 or later devices only 12 Description Optional To add a port to th...

Страница 75: ...he command ADD 2 DEVICE BLADE Enter the tag as shown Tags are not case sensitive 3 Device Name Required field 4 Port Number Required field 5 Blade Number Required field 6 Blade Name Optional If left b...

Страница 76: ...est KVM 4 ADD DEVICE CATEGORYELEMENT Lab Test Location Rack17 Import Devices Once you ve created the CSV file validate it to check for errors then import it Duplicate records are skipped and are not a...

Страница 77: ...e for the file and choose the location where you want to save it 4 Click Save Upgrading a Device You can upgrade a device when a new versions of device firmware is available Important Check the Compat...

Страница 78: ...CC SG to delete the oldest backup file for you This option will appear as an alert when you attempt to do a fourth backup See Restore All Configuration Data to a KX2 KSX2 or KX2 101 Device on page 63...

Страница 79: ...to another device of the same model KX2 KSX2 and KX2 101 only Full The entire content of the selected backup file will be restored to the device Custom Allows you to restore Device Setting User and U...

Страница 80: ...e to the device 4 Restore Type select Protected 5 Click OK 6 Click Yes to restart the device A message appears when all user and system configuration data has been restored Restore Only Device Setting...

Страница 81: ...backup files in the Restore Device Configuration page to a location on your network or local machine If you need to make space for new backups to be stored on CC SG you can delete device backup files...

Страница 82: ...device whose configuration you wish to copy to other devices from the Devices tree 2 Choose Devices Device Manager Configuration Copy Configuration 3 Select the configuration copying method To copy c...

Страница 83: ...ices Device Manager Ping Device The Ping Device screen appears showing the result of the ping Pausing CC SG s Management of a Device You can pause a device to temporarily suspend CC SG control of it w...

Страница 84: ...the SX serial port or the KSX dedicated power port that is providing management of the PowerStrip To view the device power manager 1 In the Devices tab select a PowerStrip device 2 Choose Devices Dev...

Страница 85: ...disconnect users 2 Choose Devices Device Manager Disconnect Users 3 Select the users whose session you want to disconnect in the Disconnect users table 4 Click Disconnect to disconnect the users from...

Страница 86: ...T IP devices connected to your Paragon System setup directly from the CC SG interface After adding the Paragon System device to CC SG it appears in the Devices tree To access Remote User Station Admin...

Страница 87: ...eate power associations between the outlets and the nodes they power See Interfaces for Managed Powerstrip Connections on page 104 Special Note about Dominion PX Regardless of which method you choose...

Страница 88: ...hese powerstrips To configure managed powerstrips in CC SG 1 Complete all physical connections between the device the powerstrip and the nodes that are powered by the powerstrip See the RPC Quick Setu...

Страница 89: ...ll appear in the Devices tab beneath the device to which it is connected Next Steps 1 Configure outlets See Configuring Outlets on a PowerStrip on page 75 2 Associate each outlet with the node that it...

Страница 90: ...a PowerStrip Connected to an SX 3 0 or KSX device 1 Add the SX 3 0 or KSX device to CC SG See Add a KVM or Serial Device on page 34 2 Choose Devices Device Manager Add Device 3 Click the Device type d...

Страница 91: ...erstrip is still physically connected If you physically disconnect a powerstrip from the SX 3 0 KSX or P2SC device with which it is associated the powerstrip still appears in the Devices tab beneath t...

Страница 92: ...ts the PowerStrip and adds it automatically The PowerStrip will appear in the Devices tab beneath the SX 3 1 device to which it is connected If the SX 3 1 device has already been added to CC SG and th...

Страница 93: ...select the PowerStrip you want to delete 2 Choose Devices Device Manager Delete Device 3 Click OK to delete the PowerStrip A message appears when the PowerStrip has been deleted The PowerStrip icon is...

Страница 94: ...fault name To configure each outlet individually click the Configure button next to the outlet and then type a name for the outlet in the Port name field Click OK to configure the port To delete an ou...

Страница 95: ...Associations Location and Contacts 110 Using Chat 111 Adding Nodes with CSV File Import 112 Adding Editing and Deleting Node Groups 124 Nodes and Interfaces Overview About Nodes Each node represents...

Страница 96: ...Server may have an out of band KVM interface for the keyboard mouse and monitor ports and a power interface to manage the outlet to which the server is connected Some interfaces only work in Direct mo...

Страница 97: ...Chapter 8 Nodes Node Groups and Interfaces 79 Node Profile Click a Node in the Nodes tab to open the Node Profile page The Node Profile page includes tabs that contain information about the node...

Страница 98: ...vice You can change the information in the fields by typing in new information See Adding Location and Contacts to a Node Profile on page 87 Notes tab The Notes tab contains a tool that enables users...

Страница 99: ...evice Port and Node Management permission you can Reboot and Force Reboot the virtual host server Virtual Machine Data tab Virtual machine nodes such as VMware s Virtual Machines include the Virtual M...

Страница 100: ...apply to the VNC server For Web Browser interfaces the login credentials apply to the form available at the URL specified in the interface To view service accounts Choose Nodes Service Accounts The Se...

Страница 101: ...tion field 8 Click OK To edit a service account 1 Choose Nodes Service Accounts The Service Accounts page opens 2 Find the service account you want to edit 3 Edit the fields You cannot edit the Servic...

Страница 102: ...You must have the Device Port and Node Management privilege to assign service accounts to interfaces See Adding Editing and Deleting User Groups on page 132 To assign a service account to interfaces...

Страница 103: ...rganize this node See Associations Categories and Elements on page 21 Optional For each Category listed click the Element drop down menu and then select the element you want to apply to the node from...

Страница 104: ...lick the Nodes tab and then select the node you want to edit The Node Profile appears 2 Edit the fields as needed 3 Click OK to save your changes Note 1 Changing the node name of a blade chassis does...

Страница 105: ...aximum 64 characters Telephone Number and Cell Phone Maximum 32 characters 5 Click OK to save your changes Adding Notes to a Node Profile You can use the Notes tab to add notes about a node for other...

Страница 106: ...l Machine is a virtual server that resides on a Virtual Host A Virtual Machine can be relocated from one Virtual Host to a different Virtual Host VMware s Virtual Machine or VM VI Client interface Con...

Страница 107: ...e configured with a VMW Viewer interface and a VMW Power interface The VMW Viewer interface provides access to the virtual machine s viewer application For VMware virtual machines the VMW Viewer inter...

Страница 108: ...ual host node and the virtual machine node select the checkboxes next to the virtual machine Optional To add all virtual machines Select the topmost checkbox in the Configure column to select all virt...

Страница 109: ...Click OK CC SG creates One node for each virtual machine Each virtual machine node has a VMW Viewer interface a VMW Power interface and any other in band interfaces you specified Virtual machine node...

Страница 110: ...I Client checkbox Optional 11 Click Next CC SG discovers the virtual host s virtual machines Click the column header to sort the table by that attribute in ascending order Click the header again to so...

Страница 111: ...de configured Optional Leave these fields blank if you prefer to add names and login credentials to each interface individually The interface will take the name of the node if the field is left blank...

Страница 112: ...in descending order Optional 3 Select the control system or virtual host you want to edit 4 Click Edit 5 Change the information as needed See Add a Control System with Virtual Hosts and Virtual Machi...

Страница 113: ...checkbox then select the name of the service account or Enter a username and password for the interface type Maximum 64 characters each 11 Click OK Delete Control Systems and Virtual Hosts You can del...

Страница 114: ...95 All components of the virtual infrastructure are deleted including control system nodes virtual host nodes and virtual machine nodes and their interfaces Synchronizing the Virtual Infrastructure wi...

Страница 115: ...Nodes Virtualization 2 Select the Enable Daily Automatic Synchronization checkbox 3 Enter the time when you want the daily synchronization to occur in the Start Time field 4 Click Update To disable da...

Страница 116: ...ndow Virtual nodes that are configured in CC SG display as links Double click a node s link to open the node profile for the virtual node Double click an interface link to either connect to the node D...

Страница 117: ...click Add in the Interfaces section If you are adding a new node click Add in the Interfaces section of the Add Node screen The Add Interface Window opens 2 Click the Interface Type drop down menu an...

Страница 118: ...s item to create a power control connection to a node with an IPMI connection Power Control Integrity ILO2 Select this item to create a power control connection to an HP Integrity server or other serv...

Страница 119: ...Java or Windows then select Console or Remote User When a Console user accesses a node all other users are disconnected Multiple Remote Users can access a node simultaneously 4 Enter authentication i...

Страница 120: ...nections To add an Interface for out of band KVM or out of band serial connections 1 Application name select the application you want to use to connect to the node with the interface from the list To...

Страница 121: ...Username and Password for authentication 4 Type a description of this interface in the Description field Optional 5 Click OK to save your changes Interfaces for ILO Processor Integrity ILO2 and RSA Po...

Страница 122: ...ver when using a Service Account on the interfaces Interfaces for Managed Powerstrip Connections When you create a Managed Power Strip interface that specifies a KX as the managing device the outlet y...

Страница 123: ...he service account to use in the Service Account Name menu or Enter a Username and Password for authentication Optional 6 Type a description of this interface in the Description field 7 Click OK to sa...

Страница 124: ...a Web Browser interface is automatically added A Web Browser interface can also be used to connect to any web application such as the web application associated with an RSA DRAC or ILO Processor card...

Страница 125: ...face on page 107 6 Type a description of this interface in the Description field Optional 7 Click OK to save your changes Tips for Adding a Web Browser Interface To configure the Web Browser Interface...

Страница 126: ...nd the Default Interface drop down menu of the Add Node or Node Profile screen You can click the drop down menu to select the default interface to use when making a connection to the node After saving...

Страница 127: ...you frequently access a node via a particular interface you can bookmark it so that it is readily available from your browser To bookmark an interface in any browser 1 In the Nodes tab select the inte...

Страница 128: ...rect Port Access to a node using the Bookmark Node Interface feature See Bookmarking an Interface on page 109 Bulk Copying for Node Associations Location and Contacts The Bulk Copy command allows you...

Страница 129: ...ified data will be copied to multiple nodes in the Selected Nodes list as well as the current node displayed in the Node Name field Optional 8 Click OK to bulk copy A message appears when the selected...

Страница 130: ...and export nodes You must be assigned a policy that gives you access to all relevant devices and nodes A full access policy for All Nodes and All Devices is recommended You must be assigned a policy...

Страница 131: ...ot be configured in CC SG You cannot import virtual infrastructure nodes and interfaces Use the options in Nodes Virtualization The first interface in the CSV file after the ADD NODE command is assign...

Страница 132: ...ame Enter the same value as entered for Raritan Port Name 9 Description Optional To add an out of band serial interface to the CSV file Column number Tag or value Details 1 ADD The first column for al...

Страница 133: ...Tags are not case sensitive 3 Node Name Required field 4 Interface Name Required field 5 IP Address or Hostname Required field 6 TCP Port Default is 3389 7 Service Account Name Optional 8 Username Opt...

Страница 134: ...rt Default is 22 for SSH Default is 23 for TELNET 7 Service Account Name Optional Leave blank if specifying username and password 8 Username Optional Leave blank if specifying service account 9 Passwo...

Страница 135: ...tags is the command ADD 2 NODE DRAC KVM INTERFACE for DRAC KVM interfaces NODE DRAC POWER INTERFACE for DRAC Power interfaces NODE ILO KVM INTERFACE for iLO KVM interfaces NODE ILO POWER INTERFACE fo...

Страница 136: ...When importing DRAC ILO and RSA interfaces you must specify both the KVM interface and the Power interface or the import will fail Column number Tag or value Details 1 ADD The first column for all ta...

Страница 137: ...D 8 Interval Enter the check interval in seconds Default is 550 9 Service Account Name Leave blank if specifying username and password 10 Username Leave blank if specifying service account 11 Password...

Страница 138: ...The first column for all tags is the command ADD 2 NODE WEB INTERFACE Enter the tag as shown Tags are not case sensitive 3 Node Name Required field 4 Interface Name Required field 5 URL Required field...

Страница 139: ...er IQ find the external key on the IT device s page in the Data Center tab and enter the text in this field If the IT device has not been added to Power IQ yet enter a text value but make sure to use...

Страница 140: ...ed field Sample Nodes CSV File ADD NODE NJSomersetEmailServer Physical Server ADD NODE OOBKVM INTERFACE NJSomersetEmailServer NJSomersetEmailServer DKX2 NY Rack7 NJSomersetEmailServer ADD NODE RDP INT...

Страница 141: ...fully show in green text Items that failed import show in red text Items that failed import because a duplicate item already exists or was already imported also show in red text 6 To view more import...

Страница 142: ...of existing node groups is displayed on the left while details about the selected node group appear in the main panel A list of existing node groups is displayed on the left Click a node group to view...

Страница 143: ...ed into the group automatically Use the select method when you just want to create a group of specific nodes manually New nodes and devices added to CC SG are not pulled into these groups automaticall...

Страница 144: ...ibute that will be evaluated in the rule All categories you created in the Association Manager will be available here Also included are Node Name and Interface If any blade chassis has been configured...

Страница 145: ...entheses The section within the parentheses is evaluated first before the rest of the description is compared to the node Parenthetical groups can be nested inside another parenthetical group Example...

Страница 146: ...cess Policy for Group checkbox 9 When you are done describing the nodes that belong in this group click OK to create the node group The group will be added to the list of Node Groups on the left Edit...

Страница 147: ...nal authentication See Remote Authentication on page 161 You must also create policies for access that you can assign to user groups See Policies for Access Control on page 149 In This Chapter The Use...

Страница 148: ...s are nested underneath the user groups to which they belong User groups with users assigned to them appear in the list with a symbol next to them Click the to expand or collapse the list Active users...

Страница 149: ...Super User group Strong password requirements are Passwords must contain at least one lowercase letter Passwords must contain at least one uppercase letter Passwords must contain at least one number...

Страница 150: ...dd User Group screen appears 2 Type a name for the user group in the User Group Name field User Group names must be unique See Naming Conventions on page 353 for details on CC SG s rules for name leng...

Страница 151: ...st and then click Remove 10 When you are done configuring policies for this group click Apply to save this group and create another Repeat the steps in this section to add user groups Optional 11 Clic...

Страница 152: ...pear 11 For each policy you want to add to the group select policy in the All Policies then click Add to move the policy to the Selected Policies list Policies in the Selected Policies list will allow...

Страница 153: ...have high traffic See Access Report on page 184 Limits on number of KVM sessions are set per user group You can enable limits when you add or edit a user group manually in Guided Setup or by CSV impo...

Страница 154: ...cess privileges assigned to the user group To add a user 1 In the Users tab select the group to which you want to add a user 2 Choose Users User Manager Add User 3 In the Username field type the user...

Страница 155: ...ns 12 In the Telephone Number field type the user s telephone number 13 Click the User Groups drop down menu and select the group to which the user will be added Depending on the user group you select...

Страница 156: ...ge on Next Login checkbox if you want to force the user to change the assigned password the next time they log in 6 In the Email address field type a new email address to add or change the user s conf...

Страница 157: ...s in group list Select the users you want to remove from the Users in group list and then click the button to remove them Click the button to remove all users from the Users in group list 5 When all t...

Страница 158: ...the policy to a user group You cannot create new policies via import User Group names are case sensitive User names are not case sensitive Each USERGROUP defined must have a USERGROUP PERMISSIONS and...

Страница 159: ...ROUP PERMISSIONS Enter the tag as shown Tags are not case sensitive 3 User Group Name Required field User Group names are case sensitive 4 CC Setup and Control TRUE or FALSE 5 Device Configuration Upg...

Страница 160: ...n Tags are not case sensitive 3 User Group Name Required field User Group names are case sensitive 4 AD Module Name Required field To add a user to CC SG Column number Tag or value Details 1 ADD The f...

Страница 161: ...rd Change Periodically TRUE or FALSE 12 Expiration Period If Force Password Change Periodically is set to TRUE specify the number of days after which password must be changed Enter just the number fro...

Страница 162: ...CSV file validate it to check for errors then import it Duplicate records are skipped and are not added 1 Choose Administration Import Import Users 2 Click Browse and select the CSV file to import Cl...

Страница 163: ...save it 4 Click Save Your User Profile My Profile allows all users to view details about their account change some details and customize usability settings It is the only way for the CC Super User ac...

Страница 164: ...d will limit the display of nodes users or devices to all names that contain the search criteria Find Matching String Does not support the use of wildcards and will highlight the closest match in the...

Страница 165: ...and the user group that contains a user you want to log out of CCSG and then select the user To select multiple users hold the Shift key as you click additional users 2 Choose Users User Manager Logou...

Страница 166: ...s the user whose policies and privileges you want to copy and then select the user 2 Choose Users User Manager Bulk Copy The Username field displays the user whose policies and privileges you are copy...

Страница 167: ...all user groups If you completed Guided Setup a number of basic policies may already have been created See Configuring CC SG with Guided Setup on page 13 To control access using policies Create Node...

Страница 168: ...r details on CC SG s rules for name lengths 4 Click OK The new policy will be added to the Policy Name list in the Policy Manager screen 5 Click the Device Group drop down arrow and select the Device...

Страница 169: ...hat appears Editing a Policy When you edit a policy the changes do not affect users who are currently logged into CC SG The changes will go into effect at the next login To ensure that your changes go...

Страница 170: ...mes and days Select Deny to define this policy to deny access to the selected node or device group for the designated times and days 12 If you selected Control in the Device Node Access Permission fie...

Страница 171: ...de Dominion KSX II User Guide Dominion KXII 101 User Guide See Adding a Policy on page 150 for details on creating policies to assign virtual media permission to user groups in CC SG Assigning Policie...

Страница 172: ...ode groups you specify will appear in the nodes list when a Filter by Node Group custom view is applied The first level of organization is the node group name A node may appear several times in the li...

Страница 173: ...des according to the categories you specify 6 Click OK 7 In the Custom View Details section a In the Available list select the item you want to include in the custom view and then click Add to add the...

Страница 174: ...he custom view in the Enter new name for custom view field and then click OK The new view name appears in the Name field in the Custom View screen To change the custom view s contents 1 In the Custom...

Страница 175: ...iew panel click Set as Default The next time you log in the selected custom view will be used by default Assign a Default Custom View of Nodes for All Users If you have the CC Setup and Control privil...

Страница 176: ...you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab Select an item and click the up and down arrow buttons to move the item into the...

Страница 177: ...n click Add to add the item to the list Repeat this step to add as many items as you want b Arrange the items in the Selected list in the order you would like each grouping to display in the Nodes tab...

Страница 178: ...will be used by default Assign a Default Custom View of Devices for All Users If you have the Device Port and Node Management privilege you can assign a default custom view for all users To assign a d...

Страница 179: ...CC SG can be locally authenticated and authorized on the CC SG or remotely authenticated using the following supported directory servers Microsoft Active Directory AD Netscape s Lightweight Directory...

Страница 180: ...entication is disabled See Users and User Groups on page 129 for details on adding users who will be remotely authenticated Note If remote authentication is used users must contact their Administrator...

Страница 181: ...rs as modules in CC SG specify whether you want CC SG to use each of them for either authentication authorization or both To specify modules for authentication and authorization 1 Choose Administratio...

Страница 182: ...a message that says You are not a member of any group when attempting to login you may have configured duplicate AD modules Check the modules you have configured to see if they describe overlapping d...

Страница 183: ...the Use default CC SG DNS checkbox to use the DNS configured in the Configuration Manager section of CC SG See Advanced Administration on page 206 3 Select the Anonymous Bind checkbox if you want to c...

Страница 184: ...is 636 3 Select the Secure Connection for LDAP checkbox if you want to use a secure channel for the connection If checked CC SG uses LDAP over SSL to connect to AD This option may not be supported by...

Страница 185: ...and password supplied in the applet This second bind assures that the user provided the correct password 7 Click Next to proceed The Groups tab opens AD Group Settings In the Groups tab you can speci...

Страница 186: ...lish between the domains Trust directions are updated in all AD modules when you make changes to one AD module Incoming information will be trusted coming in from the domain Outgoing information will...

Страница 187: ...rt groups from the AD server See AD Group Settings on page 167 After making a change to imported groups or users you must synchronize the AD user groups you changed so that the imported groups are map...

Страница 188: ...ronization of all modules You can enable scheduled synchronization to allow CC SG to synchronize all AD modules daily at the time you choose See Synchronize All AD Modules on page 172 This synchroniza...

Страница 189: ...ent the matches and allow you to select which groups in AD you want to associate with CC SG This does not update user access information in CC SG Synchronizing AD User Groups only maps the group names...

Страница 190: ...ization and Authentication Servers appear in a table 3 In the On Demand Synchronization list select All Active Directory Modules then click Synchronize Now A confirmation message appears when all AD m...

Страница 191: ...n the Synchronization Time field at the bottom of the screen click the up and down arrows to select the time at which you want CC SG to perform the daily synchronization of all AD modules 4 Click Upda...

Страница 192: ...e common name organizational unit and domain For example type uid admin ou Administrators ou TopologyManagement o Netscape Root Separate the values with commas but do not use spaces before or after th...

Страница 193: ...ocally compare the associated password with the one entered On some LDAP servers the password cannot be retrieved as part of the LDAP object Select the Use bind after search checkbox to instruct CC SG...

Страница 194: ...ed Crypt Use Bind Unchecked Use Bind After Search Checked IBM LDAP Configuration Settings If using an IBM LDAP server for remote authentication use this example Parameter Name IBM LDAP Parameters IP A...

Страница 195: ...6 Click Next The General tab opens TACACS General Settings 1 Type the IP address or hostname of the TACACS server in the IP Address Hostname Name field See Terminology Acronyms on page 2 for hostname...

Страница 196: ...he RADIUS server in the Module name field 6 Click Next to proceed The General tab opens RADIUS General Settings 1 Click the General tab 2 Type the IP address or hostname of the RADIUS server in the IP...

Страница 197: ...C SG can make use of two factor authentication schemes with dynamic tokens In such an environment users logs into CC SG by first typing their usernames in the Username field then typing their fixed pa...

Страница 198: ...filter for any report is the user policy For example the nodes or devices that the user has no access permission will not display in the reports Sort Report Data Click a column header to sort report d...

Страница 199: ...l report including all details for each item Note Printing options work for all CC SG pages To print a screenshot of a report 1 Generate the report you want to print 2 Choose Secure Gateway Print Scre...

Страница 200: ...hide the filtering section which will allow the report area to expand To hide or show the report filters Click the Filter toolbar at the top of the screen to hide the filtering section Click the Filt...

Страница 201: ...in a series of Error Log files which can be accessed and used to help troubleshoot problems The Error Log includes a subset of the Audit Trail entries that are associated with an error condition To g...

Страница 202: ...epted in these fields To limit the report by the message text associated with an activity type the text in the Message field To limit the report to a particular device type the device name in the Devi...

Страница 203: ...successful login attempts You can unlock users from the report See Lockout settings on page 238 To generate the Locked Out Users report Choose Reports Users Locked Out Users To unlock a user who has b...

Страница 204: ...User Group Data Report The User Group Data report displays data on users and the groups with which they are associated To generate the User Group Data report 1 Choose Reports Users User Group Data 2...

Страница 205: ...ect the port states you want to include in the report Selecting more than one checkbox will include ports with all selected states You must select at least one Availability option when a Status option...

Страница 206: ...displays node name interface name and type device name and type and node group for all nodes under CC SG management You can filter the report to include only data about nodes that correspond to a spe...

Страница 207: ...node you want to disconnect then click Disconnect Node Creation Report The Node Creation report lists all node creation attempts both successful and unsuccessful within a specified time frame You can...

Страница 208: ...e AD Users Group report displays all users in groups that were imported into CC SG from AD servers that have been configured for both authentication and authorization The report does not include users...

Страница 209: ...ds are not allowed 5 Set the date range for the report in the Start Date and Time and End Date and Time fields Click each component of the default date month day year hour minute to select it then cli...

Страница 210: ...in the Scheduled Reports list This report is generated when an Upgrade Device Firmware task is running View the report to get real time status information about the task Once the task has completed t...

Страница 211: ...ed for all users Current users except the administrator who is initiating Maintenance Mode are alerted and logged out after the configurable time period expires While in Maintenance Mode other adminis...

Страница 212: ...en CC SG has exited Maintenance Mode All users will now be able to access CC SG normally Backing Up CC SG The best practice is to enter Maintenance Mode before backing up CC SG Entering Maintenance Mo...

Страница 213: ...ups under the default home directory enter Backups in the Directory Relative Path field g In the Filename leave blank to use the default filename convention field type a filename for naming the backup...

Страница 214: ...include RRC MPC RC and VNC Saving and Deleting Backup Files Use the Restore CommandCenter screen to save and delete backups stored on CC SG Saving backups allows you to maintain a copy of the backup f...

Страница 215: ...t in the dialog window You can retrieve the file from anywhere on your client s network c Click Open to upload this file to CC SG When complete the backup file appears in the Available Backups table 3...

Страница 216: ...curs 6 In the Broadcast Message field type a message to notify other CC SG users that a restore will occur 7 Click Restore CC SG waits for the time specified before restoring its configuration from th...

Страница 217: ...the default username and password admin raritan Save Personality Settings This option can be selected only when you select Full CC SG Database Reset This option saves some previously configured option...

Страница 218: ...stem Maintenance Reset 3 Select the reset options 4 Type your CC SG password 5 Broadcast message Type the message that will display to users who will be logged off CC SG 6 Enter the number of minutes...

Страница 219: ...the firmware file to your client PC before proceeding with the upgrade Only users with the CC Setup and Control privilege can upgrade CC SG You should back up CC SG before upgrading and send the backu...

Страница 220: ...p ccImageUpgradeResults with a success message d The server must reboot The reboot process begins when you see the Linux reboot message in the upgrade log The server will shut down and reboot Note For...

Страница 221: ...Applications and Applets checkbox is selected then click OK CC SG Shutdown Shutting down CC SG shuts down the CC SG software but it does not power off the CC SG unit After CC SG shuts down all users...

Страница 222: ...wer is restored Important Do not hold the POWER button to forcibly power down CC SG The recommended way to power down CC SG is to use the Diagnostic Console s CC SG System Power OFF command See Power...

Страница 223: ...ient window open See Log Out of CC SG on page 205 Exit to end your session and close the client window See Exit CC SG on page 205 Log Out of CC SG 1 Choose Secure Gateway Logout The Logout window open...

Страница 224: ...ring a Message of the Day The Message of the Day allows you to provide a message for all users to view upon login You must have the CC Setup and Control privilege to configure the Message of the Day T...

Страница 225: ...ion Applications 2 Click the Application name drop down menu to view the list of applications available in CC SG Checking and Upgrading Application Versions Check and upgrade the CC SG applications in...

Страница 226: ...n log in again to ensure that the new version of the application is launched Also see Older Version of Application Opens After Upgrading on page 208 Older Version of Application Opens After Upgrading...

Страница 227: ...d Windows 2008 server users should ensure that the IP address of the device being accessed is included in their browser s Trusted Sites Zone and that Protected Mode is not on when accessing the device...

Страница 228: ...ot be changed 5 Select the default application to use when connecting to the selected Interface or Port Type Auto Detect CC SG will automatically select an appropriate application based on the client...

Страница 229: ...the IP address of a CC SG unit which is already a Neighborhood member see What is a Neighborhood on page 229 you must remove it from the Neighborhood configuration first Otherwise you are unable to d...

Страница 230: ...1 0 Not labeled Top LAN port in set of 2 ports in center of unit back panel Not labeled Bottom LAN port in set of 2 ports in center of unit back panel E1 1 LAN1 Left LAN port LAN2 Right LAN port What...

Страница 231: ...ility Optional To configure IP Failover mode in CC SG 1 Choose Administration Configuration 2 Click the Network Setup tab 3 Select IP Failover mode 4 Type the CC SG hostname in the Host name field See...

Страница 232: ...ode drop down arrow and select a duplex mode from the list 8 Click Update Configuration to save your changes Your changes will not take effect until CC SG restarts Click Restart Now if you want to aut...

Страница 233: ...AN ports on each CC SG model Note Clustering cannot be configured when using IP Isolation mode Setup for IP Isolation mode When implementing IP Isolation mode for your CC SG network Each CC SG LAN por...

Страница 234: ...P address Subnet mask and Default gateway fields will be automatically populated if your DHCP server is configured to provide this information once you save this network setup and restart CC SG With t...

Страница 235: ...C SG to use type the IP address in the Server Address field under Primary Server 4 Click the Level to Forward drop down arrow and select an event severity level All events of this level or higher will...

Страница 236: ...the up and down arrows to select the Year and then click the Day in the calendar area Time use the up and down arrows to set the Hour Minutes and Seconds and then click the Time zone drop down arrow t...

Страница 237: ...configuration KVM data is encrypted according to the security setting in the KXII device Encryption is not supported with devices other than Dominion KXII 2 1 10 Both mode allows you to configure CC S...

Страница 238: ...Administration Configuration 2 Click the Connection Mode tab 3 Select Both 4 In the Net Address and Net Mask fields specify the client IP address range that should connect to nodes and ports via Direc...

Страница 239: ...box to enable a warning message that alerts a user before a requested power operation occurs Only the user who initiated the power operation sees the message The user can cancel the power operation or...

Страница 240: ...oad Server Certificate Validation If you do enable AKC Download Server Certificate Validation Administrators must upload a self signed certificate to the CommandCenter Secure Gateway or generate a sel...

Страница 241: ...you enable or disable this feature See Backing Up CC SG on page 194 2 Choose Administration Configuration 3 Click the Custom JRE tab 4 Select the Enable Custom JRE for Login checkbox to enable the opt...

Страница 242: ...re SNMP in CC SG 1 Choose Administration Configuration 2 Click the SNMP tab 3 Select the Enable SNMP Daemon checkbox to enable SNMP operations 4 To identify the SNMP agent running on CC SG to a third...

Страница 243: ...Update Trap Configuration to save your changes MIB Files Because CC SG pushes its own set of Raritan traps you must update all SNMP managers with a custom MIB file that contains Raritan SNMP trap defi...

Страница 244: ...o the specific Primary node Create a Cluster You should backup your configuration on both CC SG units before creating a cluster To create a cluster 1 Choose Administration Cluster Configuration 2 The...

Страница 245: ...ages The Backup node will restart and the process takes several minutes 10 When the cluster creation is complete a message appears indicating the Backup node is successfully joined Configure Cluster S...

Страница 246: ...and Secondary node status If the Primary and Secondary nodes lose communication with one another the Secondary node will assume the role of the Primary node When connectivity resumes you may have two...

Страница 247: ...ser password To delete a cluster 1 Choose Administration Cluster Configuration 2 Click Delete Cluster 3 Click Yes to remove the Primary Node and Secondary Node status 4 A message appears when the clus...

Страница 248: ...he next empty row or press Tab or up down arrow keys b Type the IP address or hostname of new CC SG unit that you want to add and press Enter See Terminology Acronyms on page 2 for hostname rules c Re...

Страница 249: ...the same Neighborhood share the same Neighborhood information Therefore you can log into any CC SG unit in the Neighborhood to change the Neighborhood configuration Note All changes to the members of...

Страница 250: ...e Access Client Or you can refresh all members data such as the firmware version or unit status in the Neighborhood configuration To deactivate or rename the CC SG units in the Neighborhood or retriev...

Страница 251: ...the Neighborhood 1 Choose Administration Neighborhood 2 Click the CC SG unit that you want to delete and click Remove Member Repeat this step until you remove all CC SG units you want 3 Click Send Upd...

Страница 252: ...rules lockout rules the login portal certificates and access control lists Remote Authentication See Remote Authentication on page 161 for detailed instructions on configuring remote authentication s...

Страница 253: ...in Windows Vista only It does not support any AES encryption in Windows XP In addition to browser support AES 256 encryption requires the installation of Java Cryptography Extension JCE Unlimited Str...

Страница 254: ...inistration Security 2 Open the Encryption tab 3 Select the HTTP or HTTPS SSL option to specify the Browser Connection Protocol you want clients to use when connecting to CC SG 4 Click Update to save...

Страница 255: ...least one special character for example an exclamation point or ampersand 8 Click Update to save your changes About CC SG passwords All passwords must meet all criteria that the administrator configur...

Страница 256: ...lue by entering a number from 1 to 10 5 Choose a Lockout Strategy Lockout for Period specify the period of time in minutes the user will be locked out before they can login again The default number is...

Страница 257: ...rs in the System Administrators user group Select the Other Users checkbox to allow concurrent logins by all other users 3 Click Update to save your changes Configure the Inactivity Timer You can conf...

Страница 258: ...users agree to upon accessing the CC SG A user s acceptance of the Restricted Service Agreement is noted in the log files and the audit trail report To add a restricted service agreement to the CC SG...

Страница 259: ...ificate option is selected To export current certificate and private key 1 Choose Administration Security 2 Click the Certificate tab 3 Select Export current certificate and private key 4 Click Export...

Страница 260: ...vate Key appear in the corresponding fields of the Certificate screen 6 Select the text in the Certificate Request box and then press Ctrl C to copy it Using an ASCII editor such as Notepad paste the...

Страница 261: ...nd Server is selected in the Administration Security Encryption screen AES 128 is the default If AES is not required DES 3 is the default b Private Key Length 1024 is the default c Validity Period day...

Страница 262: ...ation Security 2 Click the Access Control List tab 3 Click the Add Row icon to add a row to the table 4 Specify a range of IP addresses to which you want to apply the rule by typing the starting IP va...

Страница 263: ...ns can be sent from CC SG Notifications are used to email reports that have been scheduled email reports if users are locked out and to email status of failed or successful scheduled tasks See Task Ma...

Страница 264: ...a daily weekly monthly or yearly basis A task can be scheduled to run only once or periodically on a specified day of the week and at a specified interval For example you could schedule device backups...

Страница 265: ...L for the version of the emailed report All reports that have a Finished status are stored in HTML format on CC SG for 30 days You can view the finished reports in HTML format only by selecting Schedu...

Страница 266: ...acking Up CC SG on page 194 Backup Device Configuration See Backing Up a Device Configuration on page 60 Copy Device Configuration See Copying Device Configuration on page 64 Group Power Control See N...

Страница 267: ...ox next to each month in which the task should recur on the specified date f Yearly Click the drop down menu and select the month in which the task should execute from the list Use the up and down arr...

Страница 268: ...device for estimated upgrade times To schedule a Device Firmware Upgrade 1 Choose Administration Tasks 2 Click New 3 In the Main tab type a name and description for the task The Name you choose will b...

Страница 269: ...o proceed 8 Specify whether failed upgrades should be retried a Click the Retry tab b Retry Count Type the number of times CC SG should retry a failed upgrade c Retry Interval Enter the time that shou...

Страница 270: ...is similar to a completed task To reschedule a task 1 Choose Administration Tasks 2 In the Task Manager page select the task you want to reschedule Use the filtering criteria to search for the task 3...

Страница 271: ...sting authentication and authorization policies are applied to the SSH client The commands available to the SSH client are determined by the permissions for the user groups to which the SSH client use...

Страница 272: ...in depth help on a single command at a time To get help for a single SSH command 1 At the shell prompt type the command you want help for followed by a space and h For example connect h 2 Information...

Страница 273: ...To backup a device configuration backup device host host id device_id backup_name description To clear the screen clear To establish a connection to a serial port If port_name or device_name contains...

Страница 274: ...ist available devices listdevices To list firmware versions available for upgrade listfirmwares id device_id host To list all interfaces listinterfaces id node_id To list all nodes listnodes To list a...

Страница 275: ...mmand Tips For commands that pass an IP address such as upgradedevice you can substitute the hostname for an IP address See Terminology Acronyms on page 2 for hostname rules The copydevice and restart...

Страница 276: ...cter when establishing a port connection The command is connect e escape_char port_id For example to define m as the escape character when connecting to the port with id 2360 type connect e m 2360 Cre...

Страница 277: ...face You can use SSH to connect to a node through its associated serial out of band interface The SSH connection is in proxy mode 1 Type listinterfaces to view the node ids and associated interfaces 2...

Страница 278: ...e entire SSH connection to CC SG This command ends the entire SSH connection including any port device or node connections made through CC SG At the prompt type the following command and press the Ent...

Страница 279: ...rminal or PuTTY Set the baud rate in the terminal emulation program to match the SX or KSX baud rate V1 Serial Admin Port E1 Serial Admin Port OR About Terminal Emulation Programs HyperTerminal is ava...

Страница 280: ...b services client Web Services Client Name Maximum 64 characters License Key Your license key from Raritan Each CC SG unit must have a unique license key IP Address Hostname Maximum 64 characters HTTP...

Страница 281: ...G to generate the certificate You do not need to remember it l Password Enter a keystore password Use this password to open the P12 file that you will save in step 7 If you copy the generated certific...

Страница 282: ...bindings These appearance settings may differ from those in this documentation In This Chapter Accessing Diagnostic Console 264 Status Console 265 Administrator Console 271 Accessing Diagnostic Consol...

Страница 283: ...ways to view the Status Console information VGA keyboard mouse port SSH or web browser Access Status Console via VGA Keyboard Mouse Port or SSH To access Status Console via VGA Keyboard Mouse Port or...

Страница 284: ...same information as the Status Console Status Console Information Status Console via VGA Keyboard Mouse Port or SSH After typing status at the login prompt the read only Status Console appears This sc...

Страница 285: ...formation Description Host Name CC SG s Fully Qualified Domain Name FQDN It consists of both the unit s hostname and the associated domain name CC SG Version CC SG s current firmware version It consis...

Страница 286: ...ses for RAID disks include Active RAID is fully functional RAID Status Degraded One or more disk drives are having problems Contact Raritan Technical Support for assistance Cluster Status CC SG can wo...

Страница 287: ...ys Reminder The bottom line on the screen displays the keyboard combination keys for invoking Help and exiting Status Console Status Console will ignore key inputs other than these keys described belo...

Страница 288: ...ly Status Console web page appears The web page displays the same information as the Status Console and also updates the information approximately every 5 seconds For information on the links for CC S...

Страница 289: ...html based Access Client Changing one of these passwords does not affect the other Access Administrator Console All information displayed in the Administrator Console is static If the configuration c...

Страница 290: ...Ctrl X to activate the menu bar or click a menu item using the mouse if you access Administrator Console via the SSH client The File menu provides an alternative option to exit the Diagnostic Console...

Страница 291: ...rd combinations to navigate Administrator Console For some sessions the mouse may also be used to navigate However the mouse may not work in all SSH clients or on the KVM console Press To Ctrl X Activ...

Страница 292: ...s CC SG via the Web can access the Status Console web page Important Be careful not to lock out all Admin or Field Support access To edit Diagnostic Console configuration 1 Choose Operation Diagnostic...

Страница 293: ...ield After you save this field will be updated to reflect the Fully Qualified Domain Name FQDN if known See Terminology Acronyms on page 2 for hostname rules 4 In the Mode field select either IP Isola...

Страница 294: ...ions A Warning screen will appear informing you of the impending network reconfiguration and associated CC SG GUI user impact Select YES to proceed System progress can be monitored in a Diagnostic Con...

Страница 295: ...tion between your computer and the domain is not working See Edit Static Routes on page 278 6 Press Ctrl C to terminate the session Note Press CTRL Q to display a statistics summary for the session so...

Страница 296: ...static routes may actually improve the performance of your network allowing you to conserve bandwidth for important business applications Click with the mouse or use the Tab and arrow keys to navigat...

Страница 297: ...Chapter 16 Diagnostic Console 279 Although you can delete all other routes including the Default Gateway doing this will greatly impact the communication with CC SG...

Страница 298: ...data or the file size of the logfile Timestamp and file size abbreviations Timestamps s seconds m minutes h hours d days File sizes B Bytes K Kilobytes 1 000 bytes M Megabytes 1 000 000 bytes G Gigab...

Страница 299: ...onfigured to buffer all the new information that comes along Remember Selected Items If this box is checked the current logfile selections if any will be remembered Otherwise selection is reset each t...

Страница 300: ...utomatically delete them View View the selected log s When View is selected with Individual Windows the LogViewer displays While viewing log files press Q Ctrl Q or Ctrl C to return to the previous sc...

Страница 301: ...A to add a regular expression For example to display information on the WARN messages in sg jboss console log log file enter WARN and select match Note This screen also shows the Default Filter Scheme...

Страница 302: ...2 Either click Restart CC SG Application or press Enter Confirm the restart in the next screen to proceed Reboot CC SG with Diagnostic Console This option will reboot the entire CC SG which simulates...

Страница 303: ...ion will power off the CC SG unit Logged in users will not receive a notification CC SG SSH and Diagnostic Console users including this session will be logged off Any connections to remote target serv...

Страница 304: ...CC Super User Password with Diagnostic Console This option will reset the password for the CC Super User account to the factory default value Factory default password raritan Note This is not the pass...

Страница 305: ...fault Confirm the password reset in the next screen to proceed Reset CC SG Factory Configuration Admin This option will reset all or parts of the CC SG system back to their factory default values All...

Страница 306: ...d Secure Communication between PC Clients and CC SG Enforce Strong Passwords Direct vs Proxy Connections to Out of Band nodes Inactivity Timer setting Network Reset This option changes the network set...

Страница 307: ...ates the current reset status and you cannot control CC SG before reset is complete Do NOT power off power cycle or interrupt CC SG when reset is in progress Doing this may result in the loss of CC SG...

Страница 308: ...be asked if you want to accept the new password You can either accept by typing in the new password twice or reject the random password You cannot select your own password Strong Enforce strong passw...

Страница 309: ...the screen that appears you can view the settings for each account Status Admin FS1 and FS2 This screen is split into three main areas The top displays read only information about the accounts on the...

Страница 310: ...r you cannot use Diagnostic Console Min Days The minimum number of days after a password has been changed before it can be changed again Default is 0 Max Days The maximum number of days the password w...

Страница 311: ...SG unit 1 Choose Operation Utilities Remote System Monitoring 2 Select Enabled in the Remote Monitoring Service field 3 Enter the IP address of the client PC you want to allow to monitor the CC SG uni...

Страница 312: ...lier time and date Data collection starts again when the time and date reaches the original time and date When the time and date is changed to a later time and date the reports show a gap in the data...

Страница 313: ...SG 1 Choose Operation Utilities Disk RAID Utilities RAID Status Disk Utilization 2 Either click Refresh or press Enter to refresh the display Refreshing the display is especially useful when upgrading...

Страница 314: ...Submit c The test is scheduled and a SMART information screen displays d When the required time has passed as indicated by the screen you can view the results in the Repair Rebuild RAID screen See Rep...

Страница 315: ...n view the results in the Repair Rebuild RAID screen See Repair or Rebuild RAID Disks on page 299 If a non zero value displays in the Mis Match column for the given Array indicating that there may be...

Страница 316: ...ts be aware of these guidelines Only one test can be performed on a given drive at a time Another test will not be scheduled if a drive is currently under test If two tests are scheduled for the same...

Страница 317: ...time for running this test Type a number in the Month Day of Month Day of the Week and Hour fields Day of the Week field uses 1 for Monday through 7 for Sunday Hour must be in 24 Hour format Note A b...

Страница 318: ...good system A contrived system showing multiple problems The system will update displayed information when you move between Disk Drive Status RAID Array Status and Potential Operations box using the T...

Страница 319: ...the processes running on CC SG 1 Choose Operation Utilities Top Display 2 View the total running sleeping total number and processes that have stopped 3 Type h to view a help screen for the top comma...

Страница 320: ...Chapter 16 Diagnostic Console 302 NTP is not enabled or not configured properly NTP is properly configured and running...

Страница 321: ...uration shows a list of CC SG data that you can snapshot Snapshot Operations shows a list of operations that can be performed when activating the snapshot operation 5 Usually it is not necessary to ch...

Страница 322: ...r the file named snapshot as it is the latest snapshot file The files are already compressed encrypted and signed so you must transfer them in the binary mode 5 When saving the file with IE save it as...

Страница 323: ...of Dominion PX devices deployed and you want to get the current IT Device Names into CC SG as nodes you can export a file from Power IQ edit the file to specifications then import it into CC SG See Im...

Страница 324: ...the Use Service Account Credentials checkbox Select the service account to use in the Service Account Name menu or Enter a Username and Password for authentication 6 Type a short description of this...

Страница 325: ...rt a CSV file from Power IQ 1 Login to Power IQ and go to the Dashboard 2 Click Outlet Naming 3 Next to the Import click the link to export a CSV file of the current outlet names 4 Open or save the fi...

Страница 326: ...cause a duplicate item already exists or was already imported also show in red text 6 To view more import results details check the Audit Trail report See Audit Trail Entries for Importing on page 334...

Страница 327: ...The export file contains three sections Read the comments in the CSV file for instructions on how to use each section as part of a Power IQ multi tabbed CSV import file See the Power IQ User Guide an...

Страница 328: ...me Between Failure MTBF 36 354 hours KVM Admin Port DB15 PS2 or USB Keyboard Mouse Serial Admin Port DB9 Console Port 2 USB 2 0 Ports V1 Environmental Requirements Operating Humidity 8 90 RH Altitude...

Страница 329: ...44 09 lbs 20 kg Power SP502 2S Hot Swappable 500W 2U power supply Operating Temperature 0 50 C Mean Time Between Failure MTBF 53 564 hours KVM Admin Port PS 2 keyboard and mouse ports 1 VGA port Seria...

Страница 330: ...ure 40 70 C Humidity 5 90 non condensing Altitude Sea level to 40 000 feet Vibration 10 Hz to 300 Hz sweep at 2 g constant acceleration for one hour on each of the perpendicular axes X Y and Z Shock 3...

Страница 331: ...This Chapter Required Open Ports for CC SG Networks Executive Summary 313 CC SG Communication Channels 314 Required Open Ports for CC SG Networks Executive Summary The following ports should be opene...

Страница 332: ...umented For each communication channel the table includes The symbolic IP Addresses used by the communicating parties These addresses must be allowed over any communication path between the entities T...

Страница 333: ...tional CC SG clustering feature is used the following ports must be available for the inter connecting sub networks If the optional clustering feature is not used none of these ports has to be open Ea...

Страница 334: ...al industry standard services like DHCP DNS and NTP These ports and protocols are used to allow CC SG to communicate with these optional servers Communication Direction Port Number Protocol Configurab...

Страница 335: ...Console 23 TCP yes Client server communication SSL AES 128 AES 256 encrypted if configured PC Clients to Nodes Another significant role of CC SG is to connect PC clients to various nodes These nodes c...

Страница 336: ...telligent Platform Management Interface IPMI servers can also be controlled by CC SG Dell DRAC and RSA targets can also be managed by CC SG Note Some in band interfaces require additional ports to be...

Страница 337: ...an be blocked CC SG Access via NAT enabled Firewall If the firewall is using NAT Network Address Translation along with PAT Port Address Translation then Proxy mode should be used for all connections...

Страница 338: ...or 5900 must be open for VNC access to nodes SSH Access to Nodes Port 22 must be open for SSH access to nodes Remote System Monitoring Port When the Remote System Monitoring feature is enabled port 1...

Страница 339: ...een None Logout None Exit None Users This menu and the User tree are available only for users with the User Management privilege User Manager Add User User Management Editing users User Management Via...

Страница 340: ...Management Bulk Copy Device Port and Node Management Upgrade Device Device Configuration and Upgrade Management Configuration Backup Device Configuration and Upgrade Management Restore Device Configu...

Страница 341: ...Management Tree View Device Port and Node Management or Device Configuration and Upgrade Management Port Manager Connect Device Port and Node Management and Node Out of band Access Configure Ports Dev...

Страница 342: ...rt and Node Management Editing Nodes Device Port and Node Management Via the Node Profile Delete Node Device Port and Node Management interfaceName Node In band Access or Node Out of band Access Disco...

Страница 343: ...Out of band Access or Power Control By Node Status Any of the following Device Port and Node Management or Node In band Access or Node Out of band Access or Node Power Control Chat Start Chat Session...

Страница 344: ...te Node Groups User Security Management Includes ability to add modify and delete Policies User Security Management Includes ability to add modify and delete Reports This menu is available for users w...

Страница 345: ...anagement Active Directory AD Users Group Report CC Setup and Control or User Management Scheduled Reports CC Setup and Control or Device Configuration and Upgrade Management Access Add Web Services A...

Страница 346: ...ent or Device Configuration and Upgrade Management Import Import Categories CC Setup and Control and User Security Management Import Users CC Setup and Control and User Management Import Nodes CC Setu...

Страница 347: ...rt Power IQ Data CC Setup and Control and Device Port and Node Management System Maintenance Backup CC Setup and Control Restore CC Setup and Control Reset CC Setup and Control Restart CC Setup and Co...

Страница 348: ...ion failure ccLanCardFailure CC SG detected a LAN Card Failure ccHardDiskFailure CC SG detected a hard disk failure ccLeafNodeUnavailable CC SG detected a connection failure to a leaf node ccLeafNodeA...

Страница 349: ...with another Dominion PX device ccSystemMonitorNotification CC SG is out of memory ccNeighborhoodActivated CC SG neighborhood has been activated ccNeighborhoodUpdated CC SG neighborhood has been upda...

Страница 350: ...section contains more information about CSV file imports In This Chapter Common CSV File Requirements 333 Audit Trail Entries for Importing 334 Troubleshoot CSV File Problems 335 Appendix E CSV File...

Страница 351: ...s the file type After that Excel will continue to save the file as CSV If you don t set the file type correctly the file will corrupt and cannot be used to import All import files must be in ASCII tex...

Страница 352: ...n entry for each change that occurs when a record is imported These entries are logged between the entries for Import started and Import completed They are logged under a different Message Type depend...

Страница 353: ...error includes the line number where the error occurs in the CSV file See the comments at the top of an export file to help you correct errors When the file has been corrected validate the file again...

Страница 354: ...at states your client version is different from the server version and that behavior may be unpredictable you should clear the browser s cache and the Java cache and restart the browser See Clear the...

Страница 355: ...Failed message that says you have an invalid certificate You can resume access by clearing the invalid certificate from your browser a In Firefox choose Tools Options b Click Advanced c Click the Enc...

Страница 356: ...rrow key Press any key to enter the menu Booting CentOS x x x in x seconds 3 Highlight the Memtest86 vX X option where vX X is the current version using the up or down arrow keys and press Enter 4 CC...

Страница 357: ...ooting 1 Turn on the debug mode 1 Using a supported Internet browser type this URL http s IP_address 8080 jmx console where IP_address is the IP address of the CC SG For example https 10 20 3 30 8080...

Страница 358: ...onfigure Remote System Monitoring on page 293 Important For CC SG units in a cluster configuration you must monitor both CC SG units To monitor the disk space via the Diagnostic Console 1 Log into the...

Страница 359: ...apshots 1 Enter the System Snapshot menu see Take a System Snapshot on page 303 2 Deselect SNAP 3 Deselect Package Export 4 Select Clean up tmp 5 Click or select Submit To monitor the disk space via w...

Страница 360: ...Diagnostic Utilities 342 Note For file system problems that are not mentioned in this section or when the corrective actions you take cannot resolve the problems contact Raritan Technical Support for...

Страница 361: ...RADIUS Server 6 1 on Windows Server 2003 RSA Authentication Manager 6 1 on Windows Server 2003 RSA Secure ID SID700 hardware token Earlier RSA product versions should also work with CC SG but they ha...

Страница 362: ...r or manager to access and manage all servers equipment and users from a single device Which Raritan products does CC SG support See the Compatibility Matrix on the Raritan website in the Support sect...

Страница 363: ...new node to the CC SG database and assigned it to me How can I see it in my Nodes tree To update the tree and see the newly assigned node click the Refresh shortcut button on the toolbar Remember that...

Страница 364: ...ce to the existing node when a message appears Authentication FAQs Question Answer Authentication How many user accounts can be created for CC SG Check your licensing restrictions There is no specifie...

Страница 365: ...ew browser and log in again This provides an additional security feature so that no one can recall information stored in the web cache to access the unit How is a password secure Passwords are encrypt...

Страница 366: ...SG administrator I added over 500 nodes and assigned all of them to me Now it takes a long time to log into CC SG When you as administrator have many nodes assigned to you CC SG downloads all informat...

Страница 367: ...too overloaded to be able to respond to a network login may still support console login So another benefit of console access is the ability to troubleshoot and diagnose system and network problems How...

Страница 368: ...8 path box Currently the best possible implementation is to aggregate IP Reach boxes with CC SG In the future Raritan plans to increase simultaneous access paths per box These plans have yet to compl...

Страница 369: ...Appendix I FAQs 351...

Страница 370: ...following keyboard shortcuts can be used in the Java based Admin Client Operation Keyboard Shortcut Refresh F5 Print panel Ctrl P Help F1 Insert row in Associations table Ctrl I Appendix J Keyboard Sh...

Страница 371: ...Device Information 354 Port Information 355 Associations 355 Administration 355 User Information Field in CC SG Number of characters CC SG allows Username 64 Full Name 64 User Password not strong pass...

Страница 372: ...characters CC SG allows Primary Contact Name 64 Telephone Number 32 Cell Phone 32 Secondary Contact Name 64 Telephone Number 32 Cell Phone 32 Service Accounts Field in CC SG Number of characters CC S...

Страница 373: ...formation Field in CC SG Number of characters CC SG allows Port Name 32 Associations Field in CC SG Number of characters CC SG allows Category Name 32 Element Name 32 Device Group Name 40 Node Group N...

Страница 374: ...or The operating system is checking the DVD ROM drive and finds no media when it boots up There are other scenarios that invoke the message as well but will not be described in the section avc The mes...

Страница 375: ...9 94 Add a Custom View for Devices 157 Add a Custom View for Nodes 155 Add a Device Group 50 53 149 Add a Dominion PX Device 33 34 36 Add a KVM or Serial Device xvi 33 34 43 72 74 Add a Neighborhood M...

Страница 376: ...Blade Chassis with an Integrated KVM Switch 42 Blade Chassis without an Integrated KVM Switch 43 Bookmarking an Interface 109 110 189 Browser Based Access via the CC SG Admin Client 5 Bulk Copying fo...

Страница 377: ...Configuring Power IQ Services xvi 106 121 305 Configuring PowerStrips Connected to KX KX2 KX2 101 KSX2 and P2SC 70 71 Configuring PowerStrips Connected to SX 3 0 and KSX 70 72 Configuring Powerstrips...

Страница 378: ...DRAC 5 Connection Details xvi 101 E E1 Environmental Requirements 311 E1 General Specifications 311 E1 Model 311 Edit a Blade Chassis Device 46 86 Edit a Device Group 53 Edit a Neighborhood 231 Edit...

Страница 379: ...atibility 5 6 K Keyboard Shortcuts 352 L Launching a Device s Administrative Page 66 LDAP Advanced Settings 174 LDAP General Settings 174 Limit the Number of KVM Sessions per User xvi 19 132 133 135 L...

Страница 380: ...ote System Monitoring Port 320 Repair or Rebuild RAID Disks 296 297 298 299 Reports 180 248 Require AES Encryption between Client and CC SG 235 Require strong passwords for all users 237 Required Open...

Страница 381: ...ration Settings 175 Support for Virtual Media 153 Supported Environments for Two Factor Authentication 343 Switch the Primary and Secondary Node Status xvi 228 Synchronize All AD Modules 169 170 171 1...

Страница 382: ...ngs 236 View Report Details 181 View the Default Application Assignments 210 View Top Display with Diagnostic Console 301 Viewing Devices 28 Viewing Nodes 78 Virtual Nodes Overview 89 VNC Access to No...

Страница 383: ......

Страница 384: ...India Monday Friday 9 a m 6 p m local time Phone 91 124 410 7881 Japan Monday Friday 9 30 a m 5 30 p m local time Phone 81 3 3523 5991 Email support japan raritan com Europe Europe Monday Friday 8 30...

Отзывы:

Нет отзывов