manualshive.com logo in svg

Tripp Lite B092-016, Руководство пользователя, Страница: 154 / 242

Поделиться
Скачать
Tripp Lite B092-016 Скачать руководство пользователя страница 154

154

To backup to the USB enter a brief

Description

of the backup in the Local Configuration Backups

menu and select

Save Backup

The Local Configuration Backup menu will display all the configuration backup files you have
stored onto the USB flash

To restore a backup from the USB simply, select

Restore

on the particular backup you wish to

restore and click

Apply

After saving a local configuration backup, you may choose to use it as the alternate default

configuration. When the Console Server is reset to factory defaults, it will then load your alternate
default configuration instead of its factory settings:

To set an alternate default configuration, check

Load On Erase

and click

Apply

Note:

Before selecting

Load On Erase

please ensure you have tested your alternate default

configuration by clicking Restore.

If for some reason your alternate default configuration causes the

Console Server

to become

unbootable recover your unit to factory settings using the following steps:

-

If the configuration is stored on an external USB storage device, unplug the storage device
and reset to factory defaults as per section 11.1 of the owner’s manual

-

If the configuration is stored on an internal USB storage device, reset to factory defaults using
a specially prepared USB storage device:

o

The USB storage device must be formatted with a Windows FAT32/VFAT file system
on the first partition or the entire disk, most USB thumb drives are already formatted
this way

o

The file system must have the volume label: OPG_DEFAULT

o

Insert this USB storage device into an external USB port on the

Console Server

and

reset to factory defaults as per section 11.1

- After recovering your

Console Server

, ensure the problematic configuration is no longer selected

for Load On Erase.

11.5 FIPS Mode

(B095-004/003 only)

Note

The US National Institute of Standards and Technology (NIST) publishes the FIPS (Federal
Information Processing Standard) series of standards. FIPS 140-1 and FIPS 140-2 are both
technical standards and worldwide de-facto standards for the implementation of cryptographic
modules. These standards and guidelines are issued by NIST for use government-wide. NIST
develops FIPS when there are compelling Federal Government requirements such as for security
and interoperability and there are no acceptable industry standards or solutions.

Console Servers with Revision 3.0.1 firmware (or later) use an embedded OpenSSL
cryptographic module that has been validated to meet the FIPS 140-2 standards and has
received Certificate #1051. This firmware is only currently available on B095-004-1E / B095-003-
1E-M Console Servers.

When configured in FIPs mode, all SSH, HTTPS and SDTConnector access to all services on the Console
Servers will use the embedded FIPS compliant cryptographic module. To connect you must also be using

cryptographic algorithms that are FIPs approved in your browser or client or the connection will fail.

Содержание B092-016

Страница 1: ...erver Management Switch Models B096 016 B096 048 Console Server with PowerAlert Model B092 016 Console Server Models B095 004 1E B095 003 1E M Tripp Lite World Headquarters 1111 W 35th Street Chicago...

Страница 2: ...SB Port Connection 18 2 6 Rackmount Console KVM Connection B092 016 only 18 3 INITIAL SYSTEM CONFIGURATION 19 3 1 Management Console Connection 19 3 1 1 Connected Computer Set Up 19 3 1 2 Browser Conn...

Страница 3: ...4 7 1 Install VirtualPort Client 52 4 7 2 Configure the VirtualPort Client 53 4 7 3 Remove a Configured Port 56 4 7 4 Configure the Remote Serial Device Connection 56 4 8 Managed Devices B095 004 003...

Страница 4: ...ey Authentication 87 6 8 Setting up SDT for Remote Desktop Access 88 6 8 1 Enable Remote Desktop on the Target Windows Computer to be Accessed 88 6 8 2 Configure the Remote Desktop Connection Client 8...

Страница 5: ...Alerts 120 8 2 5 UPS Status 120 8 2 6 Overview of Network UPS Tools NUT 120 8 3 Environmental Monitoring 122 8 3 1 Connecting the EMD 123 8 3 2 Environmental Alerts 124 8 3 3 Environmental Status 124...

Страница 6: ...NAGEMENT 149 11 1 System Administration and Reset 149 11 2 Upgrade Firmware 150 11 3 Configure Date and Time 151 11 4 Configuration Backup B095 004 003 only 152 11 5 FIPS Mode B095 004 003 only 154 12...

Страница 7: ...guration 179 14 7 1 SDT Host TCP Ports 179 14 8 Configuration Backup and Restore 180 14 9 General Linux Command Usage 181 15 ADVANCED CONFIGURATION 184 15 1 Advanced Portmanager 185 15 2 External Scri...

Страница 8: ...l Terminal 220 16 1 2 Connect Browser 220 16 1 3 Connect VNC 221 16 1 4 Connect SSH 222 16 1 5 Connect IPMI 223 16 1 6 Connect Remote Desktop RDP 224 16 1 7 Connect Citrix ICA 225 16 1 8 Connect Power...

Страница 9: ...can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications Operation of this equipment in a resid...

Страница 10: ...nd information on this manual 2 Installation Details physical installation of the Console Server and the interconnection of controlled devices 3 System Configuration Describes the initial installation...

Страница 11: ...orts to control all the serial connected devices and network connected devices hosts II Users Embraces those who have been set up by the Administrator with specific limits on their access and control...

Страница 12: ...uration at the command line As an Administrator you can get command line access by connecting through a terminal emulator or communications program to the console serial port or by SSH or Telnet conne...

Страница 13: ...procedure Bold text indicates text that you type or the name of a screen object e g a menu or button on the Management Console Italic text is also used to indicate a text command to be entered at the...

Страница 14: ...Port USB Port Modem Power B096 048 48 2 1 1 Internal Dual AC Universal Input B096 016 16 2 1 1 Internal Dual AC Universal Input B092 016 16 1 1 KVM 4 Single AC Universal Input B095 004 1E 4 1 1 1 Exte...

Страница 15: ...blue Connector DB9F RJ45S straight and DB9F RJ45S cross over AC power cable Quick Start Guide and CD ROM Unpack your Console Server and verify you have all the parts shown above and that they all appe...

Страница 16: ...h The B096 048 16 Console Server Management Switch has dual universal AC power supplies with auto failover built in These power supplies each accept AC input voltage between 100 and 240 VAC with a fre...

Страница 17: ...network that supports 10Base T 100Base T For the initial configuration of the Console Server you must connect a computer to the Console Server s principal network port 2 4 Serial Port Connection The...

Страница 18: ...e KVM Connection B092 016 only B092 016 Console Server with PowerAlert can be connected directly to a rackmount console such as B021 000 17 or B021 019 by Tripp Lite to provide direct local management...

Страница 19: ...nsole Server Note For initial configuration it is recommended that the Console Server be connected directly to a single computer However if you choose to connect your LAN before completing the initial...

Страница 20: ...with a MAC address 00 13 C6 00 02 0F designated on the label on the bottom of the unit and we are setting its IP address to 192 168 100 23 The computer issuing the arp command must be on the same net...

Страница 21: ...work settings on the System IP page Chapter 3 3 Configure port settings and enable the Serial Network Serial Port page Chapter 4 4 Configure users with access to serial ports on the Serial Network Use...

Страница 22: ...2 Administrator Password For security reasons only the administration user named root can initially log into your Console Server Only those people who know the root password can access and reconfigur...

Страница 23: ...ssword Note If you are not confident your Console Server has been supplied with the current release of firmware you can upgrade Refer to Upgrade Firmware Chapter 10 3 3 Network IP Address It is time t...

Страница 24: ...dress By default the Console Server 10 100 LAN port auto detects the Ethernet connection speed However you can use the Media menu to lock the Ethernet to 10 Mb s or 100Mb s and to Full Duplex FD or Ha...

Страница 25: ...ection of access protocols that can be used to access the Console Server The factory default enables HTTPS and SSH access to the Console Server and disables HTTP and Telnet The User can also use the n...

Страница 26: ...rnet HTTP Allows the Administrator basic browser access to the Management Console It is recommended that you disable the HTTP service if the Console Server is to be remotely accessed over the Internet...

Страница 27: ...The default TCP IP base port address for Telnet access is 2000 and the range for Telnet is IP Address Port 2000 serial port i e 2001 2048 So if the Administrator were to set 8000 as a secondary base...

Страница 28: ...s software for all communications with Console Servers Each Console Server is supplied with an unlimited number of SDT Connector licenses to use with that Console Server SDT Connector is a lightweight...

Страница 29: ...similarly simple but you need to use the default port 23 3 5 3 SSHTerm Another common communications package that may be useful is SSHTerm This is an open source package that can be downloaded from h...

Страница 30: ...Management Switch as a Management LAN Gateway The Management Switch in the B096 048 016 Console Servers can be configured to provide a management LAN gateway With this configuration the B096 048 016 p...

Страница 31: ...ncipal Network connection on the System IP menu The B096 048 016 Console Server Management Switches also host a DHCP server which by default is set at disabled The DHCP server enables the automatic di...

Страница 32: ...ds The lease time is the time that a dynamically assigned IP address is valid before the client must request it again Click Apply The DHCP server will sequentially issue IP addresses from a specified...

Страница 33: ...ver Interface to be used in the event of an outage on the main network This can be o an alternate broadband Ethernet connection or o the B096 048 016 internal modem or o an external serial modem ISDN...

Страница 34: ...VirtualPort windows client Managed Devices presents a consolidated view of all the connections version 3 0 firmware and later IPSec enabling VPN connection version 3 0 firmware and later 4 1 Configuri...

Страница 35: ...available for each serial port These are independent of the mode in which the port is being used These serial port parameters must be set so they match the serial port parameters on the device which i...

Страница 36: ...t Console Server Mode to enable remote management access to the serial console that is attached to the serial port Logging Level This specifies the level of information to be logged and monitored refe...

Страница 37: ...nneled from their client computers to the serial port on the Console Server with a simple point and click To use SDT Connector to access consoles on the Console Server serial ports configure the SDT C...

Страница 38: ...T Connector with the Console Server as a gateway then as a host and enable SSH service on Port 3000 serial port i e 3001 3048 refer to Chapter 6 You can also use common communications packages like Pu...

Страница 39: ...nticated Telnet enables Telnet access to the serial port without requiring the user to provide credentials When a user accesses the Console Server to Telnet to a serial port they are normally given a...

Страница 40: ...terruptible Power Supply UPS serial Remote Power Controller Power Distribution Unit RPC or Environmental Monitoring Device EMD Select the desired Device Type UPS RPC or EMD Proceed to the appropriate...

Страница 41: ...and then transported over a network to a second Console Server where it is then represented as serial data So the two Console Servers effectively act as a virtual serial cable over an IP network One...

Страница 42: ...enable logging of traffic on the selected serial port to a syslog server and to appropriately sort and action those logged messages i e redirect them send alert email etc For example if the computer a...

Страница 43: ...trator can reconfigure the access services for any Host or serial port only trusted users should have Administrator access Note For convenience the SDT Connector Retrieve Hosts function retrieves and...

Страница 44: ...Group Add a Group name and Description for each new Group then nominate Accessible Hosts and Accessible Ports to specify the serial ports and hosts you wish any users in this new Group to be able to a...

Страница 45: ...Groups in which case they take on the cumulative access privileges of each of those Groups A user does not have to be a member of any Groups but if the User is not even a member of the default user g...

Страница 46: ...ices will be port forwarded through to the Host All other services TCP UDP ports will be blocked If the Console Server has been configured with distributed Nagios monitoring enabled then you will also...

Страница 47: ...e new rule is to be applied to Then enter the Network Address of the subnet to be permitted access Then specify the range of addresses that are to be permitted by entering a Network Mask for that perm...

Страница 48: ...arge number of serial ports up to 1000 can be configured and accessed through one IP address and managed through the one Management Console One Console Server the Master controls other Console Servers...

Страница 49: ...keys will automatically be uploaded to the Master and connected Slaves 4 6 2 Manually Generate and Upload SSH Keys Alternately if you have a RSA or DSA key pair you can manually upload them to the Ma...

Страница 50: ...nd upload it to Slave s SSH Authorized Key Click Apply The next step is to Fingerprint each new Slave Master connection This once off step will validate that you are establishing an SSH session with t...

Страница 51: ...l the Slaves and the port numbers that have been allocated on the Master If the Master Console Server has 16 ports of its own then ports 1 16 are pre allocated to the Master So the first Slave added w...

Страница 52: ...ration changes are propagated from the Master Similarly the Slave s Network Host and IPMI settings have to be configured at each Slave Also the Master s Management Console provides a consolidated view...

Страница 53: ...stallation process Read the License Agreement then follow the prompts to select the destination path and choose the shortcuts you wish to create Once the installer completes you will have a working Vi...

Страница 54: ...ed to enable SSL TLS encryption of the data going to the port You will need to enter a Password Select the starting COM port COM1 to COM4096 Specify the number of ports you want to add Sequential port...

Страница 55: ...ackets option tests if the TCP connection is still up when no data has been sent for a while This is done by sending keep alive messages Select this option and specify a period of time in milliseconds...

Страница 56: ...baud rate configured by the local Application using the COM port 4 7 3 To Remove a Configured Port At any stage you can delete a single configured COM port or delete the Console Server connection and...

Страница 57: ...USB connected IP address if network connected Power PDU outlet details if applicable and any UPS connections Many Devices such as servers will commonly have more than one power connections e g dual p...

Страница 58: ...draws power from the outlet the outlet will then take up the name of the powered Managed Device To add a new serially connected Managed Device Configure the serial port using the Serial Network Seria...

Страница 59: ...the outlet names on the PDU will by default be Outlet 1 Outlet 2 When you connect a particular Managed Device that draws power from the outlet the outlet will then take up the name of the powered Man...

Страница 60: ...Console Server configuration for dial in PPP access Once the Console Server is so configured it will wait for an incoming connection from a dial in at a remote site Then remote Administrator s must b...

Страница 61: ...d rate and flow control using the Management Console You can further configure the console modem port settings by editing etc mgetty config files as described in Chapter 14 Select the Baud Rate and Fl...

Страница 62: ...ot recommended PAP Password Authentication Protocol PAP is the usual method of user authentication used on the internet sending a username and password to a server where they are compared with a table...

Страница 63: ...r modem Enter the PPP User Name and Password for have set up for the Console Server 5 1 4 Set Up Earlier Windows Clients for Dial In For Windows 2000 the PPP client set up procedure is the same as abo...

Страница 64: ...er PPP link as the default for Internet connection 5 2 OoB Broadband Access B096 048 016 only The B096 048 016 Console Server Management Switch has a second Ethernet network port that can be configure...

Страница 65: ...ce menu select Management LAN eth1 as the Failover Interface to be used when a fault has been detected with main Network Interface eth0 Specify the Probe Addresses of two sites the Primary and Seconda...

Страница 66: ...anagement network When configuring the principal network connection in System IP specify Internal Modem or the Dial Serial DB9 if using an external modem on the Console port as the Failover Interface...

Страница 67: ...67...

Страница 68: ...inistrator s computer It is recommended that you use the SDT Connector client software supplied with the Console Server to do this SDT Connector is simple to install and it auto configures It provides...

Страница 69: ...ked Note Following are some of the TCP Ports used by SDT in the Console Server 22 SSH All SDT Tunneled connections 23 Telnet on local LAN forwarded inside tunnel 80 HTTP on local LAN forwarded inside...

Страница 70: ...edit command search for SDT Connector and then remove the directory with this name For Linux and other Unix clients SDTConnector tar gz application will install the sdtcon 1 n jar and the config file...

Страница 71: ...or select the File New Gateway menu option Enter the IP or DNS Address of the Console Server and the SSH port that will be used typically 22 Note If SDT Connector is connecting to a remote Console Ser...

Страница 72: ...rst be set up on the Console Server and must be authorized to access the specific ports hosts refer to Chapter 5 Only these permitted services will be forwarded through by SDT to the Host All other se...

Страница 73: ...user i e they can be members of user or admin or some other group or no group SDT Connector will however not auto configure the root and it is recommended that this account is only used for initial co...

Страница 74: ...s routers etc at that site 6 2 5 Manually Adding Hosts to the SDT Connector Gateway For each gateway you can manually specify the network connected hosts that will be accessed through that Console Ser...

Страница 75: ...on options are pre configured in the default SDT Connector RDP client VNC client HTTP browser HTTPS browser Telnet client etc However if you wish to add new client applications to this range then proc...

Страница 76: ...rom localhost Enter a local TCP port to bind to when creating the local endpoint of the redirection If this is left blank a random port will be selected Note SDT Connector can also tunnel UDP services...

Страница 77: ...command line format When launching the client SDT Connector substitutes these keywords with the appropriate values path is path to the executable file i e the previous field host is the local address...

Страница 78: ...PP Access section in Chapter 5 Configuring Dial In Access Set up the PPP client software at the remote User computer following the Set up the remote Client section in Chapter 5 Once you have a dial in...

Страница 79: ...tion and then forwarding the RDP port over this SSH connection using the PuTTY client software Under the Session tab enter the IP address of the Console Server in the Host Name or IP address field For...

Страница 80: ...label 3389 For example if the Label you specified on the SDT enabled serial port on the Console Server is win2k3 then specify the remote host as win2k3 3389 Alternately you can set the Destination as...

Страница 81: ...d enterprise VPN connected Client computers using SSH as above This will protect against the risk of the man in the middle attacks to which RDP has a vulnerability http www securiteam com windowsntfoc...

Страница 82: ...g on one of the ports which VNC uses Tunneling VNC over a SSH connection ensures all traffic is strongly encrypted Also no VNC port is ever open to the internet so anyone scanning for open VNC ports w...

Страница 83: ...agement Console and or click SSH or Telnet to access the gateway command line console Note To enable SDT access to the gateway console you must now configure the Console Server to allow port forwarded...

Страница 84: ...nes of Loopback ports or Local serial ports Click OK Click Serial Port 2 icon for Telnet access to the serial console on the device attached to serial port 2 on the gateway To enable SDT Connector to...

Страница 85: ...vity is provided by a dial up or wireless modem directly attached to the gateway So out of band access enables you to access the hosts and serial devices on the network diagnose any connectivity issue...

Страница 86: ...Out of Band Connection wait min rasdial network_connection disconnect The network_connection in the above is the name of the network connection as displayed in Control Panel Network Connections To sto...

Страница 87: ...ool You may use RSA or DSA however it is important that you leave the passphrase field blank PuTTYgen http www chiark greenend org uk sgtatham putty download html OpenSSH http www openssh org OpenSSH...

Страница 88: ...ed and encrypted tunnel SDT with RDP also allows remote Users to connect to Windows XP Vista Windows 2003 computers and to Windows 2000 Terminal Servers and to have access to all of the applications f...

Страница 89: ...a single computer When the remote user connects to the accessed computer on the console session Remote Desktop automatically locks that computer so no other user can access the applications and files...

Страница 90: ...then you would enter 192 168 0 50 7303 Where there is an SSH tunnel over a dial up PPP connection or over a public internet connection or private network connection simply enter the localhost as the I...

Страница 91: ...older Windows platforms to remotely connect to a computer running Windows XP Professional or Windows 2003 Server B On a Linux or UNIX client computer Launch the open source rdesktop client rdesktop u...

Страница 92: ...urce untar configure make make then install rdesktop currently runs on most UNIX based platforms with the X Window System and can be downloaded from http www rdesktop org C On a Macintosh client Downl...

Страница 93: ...ows server allowing you to view the desktop of a remote Windows machine on any of these platforms using exactly the same viewer RealVNC was founded by members of the AT T team who originally developed...

Страница 94: ...onfigure and Connect the VNC Viewer VNC is truly platform independent so a VNC Viewer on any operating system can connect to a VNC Server on any other operating system There are Viewers and Servers fr...

Страница 95: ...the VNC Host computer is serially connected to the Console Server then enter the IP address of the Console Server unit with the TCP port that the SDT tunnel will use The TCP port will be 7900 plus th...

Страница 96: ...ground on VNC http en wikipedia org wiki VNC 6 10 Using SDT to IP Connect to Hosts that are Serially Attached to the Gateway Network IP protocols like RDP VNC and HTTP can also be used to connect to h...

Страница 97: ...rk Connections in Control Panel and click the New Connection Wizard Select Set up an advanced connection and click Next On the Advanced Connection Options screen select Accept Incoming Connections and...

Страница 98: ...CP IP addresses on the Incoming TCP IP Properties screen Nominate a From and a To TCP IP address and click Next Note You can choose any TCP IP addresses as long as they are addresses which are not use...

Страница 99: ...fault Password is portXX So to use the defaults for an RDP connection to the serial port 2 on the Console Server you would have set up a Windows user named port02 When the PPP connection has been set...

Страница 100: ...hich will enable port forwarding and SSH tunneling and enter a Username and User Password Note When you enable SDT this will override all other Configuration protocols on that port Note If you leave t...

Страница 101: ...add a New SDT Host In the Host address you need to put portxx where xx the port to which you are connecting Example for port 3 you would have a Host Address of port03 and then select the RDP Service c...

Страница 102: ...mental monitors UPS and PDU devices The Console Servers can also log access and communications with network attached hosts If port logs are to be maintained on a remote server then the access path to...

Страница 103: ...authentication Similarly you can specify the Subject Line that will be sent with the email Click Apply to activate SMTP 7 1 2 SMS Alerts The Console Server uses email to SMS services to send SMS alert...

Страница 104: ...age which is contained in full in the body of the email However some SMS gateway service providers require blank subjects or require specific authentication headers to be included in the subject line...

Страница 105: ...10 7 2 Activate Alert Events and Notifications The Alert facility monitors the status of the Console Server and connected devices When an alert event is triggered a notification is emailed to a nomin...

Страница 106: ...y the alert service that will be used to send notification for this event who to notify and what port host device is to be monitored At Add a New Alert enter a Description for this new alert Nominate...

Страница 107: ...serial and or Applicable Host s and or Applicable UPS es and or Applicable RPC s and or Applicable EMD s and or Applicable Alarm Sensor s that are to be monitored for this alert trigger 7 2 2 Select G...

Страница 108: ...etails on selecting and configuring this alert type 7 2 3 Configuring Environment and Power Alert Type This alert type will be applied to any UPS s RPC s and EMD temperature and humidity sensors you h...

Страница 109: ...or open sensor you may not wish to activate the sensor alert monitoring during the working day Click Apply 7 3 Remote Log Storage Before activating Serial or Network Port Logging on any port or UPS lo...

Страница 110: ...t to be logged Specify the Logging Level of for each port as Level 0 Turns off logging for the selected port Level 1 Logs all connection events to the port Level 2 Logs all data transferred to and fro...

Страница 111: ...e used you also must set up the level of logging that is to be maintained for each service Specify the logging level that is to be maintained for that particular TDC UDP port service on that particula...

Страница 112: ...dded PowerMan and NUT open source management tool RPC s include power distribution units PDU s and IPMI power devices 8 1 1 RPC Connection Serial and network connected RPC s must first be connected to...

Страница 113: ...d access privileges you will have configured in Serial Networks Users Groups Check Log Status and specify the Log Rate minutes between samples if you wish the status from this RPC to be logged These l...

Страница 114: ...the Status RPC Status menu A table with the summary status of all connected RPC hardware will be displayed Click on View Log or select the RPC Logs menu You will be presented with a table of the histo...

Страница 115: ...al or USB cable or by the network to the Console Server The Console Server becomes the Master of this UPS and runs a upsd server to allow other computers that are drawing power through the UPS Slaves...

Страница 116: ...PS and in the Serial Network Network Hosts menu for each network connected UPS refer to Chapter 4 No such configuration is required for USB connected UPS hardware Select the Serial Network UPS Connect...

Страница 117: ...login credentials are not related to the Users and access privileges you will have configured in Serial Networks Users Groups If you have multiple UPSs and require them to be shut down in a specific...

Страница 118: ...de an opportunity to perform any last gasp actions before power is lost during a power failure This is achieved by placing a script in etc config scripts ups shutdown You may use the etc scripts ups s...

Страница 119: ...ct to the Console Server Refer to the NUT documentation for details on how this is done specifically sections 13 5 to 13 10 http eu1 networkupstools org doc 2 2 0 INSTALL html An example upsmon conf e...

Страница 120: ...rmation on the select UPS system Click on any particular All Data for any UPS system in the table for more status and configuration information on the select UPS system Select UPS Logs and you will be...

Страница 121: ...rs that draw power through the UPS i e Slaves of the UPS to shutdown gracefully when the battery power reaches critical Additionally one server is designated the Master of the UPS and is responsible f...

Страница 122: ...l B090 EMD can be connected to any Console Server serial port and each Console Server can support multiple EMD s Each EMD has one temperature and one humidity sensor and one general purpose status sen...

Страница 123: ...feet 10meters in length Tripp Lite N002 series cables Screw the bare wires on any smoke detector water detector vibration sensor open door sensor or general purpose open close status sensors into the...

Страница 124: ...y the Log Rate minutes between samples if you wish the status from this EMD to be logged These logs can be views from the Status Environmental Status screen Click Apply 8 3 2 Environmental Alerts You...

Страница 125: ...menu and a table with the summary status of all connected EMD hardware will be displayed Click on View Log or select the Environmental Logs menu and you will be presented with a table and graphical p...

Страница 126: ...ole using HTTPS and using OpenSSL and OpenSSH to establish a secure Administration connection to the Console Server 9 1 Authentication Configuration Authentication can be performed locally or remotely...

Страница 127: ...ssed Select Serial and Network Authentication and check TACAS or LocalTACACS or TACACSLocal or TACACSDownLocal Enter the Server Address IP or host name of the remote Authentication Authorization serve...

Страница 128: ...whenever the Console Server or any of its serial ports or hosts is accessed Select Serial and Network Authentication and check RADIUS or LocalRADIUS or RADIUSLocal or RADIUSDownLocal Enter the Server...

Страница 129: ...erial ports or hosts is accessed Select Serial and Network Authentication and check LDAP or LocalLDAP or LDAPLocal or LDAPDownLocal Enter the Server Address IP or host name of the remote Authenticatio...

Страница 130: ...ges Example 1 User A is locally added and has access to ports 1 and 2 He is also defined on a remote TACACS server which says he has access to ports 3 and 4 The user may log in with either his local o...

Страница 131: ...be added as required Changes may be made to files in etc config pam d which will persist even if the authentication configurator is run Users added on demand When a user attempts to log in but does no...

Страница 132: ...nt Console Activate your preferred browser and enter https IP address For example if the Console Server has been set up with an IP address of 200 122 0 12 you need to type https 200 122 0 12 in your a...

Страница 133: ...erver is embedded during testing and is not signed by a recognized third party certificate authority Rather it is signed by our own signing authority These warnings do not affect the encryption protec...

Страница 134: ...are already familiar with Nagios skip ahead to section 10 3 10 1 Nagios Overview Nagios provides central monitoring of the hosts and services in your distributed network Nagios is freely downloadable...

Страница 135: ...ient PC laptop etc running Windows Linux or Mac OS X Runs Tripp Lite SDT Connector client software 1 5 0 or later Connect to the central Nagios server web UI to view status of monitored hosts and seri...

Страница 136: ...t of a network router and to send alerts back to the Nagios server when an administrator connects to the router or IIS server While this walk through provides an example details of the configuration o...

Страница 137: ...enable logging Scroll down to Nagios Settings and check Enable Nagios Click New Check and select Check Ping Click check host alive Click New Check and select Check Permitted TCP Select Port 3389 Clic...

Страница 138: ...ributed monitoring Nagios integration must be enabled and a path established to the central upstream Nagios server If the Console Server is to periodically report on Nagios monitored services then the...

Страница 139: ...e IP address or DNS name that the Console Server will use to reach the upstream Nagios monitoring server Check the Disable SDT Nagios Extensions option if you wish to disable the SDT Connector integra...

Страница 140: ...eds or thousands of hosts To enable NRPE Select System Nagios and check NRPE Enabled Enter the details for the user connection to the upstream Nagios monitoring server Again refer to the sample Nagios...

Страница 141: ...Nagios configuration section below for some examples of configuring specific NSCA checks 10 3 4 Configure Selected Serial Ports for Nagios Monitoring The individual Serial Ports connected to the Cons...

Страница 142: ...is to be monitored must also be configured for Nagios checks Select Serial Network Network Port and click Edit on the Network Host to be monitored Select Enable Nagios specify the name of the device a...

Страница 143: ...tion http www nagios org docs for configuring the upstream server The section entitled Distributed Monitoring steps through what is needed to configure NSCA on the upstream server under Central Server...

Страница 144: ...tation http www nagios org docs on Service and Host Freshness Checks Host definitions Console Server define host use generic host host_name tripplite alias Console Server address 192 168 254 147 Manag...

Страница 145: ...me server dependent_service_description Serial Status service_description NRPE Daemon execution_failure_criteria w u c Port Log define command command_name check_port_log command_line USER1 check_nrpe...

Страница 146: ...ripplite define service service_description host ping server host_name server use generic service check_command check_ping_via_tripplite active_checks_enabled 0 passive_checks_enabled 1 define service...

Страница 147: ...of a connected host or service This status is then communicated to the upstream Nagios server which uses the results to monitor the current status of the distributed network Each Console Server is pre...

Страница 148: ...ck_swap check_tcp check_time check_udp check_ups check_users There also are bash scripts which can be downloaded and run primarily check_log sh To configure additional checks the downloaded plug in pr...

Страница 149: ...hapter 5 Configuring the Dashboard B095 004 003 only Chapter 12 11 1 System Administration and Reset The Administrator can reboot or reset the Console Server to default settings A soft reset is perfor...

Страница 150: ...e root Password default 11 2 Upgrade Firmware Before upgrading check if you are already running the most current firmware in your Console Server Your Console Server will not allow you to upgrade to th...

Страница 151: ...sole Your Console Server will have retained all its pre upgrade configuration information 11 3 Configure Date and Time It is recommended that you set the local Date and Time in the Console Server as s...

Страница 152: ...box and click Apply 11 4 Configuration Backup B095 004 003 only It is recommended that you back up the Console Server configuration whenever you make significant changes such as adding new Users or M...

Страница 153: ...ternal USB flash drive installed To backup and restore using USB Ensure the USB flash is the only USB device attached to the Console Server and click Prepare Storage in the Local Configuration Backup...

Страница 154: ...le system on the first partition or the entire disk most USB thumb drives are already formatted this way o The file system must have the volume label OPG_DEFAULT o Insert this USB storage device into...

Страница 155: ...ations with your browser are validated When reconnected it will display FIPs mode Enabled in the banner Note To enable FIPS mode from the command line login and run these commands config s config syst...

Страница 156: ...Access and Active Users The Administrator can see which Users have access privileges to each serial port Select the Status Port Access The Administrator can also see the current status to identify wh...

Страница 157: ...ure you include the Support Report with your email support request The Support Report should be generated when the issue is occurring and attached in plain text format Select the Status Support Report...

Страница 158: ...d Specify the Match Pattern that is to be searched for e g the search for Mount is shown below and click Apply The Syslog will then be represented with only those entries that actually include the spe...

Страница 159: ...n users other than root log into the Console Server If you log in as John and John is a member of the admin group and there is a dashboard layout configured for John then you will see the dashboard fo...

Страница 160: ...scans all these files and displays a summary status in the alerts widget When an alert is deleted the corresponding XML files that belong to that alert are also deleted To configure what is to be disp...

Страница 161: ...t The best way to format the output would be to send HTML commands back to the browser by adding echo commands in the script echo table You can of course run any command and its output will be display...

Страница 162: ...connected Serial devices Network Hosts and Power devices Select Manage Devices By selecting the Serial Network Power item the display will be reduced to only those devices The user can take a range o...

Страница 163: ...the connected power devices Select Manage Power 13 4 Serial Port Terminal Connection Administrator and Users can communicate directly with the Console Server command line and with devices attached to...

Страница 164: ...rver must be added as a gateway as detailed in Chapter 6 The alternative to using SDT Connector and your local Telnet client is to download the open source jcterm java terminal applet into your browse...

Страница 165: ...1 To access Port 4 this must be changed to 3004 for the Username 13 5 Remote Console Access B092 016 only Administrator and Users can also connect to the B092 016 Console Server with PowerAlert remot...

Страница 166: ...166...

Страница 167: ...erial Port Settings Supported Protocol Configuration Users and Trusted Networks Event Logging Configuration Remote Serial Port Log Storage and Alert Configuration The config documentation in this chap...

Страница 168: ...8 0 1 by default Log on to the Console Server by pressing return a few times The Console Server will request a username and password Enter the username root and the password default You should now see...

Страница 169: ...ult file is located at etc config config xml r run configurator Run the specified registered configurator Registered configurators are listed below s set id value Change the value of configuration ele...

Страница 170: ...following command will synchronize the live system with the new configuration bin config run systemsettings The Console Server does not store user passwords in plain text so when manually setting the...

Страница 171: ...the following command will save this new system time to the hardware clock bin hwclock systohc Alternately to change the hardware clock time you need to issue the following commands bin hwclock set d...

Страница 172: ...c DHCP To enable a DHCP client on the primary Network interface eth0 from the Console Server command line bin config set config interfaces wan mode dhcp The following command will then synchronize the...

Страница 173: ...the live system with the new configuration bin config run ipconfig 14 4 2 Dial In Configuration To enable dial in access on the DB9 serial port from the command line with the following attributes Loca...

Страница 174: ...l in access please note that the procedure for enabling start up messages on the console port is covered in Chapter 15 Accessing the Console Port 14 4 3 Services Configuration You can manually enable...

Страница 175: ...port configuration bin config set config ports port5 speed 115200 bin config set config ports port5 parity None bin config set config ports port5 charsize 8 bin config set config ports port5 stop 1 b...

Страница 176: ...onfiguration bin config run serialconfig Note bin config commands can be combined into one command for convenience 14 5 3 Users You can add a User to the system from the command line by performing the...

Страница 177: ...the following Determine the total number of existing trusted network rules If you have no existing rules you can assume this is 0 bin config get config portaccess total This command should display con...

Страница 178: ...bin config set config eventlog server address 192 168 0 254 bin config set config eventlog server path tripplite logs bin config set config eventlog server username cifs_user bin config set config eve...

Страница 179: ...o issue the following commands Assuming you have 1 previous alert in place bin config set config alerts alert2 email alert1 domain com bin config set config alerts alert2 pattern 0 0 id bin config set...

Страница 180: ...00 Box description users total 1 total user1 John user1 users tcpports tcpport1 23 tcpport1 tcpports host3 hosts sdt config 14 8 Configuration Backup and Restore Before backing up the configuration yo...

Страница 181: ...p config e tmp xxxxx config scp tmp xxxxx config 192 168 0 2 backups The config command is also used to restore a backup config i Input File This will extract the contents of the previously created ba...

Страница 182: ...ww fsf org copyleft gpl html and source code will provided for any of the components of the Software licensed under the GNU General Public License upon request The Console Servers are built on the 2 4...

Страница 183: ...route More details on the above Linux commands can found online at http en tldp org HOWTO HOWTO INDEX howtos html http www faqs org docs Linux HOWTO Remote Serial Console HOWTO html http www stokely c...

Страница 184: ...rts Raw data access to the ports and modems This chapter also describes details how to perform advanced and custom management tasks using Linux commands and script iptables modifications and updating...

Страница 185: ...scape commands that tip cu support For SSH you must prefix the escape with an additional command i e use the escape Send Break Typing the character sequence b will generate a BREAK on the serial port...

Страница 186: ...linux db man fname usr share catman man8 chat 8 html pmusers The pmusers command is used to query the portmanager for active user sessions Example To detect which users are currently active on which...

Страница 187: ...l to the portmanager will cause it to reread its configuration file 15 2 External Scripts and Alerts The portmanager has the ability to execute external scripts on certain events These events are I Wh...

Страница 188: ...art sh exists it is run when a user connects to a port It is provided with 2 arguments the Port number and the Username Here is a simple example etc config pmshell start sh bin sh PORT 1 USER 2 echo W...

Страница 189: ...ands in etc config scripts portXX init which gets run whenever portmanager opens the port Otherwise any setup you do with stty will get lost when the portmanager opens the port The reason that portman...

Страница 190: ...es the iptables utility to provide a stateful firewall of LAN traffic By default rules are automatically inserted to allow access to enabled services and serial port access via enabled protocols The c...

Страница 191: ...0 will be accepted when this script is installed at etc config filter custom Note that when this script is called any preexisting chains and rules have been flushed from iptables bin sh Set default p...

Страница 192: ...ormation and or performs the requested operation s and returns the information to the sender This includes built in support for a wide range of MIB information modules and can be extended using dynami...

Страница 193: ...fig Log in to the Console Server s command line shell as root or an admin user Refer back to the Management Console UI or user documentation for descriptions of each field To set the Manager Protocol...

Страница 194: ...e Shell SSH Public Key Authentication This section covers the generation of public and private keys in a Linux and Windows environment and configuring SSH for public key authentication The steps to us...

Страница 195: ...sshd_config o etc config ssh_config instead of etc ssh_config o etc config users username ssh instead of home username ssh 15 6 2 Generating Public Keys Linux To generate new SSH key pairs use the Li...

Страница 196: ...y to supply it as runtime Full documentation for the ssh keygen command can be found at http www openbsd org cgi bin man cgi query ssh keygen 15 6 3 Installing the SSH Public Private Keys Clustering F...

Страница 197: ..._keys If the Console Server device selected to be the server will only have one client device then the authorized_keys file is simply a copy of the public key for that device If one or more devices wi...

Страница 198: ...lient2 More documentation on OpenSSH can be found at http openssh org portable html http www openbsd org cgi bin man cgi query ssh sektion 1 http www openbsd org cgi bin man cgi query sshd 15 6 5 Gene...

Страница 199: ...eng download php To generate a SSH key using PuTTY http sourceforge net docs F02 clients Execute the PUTTYGEN EXE program Select the desired key type SSH2 DSA you may use RSA or DSA within the Parame...

Страница 200: ...is enabled Test the Public Key by logging in as testuser Test the Public Key by logging in as testuser to the client device and typing you should not need to enter anything ssh o StrictHostKeyChecking...

Страница 201: ...IS DOING SOMETHING NASTY Someone could be eavesdropping on you right now man in the middle attack It is also possible that the RSA host key has just been changed The fingerprint for the RSA key sent...

Страница 202: ...of the tunnel and upload these keys to the Server and Client gateways Client Keys The first step in setting up SSH tunnels is to generate keys Ideally you will use a separate secure machine to genera...

Страница 203: ...sa key pair Enter file in which to save the key home user ssh id_ rsa dsa Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in home user ssh id_ r...

Страница 204: ...rver and two sets of keys for the control_room and the plant_entrance ls home user keys control_room control_room pub plant_entrance plant_entrance pub cat home user keys control_room pub home user ke...

Страница 205: ...SSH client that SDT Connector launches e g Putty OpenSSH and the host s SSH server for public key authentication 15 7 Secure Sockets Layer SSL Support Secure Sockets Layer SSL is a protocol developed...

Страница 206: ...ng steps to replace the default SSL Certificate and Private Key with ones tailored for your new address 1 Generating an Encryption Key To create a 1024 bit RSA key with a password issue the following...

Страница 207: ...scp ssl_cert pem root address of unit etc config or using PSCP pscp scp ssl_key pem root address of unit etc config pscp scp ssl_cert pem root address of unit etc config PuTTY and the PSCP utility can...

Страница 208: ...y 15 9 1 PowerMan PowerMan provides power management in a data center or compute cluster environment It performs operations such as power on power off and power cycle via remote power controller RPC d...

Страница 209: ...fied only RPC s matching the target list are displayed T telemetry Causes RPC telemetry information to be displayed as commands are processed Useful for debugging device scripts x exprange Expand host...

Страница 210: ...username p Override the configured password on This action switches the specified device or outlet s ON off This action switches the specified device or outlet s OFF cycle This action switches the spe...

Страница 211: ...user can add their own support for more devices by putting definitions for them into etc config powerstrips xml This file can be created on a host system and copied to the Management Console device us...

Страница 212: ...sole Server includes the ipmitool utility for managing and configuring devices that support the Intelligent Platform Management Interface IPMI version 1 5 and version 2 0 specifications IPMI is an ope...

Страница 213: ...alled BMC and is included in Solaris 10 Management of a remote station requires the IPMI over LAN interface to be enabled and configured Depending on the particular requirements of each system it may...

Страница 214: ...o connect to Default is 623 P password Remote server password is specified on the command line If supported it will be obscured in the process list Note Specifying the password as a command line optio...

Страница 215: ...ers will be truncated For IPMI v2 0 the maximum password length is 20 characters longer passwords are truncated Commands help This can be used to get command line help on ipmitool commands It may also...

Страница 216: ...og file line by line Each time it sees LOGIN username it adds the username to the list of connected users for that port each time it sees LOGOUT username it removes it from the list The list can then...

Страница 217: ...that are connected Note The end of the Slaves names will be truncated so the first 5 characters must be unique Alternatively you can write a custom CGI script as described above The currently connecte...

Страница 218: ...s chapter provides instructions on configuring the thin clients and using them locally and remotely The thin clients can be controlled from the rack side using a direct monitor keyboard mouse connecte...

Страница 219: ...and update the commands that will be executed in connecting the service to the existing Host The sixteen serial ports are pre configured by default in Console Server mode for the B096 016 B096 048 Con...

Страница 220: ...on the selected serial port The embedded terminal emulator uses rxvt a color vt102 terminal emulator You can find more details on configuration options in http www rxvt org manual html 16 1 2 Connect...

Страница 221: ...logos are trademarks or registered trademarks of Sun Microsystems Inc in the U S and other countries 16 1 3 Connect VNC Select Connect VNC on the control panel and click on the VNC server Host to be a...

Страница 222: ...y right clicking on the VNC Viewer task Bar icon You can find more details on configuration options in http www realvnc com products free 4 1 man vncviewer html 16 1 4 Connect SSH SSH is typically use...

Страница 223: ...in http ipmitool sourceforge net manpage html The ipmitool program provides a simple command line interface to the BMCs and features the ability to read the sensor data repository SDR display the con...

Страница 224: ...anplus H hostname U username P password sel info 16 1 6 Connect Remote Desktop RDP Select Connect RDP on the control panel and click on the Windows computer to be accessed The rdesktop program in your...

Страница 225: ...name option Description a Color depth 8 16 24 r Device redirection i e Redirect sound on remote machine to local device i e 0 r sound MS Windows 2003 g Geometry widthxheight or 70 screen percentage p...

Страница 226: ...16 2 Advanced Control Panel 16 2 1 System Terminal Selecting System Terminal on the control panel logs you in at the command line to the B092 016 Linux kernel As detailed in Chapters 14 and 15 this en...

Страница 227: ...you cycle the power while the unit is writing to flash you could corrupt or lose data so the software Shutdown or Reboot from the control panel is the safer option 16 2 3 System Logout Clicking Syste...

Страница 228: ...or VMware virtual device on a remote server Each B092 016 gateway has an internal VNC server enabling remote administrators to oversee local activity and giving them the option to access and control a...

Страница 229: ...x 1 75 in 44 x 17 x 4 5 cm B095 004 B095 003 4 1x3 4x1 1 in 10 3 x 8 7 x 2 8 cm Weight B096 016 B096 048 11 8 lbs 5 4 kg B092 016 8 5 lb 3 9 kg B095 004 B095 003 2 2 lbs 1 0 kg Ambient operating temp...

Страница 230: ...ut The 16 48 RJ45 connectors on the B092 016 Console Server with PowerAlert and the B096 048 016 Console Server Management Switch have the following pinout PIN SIGNAL DEFINITION DIRECTION 1 CTS Clear...

Страница 231: ...16 Console Server with PowerAlert and the B096 048 016 Console Server Management Switch ship with a cross over and a straight RJ45 DB9 connector for connecting to other vendor s products O E DB9F RJ45...

Страница 232: ...end the Software 2 you may not reverse engineer decompile disassemble or modify the Software except and only to the extent that such activity is expressly permitted by applicable law notwithstanding t...

Страница 233: ...If any part of this EULA is held to be unenforceable as written it will be enforced to the maximum extent allowed by applicable law and will not affect the enforceability of any other part Should you...

Страница 234: ...conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions in binary form must reproduce the abov...

Страница 235: ...ed files to carry prominent notices stating that you changed the files and the date of any change b You must cause any work that you distribute or publish that in whole or in part contains or is deriv...

Страница 236: ...ot accept this License Therefore by modifying or distributing the Program or any work based on the Program you indicate your acceptance of this License to do so and all its terms and conditions for co...

Страница 237: ...ULD THE PROGRAM PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 12 IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER O...

Страница 238: ...y for reference purposes pursuant to the terms of your license Source code may not be redistributed unless expressly provided for in the terms of your license 4 Third Party Code Additional copyright n...

Страница 239: ...er must have transportation charges prepaid Mark the RMA number on the outside of the package If the product is within its warranty period enclose a copy of your sales receipt Return the product for s...

Страница 240: ...where prohibited Some restrictions apply See website for details WARNING Use of this equipment in life support applications where failure of this equipment can reasonably be expected to cause the fail...

Страница 241: ...ne like for like basis this varies depending on the country Send the new equipment back for recycling when this ultimately becomes waste Tripp Lite follows a policy of continuous improvement Product s...

Страница 242: ...Tripp Lite World Headquarters 1111 W 35th Street Chicago IL 60609 USA www tripplite com support 2 201001079 93 2879 EN...

Отзывы:

Нет отзывов