StarTech.com ECS0016GB manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation StarTech.com ECS0016GB. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel StarTech.com ECS0016GB ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation StarTech.com ECS0016GB décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation StarTech.com ECS0016GB devrait contenir:
- informations sur les caractéristiques techniques du dispositif StarTech.com ECS0016GB
- nom du fabricant et année de fabrication StarTech.com ECS0016GB
- instructions d'utilisation, de réglage et d’entretien de l'équipement StarTech.com ECS0016GB
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage StarTech.com ECS0016GB ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles StarTech.com ECS0016GB et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service StarTech.com en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées StarTech.com ECS0016GB, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif StarTech.com ECS0016GB, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation StarTech.com ECS0016GB. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    ECS0016 Enhanced Console Ser ver[...]

  • Page 2

    FCC Compliance Statement This equipment has been tested and found to comply with the limits for a Class B digital de- vice, pursuant to par t 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energ[...]

  • Page 3

    Instruction Manual i Instruction Manual T able of Contents Introduction .................................................................................... 1 Features ...................................................................................... 1 P ackage Contents ....................................................................... 1 I[...]

  • Page 4

    Instruction Manual ii Serial P ort and Network Host Configuration............................... 13 Configuring Serial Ports .............................................................. 13 Common Settings ........................................................................ 15 Console Server Mode .............................................[...]

  • Page 5

    Instruction Manual iii Setting up MetaConnect for Remote Desktop access ................ 61 Set up MetaConnect Serial P or ts on ECS0016 .......................... 62 SSH por t forw ard ov er the ECS0016 Serial P or t ......................... 63 Alerts and Logging ........................................................................ 64 Enable S[...]

  • Page 6

    Instruction Manual iv Status Reports ............................................................................... 85 P or t Access and Active Users ..................................................... 85 Statistics ...................................................................................... 86 Suppor t Repor ts .......................[...]

  • Page 7

    Instruction Manual v Raw Access to Serial P or ts ......................................................... 110 Access to Serial P or ts ................................................................. 110 Accessing the Console P or t ........................................................ 110 IP - Filtering ......................................[...]

  • Page 8

    Instruction Manual 1 Introduction Thank you f or purchasing a StarT ech.com Conyx ECS0016 Enhanced Console Server . This innov ativ e remote service management solution enables system administrators and netw ork managers to affordab ly moni- tor and control their computers, networks and connected serial devices remotely , from anywhere in the world[...]

  • Page 9

    Instruction Manual 2 Initial Conguration Unpack the ECS0016 kit and v erify you ha ve all of the parts indicated in the Pac kage Contents list shown on the previous page, and that the y all appear in good working order . If you are installing y our ECS0016 in a rac k, you will need to attach the rack-mounting br ack ets supplied with the unit, a[...]

  • Page 10

    Instruction Manual 3 Management Console Connection The ECS0016 is pre-configured with a default IP Address: 192.168.0.1 and Subnet Mask: 255.255.255.0 . Directly connect a PC or workstation to the ECS0016. T o configure the ECS0016 with a browser , the connected PC or workstation should have an IP address in the same range as the ECS0016 (e.g. 19[...]

  • Page 11

    Instruction Manual 4 ARPPing IP Address Assignment If it is not conv enient to change the PC/workstation network address, you can use the ARP-Ping command to reset the ECS0016 IP address. T o do this from a Windows PC: Click 1. Start > Run T ype 2. cmd in the text bo x provided and click OK to open the command line T ype 3. arp –d to flush th[...]

  • Page 12

    Instruction Manual 5 Y ou will be prompted to log in. Enter the def ault administration username and administration pass word: Username: r oot P assword: default A W elcome screen will appear , listing the f our basic installation configu- ration steps: After completing each of the steps listed, you can return to the configura- tion list by clic [...]

  • Page 13

    Instruction Manual 6 Administrator Passw ord For security reasons, only the Administr ator (the administration user named root) can initially log into your gate wa y; only those people who know the root pass word can access and reconfigure the ECS0016 gate- wa y itself . As such, it is impor tant that you enter and confirm a new pass word bef ore[...]

  • Page 14

    Instruction Manual 7 Network IP address Y ou now must enter an IP address f or the principal Ether net (LAN/Net- work/Network1) por t on the ECS0016 gatewa y , or enable its DHCP client so that it automatically obtains an IP address from a DHCP server on the network to which it is connected. On the System: IP menu : Select the 1. Network page then [...]

  • Page 15

    Instruction Manual 8 By default the ECS0016 LAN port auto detects the Ether net connection speed. Howe ver y ou can use the Media menu to loc k the Ethernet to 10 Mb/s or 100Mb/s and to Full Duplex (FD) or Half Duple x (HD). Click 4. Apply . Y ou will need to reconnect the browser on the PC / workstation that is connected to the ECS0016, by enterin[...]

  • Page 16

    Instruction Manual 9 HTTPS This ensures secure browser access to all of the Management Console menus. It also allows appropriately configured Users secure browser ac- cess to selected Management Console Manage menus. If you enab le HTTPS, the Administr ator will be able to use a secure browser connection to the ECS0016 gate wa y’ s Management Co[...]

  • Page 17

    Instruction Manual 10 There are also a number of related service options that can be configured at this stage: SNMP This will enable netsnmp in the gate wa y , which will keep a remote log of all posted information. SNMP is disabled by def ault. T o modify the default SNMP settings, the Administrator m ust make the edits at the command line. Ping [...]

  • Page 18

    Instruction Manual 11 Communications Soft ware Y ou have configured access protocols f or the Administrator client to use when connecting to the ECS0016. User clients (who you may set up later) will also use these protocols when accessing ECS0016 serial attached devices and netw ork attached hosts. Y ou will need to have appropriate communications[...]

  • Page 19

    Instruction Manual 12 MetaConnect is a Ja va client prog ram that couples the SSH tunneling protocol with popular access tools such as T elnet, SSH, HTTP , HTTPS, VNC, RDP , to provide point-and-click secure remote management access to all the systems and devices being managed. MetaConnect can be installed on Windows 2000, XP , 2003, Vista™ PCs a[...]

  • Page 20

    Instruction Manual 13 SSHT erm Another common communications package that ma y be useful is SSH- T erm, an open source package that can be downloaded from http://sourceforge .net/projects/sshtools T o use SSHT erm for an SSH terminal session from a Windo ws Client, you simply Select the File option and click on Ne w Connection A new dialog bo x wil[...]

  • Page 21

    Instruction Manual 14 Conguring Serial Ports T o configure the serial por t, you must first set the protocols and the RS232 parameters that are to be used f or the data connection to that por t (e.g. baud rate). Then you must select what mode the port is to operate in. Each por t can be set to suppor t one of five oper ating modes: I Console [...]

  • Page 22

    Instruction Manual 15 When you ha ve reconfigured the common settings and the mode f or • each por t, you set up an y remote syslog, then click Appl y Common Settings There are a number of common settings that can be set f or each serial por t, that are independent of the mode in which the por t is being used. These serial por t parameters mu[...]

  • Page 23

    Instruction Manual 16 Before proceeding with further serial por t configuration, you should • connect the por ts to the serial devices the y will be controlling, and ensure they ha ve matching settings Please Note that the serial por ts are all factory set to RS232 9600 baud, no parity , 8 data bits, 1 stop bit and Console Server Mode. The ba[...]

  • Page 24

    Instruction Manual 17 F rom Win2000/XP/NT , you can run telnet from the command prompt • (cmd.ex e) Y ou can also use standard communications packages like PuTTY to • set a direct T elnet (or SSH) connection to the ser ial por ts (see box below) Also , if the remote communications are being tunneled with • MetaConnect, then T elnet c[...]

  • Page 25

    Instruction Manual 18 SSH It is recommended that you use SSH as the protocol whereb y the User or Administrator connects to the ECS0016 gatew a y (or connects to the attached serial consoles) over the Internet (or any other pub lic network). This will provide authenticated SSH communications betw een the SSH client program on the remote user’ s P[...]

  • Page 26

    Instruction Manual 19 For a User named ‘Paul’ to access serial por t 2, when setting up the SSHT erm or the PuTTY SSH client, instead of typing user name = paul and ssh por t = 3002, the alternate is to type user name = paul:por t02 (or username = fred:ttyS1) and ssh por t = 22. Or , by typing user name=fred:serial and ssh por t = 22, the User [...]

  • Page 27

    Instruction Manual 20 RFC2217 also enables the serial por t to be tunneled to a remote ECS0016 client gatew ay , so two ser ial por t de vices can be transparently interconnect ov er a network. Accumulation P eriod By default, once a connection has been estab lished f or a particular ser ial por t (such as a RFC2217 redirection or T elnet connectio[...]

  • Page 28

    Instruction Manual 21 Data Carrier Detect (DCD) pin on the serial device being raised. When a connection is detected, the getty program issues a login: prompt, and then inv okes the login prog ram to handle the actual system login. Serial Bridging Mode Serial bridging is the encapsulation of ser ial data into network packets and the transport of th[...]

  • Page 29

    Instruction Manual 22 can also be configured to suppor t the remote syslog protocol on a per serial por t basis. Select the Syslog F acility/Pr iority fields to enable logging of traffic on • the selected serial por t to a syslog ser ver; and to appropriately sor t and action those logged messages (i.e. redirect them/ send aler t email etc.[...]

  • Page 30

    Instruction Manual 23 Select 1. Serial & Network: Users & Groups to displa y the configured Groups and Users Click 2. Add Group . Add a 3. Group name and Description f or each new Group, then select Accessible Hosts and Accessible P or ts to specify the serial por ts and hosts you wish an y Users in this new Group to be ab le to access. Cl[...]

  • Page 31

    Instruction Manual 24 The Administrator can also edit the Access settings f or any e xisting Us- ers. T o do so: Select 1. Serial & Network: Users & Groups Click 2. Edit for the User to be modified. Authentication For details on authentication, please ref er to the section titled Remote Authentication Configuration. Please note: There are[...]

  • Page 32

    Instruction Manual 25 Network Hosts T o access a locally networked computer or appliance (ref erred to as a Host) you must identify the netw ork connected Host, then specify the TCP or UDP por ts/services that will be used to control that Host. Selecting Serial & Network: Network Hosts presents all of the network connected Hosts that hav e been[...]

  • Page 33

    Instruction Manual 26 T rusted Networks The T r usted Networks utility provides the option to select specific IP addresses at which users (Administrators and Users) must be located, in order to hav e access to the ECS0016 serial por ts. T o add an address designation: Select 1. Serial & Network: T rusted Networks . T o add a new trusted networ[...]

  • Page 34

    Instruction Manual 27 Network IP Address : 204.15.5.128 Subnet Mask : 255.255.255.224 Click 6. Apply . The abov e T r usted Networks will limit access by Users and the Adminis- trator , to the ECS0016 ser ial por ts and network attached hosts, how e ver they do not restrict access by the Administr ator to the ECS0016 console server itself. T o chan[...]

  • Page 35

    Instruction Manual 28 Next, y ou must register the Public K ey as an A uthor ized K ey on the 5. Slav e. In the simple case with only one Master with multiple Slaves , you need only upload the one RSA or DSA pub lic ke y f or each Slav e. Please note: The use of ke y pairs can be confusing as in many cases one file (Public K ey) fulfills two role[...]

  • Page 36

    Instruction Manual 29 The next step is to Fingerprint each new Slav e-Master connection, which will authenticate you as a legitimate user f or the SSH session. On the first connection the Slav e will receiv e a fingerpr int from the Master which will be used on all future connections. T o establish the fingerprint, first log in the Master ser v[...]

  • Page 37

    Instruction Manual 30 of clustered console servers and the connected devices) Enter the full number of serial por ts on the Slav e unit in Number of 3. P or ts Click Apply . This will establish the SSH tunnel between the Master and 4. the new Sla ve The Serial & Network: Cascaded Ports menu displa ys all of the Slav es and the por t numbers tha[...]

  • Page 38

    Instruction Manual 31 next time the Master sends out a configur ation file update. Also , while the Master is in control of all Slav e ser ial por t related • functions, it is not Master ov er the Slave network host connections or ov er the Slav e console ser ver system itself . Slav e functions such as IP , SMTP & SNMP Settings, Date &a[...]

  • Page 39

    Instruction Manual 32 Remote Power Contr ol (RPC) The ECS0016 Management Console monitors and controls Remote P ower Control devices using the embedded P owerMan open source management tool. RPCs include power distribution units (PDUs) and IPMI power de vices. Serial PDUs invariab ly can be controlled using their command line console, so y ou could[...]

  • Page 40

    Instruction Manual 33 Select the Serial & Network: RPC Connections men u. This will display 3. all the RPC connections that hav e already been configured. Click Add RPC . 4. Enter a RPC Name and Description for the RPC . 5. In “Connected Via” select the pre-configured serial por t or the network 6. host address that connects to the RPC. S[...]

  • Page 41

    Instruction Manual 34 Enter the Username and Pass word used to login into the RPC (Note 8. that these login credentials are not related the Users and access privileges you will hav e configured in Serial & Networks: User s & Groups ). Check Log Status and specify the Log Rate (minutes betw een 9. samples) if you wish the status from this R[...]

  • Page 42

    Instruction Manual 35 Click on View Log or select the 2. RPCLogs menu and you will be presented with a table of the history and detailed graphical inf ormation on the select RPC Click 3. Manage to query or control the individual power outlet. This will take y ou to the Manage: P ower screen User P ower Management The P ower Manager enables both Use[...]

  • Page 43

    Instruction Manual 36 The outlet status is display ed and y ou can initiate the desired Action to be taken b y selecting the appropriate icon: P ower ON P ower OFF P ower Cycle P ower Status Y ou will only be presented with icons for those operations that are suppor ted by the T arget you hav e selected. Uninterruptible Power Supply Contr ol (UPS) [...]

  • Page 44

    Instruction Manual 37 The console server may or ma y not be drawing power through the Managed UPS (see the Configure UPS powering the console server section below). When the UPS’ s batter y power reaches critical, the console ser ver signals and waits f or slav es to shutdown, then powers off the UPS . Serial and network connected UPSes must fi[...]

  • Page 45

    Instruction Manual 38 Enter a 4. UPS Name and Description (optional) and the select if the UPS will be Connected Via USB or over pre-configured serial por t or via HTTP/HTTPS ov er the preconfigured network Host connection Enter the UPS login details. This Username and Pass word is used by 5. slav es of this UPS (i.e. other computers that are dra[...]

  • Page 46

    Instruction Manual 39 positive n umber , or -1. 0s are shut do wn first, then 1s, 2s , etc. -1s are not shut down at all. Defaults to 0 Select the Driver that will be used to communicate with the UPS . 7. The drop down menu presents full selection of driv ers from the latest Network UPS T ools (NUT version 2.2.0) and additional information on comp[...]

  • Page 47

    Instruction Manual 40 If the ECS0016 is drawing po wer through a Managed UPS that has already been configured, select Local, enter the Managed UPS Name and check Enab led. The ECS0016 continues to be the master of this UPS. If the UPS that powers the console server is not a Managed UPS f or that console server , then then console server can still [...]

  • Page 48

    Instruction Manual 41 Configuring P owered Computer s to Monitor a Managed UPS Once you ha ve added a Managed UPS , each ser ver that is dra wing power through the UPS should be setup to monitor the UPS status as a slav e. This is done b y installing the NUT package on each server , and setting up upsmon to connect to the ECS0016. Refer to the NUT[...]

  • Page 49

    Instruction Manual 42 - username is the User name of the Managed UPS - passw ord is the P ass word of the Manager UPS UPS Alerts Y ou can now set UPS aler ts using Alerts & Logging: Alerts UPS Status Y ou can monitor the current status of all of your network, serially or USB connected Managed UPSes or any Monitored UPS Select the 1. Status: UPS[...]

  • Page 50

    Instruction Manual 43 Select UPS Logs and you will be presented with the log tab le of the 4. load, battery charge level. temperature and other status inf ormation from all the Managed and Monitored UPS systems. This inf ormation will be logged for all UPSes which w ere configured with Log Status check ed. The information is also presented graphic[...]

  • Page 51

    Instruction Manual 44 NUT is built on a network ed model with a lay ered scheme of dr ivers , server and clients. The driver programs talk directly to the UPS equipment and run on 1. the same host as the NUT network ser ver upsd. Dr ivers are pro vided for a wide assortment of equipment from most of the popular UPS vendors and the y understand the [...]

  • Page 52

    Instruction Manual 45 status of a UPS, writing it to a file. All these clients all run on the ECS0016 (for Management Console presentations) but the y also are run remotely (on locally powered servers and remote monitoring systems). This lay ered NUT architecture enables: Multiple manufacturer support: • NUT can monitor USB models from 79 dif[...]

  • Page 53

    Instruction Manual 46 Using the Management Console, Administrators can vie w the ambient temperature and humidity and set the EMD to automatically send alarms progressiv ely from warning lev els to critical aler ts. Connecting the EMD The Environmental Monitor De vice (EMD) connects to any serial port on the console server via a special EMD Adapter[...]

  • Page 54

    Instruction Manual 47 Screw the bare wires on an y smoke detector , 2. water detector , vibration sensor , open-door sensor or general purpose open/close status sensors into the terminals on the EMD The EMD can be used only with an ECS0016 and cannot be connected to standard RS232 serial por ts on other appliances. Select Environmental as the De vi[...]

  • Page 55

    Instruction Manual 48 Enter a 5. Name and Description for the EMD and select pre-configured serial por t that the EMD will be “Connected Via”. Provide 6. Labels for each of the tw o alarms Check 7. Log Status and specify the Log Rate (minutes between samples) if you wish the status from this EMD to be logged. These logs can be views from the S[...]

  • Page 56

    Instruction Manual 49 En vironmental Status Y ou can monitor the current status of all of EMDs and their probes Select the 1. Status: En vir onmental Status menu and a table with the summary status of all connected EMD hardware will be display ed Click on View Log or select the 2. En vironmental Logs men u and you will be presented with a table and[...]

  • Page 57

    Instruction Manual 50 Failo ver and Out - of-Band Dial Access The ECS0016 has a number of f ailov er and out-of-band access capabili- ties to ensure high av ailability . If there are difficulties in accessing the gatew ay through the principal • network path, the Administrator can access the ECS0016 out-of-band (OoB) from a remote location, u[...]

  • Page 58

    Instruction Manual 51 Please note: The ECS0016 requires an e xternal modem attached (via a serial cable) to the DB9 por t (marked Local, located on the front panel). Configure Dial In PPP T o enable dial-in PPP access on the ECS0016 console/modem port: Select the 1. System: Dial menu option and the port to be configured (Serial DB9 P or t or Inte[...]

  • Page 59

    Instruction Manual 52 Select the 6. Authentication Type to be applied to the dial-in connection. The ECS0016 uses authentication to challenge Administrators who • dial-in to the gatew ay . (F or dial-in access, the user name and pass word received from the dial-in client are v erified against the local authentication database stored on the EC[...]

  • Page 60

    Instruction Manual 53 ECS0016 gatew ays also support dial-back f or additional security . Check the Enable Dial Back bo x and enter the phone number to be called to re- establish an OoB link, once a dial-in connection has been logged. Using The MetaConnect client Administrators can use the MetaConnect Ja v a client software to set up secure OoB dia[...]

  • Page 61

    Instruction Manual 54 Similarly for Windows® 98, you double-clic k My Computer on the Desk- top , then open Dial-Up Networking and doub le-click Make Ne w Con- nection and proceed as outlined for Windows XP (see pre vious section). Set up Linux c lients The online tutorial http://www .yolin ux.com/TUT ORIALS/LinuxT utor ialPPP . html presents a se[...]

  • Page 62

    Instruction Manual 55 Command line PPP and manual configuration (which works with any • Linux distribution) Using the Linuxconf configuration tool (f or Red Hat compatible • distributions). This configures the scripts ifup/ifdown to star t and stop a PPP connection Using the Gnome control panel configuration tool • WVDIAL and the[...]

  • Page 63

    Instruction Manual 56 Secure T unneling & MetaConnect T elnet or SSH connection to serially attached de vices MetaConnect can also be used to access text consoles on de vices that are attached to the ECS0016 gatew ay serial ports. For these connections, you must configure the MetaConnect client softw are with a Service that will access the tar[...]

  • Page 64

    Instruction Manual 57 then Close and Close again Assuming you ha ve already set up the target ECS0016 as a gate way 3. in your MetaConnect client (with username/ passw ord etc), select this gatew ay and clic k the Host icon to create a host (alter natively , select File > New Host ). Enter 4. 127.0.0.1 as the Host Address and select Serial P ort[...]

  • Page 65

    Instruction Manual 58 Select 1. Users & Gr oups from Serial & Network . Click 2. Add User . Enter a 3. Username , Description and Pass wor d/Confirm . Select 4. 127.0.0.1 from Accessible Host(s) and select P or t 2 from Accessible P ort(s) . Click 5. Apply . MetaConnect for OoB Connection to the Gate way MetaConnect can also be set up to c[...]

  • Page 66

    Instruction Manual 59 T o initiate a pre-configured dialup connection under Windows , use the • follo wing Start Command: cmd /c start “Star ting Out of Band Connection” /wait /min rasdial network_connection login pass wor d (where network_connection is the name of the network connection as display ed in Control Panel -> Network Connec[...]

  • Page 67

    Instruction Manual 60 T o make the OoB connection using MetaConnect: Select the gatew ay from the left hand list of gate ways and hosts. Under Gatewa y Actions in the right hand pane, click Out Of Band . The status bar will change color to indicate this gatew ay is no w being accessed us- ing the OoB link, rather than the primar y link. When you co[...]

  • Page 68

    Instruction Manual 61 PuTTYgen: http://www .chiar k.greenend.org.uk/~sgtatham/putty/download.html OpenSSH: http://www .openssh.org/ OpenSSH (Windows): http://sshwindows.sourcef orge.net/download/ Upload the public part of your SSH ke y pair (this file is typically named • id_rsa.pub or id_dsa.pub) to the SSH gatew ay , or otherwise add to .ss[...]

  • Page 69

    Instruction Manual 62 system, reboot the machine etc. ECS0016’s Secure T unneling uses SSH tunneling, so this RDP traffic is securely transf erred through an authenti- cated and encrypted tunnel. MetaConnect with RDP also allows remote Users to connect to Windows XP , Windows 2003 computers and to Windows 2000 T er minal Ser vers , and to hav e [...]

  • Page 70

    Instruction Manual 63 ration protocols on that port Note: If you lea ve the Username and User P ass word fields b lank, they default to portXX and por tXX where XX is the serial por t number . The default username and pass word f or Secure RDP ov er P or t 2 is port02 Ensure the ECS0016 • Common Settings (Baud Rate, Flow Control) are the same[...]

  • Page 71

    Instruction Manual 64 Alert s and Logging This chapter describes the logging and aler t generation features of the console server . The Aler t f acility monitors the serial por ts, all logins and the power status and sends emails or Nagios or SNMP aler ts when speci- fied trigger ev ents occurs: First, you must enab le and configure the service t[...]

  • Page 72

    Instruction Manual 65 SNMP alerts The Administrator can configure the Simple Network Management Proto- col (SNMP) agent that resides on the console server , to send Alerts to an SNMP management application: Select 1. Alerts & Logging: SNMP . Enter the SNMP transport protocol. SNMP is gener ally a UDPbased 2. protocol though infrequently it use[...]

  • Page 73

    Instruction Manual 66 emailed to a nominated email address, or the SNMP or Nagios server is notified. The data stream from nominated serial ports can be monitored for matched patterns or flow control status changes can be configured to trigger aler ts. As can user connections to ser ial por ts and Hosts, or pow er ev ents. Select 1. Alerts &[...]

  • Page 74

    Instruction Manual 67 disconnects from the applicable Host or Serial P or t, or when a Slave con- nects or disconnects from the applicable UPS Serial P ort Signal Aler t : This alert will be tr iggered when the speci- fied signal changes state and is applicable to serial por ts only . Y ou must specify the par ticular Signal T ype (DSR, DCD or CTS[...]

  • Page 75

    Instruction Manual 68 por t activity . These records are stored on an ‘offserver’. T o specify which serial por ts are to have activities recorded and to what le vel data is to be logged: Select 1. Serial & Network: Serial Port and Edit the por t to be logged. Specify the 2. Logging Level of f or each por t as: Level 0 • T urns off log[...]

  • Page 76

    Instruction Manual 69 when connected using MetaConnect. These IPMI controlled po wer switches can also be controlled using the Management Console’ s power control tools Servers with embedded ser vice processors (such as Dell’ s DRAC) • usually provide pow er control using the browser based management applications that are supplied with the[...]

  • Page 77

    Instruction Manual 70 Configuring Serial P ort P ower Strips The Administrator can configure serially connected power strips, so both Users and Administrators can control them directly using the Manage- ment Console. First, the selected gatewa y ser ial por t must be connected to and configured to communicate with the pow er strip: Connect the p[...]

  • Page 78

    Instruction Manual 71 Configuring Bro wser Controlled P ower Strips The Administrator can configure network attached power strips, so both Users and Administrators can control them directly using the Manage- ment Console. User P ower Mana gement The P ower Manager enables both Users and Administrators to access and control the configured serial [...]

  • Page 79

    Instruction Manual 72 Nagios Integration Nagios is a powerful, highly e xtensible open source tool for monitoring network hosts and ser vices. The core Nagios software pac kage will typi- cally be installed on a server or vir tual ser ver - the centr al Nagios server . ECS0016 gatew ays oper ate in conjunction with a central/upstream Nagios server [...]

  • Page 80

    Instruction Manual 73 it provides an outstanding network monitoring system. With Nagios you can: Display tab les showing the status of each monitored server and • network ser vice in real time Use a wide range of freely av ailable plugins to make detailed chec ks of • specific services – e.g. don’t just check that a database is accep[...]

  • Page 81

    Instruction Manual 74 Clients T ypically a client PC , laptop , etc. r unning Windows , Linux or Mac OS X • Runs MetaConnect • P ossibly remote to the central Nagios ser v er or distributed ECS0016 • console servers May receiv e aler t emails from the central Nagios ser ver or distributed • ECS0016 console servers Connects to th[...]

  • Page 82

    Instruction Manual 75 Y ou will also require a web ser ver such as Apache to displa y the Nagios web UI (and this ma y be installed automatically as a dependency of the Nagios packages). Alternatively , you ma y wish to download the Nagios source code directly from the Nagios website, and b uild and install the software from scr atch. The Nagios we[...]

  • Page 83

    Instruction Manual 76 The first step is to set up the Nagios features on the console server: Select 1. System: Nagios on the ECS0016 Management Console. Check to mak e sure the Nagios service is 2. Enabled. Enter the IP address that the central Nagios server will use to contact 3. the distributed ECS0016 servers in Nagios Host Address. Enter the I[...]

  • Page 84

    Instruction Manual 77 Host . Enter the 2. IP Address/DNS Name of the network server , e.g.: 192.168.1.10 and enter a Description , e.g.: Windo ws 2003 IIS Server Remov e all 3. P ermitted Services . This server will be accessib le using T erminal Ser vices, so check TCP , P or t 3389 and log level 1 then clic k Add . It is impor tant to remove and [...]

  • Page 85

    Instruction Manual 78 por t attached. In Applicable Hosts, check the IP address/DNS name of the IIS server . Click 13. Connection Alert . Click 14. Apply . Now , you can set the console server to send alerts to the Nagios ser ver . Lastly you need to add a User f or the client running MetaConnect: Select 1. Users & Gr oups from the Serial &[...]

  • Page 86

    Instruction Manual 79 upstream Nagios server will use to reach the ECS0016 – if unspecified this will default to the first netw ork por t’ s IP (Network (1) as entered in System: IP) In Nagios Server Address enter the IP address or DNS name that 4. the ECS0016 will use to reach the upstream Nagios monitoring ser ver Check the 5. Disable SDT N[...]

  • Page 87

    Instruction Manual 80 Enable NSCA monitoring NSCA is the mechanism that allows y ou to send passive chec k results from the remote ECS0016 to the Nagios daemon running on the monitor- ing server . T o enable NSCA: Select 1. System: Nagios and chec k NSCA Enabled Select the Encryption to be used from the drop down menu, then enter 2. a Secret passw [...]

  • Page 88

    Instruction Manual 81 Select 4. Check P ermitted TCP/UDP to monitor a service that you hav e previously added as a P ermitted Ser vice. Select 5. Check TCP/UDP to specify a service por t that you wish to monitor , but to which you do not wish to allow e xter nal (MetaConnect) access. Select 6. Check TCP to monitor The Nagios Check selected as the c[...]

  • Page 89

    Instruction Manual 82 System Management This chapter describes how the Administrator can perf orm a range of general ECS0016 system administration and configuration tasks such as: Applying Soft and Hard Resets to the gatew ay • Reflashing the Firmware • Configuring the Date, Time and NTP • System Administration and Reset The Admin[...]

  • Page 90

    Instruction Manual 83 ton gently twice (within a 5 second period) while the unit is powered ON. This will reset the ECS0016 back to its f actor y default settings and clear the ECS0016’ s stored configuration information. The hard erase will clear all custom settings and return the unit back to factory default settings (i.e . the IP address will[...]

  • Page 91

    Instruction Manual 84 Configure Date and Time It is recommended that you set the local Date and Time in the ECS0016 as soon as it is configured. Features like Syslog and NFS logging use the system time for timestamping log entries, while certificate genera- tion depends on a correct Timestamp to check the validity period of the cer tificate. Se[...]

  • Page 92

    Instruction Manual 85 St atus Reports This chapter describes the selection of status repor ts that are availab le for re view: P or t Access and Active Users • Statistics • Suppor t Repor ts • Syslog • UPS Status • P ort Access and Active Users The Administrator can see which Users hav e access pr ivileges with which serial[...]

  • Page 93

    Instruction Manual 86 Statistics The Statistics repor t provides a snapshot of the data traffic and other activities and operations of your gate wa y . Support Repor ts The Suppor t Repor t provides useful status inf ormation that will assist the StarT ech.com technical suppor t team to solve an y problems y ou ma y experience with y our ECS0016. [...]

  • Page 94

    Instruction Manual 87 Syslog The Linux System Logger maintains a record of all system messages and errors. T o vie w the System Log, select Status: Syslog Remote System Logging: The syslog record can be redirected to a remote Syslog Server . T o do so , enter the remote Syslog Server address and por t details and click Appl y Local System Logging T[...]

  • Page 95

    Instruction Manual 88 Management The ECS0016 has a number of Management reports and tools that can be accessed by both Administrators and Users: Access and control configured devices • View serial por t logs and host logs • Use MetaConnect or the Ja va terminal to access serially attached • consoles P ower control • Device Mana[...]

  • Page 96

    Instruction Manual 89 Serial P ort T erminal Connection Administrator and Users can communicate directly with the ECS0016 command line and with devices attached to the ECS0016 serial ports us- ing MetaConnect and their local telnet client, or using a Ja va terminal in their browser . T o do so: Select 1. Manage: T erminal Click Connect to MetaConne[...]

  • Page 97

    Instruction Manual 90 The alternate to using MetaConnect and your local telnet client is to download the open source jcterm Jav a ter minal applet into your browser to connect to the ECS0016 and attached serial por t devices. Howev er jcterm does have some JRE compatibility issues which ma y prevent it from loading. Select 1. Manage: T erminal . Th[...]

  • Page 98

    Instruction Manual 91 Configuration) Date and Time Configuration (Manually Change Clock Settings and • Network Time Protocol Time Zone) Network Configuration (Static and DHCP IP Configuration, Dial-in • Configuration and Services Configuration) Serial P or t Configuration (Serial P ort Settings, Suppor ted Protocol • Configur[...]

  • Page 99

    Instruction Manual 92 The config T ool: Syntax config [ ahv ] [ d id ] [ g id ] [ p path ] [ r configurator ] [ s id=v alue ] Description The config tool allows manipulation and querying of the system configura- tion from the command line. Using config, the new configuration can be activated b y running the relev ant configurator which perf[...]

  • Page 100

    Instruction Manual 93 The config tool is designed to perform multiple actions from one com- mand if need be, so if necessary options can be chained together . Options Administration Configuration System Settings Y ou can configure the system settings to the following v alues (denoted in bolded text) using the corresponding commands from the comm[...]

  • Page 101

    Instruction Manual 94 LD AP Base Node : Some base node #/bin/cong–-set=”cong.auth.ldap .basenode=somebasenode” The follo wing command will synchronize the liv e system with the new configuration. #/bin/cong–-run=auth Date and Time Configuration Manually Change Cloc k Settings T o change the running system time y[...]

  • Page 102

    Instruction Manual 95 The follo wing command will synchronize the liv e system with the new configuration: #/bin/cong–-run=time Time Zone T o change the system time zone USA eastern standard time you need to issue the follo wing commands: #/bin/cong–-set=cong.system.timezone=US/Eastern The follo wing command will synchr[...]

  • Page 103

    Instruction Manual 96 IP Configuration - Static T o set static configuration on the LAN interf ace with the f ollowing at- tributes (denoted in bolded te xt), you would need to issue the f ollowing commands from the command lines (denoted by italiciz ed text): Disable DHCP: #/bin/cong–-set=cong.interfaces .eth0.mode=static IP Addres[...]

  • Page 104

    Instruction Manual 97 The follo wing command will synchronize the liv e system with the new configuration. #/bin/cong–-run=ipcong Dial-in Configuration T o enable dial-in access on the DB9 serial por t from the command line with the follo wing attributes: Local IP Address: 172.24.1.1 Remote IP Address: 172.24.1.2 Authentication T yp[...]

  • Page 105

    Instruction Manual 98 ‘115200’, and ‘230400’. Suppor ted parity values are ‘None’, ‘Odd’, ‘Even’, ‘Mark’ and ‘Space’. Suppor ted data-bits values are ‘8’, ‘7’, ‘6’ and ‘5’. Suppor ted stop-bits values are ‘1’, ‘1.5’ and ‘2’. Suppor ted flow-control v alues are ‘Hardware’, ‘Software’ a[...]

  • Page 106

    Instruction Manual 99 Please Note: “/bin/config” commands can be combined into one com- mand for con v enience. Serial P ort Configuration Serial P ort Settings T o setup serial por t 5 to use the follo wing proper ties (denoted in bolded text), y ou would need to issue the f ollowing commands from the com- mand line (denoted in italicized te[...]

  • Page 107

    Instruction Manual 100 Suppor ted stop-bits values are ‘1’, ‘1.5’ and ‘2’. Suppor ted flow-control v alues are ‘Hardware’, ‘Software’ and ‘None’. Supported Protocol Configuration T o ensure remote access to serial por t 5 is configured as follo ws (denoted by bolded te xt), you would need to issue the follo wing commands [...]

  • Page 108

    Instruction Manual 101 Note that if you see: cong.users.total it means you ha ve 0 Users configured. So , your ne w User will be the e xisting total plus 1; if the previous com- mand gav e you 0, then y ou star t with user number 1; if you already hav e 1 user your ne w user will be number 2 etc. If you w ant a user named “user1” with a pas[...]

  • Page 109

    Instruction Manual 102 cong.por taccess.total it means you ha ve 0 rules configured. Y our new rule will be the e xisting total plus 1. So if the previous command gav e you 0, then y ou star t with rule number 1; if y ou already hav e 1 rule your new rule will be number 2 etc. If you w ant to restrict access to serial por t 5 to computers from [...]

  • Page 110

    Instruction Manual 103 The follo wing command will synchronize the liv e system with the new configuration. #/bin/cong–-run=ev entlog Please note that suppor ted remote storage server types are ‘None’, ‘cifs’, ‘nfs’ and ‘syslog’. Suppor ted por t logging lev els are ‘0’, ‘1’ and ‘2’. Alert Configuration Y ou[...]

  • Page 111

    Instruction Manual 104 The follo wing command will synchronize the liv e system with the new configuration: #/bin/cong–-run=aler ts MetaConnect Host Configuration MetaConnect host TCP Ports T o setup the list of tcp por ts f or a host, you use the config command: #cong-scong.sdt.hosts.host3.tcpports.tcpor t1=23 ?[...]

  • Page 112

    Instruction Manual 105     <user1>JohnWhite</user1>    </users>    <tcppor ts><tcppor t1>23</tcppor t1></tcppor ts>   </host3>   </hosts>  </sdt>  </cong>  Advanced Conguration Advanced Portmanager pmshell The pmshell com[...]

  • Page 113

    Instruction Manual 106 History: T yping the character sequence ‘~h’ will generate a histor y on the serial por t. Quitpmshell: T yping the character sequence ‘~. ’ will e xit from pmshell. T o Set R TS to 1 run the command: #pmshell--r ts=1 T o show all signals: #pmshell–signals DSR=1 DTR=1 CTS=1 RTS=1 DCD=0 Read a line of [...]

  • Page 114

    Instruction Manual 107 Example: T o detect which users are currently active on which serial ports: #pmusers This command will output nothing if there are no active users currently connected to any ports, otherwise it will respond with a sor ted list of usernames per active por t: P or t 1: user1 user2 P or t 2: user1 P or t 8: user2 The abov e o[...]

  • Page 115

    Instruction Manual 108 Change which configuration file it uses: -c/etc/cong/por tmanager .conf Signals Sending a SIGHUP signal to the por tmanager will cause it to re-read it’ s configuration file. External Scripts and Alerts The por tmanager has the ability to ex ecute external scr ipts on cer tain ev ents. These ev ents are: When a po[...]

  • Page 116

    Instruction Manual 109 example: </etc/cong/pmshell-star t.sh> #!/bin/sh PORT=”$1” USER=”$2” echo“W elcometopor t$PORT$USER” </etc/cong/pmshell-star t.sh> The return value from the script controls whether the user is accepted or not, if 0 is returned (or nothing is done on exit as in the abov e scri[...]

  • Page 117

    Instruction Manual 110 Raw Access to Serial Ports Access to Serial P orts Y ou can tip and stty to completely bypass the por tmanager and hav e ra w access to the serial por ts. When you run tip on a por tmanager controlled por t, por tmanager closes that por t, and stops monitoring it until tip releases control of it. With stty , the changes made [...]

  • Page 118

    Instruction Manual 111 Modem initialization strings • T o ov erride the standard modem initialization string either use the Management Console or the command line config tool Enabling Boot Messages on the Console • If you are not using a modem on the DB9 console port and instead wish to connect to it directly via a Null Modem cable y ou [...]

  • Page 119

    Instruction Manual 112 The basic steps performed are as f ollows: a) The current iptables configuration is erased. b) If a customized IP-Filter script exists it is e xecuted and no other actions are performed. c) Standard policies are inser ted which will drop all traffic not e xplicitly allowed to and through the system. d) Rules are added which[...]

  • Page 120

    Instruction Manual 113    –-matchstate–-stateEST ABLISHED ,RELA TED–-jumpACCEPT  #Explicitlyacceptanyconnectionsfromcomputerson  #192.168.10.0/24  iptables–-appendINPUT–-source192.168.10.0/24–-jumpA CCEPT More documentation about using the iptables command can be[...]

  • Page 121

    Instruction Manual 114 Adding more than one SNMP server T o add more than one SNMP server for alert traps add the first SNMP server using the Management Console or the command line config tool. Secondary and any fur ther SNMP ser vers are added manually using config. Log in to the console server’ s command line shell as root or an admin user .[...]

  • Page 122

    Instruction Manual 115 T o set the Username field (SNMP version 3 only): congsetcong.system.snmp .username2=youruser name .. (replacing yourusername with the user name config.system.snmp. username2 (3 only)) T o set the Engine ID field (SNMP version 3 only): congsetcong.system.snmp .passw ord2=yourpassw ord[...]

  • Page 123

    Instruction Manual 116 powerman - power on/off nodes Synopsis powerman [-option] [targets] pm [-option] [targets] Options -1,--on P ower ON targets. -0,--off P ower OFF targets. -c,--cycle P ower cycle targets . -r ,--reset Asser t hardware reset f or targets (if implemented b y RPC). -f,--ash T urn beacon ON for targets (if[...]

  • Page 124

    Instruction Manual 117 -h,--help Display option summary . -L,--license Show pow erman license information. -d,--destinationhost[:por t] Connect to a powerman daemon on non- default host and optionally port. -V ,--v ersion Display the po werman version number and e xit. -D ,--device Displa ys RPC status inf ormation. If targets are[...]

  • Page 125

    Instruction Manual 118 As a reminder to the reader , some shells will inter pret brackets ([ and ]) for pattern matching. Depending on your shell, it ma y be necessary to enclose ranged lists within quotes. F or example , in tcsh, the last e xample abov e should be e x ecuted as: powerman --on “f oo[0,4-5]” pmpower The pmpower command is a high[...]

  • Page 126

    Instruction Manual 119 Default system P ower De vice actions are specified in /etc/powerstrips. xml. Custom Po wer De vices can be added in /etc/config/pow erstrips.xml. If an action is attempted which has not been configured for a specific P ower Device pmpo wer will e xit with an error . Adding new RPC de vices There are two simple paths to a[...]

  • Page 127

    Instruction Manual 120 <off>script to power off</off> <cycle>script to cycle power</cycle> <status>script to write power status to /var/run/power-status</ status> <speed>baud rate</speed> <charsize>character siz e</charsize> <stop>stop bits</stop> <parity>parity setting&l[...]

  • Page 128

    Instruction Manual 121 Glossar y of T erms Used TERM MEANING Authentication Authentication is the technique b y which a process verifies that its communication partner is who it is supposed to be and not an imposter . Authentication confirms that data is sent to the intended recipient and assures the recipient that the data originated from the ex[...]

  • Page 129

    Instruction Manual 122 TERM MEANING Certificate Authority A Cer tificate Authority is a trusted third par ty , which cer tifies public k ey's to truly belong to their claimed owners. It is a ke y part of any Public K ey Infrastructure, since it allows users to trust that a given pub lic ke y is the one they wish to use , either to send a pr[...]

  • Page 130

    Instruction Manual 123 TERM MEANING Firewall A network gatewa y device that protects a private network from users on other networks. A firewall is usually installed to allow users on an intranet access to the public Internet without allowing public Internet users access to the intranet. Gatewa y A machine that provides a route (or pathwa y) to the[...]

  • Page 131

    Instruction Manual 124 TERM MEANING Key lif etimes The length of time before k e ys are renegotiated LAN Local Area Network LD AP The Lightweight Directory Access Protocol (LD AP) is based on the X.500 standard, but sig- nificantly simpler and more readily adapted to meet custom needs. The core LD AP specifica- tions are all defined in RFCs. LD [...]

  • Page 132

    Instruction Manual 125 TERM MEANING NA T Network Address T ranslation. The translation of an IP address used on one network to an IP address on another network. Masquerading is one par ticular form of NA T . Net mask The wa y that computers know which part of a TCP/IP address ref ers to the network, and which par t refers to the host r ange. NFS Ne[...]

  • Page 133

    Instruction Manual 126 TERM MEANING RADIUS The Remote Authentication DialIn User Service (RADIUS) protocol was de v eloped by Livingston Enterpr ises as an access ser ver authentication and accounting protocol. The RADIUS server can suppor t a variety of methods to authenti- cate a user . When it is provided with the user- name and original passwor[...]

  • Page 134

    Instruction Manual 127 TERM MEANING SOL Serial Over LAN (SOL) enables servers to transparently redirect the serial character stream from the baseboard universal asynchro- nous receiver/tr ansmitter (U AR T) to and from the remoteclient system ov er a LAN. With SOL suppor t and BIOS redirection (to serial) remote managers can view the BIOS/POST outp[...]

  • Page 135

    Instruction Manual 128 TERM MEANING T elnet T elnet is a terminal protocol that provides an easytouse method of creating terminal connec- tions to a network. UTC Coordinated Universal Time. UTP Unshielded T wisted Pair cab ling. A type of Ethernet cable that can operate up to 100Mb/s. Also known as Category 5 or CA T 5. VNC Vir tual Network Computi[...]

  • Page 136

    Instruction Manual 129 T echnical Specications FEA TURE V ALUE Dimensions 17 x 8.5 x 1.75 in (43.2 x 21. x 4.5 cm) W eight 3.9 kg (8.5 lbs) Ambient operating temperature 5°C to 50°C (41°F to 122°F) Non operating storage temperature 30°C to +60°C (20°F to +140°F) Humidity 5% to 90% P ower Consumption Less than 30W CPU Micrel KS8695P contr[...]

  • Page 137

    Instruction Manual 130 RJ45 Connector - PinoutWiring Pin Signal Direction RS232 Signal Description 1 RTS Output Request T o Send 2 DSR Input Data Set Ready 3 DCD Input Data Carrier Detect 4 RXD Input Receive Data 5 TXD Output T ransmit Data 6 GND N/A Ground 7 DTR Output Data T er minal Ready 8 CTS Input Clear to Send 1 2 3 4 5 6 7 8[...]

  • Page 138

    Instruction Manual 131 Adapter (included P art # 319000) Pinout - (Straight through) Accessory (included P art # 319001) Pinout - (Crossover) Additional adapters a vailab le from StarT ech.com: GC98FF[...]

  • Page 139

    Instruction Manual 132 T echnical Support StarT ech.com’ s lifetime technical support is an integral par t of our commit- ment to pro vide industry-leading solutions. If y ou e v er need help with your product, visit www .star tech.com/suppor t and access our comprehensive selection of online tools, documentation, and downloads . Warranty Informa[...]

  • Page 140

    StarT ech.com has been making “hard-to-find easy” since 1985, providing high quality solutions to a diverse IT and A/V customer base that spans man y channels, including gov ernment, education and industrial f acilities to name just a fe w . W e off er an unmatched selection of computer parts, cab les, A/V products, KVM and Serv- er Management[...]