Tripp Lite 93-2879 manuel d'utilisation

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224

Aller à la page of

Un bon manuel d’utilisation

Les règles imposent au revendeur l'obligation de fournir à l'acheteur, avec des marchandises, le manuel d’utilisation Tripp Lite 93-2879. Le manque du manuel d’utilisation ou les informations incorrectes fournies au consommateur sont à la base d'une plainte pour non-conformité du dispositif avec le contrat. Conformément à la loi, l’inclusion du manuel d’utilisation sous une forme autre que le papier est autorisée, ce qui est souvent utilisé récemment, en incluant la forme graphique ou électronique du manuel Tripp Lite 93-2879 ou les vidéos d'instruction pour les utilisateurs. La condition est son caractère lisible et compréhensible.

Qu'est ce que le manuel d’utilisation?

Le mot vient du latin "Instructio", à savoir organiser. Ainsi, le manuel d’utilisation Tripp Lite 93-2879 décrit les étapes de la procédure. Le but du manuel d’utilisation est d’instruire, de faciliter le démarrage, l'utilisation de l'équipement ou l'exécution des actions spécifiques. Le manuel d’utilisation est une collection d'informations sur l'objet/service, une indice.

Malheureusement, peu d'utilisateurs prennent le temps de lire le manuel d’utilisation, et un bon manuel permet non seulement d’apprendre à connaître un certain nombre de fonctionnalités supplémentaires du dispositif acheté, mais aussi éviter la majorité des défaillances.

Donc, ce qui devrait contenir le manuel parfait?

Tout d'abord, le manuel d’utilisation Tripp Lite 93-2879 devrait contenir:
- informations sur les caractéristiques techniques du dispositif Tripp Lite 93-2879
- nom du fabricant et année de fabrication Tripp Lite 93-2879
- instructions d'utilisation, de réglage et d’entretien de l'équipement Tripp Lite 93-2879
- signes de sécurité et attestations confirmant la conformité avec les normes pertinentes

Pourquoi nous ne lisons pas les manuels d’utilisation?

Habituellement, cela est dû au manque de temps et de certitude quant à la fonctionnalité spécifique de l'équipement acheté. Malheureusement, la connexion et le démarrage Tripp Lite 93-2879 ne suffisent pas. Le manuel d’utilisation contient un certain nombre de lignes directrices concernant les fonctionnalités spécifiques, la sécurité, les méthodes d'entretien (même les moyens qui doivent être utilisés), les défauts possibles Tripp Lite 93-2879 et les moyens de résoudre des problèmes communs lors de l'utilisation. Enfin, le manuel contient les coordonnées du service Tripp Lite en l'absence de l'efficacité des solutions proposées. Actuellement, les manuels d’utilisation sous la forme d'animations intéressantes et de vidéos pédagogiques qui sont meilleurs que la brochure, sont très populaires. Ce type de manuel permet à l'utilisateur de voir toute la vidéo d'instruction sans sauter les spécifications et les descriptions techniques compliquées Tripp Lite 93-2879, comme c’est le cas pour la version papier.

Pourquoi lire le manuel d’utilisation?

Tout d'abord, il contient la réponse sur la structure, les possibilités du dispositif Tripp Lite 93-2879, l'utilisation de divers accessoires et une gamme d'informations pour profiter pleinement de toutes les fonctionnalités et commodités.

Après un achat réussi de l’équipement/dispositif, prenez un moment pour vous familiariser avec toutes les parties du manuel d'utilisation Tripp Lite 93-2879. À l'heure actuelle, ils sont soigneusement préparés et traduits pour qu'ils soient non seulement compréhensibles pour les utilisateurs, mais pour qu’ils remplissent leur fonction de base de l'information et d’aide.

Table des matières du manuel d’utilisation

  • Page 1

    1 Owner’ s Man ual W arranty Registration: register online today f or a chance to win a FREE T ripp Lite product—www .tripplite.com/warr anty Console Server Management Switch Models: B096-016 / B096-048 & Console Server with P o werAler t Model: B092-016 T ripp Lite W orld Headquar ter s 1111 W . 35th Street, Chicago, IL 60609 USA (773) 869[...]

  • Page 2

    2 IND EX 1. I NTRODUCTI ON 9 2. INSTALLA TION 14 2.1 Mode ls 14 2.1. 1 Kit c omponen ts: B096-048 and B096-016 Con s ol e Serve r Ma nag eme n t S wit ch 14 2.1. 2 Ki t c omponen ts: B092- 016 C on s ol e Serv er with PowerAl ert 15 2.2 Powe r connec tion 15 2.2. 1 Po wer: Consol e Serv er Man agement Swi tc h 15 2.2. 2 Po wer: Consol e Se rver wit[...]

  • Page 3

    3 4.1. 3 SDT M ode 39 4.1. 4 Devic e (RPC, UPS, EM D) Mode 39 4.1. 5 Termi nal Server Mode 39 4.1. 6 Ser ial Br id ging Mod e 40 4.1. 7 Syslog 41 4.2 A dd/Edit Use rs 41 4.3 Authenti cation 4 4 4.4 Ne twork Hosts 44 4.5 T rusted Ne tworks 46 4.6 Serial P ort Cascadi ng 47 4.6 .1 Autom atic ally ge nerate and up load SSH keys 47 4.6 .2 Manu al ly ge[...]

  • Page 4

    4 6.2. 9 Ch oosin g an al terna te SSH cli e n t (e .g. Pu TTY) 70 6.3 SDT C onnector to Mana geme nt Console 75 6.4 SDT C onnector - Te lnet or S SH connec t to seria lly atta ched de vice s 76 6.5 Using SDT C onnector f or out-of -band conne ction to the gateway 77 6.6 Importing (and e xporting) pre fere nces 79 6.7 SDT C onnector Publ ic Key Aut[...]

  • Page 5

    5 8.1. 4 User p ower mana gement 105 8.2 Uninte rruptible P ower Supply Control (UPS) 106 8.2. 1 Ma nage d U PS c on nect i ons 106 8.2. 2 Con fi gure UP S po wer ing the C onsole Ser ver 109 8.2. 3 Con fi guri ng power ed c om puter s to mo nit or a Ma nage d UPS 110 8.2. 4 UPS alerts 111 8.2. 5 UPS s t at us 111 8.2. 6 Ove rvie w of N etw ork UPS[...]

  • Page 6

    6 10.4. 2 Bas ic N agi os pl ug -i ns 138 10.4. 3 Addi ti on al p lug- ins 138 11. SY STEM MANA GEMENT 140 11.1 Syste m Administrat ion and Re set 140 11.2 U pgrade Firmware 141 11.3 Conf igure Date and Time 142 12. STATU S REPORT S 143 12.1 Port Acc ess and Activ e Use rs 143 12.2 St atistics 143 12.3 Support Re ports 144 12.4 Sy slog 144 13. MA N[...]

  • Page 7

    7 Ale rt C onfi gurat ion 163 14.7 SDT H ost Configur ation 163 SDT H ost TCP Ports 163 14.8 Conf iguration backup and re store 165 14.9 Gene ral Linux com mand usage 166 15. A DVANCED CONFIGUR ATION 168 15.1 Adv anced Portmanager 169 15.2 External Sc ripts an d Alert s 171 15.3 Raw Ac cess to Se rial Ports 173 15.4 IP- Filter ing 174 15.5 Modify i[...]

  • Page 8

    8 16.1. 4 Con nect- SSH 206 16.1. 5 Con nect- IP MI 207 16.1. 6 Con nect- Remote D esktop (RDP) 208 16.1. 7 Con nect- Citrix ICA 209 16.1. 8 Conn ect- PowerAl ert 209 16.2 Adv anced Control Pane l 210 16.2. 1 System: Termi nal 210 16.2. 2 Sy stem: S h utdow n / R eboot 211 16.2. 3 Sys tem : L o gout 211 16.2. 4 Custom 211 16.2. 5 Stat us 211 16.2. [...]

  • Page 9

    9 1. I NTROD UCTI ON This Ma nual This U ser Manual is prov ided to hel p you ge t the most from your B 096-016 / B0 96-048 C onsole Se rver Manag ement Swi tch or B092- 016 Console Server w ith PowerAle rt product. These products are re ferred to gene rica lly in t his ma nua l as Console Serve rs . Once co nfig ured, you will be able to use your [...]

  • Page 10

    10 Pleas e ta ke care t o fo llo w th e s afety pre caut ions below when ins tallin g and opera ting th e Console Server:  Do not rem ove th e m etal cov ers. T her e ar e no o p erato r-s er vice able components inside. O pen ing or removing the cover m ay expose you to dang erous volt age wh ich m ay caus e fir e or el ectri c sh ock. R efer a[...]

  • Page 11

    11 10 . Nagios Int egrat ion Set tin g Nagios cen t ral manag e ment wi th SDT extensi ons and configuri ng the Console Serv er as a distributed Nagios se rver 11. System Management C overs access to and config uration of servi ces to be ru n on the C onsole Server 12. Status Repor ts View t he status and log s of serial and network connect ed devi[...]

  • Page 12

    12 location, to configure the Consol e Ser ver, set up Users, c onfig ure the ports and c onnected hosts, and set up logg ing and al erts . An authorized U ser can use the Management C onso l e to acc ess and cont rol c onfigured dev ices, rev iew port logs, use the in-built java terminal to access serially attached c onsoles and control powe r t o[...]

  • Page 13

    13 Text presente d like this highlights important issues and it is essential you read and t a ke h eed o f t hes e war n ings  Text presented wi th an arrow head i ndent indicates an act ion y ou should take as part of the procedure. Bold text indicates text that y ou t ype, or the name of a screen object ( e.g . a menu or button) on the Managem[...]

  • Page 14

    14 2. INSTA LL A TIO N Introd uction This chapter describes the physical i nstallation of the Consol e Server hardware and c onnection t o controlled dev ices 2.1 Model s There are a numbe r of Console Serve r models, each with a di fferent number of network, USB and serial ports and power suppl ies: Seri al Ports Network Ports Con sole Port USB Po[...]

  • Page 15

    15  If y ou a re in st allin g you r Co nso le Se rver M an age ment Sw itc h in a rac k yo u will nee d t o at ta ch the r ack moun ting bracke ts su ppli ed wi th the uni t, an d i nstal l the unit i n the rack . Tak e car e to head the Safe ty Pre cautions  Connect your Consol e Server Manage ment Switch to t he network, to the seri al por[...]

  • Page 16

    16 2.2.2 Power: Console S erver with PowerA lert The standard B092-01 6 Console Serv er has a built-in universal auto-swi tc hing AC powe r supply. This power supply acce pts AC i nput vol tage betw een 100 a nd 240 VAC with a f requency of 50 or 60 Hz and the power consumption is l ess than 40W. The A C powe r socket is locate d at the rear of th [...]

  • Page 17

    17 The Cons ole Server als o has a DB9 LOCAL (Cons ole/ Modem) port. This DB-9 connector i s on the rear panel of the B092-016 C onsole Se r ver, a nd on the front panel of the B096-048/016 C onsole Ser ver Manag ement Swi tch. 2.5 USB Por t Conne ction The B096-0 48/016 C onsole Server Ma nageme nt Switch has one U SB port on the fr ont panel . Ex[...]

  • Page 18

    18 3. INI T I A L SYSTEM CONFIGUR A TION Introd uction Th is c hap te r pr ovid es st ep -by- st ep in st ruct ion s fo r the init ia l co nf igura tio n of you r Co nso le Se rver a nd connecting i t t o your managem ent or operational net work. Thi s invol v es the Adm inistrator:  Activ ating the Manag ement Consol e  Changi n g the Admi n[...]

  • Page 19

    19 o IP addre ss: 192.168.0.1 00 o Subnet mask: 255 .255.255. 0  If you wi sh to reta in you r exi sting IP s etting s for th is ne twork conne cti on, cl ick Advance d and Add t he above as a seco ndary I P connection.  If it i s not co nve nient to c hange your computer ne twor k address, you can use the ARP-Pi ng command to reset the Conso[...]

  • Page 20

    20  Y ou will be p ro mpt ed t o lo g in. E nt er the def ault admini strat ion use rname and administration password: User nam e: root Password: de faul t Th e ab ove scr een , wh ich list s fo ur init ial ins tal lat ion co nf igura tio n st eps , w ill be d ispl aye d: 1. Change the de faul t admi nist rati on passw ord o n the S ys tem /Admi[...]

  • Page 21

    21 3.1.3 In itial B092- 016 conne cti on Fo r t he in itial c on figu rat ion of t he B092 -0 16 Con so le Ser ver, yo u will n eed t o c o nne ct a c onso le (keyboard, mouse and display) or a K VM switch dire c tl y to its mouse, key board and VGA ports. When you i nitiall y power on the B 092-016, you w ill be p romp te d on you r direc t ly co [...]

  • Page 22

    22  Select Syst em: Admin istrati on  Enter a new S ystem Passwo rd then re-ent er it in Con firm Sy stem Pa ssword. This is th e new password for root , th e main ad minist ra tiv e us er a cc ount , s o it is imp or tan t th at you ch oo se a complex passw ord, and keep i t safe  You may now wi sh t o en ter a Syste m Nam e and Syst em D[...]

  • Page 23

    23  If yo u sele ct DHCP , the Con sole S erve r will loo k fo r c onfigu rat ion det ails f rom a DHC P se rver o n your manag ement LAN. This selection automatical ly disables any st atic address. The Console Server MAC address can be found on a label on the base pl ate Note In it s factor y de f ault stat e (w it h no Confi guration Method se[...]

  • Page 24

    24  Y ou w ill th en ne ed t o con figur e th e IPv6 p ara mete rs on eac h in ter fac e pa ge 3.4 Sys tem S ervices The Admini strat or has a selection of acc ess proto c ols t hat c an be used to a c cess the Console Serv er. The factory default enable s HTT PS and SSH ac cess to the C onsole Server and disables HTTP and Telnet. T he User can [...]

  • Page 25

    25  Select Syst em: Se rvic es . T hen select /d eselect th e service t o be enabled /d isabled. The following access proto col options are avai lable : HTTPS Ensures sec ure browser access to al l the M anagem ent Console m enus. It also allows appropriately c onfigure d Users secure browser access t o sele c ted Manageme nt Con so le Ma nage m[...]

  • Page 26

    26  There are also a num ber of related servi ce options that can be c onfig ured at this stage: SNMP Enabl es netsnm p in t he Co nso le Se rver whic h wi ll ke ep a re mot e log o f all p ost ed informati on. S NMP i s disabled by de fau lt. To modify the default SN MP s ettings, the Admi n istrator must make the edits at the co mmand l ine as[...]

  • Page 27

    27  Cl ick Appl y . As you app ly yo ur s ervic es s ele ct ion s, t he s cre en w ill be updated with a co nfirma tion message: Message C hanges t o config uration s ucce eded. 3.5 Commu nication s S oftwa re You need to co nfigure the access protocols that the comm unications software on the Admi nistrator and Use r Computer will use when conn[...]

  • Page 28

    28  To use PuTTY for an SSH terminal session from a Windows cli ent, en ter the Conso le Server’s IP address as the ‘Host N ame (or IP address)’  To ac cess th e Console Server c ommand line, select ‘SSH’ as the protocol and use th e defaul t IP Port 22  Click ‘Open’ and the Console Serv er l o g in pro mpt will ap pea r. ( Y[...]

  • Page 29

    29  A me ss age may appear about t he host key finge rpr int. Yo u will n eed to sele ct ‘Y es’ o r ‘Alwa ys’ to con tin ue.  The next step is password au thentication. You wi ll be prompted for your usernam e and password from the rem ote sys tem. You will then be l ogg ed on to the C ons ole Server 3.6 Ma nagement Net work Co nfigur[...]

  • Page 30

    30 Note T he second Et hernet port on the B096- 048/016 can be confi gured as ei ther a Manage m ent LAN gateway port or it can be configur ed as an OoB / F ailover port - but not bot h. So be sure t hat you did not a ll ocate Ma nage me nt LA N as the F ailo ver Interface when y ou confi gured the principal Netwo rk connecti on on the System: IP m[...]

  • Page 31

    31 To c onfigure th e D HCP server fo r the Ma nagement LAN:  Enter the Ga teway addr ess that i s to be i ssued to the DHCP clients. If thi s fie ld is l eft bl ank, the IP address of the B096-048/ 016 w ill b e us ed  Enter the Pri mary D NS and Secondar y DNS address to issue the DH CP cli ents. Ag a in if thi s field is left bl ank, the I[...]

  • Page 32

    32 Once DHCP has i nitially al located hosts addresses, it is recommended to copy th ese into the pre- ass igned l ist so the same IP a ddr ess will b e rea lloca ted in t he eve nt of a reboo t. 3. 6.3 Configur e Man agem ent Sw itc h for F ail over or Broadb and Oo B The Manag ement Swi tch in the B0 96-048/ 016 Consol e Server can be confi gured[...]

  • Page 33

    33 4. SE RI A L P ORT A ND NE T W ORK HOST Introd uction The Console Se rver enables access and c ontrol of serially-attached devices and network -at tached devices ( hosts ). The Administrat or must conf ig u re access privileges for each of t hese devices, and spec ify the services that can be used to co ntrol the devices. The Admini st rator can[...]

  • Page 34

    34  When you have configure d the common settings and t he mode for each port , set up any remote syslog ( Cha pter 4. 1.7 ), the n c lick Apply  If the Console Server has been config ured with distributed Nag ios monitoring enabled then you will al so be presented with Nagios Settings options to e nable nomina ted ser v ice s on the H ost to[...]

  • Page 35

    35 4.1.2 Co nsole S erver Mode Select Console S erver Mode to enabl e rem ote man agemen t access to t he se rial console that is attached to the se rial port: Log ging Level Th is sp ecif ies t he leve l of inf orma tio n to be lo gged a nd mo nit ore d (r efer t o Chapte r 7 - Alert s and L og ging)[...]

  • Page 36

    36 Telne t Check to enab l e Te lnet ac cess to t he ser ial port . When enab led, a Telnet client on a User or Adm inistr ator’s comp uter can con nect to a se rial devi ce atta ched to this s eria l port on the Consol e Server. The de fau lt por t addre ss is IP Addre s s _ Por t (2000 + seri a l por t # ) i.e. 2001 – 2048 Telnet communi c at[...]

  • Page 37

    37 Pu TTY can be dow nloaded at http:/ /www . tucows.c om/ p revi ew /195286. html SSH It is recommended that the User or Administrator use s SSH as the protocol for connecting to serial consoles att ached t o the Conso le Server when commun icating over the Int ernet or any other publi c network. This will prov ide an authenti c ated, encrypted co[...]

  • Page 38

    38 This syntax enables users to set up SSH tunnels t o all serial ports with only a singl e I P port 22 having to be o pened in their firewall/gateway . TCP RA W TC P allows connections directly to a TCP sock et. C o mmunications prog ra ms such as Pu TTY also support RAW TC P, howeve r, this protocol would usual ly b e used by a custom appli catio[...]

  • Page 39

    39 4.1.3 S DT Mod e This setting all ows port forw arding of LAN protocol s su ch as RDP , VNC , HTPP , H TTPS, SSH an d Tel net through to compute rs which are c onnec t ed l oc al ly to the C onsole Serve r by their seri a l COM port. However su ch po rt fo rward ing requires a PPP lin k to be set up o ver this serial por t. Re f er t o Chapter 6[...]

  • Page 40

    40 The g etty will then configure the port and wa it for a co nnection to be made. A n active c onnection on a serial dev ice i s usually indicated by the Data Carrier Detec t (DCD) pi n on the serial device being raised. When a connection is dete cted, the g etty program issues a logi n: prompt, and then invok es the login program to handl e the a[...]

  • Page 41

    41  You may secure the communi c ations over the local Ethernet by enabling SSH however you will need to ge nerate and upload keys (refer to Chapt er 14 – Adva nced C onf igu rati on ) 4.1.7 S yslog In addi t ion to bui lt-in log ging and monitori ng (which can be appli ed to serial-attached and ne twork- attache d mana gem ent acces ses, as c[...]

  • Page 42

    42 User s c an be authorized to acc ess spe cified C onsole Server serial ports and specifi ed network-attached hosts. These users can also be gi ven full A d ministrator stat us (with ful l configuration and manag ement and access privil eges). To simpl ify user setup, they can be configured as mem bers of Groups. There are two Groups set up by de[...]

  • Page 43

    43  Select Seria l & Netwo rk: Users & Gro ups t o displ ay the confi gured Groups and User s  Cl ick Add G roup to add a new Group  Add a Gr oup name and Descrip tion for each new Grou p, then nom inate A ccessible H osts and Accessible Po rts to speci fy the serial ports and hosts you wi sh any users in this new Group to be able [...]

  • Page 44

    44  Add a Username and a c onfirm ed Passwo rd for each new U ser. You ma y also incl ude information rel at ed to the user ( e.g. conta ct deta ils ) in th e Desc ription field  No minat e Accessible Ho sts and Access ible Port s to specify w hich serial ports and whi ch LAN connec ted hosts you wi sh t he user to have access to  S pec if[...]

  • Page 45

    45  S elec ting Seria l & Network: Netwo rk H osts pr esents a ll the ne twork conne cted Hos ts that hav e been enabled for access, and the related access TCP ports/services  Cl ick Add Hos t to enable access t o a new H o st (or sel ec t Edit to update t he setting s for exi sting Host )  Enter the IP Addre ss or DNS Name of the new [...]

  • Page 46

    46 4.5 Trusted Net works The Truste d Netw ork s fa cilit y gives yo u t he opt ion to nomin at e sp ecif ic IP a ddr esse s th at use rs (Admi n istrators and Use rs) must be located at in orde r to have access to Console Serv er serial ports:  Select Seri al & Network: Trusted N etworks  To add a new trusted network, select Add Rule [...]

  • Page 47

    47 Netw ork IP Address 204.15. 5.0 Subnet Mask 255.255. 255.255  If ho wever you wan t t o allo w all t he u sers ope rat ing fr om wit hin a spec ific ran ge of IP addres ses (sa y any of the thirty a ddresses from 2 04.15. 5.129 to 204.15.5. 158) to be permi tt ed connection to the nomi nated port: Host / Subnet Addres s 204.15. 5.128 Subnet M[...]

  • Page 48

    48 Now sel ect whether to generate the keys usi ng RSA and/or DSA (if unsure, select only RSA ). Generating eac h se t o f keys wil l req uire a ppr oxima te ly t wo min ut es and th e new keys w ill dest ro y any old k eys o f that type that may prev iously bee n uploaded. Also w hi l e the new gene rat ion i s under way on the master, functions r[...]

  • Page 49

    49 Next, you must register t he Public Key as an Aut horized Key o n the S lave. I n t he simple case with only one M aster with multiple Slaves, yo u need o nly upload th e one RSA or DSA public key for eac h Slave. Note T he use of key pairs can be conf us i ng because in many cases one f ile (Publi c Key) fulfill s two rol es – Publi c Key and[...]

  • Page 50

    50 4.6.3 Co nfig ure the S laves and their serial p orts You can now beg in setting up the Slaves and config uring Slav e serial ports from the Master C onsole Server :  Select Seria l & Netwo rk: Casca ded Po rts on the Mas ter’s Manag ement Consol e  To add clustering support select Add Slave Note Y ou w il l be prevent ed from adding[...]

  • Page 51

    51 4.6.4 Ma nagin g the S la ves The Ma ster is in control of the Slave serial po rts. So, for example, if you ch ange a U ser’ s access p rivi leges or edit any se rial port setting on the Master, the u pdated configurati on files will be sent out to each Slav e in p aral l e l. E ac h Sla ve wil l th en a ut omat ica lly ma ke c ha nges t o t h[...]

  • Page 52

    52 5. F A IL OVER A ND OUT-OF-BA N D A C CESS Introd uction Th e Con so le Ser ver ha s a n u mber of f a ilover and o ut -o f-b and ac ces s c apa bilit ies t o en sur e avai lab ilit y in the event there are difficulties in accessing the Conso le Server thro ugh the princ ipal network path. This chapter covers:  Out-of-band (OoB) access from a[...]

  • Page 53

    53  Select the Syst em: Di al menu op tion and the port to b e configure d ( S erial DB 9 Port or Intern al Mod em Port ) Note T he Cons ole S er v er’s console/m ode m serial port i s set by default to 115200 baud, No parity, 8 data bi ts and 1 stop b i t, w i th so f tware (Xon-X of f) fl ow contr ol enabled. Y ou can modif y the baud rat e [...]

  • Page 54

    54 establi shed. Again, you can select any address for the Local IP Address but both must be in the same network rang e as the Remote IP A ddress  The Defaul t Route option enabl es the dial ed PPP connection to becom e the default r out e for the Con sole Server  The Custo m Modem In itializat ion op tio n al lows a cu s to m AT s trin g mod[...]

  • Page 55

    55  Select Connect to the Internet and cli c k Next  On the Getti ng Read y sc reen select Set Up M y Conne ction M anual ly and click Next  On the Intern et Conn ection screen select Conne ct Us ing a Di al-U p Modem and cli c k Next  Enter a Conne ction N ame (any name y ou choose) and the di al-up Pho ne Number tha t will connect thr[...]

  • Page 56

    56 5. 1.5 Se t up Li nux cl ient s for di al- in The on li n e tutorial ht tp: //www.yolinu x.c om/T UTO RIAL S/Lin uxT uto rialPP P.html presents a selec tion of metho ds fo r estab lishing a dial up PPP con nect ion: - Comman d lin e PPP and ma nual c onf igurat ion (whic h works wit h an y Linux distrib utio n) - Usin g the Linuxco nf co nfig ur[...]

  • Page 57

    57  When configuri n g the principal network connection on the S ystem: IP Netwo rk Interface m enu, select Managem ent L AN (eth1) a s the Failov er Interf ace to be use d when a fault has be en detected wi th mai n Netw ork In terface (eth0)  Spec ify the P robe Addr es ses of two si tes (the Primar y and Second ary ) that the B096- 048/016[...]

  • Page 58

    58  Then configure Managem ent L AN Int erface ( eth1 ) with the s ame I P setti ng tha t you use d for the main Networ k Interface ( eth0 ) to ensure transparent r edundancy In th is mo de, Ne twork 2 (e th1) i s ava ila ble as the trans parent b ack-up p ort to Networ k 1 ( eth0) for acces sing the ma nage ment ne twork. Networ k 2 wi ll autom[...]

  • Page 59

    59[...]

  • Page 60

    60 6. SECURE TUNNE LING A ND S DT CONNECTOR Introd uction Each Console Serv er has an embedded SSH se rver and use s SSH tunneling . This enable s one Console Server to securely m anage all the system s and network devices in the data c enter, usi ng text-based console tools (such as SSH, Tel net, S oL) or graphical desktop tools (VNC, RDP , HTTPS,[...]

  • Page 61

    61  Us ing SDT C onnector to Te lnet or SSH connect to de vice s that are seri all y attach ed to th e Console Server ( Sect ion 6 .4 ) The chapter then covers more adv anced SDT Conne c tor and SDT tunneli ng topics:  Usi n g SDT Connector for out of band access ( Section 6. 5 )  Automatic i mporting and exporting of configurations ( Sec [...]

  • Page 62

    62 SDT Connect or can conne ct to the C onsole Serve r usi ng an a ltern ate OoB a ccess . It can al so be configured to access the C onsole Server i tself and to access devi ces connected to seri al ports on the Console Server . 6.2.1 S DT Con nector client installa tion  The SDT Connect or set up program ( SDTConne ctor Set up-1.n.exe or sdtco[...]

  • Page 63

    63 To op erate SDT Connec tor, add the new g ateways to t he client software by entering the ac c ess detai ls for each Conso le Server (refer to Secti on 6. 2.2 ). T hen let t he clie nt auto -c on figur e wit h a ll hos t a nd s eria l port c onnections fro m each Console Server (refer Se ction 6.2. 3 ). Now point-and-click to connect to the Host[...]

  • Page 64

    64  Opt ional ly, you can enter a Descrip tive Name to displa y instead of the IP or DNS address, and any Notes or a De script ion of t his g at eway (such as its firmware version, site location or anything spe c ia l about its network configuration).  Cl ick OK a nd a n ic on fo r the new ga tew ay will n ow a pp ear in t he SDT Conne ctor h[...]

  • Page 65

    65  confi gure a ccess to networ k-connec ted Ho sts th at the use r is au thorize d to acce ss and set up (for each of these Host s) t he services (e.g. HTT PS, IPMI2.0) an d the related I P ports being redi rected  configure access to the C onsole Server i tself (this is shown as a Local Se rvic es host)  con figure access with th e enab[...]

  • Page 66

    66 No te The S DT Connect or client c an be confi gured with an u nl imited number o f G a teways. Eac h Gat ew ay can be conf igured to port f orw ard t o an unlimited num ber o f loc a lly net w orked Hosts. Simil arly t here i s no limit on the number of SD T Connect or clients who can be confi gured to access t he one Gateway. T here are a l s [...]

  • Page 67

    67 6. 2.6 M anual ly addin g new se rvi ces to the ne w hos ts To extend the rang e of services that can be used when accessi ng hosts with SD T Connect or :  Select Edit: Preferen ces and click the Servi ces ta b. Click Add  Enter a Service Name and clic k Add  Under the Genera l tab, enter the TCP Port that t his servi c e runs on (e.g .[...]

  • Page 68

    68 The second redirection i s for the VNC servi ce that the user may choose to l aunch later from the RA C web console. I t aut omatically loads in a Ja va client served th rough the we b browser, so it does not need a loc al c lient ass oc iat ed wit h it .  O n the Add S ervice screen, you can click Add as many times as nee ded t o add mul t i[...]

  • Page 69

    69 6. 2.7 Addi ng a cli ent pr ogram t o be star ted f or t he new s ervic e Clie nt s ar e loc al ap plic at ion s th at may be laun ch ed w hen a r elat ed s ervic e is c lick ed. T o a dd t o th e po ol of cli ent programs:  Select Edit: Preferen ces and click the Client t ab . Clic k Add  Enter a Name for the client. Enter the Pat h t o t[...]

  • Page 70

    70 Also some c lien ts a re lau nc hed in a co mmand line o r t ermin al w indo w. T he T elnet c lient is an example of th is:  Cl ick OK 6. 2.8 Di al- in configur ati on If t he c lient c ompu te r is d ialin g int o Local /Console por t o n t he Co ns ole S erve r, you will ne ed t o s et u p a dial -in PPP link:  Configure the C on sole S[...]

  • Page 71

    71 SDT Connect or cl ien t so ft ware th at is sup plied with th e ga tew ay. How eve r th ere is also a wide sel ect ion of commerci al and free SSH cl ient programs that are s upported: - PuTTY i s a comple t e (though not very user-fri endly:) freeware i mp le m entation of SSH for W in32 and UNIX pl at forms - SSHTerm is a useful open source SS[...]

  • Page 72

    72 specifi ed when setting up t he SD T Hosts on the Conso le Server was acc ounts .myco.i ntran et.co m , t hen specify th e Destination as acco unts.my c o.i ntranet. com:3389  If your desti nat i o n computer i s seriall y connect ed to the Consol e Server, set the De stinat ion as <po rt lab el>:3389. For example, if the Label yo u spe[...]

  • Page 73

    73  Select Local and click the Add button  Cl ick Open to SSH c onne ct th e Clien t c omp ut er t o th e Cons ole S erve r . Yo u will n ow be p rom pt ed for the Username/Passwo rd for th e Console Server User you SDT enab led Note You can al so s ecure t he SDT communic at i ons fr o m local and enterprise VPN-c onnected Cli ent com puters[...]

  • Page 74

    74 Note How secure i s VNC? VNC ac cess generall y all ow s acces s to your w hole c omput er, s o securi ty i s v ery important . VNC uses a random chal lenge-response sy stem t o provi de the basic authent icati on that all ow s you to connec t to a VNC s er v er. T h is i s reasonabl y secure and the password i s not sent ov er t he network. How[...]

  • Page 75

    75 6.3 SDT C onnect or to Ma nage ment Cons ole SDT Connect or c an also be c onfig ured for brows er access to the gateway’s Manageme nt Console – and for Te lnet or SSH acce ss to the g atew ay comm and li ne . For these connecti ons to the g atewa y its elf, y ou must configure SDT C onnec to r to acces s the g ateway (its elf) b y s etting [...]

  • Page 76

    76 6.4 SDT C onnect or - Teln et or SSH co nnect t o seria lly attac hed de vices SDT Connect or can also be used to ac cess text consoles on de vices that are at ta ched to the Consol e Server’s seri al ports. For these connections, you must config ure the SD T Connec tor client software with a Ser vice th at w ill ac ces s th e t arge t gat ewa[...]

  • Page 77

    77  Cl ick Add then scr oll to th e bottom and cli ck Apply  Administrators by default have g ateway and serial port ac cess priv ileges; howeve r for Users to ac ces s th e gat eway and t he s erial p ort , y ou will nee d to give t hos e User s th e req uired ac ces s privileges. Selec t Users & Group s from Ser ial & Ne twork . Cli[...]

  • Page 78

    78 cm d /c st art " Start ing Out of Ban d Conne ctio n" /wait / min ras dial net work _c onne ctio n lo gin passw or d The network_c onne cti on in the abov e is the name of the network connection as di splayed i n Cont rol Pa nel -> Ne tw ork Co nnec ti ons . Login is the di al -in use rname, and password is th e dial -in password fo[...]

  • Page 79

    79 6.6 Impor ting (an d exp orting) pr efer ences To enable the di stribution of pre-configured cli ent config files, SDT Conne ctor has an Expo rt/Imp ort fac ilit y:  To save a config uration .xml f il e (for backup or for importing into other SD T Connect or clien ts ), select File -> Export Pref erences and selec t th e loc at ion t o sa [...]

  • Page 80

    80 SSH cli ent that SDT C onnector launches (e. g. Putty, OpenSSH ) and th e host's SSH server for publ ic key authentication. E ssential ly, what you are usi ng is SSH over SSH, and the t wo SSH connections are en tirely separate. 6.8 Setting up SDT f or Rem ote Deskto p Acce ss Microsoft ’s Remote Deskt op Protocol (RDP) enables the system[...]

  • Page 81

    81  To set the use r(s) w ho can remote ly a ccess the syste m w ith RD P, cli ck Add on the Rem ote Desktop Users dialog box Note If you need to set up new users f or Remote Desktop ac cess, open Us er Ac counts in the Control Panel and proceed thr ough the steps to no mi nate t he n ew u s er’ s nam e, password and account type ( Ad mi nistr[...]

  • Page 82

    82  In C ompute r , ent er the app r o priate IP Address and Port Number:  Where there is a direct local or ent erprise VPN connection, enter the IP Address of th e Consol e Server, and the Port Numbe r of the SDT Secure Tunnel for t he C onsole Server ’ s serial port (the one that is atta ched to the Windows co mputer to be controll ed). F[...]

  • Page 83

    83 Note T he Re mot e Des kt op Connecti on s oft w are i s pre-installed on W indows XP. Howev er, for earl ier W indow s com puters, you will need t o dow nload t he RDP cli ent:  Go t o the Micr os oft Dow nl oad Center sit e htt p://www .m ic roso f t .co m /dow nl oads /det ail s.aspx?f a mily id= 80111F21-D48D-426E- 96C2- 08AA2BD 23A49&[...]

  • Page 84

    84 Note T he rdeskt op c li ent is s uppl ied with Red Hat 9. 0:  rpm -iv h rdesktop-1. 2.0-1.i386. rp m For Red Hat 8.0 or o ther di stributions of Linux; download source, unt ar, confi gure, make, make then i nstall. rdesk top currentl y runs on m os t UNI X bas ed platf orm s wit h the X W indow System and can be downloaded f r o m http:// ww[...]

  • Page 85

    85 6.9 SDT S HH Tunnel for VNC Alternatel y, w ith SDT and Virtual Network Computing (VNC), Users and Administrators can sec urely access and control Window s 98/NT/2000/ XP/2003 , Li nux, Maci ntosh, Sol aris and U NI X computers . There’s a range of popular VNC software a vailable (UltraVNC, RealV NC, TightVNC) free ly and commercially. To set [...]

  • Page 86

    86  To set up a persis t ent VNC server on Red H at Enterprise Li nux 4: o Set a password using vncpa sswd o Edi t /etc /sys config/v ncs erve rs o En ab le th e ser vice with chkcon fig v ncserver on o Start th e s ervi ce wi th service vn cserver sta rt o Edi t /hom e/ username /. vnc /xstart up if y ou want a m ore a dvanced s essi on than ju[...]

  • Page 87

    87 A. When the V iewe r computer is co nnected to the Console Server through an SSH tunnel (over the publi c Internet, or a dial-in connection, or private network connect ion), enter local hos t (or 127.0. 0.1) as the IP VNC Se rve r IP address and t he s ource port you entered when se t ting SSH tunneli ng/port forwarding (in Section 6.2. 6) e.g. [...]

  • Page 88

    88 Note F or general bac kground readi ng on Re m ote Desktop and VNC access, we recom mend the f o ll ow ing:  The Mic rosoft Remot e Deskt op Ho w-To htt p://www .m ic roso f t .co m /w i ndows x p/using/m obilit y /getstart ed/rem oteintro.m spx  The Illust rated Networ k Remote Desktop he lp page htt p://theill ustrat ednetw ork .mv ps .o[...]

  • Page 89

    89 Window s 2003 and Window s XP Pr ofessional all ow you to create a si mple dial-in service which c an be used for the Remote Desktop/VN C/HTTP/ X connection to t he Console Server:  Open Netw ork C onnect ions in Con tr ol Pan el an d c lick t he New Conne cti on Wizar d  Select Set up an ad vanced c onnec tio n and click Next  On the A[...]

  • Page 90

    90  S pec ify wh ich User s wi ll be a llo wed to use this co nn ection. This sho uld be t he s ame Us ers w ho were given Remo te D eskt op ac ces s privile ges in t he ea rlier s tep . Clic k Next  On the Network Con nection sc reen, select TC P/IP and cli ck Properties  Select Speci fy TCP /IP addr es ses on the Inco ming TCP/ IP P rope[...]

  • Page 91

    91 Note T he abo v e not es describe set ting up an inc o ming c onnecti on for W i ndow s X P. T he s t eps are the same f or W indows 2003, ex cept that the set up s creens pr es ent sl ightly d iff erentl y : Put a c heck in the bo x f or Alw ays allow direct ly connec t ed devices such as palmt op… .. Al s o, t he option to Set up an advan ce[...]

  • Page 92

    92  On the S DT Se tting s me nu, sel ect SDT Mode (which will enabl e port forwarding and SSH tunneli ng) and enter a Username and U ser Password . Note W hen you enable SDT, this wil l o v err i de all other Configurat ion prot oco ls on that port Note If you leave the Usernam e and User Pass word fields bl ank, they default t o por tX X and p[...]

  • Page 93

    93 7. A LER T S A N D LOGGING Introd uction Th is c hap ter desc ribe s th e aler t ge nera tio n an d lo gging f eat ure s of th e Co ns ole S erver . Th e aler t f acilit y monitors the serial port s, all logins, the power status and envi ronmental monitors and probes. It sends emails, S MS, Nagios or SNM P alerts when specified trigger events o [...]

  • Page 94

    94  In the SMTP Se rver fi eld, e nter the IP addre ss of the o utgoi ng ma il Ser ver  You may enter a Se nder email address which will appe ar as the “ fr om” a ddr ess in all em ail notifications sent from this C onsole Server. Many SMTP servers check t he sender’s email address wi t h the host domain name t o veri fy the addre ss as[...]

  • Page 95

    95  In the SMTP SM S Serve r field in the Alerts & Lo ggin g: SMT P &SMS menu, enter the I P address of the ou tgoing mail Serve r  You may enter a Se nder email address which will appe ar as the “ fr om” a ddr ess in all em ail notifications sent from this C onsole Server. So me SMS gat eway s erv ice pro vider s on ly fo rwar d [...]

  • Page 96

    96 Note T he Console Serv ers hav e an sn mptrap dae mon t o send traps/not ific at i ons to r e m o te SNM P serv ers on de fi ned tri gger e v ents, as detail ed abo v e. The Cons ol e Ser v er s also embed t he net- snmpd daem on w hi ch accept SNMP requests f rom re mot e SNMP m anagement serv ers and provi des inform ation on network int er f [...]

  • Page 97

    97  Select Ale rts & Loggi ng: Alerts whic h w ill disp la y all t he a lert s cu rr ent ly co nf igure d. Cl ick Add Aler t 7.2.1 Ad d a n ew alert Th e fir st st ep is to sp ec ify t he a lert ser vic e th at will b e us ed t o s end not ific at ion for t his even t, wh o to notify, and what port/host/devi c e i s to be moni tored:  At [...]

  • Page 98

    98  Acti vate Na gios notif icati on if it i s to be use d for t his event. In an SDT N agi os central ly m anage d env ironm ent, you ca n check the Nag ios a lert opti on. O n the tri gge r conditi on (for match ed patterns, logins, power e vents and signal chang es), an NSCA check "warni ng" result will be sent to the central Nagios[...]

  • Page 99

    99  Serial Po rt Pat tern Mat ch Alert – Th is ale rt w ill be t rig gere d if a regula r ex pr ess ion is fo und in the serial ports character stream that matches the regular expression you enter in the Pattern field . This aler t t ype w ill on ly b e ap plied ser ia l por ts  UP S Pow er Status Alert - This alert will b e tr igger ed w h[...]

  • Page 100

    100 If you hav e selected A pplica ble Alarm S ensor(s) th at a re to be moni tored f or thi s ale rt eve nt, the n you ca n also set time windo ws wh en t hes e sen sor s will no t b e mon ito red ( e.g. fo r a d oor -op en s enso r, yo u may not wi sh to ac tivate the se nsor al ert moni torin g d uring the wor king day)  Cl ick Appl y 7.3 Rem[...]

  • Page 101

    101 7.4 Serial P ort L ogging In Console Server mode, activity logs of al l seri a l po rt activity can be maint ained. These reco rds are stored on an off-server, or in the Console Server flash mem o ry. Specify which serial ports are to have acti viti es re corded an d to what lev el da ta is to b e log ged:  Select Seria l & Netwo rk: Ser[...]

  • Page 102

    102 7.5 Network TCP or UDP Port Log ging The Console Servers can also log any access to and com munications with net work attac hed Hosts.  For each Host, when y ou set up t he P ermitted Servi ces which are authorized t o be used, y ou also must set up the leve l of lo ggin g th at is t o be mainta ined for eac h se rvic e  Sp ec ify t he lo[...]

  • Page 103

    103 PO W ER & EN VIRO NM ENT AL M AN AGEM ENT Introd uction The B092-016 C onsole Ser ver and B096-048/ 016 Console Server Manage m ent Sw itch products embe d software that can be used to manage connected Powe r Distribution Systems (PDU ’s), IPMI devices and Uni nt erruptibl e Power Supplies (UPS’s) supplied by a number of vendors, and so[...]

  • Page 104

    104  Cl ick Add RP C  Enter a RPC Nam e and Descrip tion for t he RPC  In C onnect ed Vi a , select the pre-configure d serial port or the network host address that connects to the RP C  Sele ct an y sp ecif ic la bels you wish to ap ply t o s pec ific RPC Outlets (e.g. t he PD U may ha ve 20 outlets connec t ed t o 20 powered de vices [...]

  • Page 105

    105 system is unrespon s iv e. To set up I PMI power con trol, t he Ad mi nistr ator fir s t ent ers the IP address/dom ai n name of the BMC or servi ce processor (e.g. a Del l DRA C) i n Serial & Net work: Netw ork Hosts. Then i n Serial & Net work: RP C Connection s , t he Admi n istr ator specif ies the RPC T ype to be IPMI1.5 or 2.0 8.1[...]

  • Page 106

    106  The outlet status i s display ed. You can initia t e the desi red Action to be taken by sele ct in g the appropriate i con: Power ON Power OFF Power Cycle Power S tatu s Yo u will o nly be p rese nt ed wit h ic on s fo r t hose o per at ion s th at ar e s upported by the Tar get you have sel ected 8.2 Uninter ruptible P ow er Suppl y Contr [...]

  • Page 107

    107  Select UPS as the Devi ce Type i n the S erial & Network: Seria l Port menu for each port which has Master control ov er a UPS and i n th e Seria l & Net work: Network Ho sts menu for ea ch network c onnected UPS (refer to Chapte r 4) No such confi guration is requi red for USB-connected UPS hardware.  Select the Ser ial & N [...]

  • Page 108

    108  Enter a UP S Na m e and Description (opt ional ) and identi fy if the UP S will be Conne cted V ia US B or over pre- c onfig ured serial port or v ia HTTP/HTTPS ov er the preconfigured ne t work H ost connection  Enter the UPS l ogi n deta ils. This Us ername and Passw ord is use d by Sl aves of this U PS (i.e . other computers t hat are[...]

  • Page 109

    109  Chec k Log Sta tus and specify t he Log Rat e (i.e. mi nute s between sampl es) if you wi sh the stat us from this UPS to be l ogged. T hese logs can be v iews from the Status : UPS Status screen  Chec k Enab le Nagio s to enable this U PS to be moni tored usi ng Nagios central m anageme nt  Clic k Apply You can als o cust omize the u[...]

  • Page 110

    110 8. 2.3 C onfiguri n g power ed com puter s to m onitor a Man ag ed UP S Once you have added a Managed U PS, each server tha t is drawing power through the UP S should be set up to monit or th e UPS s tat us as a Slave . Th is is do ne by in sta llin g th e NUT p ac kage o n ea ch serve r, and setting up ups mon to conn ect to the Conso le Serve[...]

  • Page 111

    111 - passw ord is the Password of the Manag er UPS 8.2.4 U PS alerts You can now set U PS alerts using Ale rts & Loggi ng: Aler ts (refer to C hapter 7 ) 8.2. 5 UPS st atus You can moni t or the c urrent st atus of all your Mana ged or M onitored UPS’s, whet her they are on the network or con nected seri ally or via U SB:  Select the Stat[...]

  • Page 112

    112 NU T can be config ured using the Management C onsole as described above, or you can configure the tools and manag e the UPS’s di rect ly from the comm and line. This section provi des an overvi e w of N UT. You can find ful l documentation at h ttp://www.netwo rkupstoo ls.org/doc . NU T is built on a networked m odel with a l ayered scheme o[...]

  • Page 113

    113 So NU T supports t he m ore co mpl ex power architectur es found in data centers, computer room s and NOCs w here many UPS’s from m any vendors powe r many systems wi th many cli ents and each of the larg er UPS’s power multipl e devices and many of these de vices are themsel ves dual powered. 8.3 Environm ental Monitor ing The Envi ronment[...]

  • Page 114

    114 8.3.1 Con necting the EMD The Environme nt al Moni toring Sensor (EMD) c onnec t s to any seri al port on the Console Serv er via a sp ec ial EM D Ad ap ter and standard C AT5 cable . The EMD is powered over thi s serial connection and communi c ates usi ng a custom handshake proto col. I t is not an RS2 32 device and sh ould not be conn ected [...]

  • Page 115

    115  Cl ick Add  Enter a Name and Description for the EMD and sele c t pre -co nfig ured serial port that the EMD will be Conne cte d Via  Provid e Labe ls for eac h of t he two al arms  Chec k Log Sta tus and specify t he Log Rat e (minutes between sampl es) if you wi sh t he status from this EM D to be l ogged. T hese logs can be v ie[...]

  • Page 116

    116  Select the Status : Envi ronme ntal St atus menu and a t able wi t h the summary stat us of all co nn ec ted EMD h ard war e will b e dis pl ayed  Cl ick on View Log or sel ect the Envi ronmen tal Lo gs men u an d you will be pres ent ed wit h a tab le and graphi cal plot of the log history of the select EMD[...]

  • Page 117

    117 A U TH ENTI C ATIO N Introd uction The Tripp Li t e C onsole Serve r is a dedicated Li nux co mputer, and it embodi es popular and proven Linux software modules for sec ure network ac cess (OpenSSH) and communi c ations (OpenSSL) and sophisticated user authenti c ation (PAM, RADI US, TACACS+ and LDA P).  This chapter detail s how the Adminis[...]

  • Page 118

    118 Loca l TACACS /RADI US/LDA P : T ries loc al au th ent ica tio n f irst , f alling b ac k to remo te if loc al f ails TACACS /RADIUS/ LDAP Lo cal : T ries remot e au th ent icatio n f irst , fa lling ba ck t o lo ca l if remo te fails TACACS /RADIUS/ LDAP Down Local : T ries r emot e au then tic at ion f irst , f alling b ac k to loc al if t he[...]

  • Page 119

    119 admi nistrativ e cont rol o v er t he authenticati on and authorizati on process e s . T ACACS+ all ow s f or a singl e access cont rol serv er (the TACACS+ daem on) to provi de authentic at i on, authori za ti on, and account ing servi ces independentl y. Each service c an b e ti ed into it s own database to t ake adv antage of other servi ces[...]

  • Page 120

    120 logi n, and other aut henticati on mechani s m s . Fur ther inform a ti on on conf iguring rem o te RADI US serv ers can be found at t he f o l lowing sit es : htt p://www .m ic roso f t .co m / t echnet/pr odtechnol/windows s erv er 2003/ l ibrary/ DepK it /d4fe8248- eecd- 49e4-88f 6-9e304f 97fefc.m spx htt p://www .ci sco.com /en/ US /t ech /[...]

  • Page 121

    121 LD A P The Li ghtweight Dir ectory Acc es s Protoc ol (LDAP ) is bas ed on the X.500 standar d, but i s signif icant ly s im pler and m ore r eadily adapt ed to m eet custom needs . The core LDAP specif icati ons are al l def ined i n RFCs. LDAP i s a protocol us ed t o acces s inf orm a ti on s t ored in an LDAP serv er . Fur ther i n f ormati[...]

  • Page 122

    122 9.2 PAM (Plug gable Authen tication Mod ules) The Console Server supports RADIU S, T AC ACS+ and LDAP for two-fact or authentication v ia PAM (P luggab le Authe nticati on Modul es). P A M is a f lexib le me chanis m for a uthenti cating Users. Nowada ys, a number of new ways of authenticating users have become popular. The chall en ge i s that[...]

  • Page 123

    123 po rt2 = 192. 168.254. 145/po rt05 } gl ob a l = cle artex t mit } RADIUS Examp le: paul C learte xt- Pass word : = "luap" Ser vi ce-Ty pe = F ramed-U ser, Fa ll- Thro ugh = No, Fram ed-F ilter- Id= ": group_ nam e= admi n" The li st of groups may i nclude any number of e ntries s eparated by a comma. I f the admin g roup is[...]

  • Page 124

    124 When you first enable and co nnect via HTTPS, it is normal that you may receive a certificate warn ing. The default SSL certifi c ate in your Console Server is embe dded durin g testing and is not signed by a rec ogn ized th ird p art y ce rtif ica te a ut ho rity . R ath er, i t is s ign ed b y our own s ign ing au th orit y . Th ese warning s[...]

  • Page 125

    125 NA GIOS INT EGR A TION Introd uction Nag ios is a powerful , hi ghl y extensible ope n sourc e to ol for monitori ng network hosts and servi c es. The core Nagios software package will typically be install ed on a server or virtual server, the central N agios server. Tripp Li t e C onsole Server s c an operate i n conjunction with a central/ups[...]

  • Page 126

    126 10.2 Central mana gement The Nagios solut ion has three pa rts: the Central Nagios server, Distributed Con sole Servers and the S DT for Nagi os soft ware. Central N ag ios server  A vanil la Na gio s 2.x or 3 .x ins talla tio n (t ypic al ly on a Lin ux s erver )  General l y runni ng on a blade, PC , vi rt ual m achine, etc. at a cen tr[...]

  • Page 127

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 127 Yo u will a lso r equ ire a we b ser ver s uc h as Apac he t o d i s play t he Na gios w eb U I (an d t his ma y be in sta lled automaticall y as a dependency of the Nag ios packages). Al t ernati ve ly , you m ay wish to d[...]

  • Page 128

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 128  Ch eck NSCA Ena bled , choos e an NSCA E ncrypti on Me thod and enter and confirm an NSCA Secr et . Re member th ese d etail s a s you will ne ed t hem lat er o n. Fo r NSCA In terva l , en ter 5  Cl ick Appl y . Nex[...]

  • Page 129

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 129  Cl ick Appl y Now set t he Console Server t o send alerts to t he Nagios server  Select Aler ts from the Alerts & L ogging menu and cli c k Add Alert  In Descript ion enter: Adm inistr ator co nnect ion  Ch[...]

  • Page 130

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 130  Enter the Na gios Ho st Name that t he Console Server wi l l be referred to in the Nagi os c entral server – this will be generated from l oc al System Name (entered i n S ystem: A dministra tion ) if unspecifie d [...]

  • Page 131

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 131 10.3.2 En able NR PE mon itorin g Enabling NRPE allows you to exe c ute plug -ins (such as check_tcp and c hec k_pi ng ) on the rem ote Con sole Server to monitor serial or network attached remote serv ers. This will offloa[...]

  • Page 132

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 132 10.3.3 En able NS CA mon itoring NSC A is the mecha nism that al lows you to sen d passi ve che ck res ults fr om the rem ote Co nsole Serve r to the Nag ios daemon runni ng on the monitori ng server. To enable N SCA:  S[...]

  • Page 133

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 133  Select Enab le Nagio s , specify th e name of the device on th e upstr eam server and determine t he check to be run on this p ort. Serial Status monitors the handshaking l ines on the serial port and Check Po rt monito[...]

  • Page 134

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 134  The Na gios Check nom inated as the ch eck- ho st- al ive check is used to de t ermine whether t he network host itsel f is up or down  T ypic ally t his wi ll be Check Ping – a lth ough in so me ca ses t he hos t [...]

  • Page 135

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 135 10.4 Adva nced D istribute d Mo nitoring Con f ig ura tion 10.4.1 Samp le Nagios co nfigura tion An ex ample configuration for Nag ios is listed be low. I t shows how to set up a remote Consol e Server to monitor a sing le [...]

  • Page 136

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 136 serv ice_de script ion Serial St atus host _nam e se rver use gene ric -ser vice check_command check_serial_status } defin e serv ice { servic e_desc ript ion serial-s ignal s-ser ver host _nam e se rver use gene ric -ser v[...]

  • Page 137

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 137 host _nam e t ripp lite depe nde nt_ host_ nam e serve r depe nde nt_ ser vice_ desc r ipti on Port Log serv ice_de script ion NRPE Daem on execution_failure_c riteria w,u,c } ; Ping defin e com mand{ com mand_ name chec k_[...]

  • Page 138

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 138 use gene ric -ser vice chec k_c omm and check _co nn_ via_ tri pp lite! tc p!22 } defin e serv ice { serv ice_de script io n host -p ort-t cp-2 2- serve r ; ho st-p ort- < p roto c ol> -<por t>-<ho st> hos[...]

  • Page 139

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 139 check_apt check_by_ssh check_clamd check_dig check_dns che ck_dummy check_fping check_ftp check_game check_hpjd che ck_h ttp check_imap chec k_ja bbe r check_ldap check_load check_mrtg che ck_mr tgtra f ch eck _na gio s che[...]

  • Page 140

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 140 11 . SYST E M MA N A GEM EN T Introd uction This chapter describes how the Admini strat or can perf orm a range of gene ral system admi n istration and configuration tasks on t he Console Se rver, such as:  Appl y ing So[...]

  • Page 141

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 141 Th is will r es et th e Con so le Ser ver b ac k t o it s fac to ry d efault set t ings a nd c lea r t he Co nso le Se rver ’s st ore d c onf igura tio n in for mat ion. The hard erase wil l clear al l cust om settings an[...]

  • Page 142

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 142  Spec ify the address an d name of the down loaded Firmware Upgrade File, o r Brows e t he lo ca l subnet and locate the downloaded fi le  Cl ick Appl y and the Console Se rver appli anc e will undertake a soft rebo o[...]

  • Page 143

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 143 12 . STA TUS REPO RT S Introd uction This chapter desc ribes the selection of status reports t h at are avail able for review:  Port Acc ess and Ac t ive U sers  Statistics  Support Reports  Syslog  UPS Statu[...]

  • Page 144

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 144 12.3 Support Rep orts The Support Report provi des useful status information that w ill ass ist t he Trip p L ite tec hn ica l sup po rt team to resolve any issues you may experienc e with yo ur Conso le Server. If you do e[...]

  • Page 145

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 145 Remote System Logging The syslog record can be redirect e d to a re mote Sy slog Serve r:  Ent er the remote Syslog Server address and port detail s and then cli ck Apply Loca l System Lo ggin g To view t he lo ca l Sys [...]

  • Page 146

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 146 13. M A N A GEM ENT Introd uction The Console Server Managem ent Console has a number of reports and tool s that can be a ccessed by both Admi nistrators and Users:  Access and control config ured devices  View serial[...]

  • Page 147

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 147  To display Host logs select Manage : Host L ogs and the Host to be display ed 13.3 Power Manag ement Admi n istrator and Users can access and ma nage the connected power devi c es.  Sele c t Mana ge: Power 13. 4 Se r[...]

  • Page 148

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 148  Cl ick Con nect to SDT Co n nect or to ac cess the Console Server co mmand line shell or t he serial ports via SDT Connector. This will act iv ate the SDT Co nnector clie nt on the computer you are browsing and load you[...]

  • Page 149

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 149  To access t he Console Ser ver comman d l ine, e nter th e gateway’s T CP address (e.g. 192.168. 254.198 ) as hostname and the Usernam e (e.g. root@192. 168.254.198) . Then en ter the Password  To access the Consol[...]

  • Page 150

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 150[...]

  • Page 151

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 151 14. B A S IC CONFI GURA TION - LI NU X COMM A NDS Introd uction For those who prefer to configur e their Co nsole Server at the Linux c ommand l in e l evel (rather tha n use a brow ser and t he Mana gem ent Console) , this[...]

  • Page 152

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 152 14.1 The Linux C omman d line  Power up the Conso le Server and connec t the “terminal ” device: o If y ou are conne cting us ing th e seria l line, p lug a s erial cab le betw een the Console Serv er local DB-9 p or[...]

  • Page 153

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 153 Options -a –run-all Run al l reg iste red config urato rs. This pe rforms every config uratio n sy nchronizati on act ion pus hing a l l changes to the liv e sys tem -h –h elp Disp la y a bri ef usage messa ge. -v –v [...]

  • Page 154

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 154 14.2 Adminis tration Conf igura tion System Settin gs To ch ange system setti ngs to th e f ol lowi ng val ues: Sys tem Name og. mydoma in.com System P asswo r d (r oo t acco un t) secr et Sy stem SMTP S erver 192.16 8.0. 1[...]

  • Page 155

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 155 # /bi n/config –-set =config .aut h.serv er=192. 168.0. 32 # /bi n/config –-set =config .auth. pass word=Se cret # /bi n/config – -set= ”config .aut h.ldap.bas enode=s ome bas e node” The fo llowing com mand wi ll[...]

  • Page 156

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 156 Time Zone To c hange the syst em ti me zone USA to Eastern St an dard T ime, you need to i ssue the followi ng commands: # /b in/conf ig –-set=c onfi g.system.ti mezone=U S/Ea stern The fo llowing com mand wi ll s ynchro [...]

  • Page 157

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 157 IP Address : 192.16 8.1. 100 Prima ry DNS: 192.16 8.1. 254 Seconda ry DNS : 10.1. 0.254 You wo uld ne ed to issue the f ollowing com mands from the comma nd l ine: # /bi n/config - -set =config. i nte rfaces .wan. mode=s t [...]

  • Page 158

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 158 # /bi n/config –-set =config .cons ole.fl ow=Hardw are # /b in/con fig –- set=co nfig.co nsol e.i nitstri ng=AT Q 0 V1H0 The fo llowing com mand wi ll s ynchro nize t he liv e sy ste m with the new configu ration. # /bi[...]

  • Page 159

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 159 # /bi n/config –-del= config .serv ices. pingreply .enab led The fo llowing com mand wi ll s ynchro nize t he liv e sy ste m with the new configu ration. # /bi n/config –-run=s ervice s Note: “ /bin/ config” comman [...]

  • Page 160

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 160 Suppo rted flow -contro l values are 'Hardware' , 'Soft ware' and 'N one'. Suppor te d Protocol Confi gurati on To ensu r e r emo te ac cess to ser ial po rt 5 i s confi gur ed a s follo ws: Te[...]

  • Page 161

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 161 So your new Us er wi ll be t he exis ting t otal plus 1, s o if the previo us comma nd ga ve y ou 0, the n you s tart w ith user n umber 1. If y ou alre ady have 1 us er, y our new us er wi ll be n umber 2, etc. If y ou wan[...]

  • Page 162

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 162 # /bi n/config –-set =config .porta ccess .rule2.ne tmas k=255. 255.255.0 # /bi n/config –-set =”conf ig.port access .rule2. descr iptio n=foo bar. ” # /bin/co nfig –-set =config .portacces s.rule2. port5= on # /b[...]

  • Page 163

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 163 Al ert Configur ati on You can add an email alert to th e system fro m the co mmand line by followi ng these inst ructio ns: Determi ne the to tal numb er of existin g aler ts (if you have no exi sting al erts) yo u can ass[...]

  • Page 164

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 164 # conf ig -s config. sdt .host s.hos t3.tcpport s.t cport3 = 3389 The ab ove assumes the con fig below: # v i /etc/c onfig /config. xml ~ < /users > </h ost1> <t otal>3< /tot al> <h ost2> < [...]

  • Page 165

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 165 14.8 Config urati on backup a nd res tore Before backing up the config uration , yo u need to arra nge a w ay to t ransfer the back up o ff-box. Thi s co u ld be via an NFS shar e, a Samba (Windows) share to USB storage, or[...]

  • Page 166

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 166 As SSH use s thes e ke y s to avoid m an-in-the -midd le attack s, logg ing in may be disrupt ed. 14.9 Genera l Linux comma nd usa ge The Console Server platform i s a ded icated Linux computer, optimize d t o provi de acc [...]

  • Page 167

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 167 route open ntpd pin g portm ap pppd routed set ser ial sm tpclie nt stty st unel tc pdump tftp tip tra cerou te More detai ls on the above Li nux comm ands can found online at : http://en. tldp.org/ HOWTO/HOWTO-INDEX/howtos[...]

  • Page 168

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 168 15. A DV A NCED CONFI GURA TION Introd uction This cha pter doc uments the em bedded por tmanager applicat ion whi ch manag es t he s erial ports on t he Cons ole Se rver an d giv es e xample s of it s us e:  portm anage[...]

  • Page 169

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 169 15.1 Ad v anc ed Port manag er pm shell The pmshell command acts si mil arly to th e standard tip or cu c ommands , but a ll se rial p ort acces s is directed v ia t he port manage r. Exa mple: To c onnect to port 8 via t h[...]

  • Page 170

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 170 pmchat The pmchat command acts simi la rly to the stan dard chat command , but a ll se rial po rt acce ss is direct ed via the po rtmana ger. Exa mple: To run a chat script vi a the po rtmana ger: # pmchat - v - f /etc/conf[...]

  • Page 171

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 171 Port man age r Dae mon Comm and line o ptions Ther e is normall y n o need to stop and restart the d aemon. T o restart the daemo n, just run the command: # portma nager Suppo rted comma nd l ine opt i o ns are: Force p ort[...]

  • Page 172

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 172 When an alert occu rs on a po rt, the po rtmanag er will att empt to exe cute /etc/ confi g/sc ripts /portXX.al ert (where XX is the p ort num ber, e .g. 08) The s cript is run w ith STD IN c ontaining the dat a w hich trig[...]

  • Page 173

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 173 fi if [ -z "$L ABEL" ]; th en ech o "W elcom e $USER, you are c onn ected to Port $PO RT" els e ech o "W elcom e $USER, you are c onne cted to Port $PO RT ($LAB EL)" fi </etc/ config/ pmshel[...]

  • Page 174

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 174 To ove rride the s tandard modem init ializ ation s tri ng, eit her us e the M anag ement C onsole (ref er to Chapter 5 ) or the command l ine config tool (refer to Dial- In Confi gurati on Chapter 14 ).  Enabl ing Boot [...]

  • Page 175

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 175 Cus tomizin g the IP-F ilter : / etc/ config/fi lte r -custom If t he st andard sy stem firewall config urati on is not ade quate fo r you r needs, it ca n be bypass ed sa fely by cre ating a file at /e tc/co nfig/ filte r,[...]

  • Page 176

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 176 Resour ces Ther e are many high-quality tuto rials and HOWTO s avail able via th e net filter webs ite; in par ticular, peruse th e tutori als listed on the n etfilt e r HOWTO pa ge. A list of usefu l web loca tions has bee[...]

  • Page 177

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 177 The snmpd.conf is ex treme ly powerful a nd to o f lexible t o cov er com plete ly he re. The config urat ion f ile it self is com mente d ext ensiv ely and g ood doc ument ation is av aila ble at t he net-s nmp website h t[...]

  • Page 178

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 178 To se t the Eng ine I D fie ld (SNM P ve rsion 3 on ly) co nfig -- set c onfig .syste m.sn mp. engin eid2=8000 0002010 984030 1 .. re pl aci ng 800 000020 109840 301 with the engine ID To set th e Username field (SN MP vers[...]

  • Page 179

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 179 OpenSS H, the de facto open sou rce SSH a ppl ication, e ncry pts all t raffic (includ ing pas swords ) to effec tively el iminate these ri sks. Addition ally, Op en SSH provid es a myriad of secur e tunneling capabil ities[...]

  • Page 180

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 180 G enerat ing public/ priv ate rs a ke y pair. Ente r file in wh ich t o sav e the key ( /home/use r/. ssh/id_ rsa): /home/ user/ keys /control _room Ent er pas sphras e (empt y for no pa ssphra se): Ent er sam e pass phras [...]

  • Page 181

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 181 As suming t he use r on the Manag ement C onsole is calle d "f red"; the IP address of the Console Serv er is 19 2.168. 0.1 (de fault ); and t he public key is on the l inux/ unix comput er in ~/.s sh/ id_ds a.pub[...]

  • Page 182

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 182 More doc ument ation on OpenS SH can be fou nd at : htt p://opens sh.org /portab le.ht ml http: // www.open bsd.o rg/c gi-bi n/man.cgi? query=ssh &sekti on =1 http :// www.op enbsd .org/ cgi-b in/man .cgi?q uery=sshd Ge[...]

  • Page 183

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 183 OpenSSH: http :// www.op enssh .org/ OpenSSH (Windows): htt p://sshw indows. sourcef orge. net/downl oad/ For ex ample , using PuTTYg en , make s ure y ou hav e a rece nt vers ion o f the puttygen.exe (av ailable from http [...]

  • Page 184

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 184  Cre ate a ne w file " authori zed_keys " (wit h note pad) and copy y our publ ic key data f rom the "Public key for pas ting i nto Ope nSSH auth orize d_ke ys file " sec tion of t he Pu TTY Ke y Gene[...]

  • Page 185

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 185 The aut henticit y of h ost 're mho st (192.1 68.0. 1)' ca n' t be e stab lished. RSA key fing erprint is 8d :11:e0 :7e:8a :6f:a d:f1:94 :0f:93 :fc:7c :e6:ef :56. Are you s ure y ou want to contin ue connecti[...]

  • Page 186

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 186 As detaile d in Cha pter 4, the Serv er gateway i s set up in Console Ser ver mode wi th either RAW or RFC221 7 enabled and the Clien t gateway is set up in Serial Br idging Mo de with th e Server Addres s, and S erv er TCP[...]

  • Page 187

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 187 Ge nerated k eys may be one of two t ypes - RSA or D SA (and it is be yond the sc ope of t his docume nt to recomme nd o ne ove r the other). RS A key s will g o int o the files id_ rsa and id_r sa.pub . D SA key s will be [...]

  • Page 188

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 188 Your ident ification has be en sav ed in /home/user /keys/ control_r oom Your publi c key has bee n sav ed in /home/us er/keys /control _room. pub . The key f inger print is: 28:a a:29:3 8:ba:40 :f4:11 :5e: 3f:d4:fa :e5:36 [...]

  • Page 189

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 189  To use public key authen tication wi th SDT Conn ector, fir st you must fir st create an R SA o r DSA key pa ir (using s sh-key gen, PuTTY gen or a sim ilar tool) an d add the pu blic pa rt of your SSH key pai r to the [...]

  • Page 190

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 190 http :// www.op enssl .or g/do cs/app s/op enssl .html http :// www.op enssl .or g/do cs/H OWTO/c erti ficates.txt 15. 8 HTTPS The Ma nagem ent Cons ole can be serv ed usi ng HT TPS by ru nning the we bserve r via ss lwra p[...]

  • Page 191

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 191 Yo u w i ll be pro mpted to enter a lot o f inform ation. Most of i t doesn't matter, but the "Commo n Name " should be t he dom ain nam e of y our c omput er ( e.g. tes t .t ripplite .com). When yo u have en[...]

  • Page 192

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 192 443 st ream tcp nowait root sslwrap -cert /etc /con fig/ssl_ cert. pem -key /e tc/co nfig/ss l_ke y.pe m -ex ec /b in/ht tpd /hom e/httpd " Save the fil e and signal in etd of the configura tion change . kill -HUP ` ca[...]

  • Page 193

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 193 Targ ets conne cted to RPC's that could not be conta cted (e. g. due to network failu re) a re rep orted as stat us "unknow n". If p oss ible, output w ill be c ompres sed into h ost ranges . -n, --n ode Que [...]

  • Page 194

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 194 Pow er on foo 0,foo 4,foo5 : powerman - -on foo[ 0, 4-5] As a remi nder to the reader, so me shells will i nterpr et brac kets ([ and ]) for p attern matching. Depe nding o n your s hell, it may be neces sary to e nclose ra[...]

  • Page 195

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 195 Th e first i s to have scr ipts to sup port th e p articu lar RPC i nclud ed in the op en sour ce PowerMan projec t ( http:/ /sourcef orge.ne t/proje cts/power man ) . Th e PowerMan device s pecifica tions are unusua l and [...]

  • Page 196

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 196 This v alue w ill be pas sed t o the sc ripts in the env ir onment v ariab le outlet , al lowing the s cript to addr ess the correc t outlet. There a re fo ur pos sible s cripts : on, off, cy c l e and status When a s cript[...]

  • Page 197

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 197 [ -U < us ername >] [ -A < authty pe >] [ -L < priv lv l >] [ -a | -E | -P | -f < passw ord >] [ -o < oemtype >] < command > ipmi tool [ -c | -h | -v | -V ] -I lanpl us -H < hos tname [...]

  • Page 198

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 198 -f < password_f il e > Spec ifies a file co ntaini ng t he remot e serv er pa ssw ord. If t his option is a bsent , or if pas sword_file is e mpty, t he pass word will defa ult to NULL. -h Get basic usa ge help fr om [...]

  • Page 199

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 199 envir onm ents where system secur ity is n ot an issue or where th ere is a dedicated sec ure 'mana gement network ' or acces s has been prov id ed thro ugh an C onsole S erver. Fur ther, i t i s stro ngly advi se[...]

  • Page 200

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 200 ipmi tool ch assis h elp Cha ssis Commands : sta tus, pow er, iden tify, po licy, rest art_caus e, poh, b ootdev ipmi tool chass is power help ch assis p owe r Co mman ds: statu s, on , of f, cyc le, r eset, d ia g, so ft Y[...]

  • Page 201

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 201 - Select Stat us: Suppo rt R eport - S cro ll do wn t o Processes - Look for : /bin/ss h -M N -o Cont rol Path=/ var/r un/cas c ade/% h Slave name - These are t he Slaves that are connect ed - Note: The end of the Sl aves&a[...]

  • Page 202

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 202 16. THI N CLIENT (B092-016) Introd uction The B092-0 16 has a sele ction of ma nagem ent clie nts (Fir efox brows er, SSH, Tel net, VNC vie wer, IC A, RDP) em bedded as well as the Tripp Lite P owerAle rt software. Wi th t [...]

  • Page 203

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 203  F or ea ch new Host you ad d, yo u will b e ask ed t o en te r a Lab el (enter a descriptiv e name) and a Hostname (enter th e IP Add ress or DNS N ame of th e new n etwork connected Host) and possibly a User name (ent [...]

  • Page 204

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 204 16.1.1 Conn ect- serial te rmina l  Sele c t Conn ect: S erial on the control panel and cli ck on the desire d serial port. A window will be created wi th a connection to the device on t he selected seri al port: The emb[...]

  • Page 205

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 205 The B092-0 16 provid es a powerf ul Moz illa Fir efox bro wser with a lice nsed Su n Java JR E Java and al l Jav a based trademarks and logos are trademarks or regi st ered trademarks of Sun Microsystems, Inc. in the U. S. [...]

  • Page 206

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 206  If t he Host Name was l eft blank when the VNC serv er connection was c onfigured, then the VN C View er w ill st art wit h a r equ est fo r th e VNC ser ver.  Sele ct ing Options at this stage enab les you to config[...]

  • Page 207

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 207 The B092-0 16 SSH connection uses OpenSSH ( http:// www.openssh. com/ ) and t he termi nal connection is presented usi ng rxvt ( ouR XVT ). You can find more detail s on configuration options i n htt p://www.rxvt.o rg/manu [...]

  • Page 208

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 208 The resulting serial charact er c onnect ion i s presented i n an rxvt (ouR XVT ) windo w. Also the Serial-Over- LAN f eat ure is on ly ap plic able t o IPM I2.0 dev ices.  Select Log s: IPMI on the control panel and sel[...]

  • Page 209

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 209 You can use Add/Del ete/Edit to custom ize the rdesktop cli ent (e.g. to include l ogin usernam e passwords). The comm and line protocol i s: rd esktop -u w i ndo ws-user-id -p windows -password -g 1200x950 ms-w indows -ter[...]

  • Page 210

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 210 16.1.8 Conn ect- PowerAlert  Select Conn ect: Po werAlert on the control panel . The P owerAlert software wi l l be launched. 16.2 Adva nced C ontrol Pa nel 16.2.1 System: Termina l Sele ct ing Sy stem: Te rminal on the [...]

  • Page 211

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 211 16 .2. 2 System : Shutdow n / Re boot Clic kin g Sys tem : Shut down on th e co nt ro l pan el will sh ut do wn th e B0 92-0 16 s yst em. Y ou w ill nee d to cycl e the powe r to re activa te the B092-016 wi th a soft reset[...]

  • Page 212

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 212 16.3 Remot e contr ol You can acces s the B092-01 6 local ly via a dire ctly connected ke yboard, m onitor and m ouse (or KVM swi tch). If the B092-016 i s connected to a KVMoIP infrastructur e, then this m ay also prov ide[...]

  • Page 213

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 213 Appendix A Hardw are Specification FEA TU RE VA LUE Dime nsions B096-016 / B 096-048: 17 x 12 x 1.75 in (43.2 x 31.3. x 4 .5 cm) B092-016: 17 x 6.7 x 1.75 in (44 x 17 x 4.5 cm) Weig ht B096-016 / B 096-048: 11 .8 l bs (5 .4[...]

  • Page 214

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 214 Appendix B Seria l Port Connec tiv ity Pinout standards ex ist for both DB 9 and DB25 connect ors, however, there are n ot pinou t standards for serial co nnectivi ty using RJ45 connectors. Many Console Serve rs and seriall[...]

  • Page 215

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 215 Conne ctors inc luded i n Con sole Server The B092-0 16 Consol e Serve r with Pow erAl ert, and the B096-048/0 16 Console Server Ma nageme nt Switch ship w ith a “cross-over ” and a “straig ht ” RJ45-D B9 connector [...]

  • Page 216

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 216 Appendix C End User L icense A g reement READ BEFORE US I NG T HE A CCO M PANYING SOFT WARE YOU S HOULD CAREF ULLY READ THE FO LLO W I N G T ERMS AND CO ND ITIO NS BEF O RE USING THE ACCOM PANYIN G SOFT W AR E, THE USE OF W[...]

  • Page 217

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 217 EXPORT RESTRICTIONS. You agr ee that you w i ll not ex por t or re-export t he So ft w are, any part thereof , or any pr ocess or s erv i ce that is the di rect product o f the S o f tware in viol a t ion of any appli cable[...]

  • Page 218

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 218 REGA RD IN G THE D EVICE OR TH E S OF T WARE, TH OSE WARRAN TIES D O NOT ORI GIN ATE FR OM , AND AR E N OT BIND ING ON, TR IPP LIT E. NO LIABILITY FOR CER TAIN DAMAG ES. EXCEPT AS PROHIBIT ED BY LA W , TRIPP LITE SH ALL HAV[...]

  • Page 219

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 219 Eve ryone is pe rmitted to copy and d istribute ve rbat im copies of th is license docu m e nt, bu t chang ing i t is no t allowe d. GNU GENERAL PUBLI C LI CENSE TERMS AND CONDITIO NS FOR COPYING, DI STR IBUTION AND MODI F [...]

  • Page 220

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 220 a ) Accompan y it with the co mplete co rrespond ing machine -r e adabl e source code , wh ich must be dis tri bu t e d unde r the te rms of Se cti o ns 1 and 2 abo ve on a m e d i u m c usto m a rily use d for sof tware in[...]

  • Page 221

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 221 distribution limitation e x cludi ng those coun tri e s, so that dis tribution is per mitt e d on l y in or a mong coun tries no t thus exclude d. In such case , this Lice nse inc orporate s the limitatio n as if writte n i[...]

  • Page 222

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 222 3. Source Code . Sof tware may co ntain sou r ce code that, unle ss ex pressly license d for o ther p urpose s, is pr ovide d solely fo r refe rence purposes pu rsuant to the ter ms of you r lic ense . Source code may no t [...]

  • Page 223

    ____________ _______________ ________________ _______________ ___________ B096-016 B096-048 and B092-016 U ser Manual Page 223 Appendix D Service and Warranty Limite d War ranty Selle r war ran ts th is pr odu ct , if use d in ac co rda nce w ith all ap plic able in st ruc tio ns , to be f ree f rom orig ina l de fect s in m at eri al and workmansh[...]

  • Page 224

    T ripp Lite W orld Headquar ter s 1111 W . 35th Street, Chicago, IL 60609 USA (773) 869-1234 (USA) • 773.869.1212 (International) www .tr ipplite .com 23 20 090 3108 93 - 2879 _ EN[...]