Go to page of
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Black Box 1101, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Black Box 1101 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Black Box 1101. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Black Box 1101 should contain:
- informations concerning technical data of Black Box 1101
- name of the manufacturer and a year of construction of the Black Box 1101 item
- rules of operation, control and maintenance of the Black Box 1101 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Black Box 1101 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Black Box 1101, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Black Box service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Black Box 1101.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Black Box 1101 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
M a y 2010 LE S 1101 A LE S 1102 A 110 1 a nd 1102 Sec ure Device Ser vers Sec ure ly mon i tor , a cc e ss , and cont ro l th e co mpu ter s, networking dev ices , tel e communica t ions equipment, an d power suppli es in your dat a room or com munica tion s center s . Manag e yo ur servers : • L o ca l l y across yo ur manage ment LAN or throu [...]
-
Page 2
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 2 Feder a l Comm unicatio ns Com m ission and Ind ustr y Ca nad a R adio Frequenc y Interfe rence Stat e ments This e quipm ent g enerates , uses, a nd can radiate radio-fre qu ency ener gy, and if no t i nstalled a nd used p roperly , th at is, in st r i ct a cco rd an ce w [...]
-
Page 3
FC C a n d IC RFI Sta tem ent s 724-746-5 5 00 | blackbox.co m 3 No r mas Ofi ciales Mexi canas ( NO M ) Elect ri cal S af ety Stat ement INSTRUC C IONES D E SE GURIDAD 1. T odas l as i n str u cci on es de se gu ri d ad y op eraci ón deberán ser leídas a nt es de que el a par at o eléct rico sea operado. 2. La s i nst r ucc i on es de se g ur [...]
-
Page 4
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 4 Trade mar ks Used in thi s Manu a l Black Box and the Doub le Diamond logo are re g istered trademarks of BB Technologies, Inc. Mac is a registered trade mar k o f Apple Co mputers, Inc. Linux is a regi ster e d trade mark o f Linus T orvalds. Internet Explorer, Window s, W[...]
-
Page 5
Ta bl e of C o nte n ts 724-746-5 5 00 | blackbox.co m 5 5 T able of C ontents 1. Sp eci fi c atio n s .............................................................................................................. ............................................................................................ 9 2. Ov e rvi ew ..........................[...]
-
Page 6
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 6 6 6.7 SD T Con n ecto r Pu bl ic K e y Au th en ti c atio n ................................................................................... ................................................................. 52 6 .8 S ett in g Up SD T fo r R emo t e D es k top A cc e ss .[...]
-
Page 7
Ta bl e of C o nte n ts 724-746-5 5 00 | blackbox.co m 7 7 11 . S yst e m M an ag em ent .......................................................................................................... .................................................................................... 106 1 1 .1 S y st e m A d m in ist r at io n an d R es et ...........[...]
-
Page 8
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 8 8 15 .6 .4 In st al lin g S SH Pu b lic K eys A u th ent i ca t ion ( Linu x ) ..................................................................... ....................................................... 148 15.6. 5 G enerating Public/Pri vate Keys for SSH (Windows) ......[...]
-
Page 9
C h a pt er 1 : S p e cif icat i o ns 724-746-5 5 00 | blackbox.co m 9 1 . S pecificat ions CPU: MIcrel KS8695P controller Memo r y: 16 MB SDRAM, 8 MB Flas h Seri a l Baud Ra tes: 2400 to 115 ,200 bps Connectors: LES 1101 A: (1) DB9 R S-232 serial, ( 1 ) RJ -45 10/100BASE-T Ethernet; LES1102A: (2) DB9 R S-232 serial, (1) RJ-45 10/100BASE-T Ethern e[...]
-
Page 10
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 10 2. Ov er vi e w 2 . 1 I nt roduct ion This U ser’s M anual w alks you through insta lling and c on fi gu ring your B lack Bo x Sec u re D evice Se rver s (L ES1101A or LES 1102A ). Ea ch o f th es e products is referre d to ge n erically in this manual a s a “ console [...]
-
Page 11
C h a pt er 2 : Ov ervi e w 724-746-5 5 00 | blackbox.co m 11 devices ; and c on trol these devices u sing t h e speci fied serv ices (f o r example, Te lnet, HH TPS, RD P, IP M I, Se rial over L AN, Po w er Control). An au th o r i zed User a ls o ha s a li mit e d v ie w of t he Ma na ge me nt C ons ole a nd c a n onl y acc e ss a ut hor iz e d c[...]
-
Page 12
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 12 Table 2 -1. LES 1101A front-pan el c ompon ents. Number Component Description ` 1 Barrel connect o r Power 2 RJ- 45 c onn ect o r Li n ks to 10/100 Mbps Ether n et 3 J1 jum p er Select s R S-232, RS-485, R S- 422 4 RJ- 45 LED Et hernet Connectivity LED 5 R J-4 5 Eth e rn e[...]
-
Page 13
C h a pt er 2 : Ov ervi e w 724-746-5 5 00 | blackbox.co m 13 2.5. 3 LES 1102A F r o nt Pane l Fi gu re 2 -4 shows t h e front p anel o f t h e LES 1102A . Ta b le 2 -3 d escribes i ts components. Fi gu re 2-4. LES1102A front panel. Table 2 -3. LES 1102A front-pan el c ompon ents. Number Component Description 1 Barrel connect o r Power 2 8-posit io[...]
-
Page 14
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 14 2 . 6 W hat ’s Inclu d ed Your package should include the following items. If anyt h ing is missing o r damaged, contact Black Box Technica l Support at 724- 746-5500 or info @ b l a ckb o x . co m . 2.6. 1 LES 1101A • 1101 Secure D evice Server • Universal input 12-[...]
-
Page 15
Ch a p t er 3: Ins tallation 724-746-5 5 00 | blackbox.co m 15 3 . Ins ta lla t ion Make s ure you h ave every thing l isted in Cha pter 2, Section 2.6 for your 1101 o r 1102 Secure Device Server. 3.1 P o we r C on ne c ti o n The LES 1101A or LES1102A m od els are ea ch supplied w i th a n exter n al DC wall m oun t pow er s upp l y. T his power s[...]
-
Page 16
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 16 Table 3-1. RS-232 DB9 connector pinouts. Signal Pi n Definition CD 1 Receive d Line Signal D etect o r RXD 2 Receive d Data TXD 3 Tran s mi tt ed D at a D T R 4 D ata Te r mi na l Re ady GND 5 Si gn al Ground DSR 6 Data Set Ready RTS 7 Request T o Send CTS 8 Cl ear T o Sen[...]
-
Page 17
Ch a p t er 3: Ins tallation 724-746-5 5 00 | blackbox.co m 17 We b m anagement cons o le. Two short cable loops ar e als o required b etwee n the RX+/T X + pin s and RX -/T X - pin s. This is b eca u se the LES1102A uses universa l di fferentia l transceiver s that support 4-wire (RS- 422 ) and 2-wire (RS-485) op eration. In R S-485 mode, P ort 2 [...]
-
Page 18
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 18 4 . System Co nfigurati on Th i s chapter provi d es ste p -by-ste p i n struct ions for t h e console server’s i n itial c onfigurati on , and f or connecting it to t h e Ma na ge me nt or Ope ra t i ona l LAN . Th e Administrator must: • A cti va te t he Ma na ge me [...]
-
Page 19
C h a pt er 4 : S ystem C o nf i g ur ati o n 724-746-5 5 00 | blackbox.co m 19 Fi gu re 4-1. Run screen. No w add a s ta t ic en tr y to the AR P tab l e an d ping th e console server to ass ign the IP a dd ress t o th e c on sole server . I n t h e example b el o w, a con sol e se rver has a MAC Address 00:13:C6:00:02:0F (designate d on the label[...]
-
Page 20
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 20 You will be prompted to log in. Enter t h e d efa u lt administ r ation user na me a nd adminis tra ti on passw ord: Username: r oot Passw ord: default F i gur e 4- 2. Lo gin sc re e n. NOTE: C onsole ser ver s are fac tory c onfigured w ith HTTPS acce ss enable d and HTTP[...]
-
Page 21
C h a pt er 4 : S ystem C o nf i g ur ati o n 724-746-5 5 00 | blackbox.co m 21 F igure 4-4. System : Ad mi n istra tion scree n . 1. Sel ect Syste m: Administra tion. 2. E nter a new System Pass word t h en re-e nter it in Confirm Sys t em Pass wo rd. T h is is t h e new pa ssword f o r r oo t, t h e ma in adminis trative user account, so choose a[...]
-
Page 22
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 22 F i gur e 4- 5. IP Se t ti ngs sc r ee n. I f y ou s e lec te d DHCP , t he co n sol e s e r v er wi ll lo ok f or c onf ig ura ti on d et ai ls fr om a D HCP se rv e r on y our ma na ge me nt L AN. T hi s sel e ct ion au to m ati c al ly di s ab l es an y s t at i c ad d [...]
-
Page 23
C h a pt er 4 : S ystem C o nf i g ur ati o n 724-746-5 5 00 | blackbox.co m 23 Fi gure 4-6. Sys t em: Se rvices scree n. Sel e c t th e S y s t em: S e rv i c es op tio n , th en s e l ec t /d es e l ec t fo r the se r vi c e to b e en ab l ed /d i s ab led . Th e fo l lo w i ng a c c es s pro to co l options are availa b le: • H T TP S : Th i s[...]
-
Page 24
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 24 • Base: The cons o le ser ver us e s spe c if i c d e f aul t r an g e s fo r th e TC P/ I P po r t s fo r th e v a rio u s a c c e ss ser v ic e s tha t Users and A d m in ist ra to r s can u se t o access d evices attac hed t o seria l po rts (as covere d in Cha pte r [...]
-
Page 25
C h a pt er 4 : S ystem C o nf i g ur ati o n 724-746-5 5 00 | blackbox.co m 25 4.5. 2 P uTTY You ca n also use c om municati on s p ackages l i ke Pu TTY to co nn e c t to th e c ons ol e s e rve r command l ine (and to c onnect seria lly attac h ed device s as co v er ed in Chapter 5 ). Pu T TY is a f reew are i mpleme n tation of Te lnet a nd SS[...]
-
Page 26
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 26 5 . Se ria l Port, Host, Devi ce, and User Co nfig urat io n The Black Box LES1101A and LES1102A co n so l e s e r v er en abl e s a c c e ss an d con t rol of s er i al ly a tt a ch ed d ev i c es an d n etw o rk a t t ach ed d e vi c e s ( ho sts ). Th e Adm inis trator [...]
-
Page 27
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 27 F igure 5-2. Serial port scree n . Select Serial & Netw o rk: Seria l Port and y ou wil l see the c u rre n t la b els, modes, logging levels , and R S-232 protocol options th at are curre n tly s et up fo r each se rial port. By d e[...]
-
Page 28
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 28 Be fo r e pro ce ed ing w i th fu rth e r s e ri a l p o r t co n figu rat io n , con n ect t h e po r t s to th e s e ri a l d e v ic e s th e y w ill b e co n t ro l lin g , an d make sure they have matchi ng sett ings. NOTE: The serial ports are all set at th e factory [...]
-
Page 29
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 29 F i gur e 5- 5. Wi nd ows fe a tur es sc ree n. If th e re mo te co m mu ni c a tio n s a r e tu n n e le d wi th SDT Conn ect o r , the n y ou can us e Tel net to sec urel y acce ss these a ttached d evices (refer to the No t e b e low [...]
-
Page 30
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 30 F i gur e 5- 6. P uTT Y Co nfi gur a ti on sc re e n. Pu T TY can b e downloaded at http://www.tucows.c o m/preview/ 19 5286.html SSH: We recomme nd that you u se SSH as t he protocol wh ere t h e Use r or Adm inistrato r co n n ect s to the cons o le server ( o r connect [...]
-
Page 31
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 31 TCP: RAW TC P allo w s connect ion s directly to a TCP socket. Comm unicat ions prog rams like Pu T TY also support RAW TCP. You would usually access t hi s pr otoc ol v ia a c us tom a ppl ic at io n. For RAW TCP, the d efault port addr[...]
-
Page 32
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 32 F i gur e 5- 9. S DT se tt i ngs . F or conf igurati on details , refer to Chapte r 6. 4—U si ng SDT C on nec to r to Te l ne t or SS H co nne ct t o de v ice s t ha t a re se ri a lly at tac he d t o th e c ons ole se rver . 5.1. 4 De vi ce (R PC , UP S, E M D ) M o de [...]
-
Page 33
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 33 Fi gu re 5-12. Serial bri d ge setti ng s. Se le ct Se ri al Br id gi ng Mo de a nd s pec ify t he IP a ddr es s of t he Server c onsol e server and th e TCP port address o f th e remote seria l por t (for R FC2217 bri dg ing this w ill [...]
-
Page 34
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 34 5.2 A d d/ Ed it Us er s Th e Adm inis trator u s es thi s m enu s el e ctio n to s e t up , ed it , an d d e le t e us er s , an d to d e fin e th e ac ce s s perm i ss ion s fo r e a ch of th e s e use rs . Fi gu re 5 -15. Users and Groups sc reen. Users ca n be a ut hor[...]
-
Page 35
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 35 Fi gu re 5-16. Add a n ew user screen. Click Add User to add a n ew user . Add a U sern ame a nd a c on firm ed Pass word for eac h new user. You may also incl ud e informati on related t o t h e user (f o r exa mp le, c on ta ct de ta i[...]
-
Page 36
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 36 5.3 A ut h en ti c at io n Re fe r to Ch apt er 9. 1 —Au thenticati on Configuration for authenticat ion configurat ion details. 5 . 4 N e tw or k Ho st s To acces s a locally networked com pu ter or device (refe rred to as a Host ), you must identi fy the Ho st and spec[...]
-
Page 37
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 37 5 .5 T rusted Ne tw orks Th e T ru st ed N etw o r ks fac i l it y gi v e s yo u an op t io n to no min a t e sp ec if i c IP add r es s e s wh er e us e r s ( Administra tors and Us e rs ) mus t be lo c ated to acce ss c ons ole se rve [...]
-
Page 38
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 38 Fi gu re 5 -19. Serial Por t re dir ecti on. This s erial port redirector s oftwar e is loaded i n your d esktop PC, a nd it al lows you to use a serial device t h at’s c onn ecte d t o the re mote c ons ole se rver as if it were co nn ected to y our l o cal s eria l por[...]
-
Page 39
Chap te r 5 : S e ri al Po r t, Ho s t, De vi ce, and Us e r Con figu ra ti on 724-746-5 5 00 | blackbox.co m 39 • Select t h e connecti on type for the new connecti on (Serial, Netw o rk Host, UPS, or R PC) and th en select the specific connecti on from the pr esented list of confi gu red un all ocated hosts/ports/ ou tlets. T o a dd a n ew net [...]
-
Page 40
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 40 6 . S ecur e S SH Tu nn e l in g a nd S D T Conn ecto r Each B l ack Bo x c on sole se rver h as a n embedded SSH serve r and u ses SS H tunnel ing so rem o te users ca n sec ur ely connect t h rough th e c ons ole server to Managed D evice s—usi ng text-base d cons o le[...]
-
Page 41
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 41 • Usi ng SDT t o IP connect t o hosts t hat are se rially attac h ed t o the c on sole server (Section 6. 1 0). 6 .1 Co nfig uring for SS H Tunnelin g to H osts To set up the c on sole server to SS H tunnel to access a network at tached ho st: Add the [...]
-
Page 42
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 42 O nc e the i nst a ll er c om pl et es yo u wi l l hav e a wor k in g SD T Co nne cto r c l ie nt i ns ta ll e d o n y our ma c hi ne a nd a n ic on on y ou r des k t op : Fi gu re 6 -3. S D T connector ic on. Cli c k th e SD T Co nn e c tor ico n on you r d es k to p to s[...]
-
Page 43
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 43 F i gur e 6- 5. N ew S DT Gat e way sc re e n. O r, e nte r a De sc r i pti ve Na me t o dis pl ay i nst ea d of t he I P o r DN S add re ss , a nd a ny Not es or a Des c ri pti on o f t his gat e way (s uc h as it s firmwa re versi on, site location, or[...]
-
Page 44
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 44 F i gur e 6- 7. Ho sts . NOTE: The Retrieve Hosts function will auto-confi gu re all us er class es (th at is, th ey can be members of user or admin or som e o th er group or no group. S D T Connect o r will not auto-confi gu re the r oo t (a nd we recommend t h at y ou on[...]
-
Page 45
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 45 F i gur e 6- 9. Ne w S DT Hos t sc ree n. E n t er t he IP or DNS Hos t Ad dre s s of the hos t (i f t his is a D NS a ddr es s , it mus t be a ble t o be re s ol ve d by t he gat e way ). Select which Services to use to access t h e n ew host. A range o[...]
-
Page 46
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 46 Select which Client a ppli cati on is associa ted wit h the n ew service. A range of c l ient a pp licati on options are p re-c on figured i n the d efau lt SDT Connector ( R D P client, VNC cl ient , HTTP browser, HTTPS browser, Telnet clie n t, etc.) . I f you w ant to a[...]
-
Page 47
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 47 Fi gu re 6-13. Edit port r edire ction. NOTES: SDT Connect o r ca n als o tunnel UDP services. SDT Connector tunnels t h e UDP traf fi c t h rough t h e T C P SSH re d irect ion, so i t is a “t u nnel with in a tu nn el .” Enter t h e UD P port wh er[...]
-
Page 48
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 48 Enter a Comm and Li n e ass ociated w i th la un chi ng the c lient a pplic ati on . S DT Connector ty p i cal ly la un ches a c li ent using com m and li n e ar gu ments t o point it at t h e l o cal e ndpo int o f the re direction. T h ere are three special key words for[...]
-
Page 49
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 49 6 . 3 SD T Conn ecto r t o Ma n a g e m e nt Con so l e You ca n also configure S D T Connect o r f o r b rowser acce ss t o the cons ol e serve r’s Management Con sole —and f o r Tel n et or SS H acces s to th e command l ine. F o r these connection[...]
-
Page 50
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 50 Fi gu re 6-18. Add po rt redirection. Assumi ng you have a lready se t up t h e tar g et c on sole se rver as a gateway i n your S D T Connector c lient (with u sername/pass wo rd et c) , select this gat eway a nd cl ick t h e H o st i co n to crea te a host. O r, se lec t[...]
-
Page 51
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 51 F i gur e 6- 19. Ou t- of - ba nd a c ce ss . To co n fi g ur e SD T Co n n ec to r for O o B a cc e s s: When a dd ing a n ew Gateway o r e d iti ng an existi ng Gateway se lect t h e Out O f Band ta b. Enter t he secondary , OoB IP address o f the g at[...]
-
Page 52
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 52 Fi gu re 6 -20. OoB connecti on using SDT c onnector. When y ou c onn ect t o a se rvice on a host be h ind the c onso le se rver, o r to t h e cons o le serve r itself , SDT Connect o r will initiate t h e OoB connection usi ng the p rovided Star t Comm and. T h e OoB c o[...]
-
Page 53
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 53 SDT Connector will now u se public key aut h enticati on wh en connecting through the SSH gateway (con sole serve r) . You m ay have to restar t SDT Connector t o shut dow n any exi sting tunnels that were esta b lished using password a uth enticat ion. [...]
-
Page 54
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 54 Fi gu re 6-23. Remote D eskt op Us ers dial og bo x. To set the user(s) who can remotely access t he system with RDP, click A dd on the R emote Desktop Users di al og bo x. NOTE: If you need to set up n ew users for Remote Desktop access, o pen User Accounts in the Control[...]
-
Page 55
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 55 In Co m pu t e r , en t er t h e ap p rop r i at e I P A d d r es s and Po rt N u m b er : Where there is a direct l o cal o r e n terprise V PN connect ion, enter the IP Address of t h e cons o le server, and t h e Port Numb er of the SDT Sec ure Tunnel[...]
-
Page 56
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 56 You ca n use GUI front end tools l ike the GNOME Ter m inal Services Cl i ent t sclient t o c on figure and launc h the r d eskt op clie n t. (U sin g t s cl ien t al so ena bles you to store multiple configurati ons o f rdesktop for connecti on to m any servers. ) F i gur[...]
-
Page 57
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 57 RealVNC ht tp:/ /www .realvnc.c om is fully cr o ss-platf o rm, so a desktop running on a Linux mac h ine may b e displayed on a Windows PC, on a Solar is machine, or on any numb er of other a rchitectu res. There is a Windows ser ver, all owing y ou to [...]
-
Page 58
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 58 • E d i t / home/username/.v n c/xsta rtup if y ou want a mo re a d vanced se ssion than j u st t wm and a n xterm. F or M aci nt os h s erv er s (a nd cl ie nts ): OSX vn c h ttp : / /w w w . r ed s ton e so ftw ar e .co m/ vn c .ht m l i s a ro bu st , fu l l-f e atu r[...]
-
Page 59
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 59 F i gur e 6- 29. IP a ddr es s of co nso le s er ve r uni t. To establish t h e V NC connecti on , s i mply acti vate t h e VNC Viewer software on the Vie w er PC a nd enter the pass word. Fi gu re 6-30. V NC authenticati on . NOTE: F o r ge n eral backg[...]
-
Page 60
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 60 6.10. 1 Es tab l is h a PPP Conn ect ion b e t w e e n t h e Hos t C OM P o r t a nd Con so l e S e r v e r (T his ste p is on ly n ece ssary f or seria lly c onnecte d co mputers. ) Firs t, physical ly connect the CO M port on th e ho st computer you w ant to access to th[...]
-
Page 61
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 61 Fi gu re 6-32. User permi ssi on s. Specify which Users will be al lowed to u se t h is connecti on. This s ho uld b e t h e same Users who w ere give n Remote Deskt op access p riv il eg es in th e ea rlier ste p . Click Next. On the Network Conn ecti o[...]
-
Page 62
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 62 NOTES (continued): T h e c onsole server default Username is port XX where X X is t h e se rial po rt numb er o n the c on sole server . Th e d e f au l t Pa s swo rd i s p o r t XX To use the d efa u lts for a RDP connection to the serial port 2 on the console server, you[...]
-
Page 63
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 63 F igure 6 -35. S D T sett ings scree n. N OT E: Wh en y ou e na ble S DT, i t wi l l ov er r i de al l ot he r C onf ig ura t i on p rot oc ol s o n t hat por t. NOTE: If you leave the Username and U ser Passwor d fiel d s blank, they default t o po rt X[...]
-
Page 64
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 64 Fi gu re 6-36. PuTTY Con figuration screen. In th e S e s sio n men u , en ter th e I P ad d res s of th e co n s ol e se r v er in t h e Ho s t N am e or IP ad d res s fi eld . For dial-in connect ions, t h is I P address will b e t h e L o cal Add ress t h at y ou assi g[...]
-
Page 65
Chap te r 6: Se c u re SS H Tun nel ing and SD T Con nec to r 724-746-5 5 00 | blackbox.co m 65 F i gur e 6- 37. Se t de st i nat io n. If y our destinati on computer is serially c onnected to t h e c on sole se rver, set the Desti n ati on as <port la bel>:3389. F o r example , if the Labe l you specif ied on th e serial port on the console [...]
-
Page 66
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 66 NOTE: How secure is VNC? VNC access general ly allows access to your whole com pu ter, s o securi ty is very import ant. VNC uses a ra ndo m challe ng e-res ponse system to provide t h e basic authentica tion that a llows y ou to c onn ect t o a VNC server . This is reason[...]
-
Page 67
Chap ter 7: A le r t s a nd Loggi ng 724-746-5 5 00 | blackbox.co m 67 7 . Alerts and L og gin g This c h apter describes t h e alert g enerat ion and loggi ng feat u res of t h e con sol e se r v er . Th e Al ert fa ci li t y m o ni to rs th e se ri al po rts , all lo g ins , an d th e power status, and sends e m ails, SMS, Nagi o s, o r SNMP al e[...]
-
Page 68
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 68 You may als o e n ter a Use rname an d Pa ssword if the SMTP ser ver re quires aut h enticat ion. You ca n spec ify t he s pecif ic Subject L ine tha t w ill b e sen t wi th th e em ai l. Click Apply to a c ti v a te SM T P . 7.1. 2 S MS A l er ts Th e co ns ol e s e rve r[...]
-
Page 69
Chap ter 7: A le r t s a nd Loggi ng 724-746-5 5 00 | blackbox.co m 69 To con fi g ur e fo r SN M P v3 , yo u wil l ne ed to en t er an ID and au th en ti c a tio n p as sw o rd an d co n t ac t in fo r m at io n for th e lo c al Admin istrator (in th e Securit y Name ). Click Apply to a c ti v a te SN M P. F igure 7-3. S N MP ale rts. NOTE: All co[...]
-
Page 70
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 70 Select Aler ts & Logging: A lerts, which will display all the alerts c u rre n tly confi gured. C lick Add Aler t. 7.2. 1 A d d a Ne w Al er t Th e f ir s t s t ep is to sp e ci f y th e al er t se r vi c e th a t th is e v en t wil l us e fo r s end in g n o tifi ca t[...]
-
Page 71
Chap ter 7: A le r t s a nd Loggi ng 724-746-5 5 00 | blackbox.co m 71 F igure 7-6. Gen eral a lert ty pes. Seri a l Port Signal A lert —This ale rt will b e tr iggered when t h e s p ecifie d si gn al c h anges state a nd applies to serial port s only. You must s p ecify t h e partic ul ar S ignal Type (D SR, DCD o r CTS) trigger cond ition and [...]
-
Page 72
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 72 F i gur e 7- 8. Se ri al port pat te r n mat ch a ler t . UPS Power S tat u s A lert — T his al er t wi ll be tr ig ger e d w he n t he UP S p owe r s ta tus c ha nge s be t wee n o n l ine , o n ba t te ry , a nd l ow ba tt er y. T his stat u s will only b e monitore d [...]
-
Page 73
Chap ter 7: A le r t s a nd Loggi ng 724-746-5 5 00 | blackbox.co m 73 7 .3 Re mote Log S torage Bef ore acti vating Serial or Network Port Logging on any port or U PS logging, you must specify where those l og s are to b e saved: Select the A lerts & Loggin g : Port Log me nu option and s p ecify the Server Type to u s e , an d th e d e t ai l[...]
-
Page 74
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 74 Level 2 L og s al l da ta tra n sferre d t o and f rom the port. Click Add th en c li c k App ly.[...]
-
Page 75
Chap te r 8 : Powe r Manage men t 724-746-5 5 00 | blackbox.co m 75 8 . Power Ma nage m ent Black Box co n sol e se r v er s ma na ge em be dde d s of twa re t hat y ou c an u se to ma na ge c onne ct e d P owe r Di str i but io n Sy s te ms (P DU s), IP MI de vic e s, a nd Uninterrupti ble Power S upp lies ( U PSs) s uppl ied b y a nu mber of ve n[...]
-
Page 76
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 76 Click Add RPC . Connected Via pre se nts a l i st o f se ria l p or ts a nd ne tw or k H ost c onn ec ti ons t ha t y ou h av e se t u p wi t h de vi ce t y pe RP C ( but have y et t o c on nec t to a s p ec ific RP C device ): When you select Connect Via f o r a N etwork [...]
-
Page 77
Chap te r 8 : Powe r Manage men t 724-746-5 5 00 | blackbox.co m 77 F i gur e 8- 3. RP C des c ri pti ons . En te r th e User na me and Pa ssword u s ed to log in i nto th e R PC (N o t e th at th es e log in c r ed en t i al s ar e no t r el a t ed to th e Users a nd a c ce s s pr iv ile ges y ou co nf i gur e d i n Serial & N etworks: Users &[...]
-
Page 78
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 78 The ou tl et s tatus is displayed a nd you can init iat e t h e Ac ti on y ou want t o take by selec ting the appr op riate ic on: Turn ON Turn OFF Cycle Status You will only be pr esente d with ic on s for tho se operati on s that are supporte d by the Target y ou hav e s[...]
-
Page 79
Chap te r 8 : Powe r Manage men t 724-746-5 5 00 | blackbox.co m 79 Fi gu re 8 -5. Connecti ng to re mo te UPS. 8 .2 .1 Ma n aged U PS Co nnec tions A Managed UPS is a UP S th at is di r e ct ly co nn e ct ed as a M an ag ed De vi c e to th e con so l e s e r v er . You can connect i t via serial or USB cabl e o r by th e ne tw o rk. Th e co n sol [...]
-
Page 80
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 80 Seria l and net wo rk c onn ected UPSes must firs t be c onn ecte d to, a n d c onf igure d t o communicat e with the console se rver: Fo r seria l U PSes attac h the U PS to the selec ted serial port on the console s erv er . Fr om the Serial and Ne twork: Serial Po rt me[...]
-
Page 81
Chap te r 8 : Powe r Manage men t 724-746-5 5 00 | blackbox.co m 81 F i gur e 8- 8. A dd ma na ge d UPS sc ree n. Select if the UPS w ill be Connected Via USB, over a pre-c on figured ser ial po rt, or via SNMP/HTTP/HTTPS over the preconfi gured n etwork Host connecti on. When y ou sele ct a netw o rk UPS connecti on, then the c o rres ponding Host[...]
-
Page 82
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 82 Click New Op tion s in Dr i ver Op ti ons if yo u ne e d t o s et dr ive r -s pec if ic op ti ons f or yo ur s e le cte d N UT dr ive r a nd ha r dwa re c om bi na tio n (mo re detai ls at h tt p ://www.networkupstools .org/do c ). Fi gu re 8-9. New op tion scree n . Check[...]
-
Page 83
Chap te r 8 : Powe r Manage men t 724-746-5 5 00 | blackbox.co m 83 En te r th e I P Add re ss or DNS name of t he re m ot e console serv er * th at i s ma na gi ng t he re mot e UP S . ( *T his ma y be a not her Bla ck Box co n sol e s e r v er or i t may be a g eneric Li nu x server r unning Network U PS Tools. ) NOTE: An exam ple where ce n tral[...]
-
Page 84
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 84 Fi gu re 8-11. UPS g raph. Cl i c k o n an y p ar t i cu l a r All Data for any U PS Sys tem in t h e ta ble for more stat us a nd confi gu rati on informati on about t h e sele cted UPS Syste m. Select UPS Logs a nd y ou wi l l be pr es e nt e d wi th t he l og ta ble of [...]
-
Page 85
Chap te r 8 : Powe r Manage men t 724-746-5 5 00 | blackbox.co m 85 Fi gu re 8-13 . NU T. N UT is b ui l t o n a ne tw ork e d m ode l w it h a l ay ere d sc he me o f dr ive rs , se rve r a nd c li e nts : Th e dr iver p ro g ram s t al k d i r e ct l y to th e U PS eq u ipm en t an d run o n th e sa m e ho st a s th e N U T n et wo r k s e r ver [...]
-
Page 86
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 86 C e ntr al ma na ge me nt of mu lt ipl e NUT se rv er s : A c e ntra l NUT c l ie nt c a n m on it or m ult i ple NU T s e rv er s t ha t may be di str i bute d t hr ou gho ut the d a ta center, across a campus, or around t h e w o rld. NUT supports the more c omp lex pow [...]
-
Page 87
Chap te r 9 : Au then t ic a ti on 724-746-5 5 00 | blackbox.co m 87 9 . Aut henticati on Th e co ns ol e s e rve r is a dedica ted Linux computer with a myria d of popular a nd proven Li nux software modules for net wor king, secure acces s (OpenSSH), and communicati on s ( Op enSSL), and s ophisticated u ser aut h enticati on (P A M , RAD IUS, T [...]
-
Page 88
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 88 F i gur e 9- 2. T ACA CS sc re e n. En te r th e Se rver Addre ss (IP or ho st nam e) of the remote Auth enticat ion /Authorizati on server. M ultip le rem o te serve rs may be specif ie d in a c om ma-se parate d l ist. Ea ch server is t ried in s u cces sion. In a dditio[...]
-
Page 89
Chap te r 9 : Au then t ic a ti on 724-746-5 5 00 | blackbox.co m 89 RADIUS: T h e Rem o te Au thenticati on Di al-I n User Service (RADIUS) prot o col was developed by L ivingston En te rprise s as a n access s erver authenti cation and acc oun ti ng protocol. T h e RA DIUS server ca n support a variety o f methods t o authenticate a user. W h en [...]
-
Page 90
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 90 Example 2: Use r Be n is onl y def i ne d on t he T AC ACS s er ve r, w hic h sa ys he has ac ce ss to p or ts 5 a nd 6 . Wh en he a tte m pts t o l og i n, a ne w us e r will be cr ea te d f or h im , a nd h e wi ll be a bl e t o acc e ss po rt s 5 a nd 6. If th e T AC AC[...]
-
Page 91
Chap te r 9 : Au then t ic a ti on 724-746-5 5 00 | blackbox.co m 91 9 .3 SSL Certifi cat e Th e co ns ol e s e rve r u ses t h e Sec ur e S o cket Laye r (SSL) protocol f o r enc rypted n etwork tra ffic betwee n itself a nd a connecte d user. When esta bli shi ng the c onn ecti on , the c onsole server has t o ex po se its iden tity to the use r?[...]
-
Page 92
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 92 Select System: SS L Certific ate and fi ll o u t th e f i eld s a s exp l ain ed b elo w: Common name T his is the netwo rk n ame of the co n sol e s e r v er o n ce it is in s t al l ed in th e n et w or k (u su a ll y th e fu ll y q u al if i ed d o m ain n am e). I t i [...]
-
Page 93
Chap te r 9 : Au then t ic a ti on 724-746-5 5 00 | blackbox.co m 93 F i gur e 9- 6. Up l oa d bu tt on. Aft e r co m pl e tin g th es e st ep s , th e console se rver h as i ts o w n c er ti f ic a te th at i s u s ed fo r id en ti f yin g th e console s erver t o its users. NOTE: You can find inf o rmati o n on issuing certif icates and co n figu[...]
-
Page 94
1101 a n d 11 02 Secur e Devi ce Ser ve rs 94 1 0 . N agios Integra tio n Nagios is a pow erful, hi gh ly exte n sible open source t o ol for monitori ng n etwork hosts and servic es. The core N agi o s soft w are packag e w ill typically be insta ll ed on a server or virtual serve r, th e central Nagios server. Console se rver s operate in conjunc[...]
-
Page 95
C h a pt er 1 0 : N a g i os I nt e gr at i o n 724-746-5 5 00 | blackbox.co m 95 1 0 .2 Centra l Mana ge ment and S etting Up S D T for Na gios T he Bla ck Box Na gi os s olu ti on ha s th re e pa rts : t he Ce nt ra l Na gi os ser ve r, Dis tr i but e d Bla ck Box cons o le ser ver s, and th e SD T fo r N ag io s so f tw a re . F i gur e 10 - 2. [...]
-
Page 96
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 96 2. Run the SDT for N agi o s Configuration Wizard on the centra l N agios server (Section 10.2. 1 — Set up SDT N agios on central N agi o s server) an d pe rf or m a ny a ddi ti ona l c on fi gu rat i on ta sk s. 3. Install SDT Connector on eac h client. . 1 0 .2 .1 Se t[...]
-
Page 97
C h a pt er 1 0 : N a g i os I nt e gr at i o n 724-746-5 5 00 | blackbox.co m 97 Click Apply. Next, y ou must c on figure the attached Wi ndo w n etwork host a nd specify t h e ser vic es y ou will b e c h ecking w ith Na gi os (HTTP a nd H TTPS): Select N etwork Hosts f rom the Seria l & N etwork menu and click Add Ho st. Enter t he I P Addr [...]
-
Page 98
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 98 F i nal ly, y ou ne e d t o a dd a User for t h e clie n t r unn ing S D T Connector: Select Us ers & Gr ou ps from th e Se r i al & N e two r k me nu. Click Add U s er. In U sername , ente r: sd tn ag io su s er , then enter and confirm a Password. In A c c ess ib[...]
-
Page 99
C h a pt er 1 0 : N a g i os I nt e gr at i o n 724-746-5 5 00 | blackbox.co m 99 10.3. 2 En ab le N R PE M o ni to r in g Figu r e 1 0 -5 . N R PE m on i to ri ng s tru c tu re. Enabli ng NR PE a llows y ou to exec ute pl ug -ins (s u ch as c h eck_tc p and c h eck_ping ) on the remote C o n so l e s e r v er to mo n i to r s er i al o r n e tw o [...]
-
Page 100
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 100 Re f er t o t he sa m ple Na gi os c onf ig ura ti on s ec t i on be low fo r s ome ex a mpl e s of c onf ig ur i ng s pec if ic NS CA che cks . 1 0 .3 . 4 Co nfig ure S elected Ser ia l Ports for Nagios Mo nito ring Th e i nd i v i du al S er i al Po r t s co n n ec ted [...]
-
Page 101
C h a pt er 1 0 : N a g i os I nt e gr at i o n 724-746-5 5 00 | blackbox.co m 101 ho st_ n ame Bla ck Box a lias C onsole server address 192. 168 .254.147 } ; Ma nag ed Host defi n e host{ use g eneric -host ho st_ n ame se rver a lias se rver address 192. 168 .254.227 } ; NRPE d aemon on g ateway de fi ne c omma nd { c om ma nd _ name c hec k_ nr[...]
-
Page 102
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 102 check_c omm and check_ po rt_l og } de fin e s e r vic e { se rv i ce_ des c ri pti on p or t- l og- se rve r hos t_name server use generic -service check_c omm and check_ po rt_l og active_ checks_enable d 0 passive_ checks_enable d 1 } de fin e s e r vi c ed ep en d en [...]
-
Page 103
C h a pt er 1 0 : N a g i os I nt e gr at i o n 724-746-5 5 00 | blackbox.co m 103 use generic -service check_c o mmand check_c onn _via_ B lack Box !t cp !2 2 active_ checks_enable d 0 passive_ checks_enable d 1 } de fin e s e r vi c ed ep en d en cy{ n a m e Black Box _n rp e_d a emo n _d ep host_ n am e Black Box depe nd ent_ ho st_name se rver [...]
-
Page 104
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 104 1 0 .4 . 4 Distrib uted Mo nito ring U sage Scenarios Bel o w ar e a number of distribute d mon itoring Nagios scenarios: Lo ca l o f fi ce In th i s scen ario , th e c ons ole se rv er is set up t o m on itor ea ch managed devic e’s c on sole. Configure it t o make a n[...]
-
Page 105
C h a pt er 1 0 : N a g i os I nt e gr at i o n 724-746-5 5 00 | blackbox.co m 105 Remote sit e with restric tive f irewa ll In th i s s cen a rio , th e ro l e o f th e co nsol e se r ver will va r y. On e aspect may b e t o upload c h eck resu l ts t h rough NSCA. Another m ay be t o provi d e a n SSH tunnel to allow the N agios server t o run NR[...]
-
Page 106
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 106 1 1 . Syste m Manage m ent Thi s ch ap t e r d e s cr ib e s h o w th e Administrat or can p erform a ra ng e of g eneral c onsol e ser ver sy s t em ad mi n i str at ion an d con fig u r at io n t a s ks su ch a s: • Applying So ft an d Ha r d R ese t s to th e g at e [...]
-
Page 107
Chap te r 1 1: S y s te m M anage men t 724-746-5 5 00 | blackbox.co m 107 Th e har d e rase wil l clear al l c u stom sett ings and re turn t h e unit back to factory de fault sett ings ( i. e. the IP a ddress wil l be re set to 1 9 2 .1 6 8 .0 .1 ). You wil l be pr o mpted to log i n and must e n ter the d efault ad m inistrat ion username a nd a[...]
-
Page 108
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 108 Cli ck A p p l y an d th e console server applia n ce w ill perf o rm a soft re b oot a nd star t upgradi ng t h e fir mw are. T his process will take severa l mi n utes. Af ter the firmware upgrade complete s, click here to ret u rn to th e Mana g ement Cons ole. Your co[...]
-
Page 109
Chap te r 1 1: S y s te m M anage men t 724-746-5 5 00 | blackbox.co m 109 Fi gu re 11-6. Conf igurat ion b ackup screen. With a ll cons o le server s , you ca n save the backup f i le re mo tely on your P C and y ou can res tore confi gu rati on s from re mote locations: C li ck Sa ve Ba ck up i n t he Re mot e C onf i gur a ti on Bac k up m e nu.[...]
-
Page 110
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 110 1 2 . St atus Reports Thi s ch ap t e r de s cr i b e s th e da sh b o ard f e atu r e an d th e s t atu s rep o r ts th at ar e a v a il ab le : • P o rt Access and Active U sers • Statist ics • Support Reports • Sysl o g • Dashboard Ot h er s tatus re po rts t[...]
-
Page 111
Chap te r 1 2: S ta tu s R e po rt s 724-746-5 5 00 | blackbox.co m 111 Figu r e 1 2-2 . S t ati st i cs st a tu s. You ca n find detai led statist i cs re po rts by selec ting t he various s ub menus. 1 2 . 3 Suppo r t R e po r t s The S uppo r t R eport p rovi d es u seful stat u s inf o rmati on that w ill ass ist the B lack Bo x Tec hnical Supp[...]
-
Page 112
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 112 12.4 S ys l o g The Li nu x Sys tem Logger i n the c ons ole se rv er m ain t ain s a r eco rd o f a ll sy s t em me ss ag es an d e rro r s: Select St at us : Sys l og You c an re direct the sysl og recor d to a remote Sysl og Serve r: En te r th e re m o te Sy slog Serv[...]
-
Page 113
Chap te r 1 2: S ta tu s R e po rt s 724-746-5 5 00 | blackbox.co m 113 1 2 . 5 . 1 Con f i gu r ing th e D a s hbo a rd O nly use rs wh o a re mem be rs of t he ad m in g roup (and the root us er ) ca n c onf i gure a nd a c ce ss t he da s hb oar d. T o c onf i gu re a cus t om d as hb oa r d: Select System: Con figure Da shboard a nd select t h [...]
-
Page 114
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 114 To configure what is to be displaye d b y each widget: Go to the Conf igure widgets pa ne l a nd c onf ig ure ea c h s el ec te d wi dge t ( for e xa mp le , spe c if y wh ic h UP S s ta t us is t o be di s pla ye d o n t he up s widget or t he max i mum num be r of Ma na[...]
-
Page 115
Chap te r 1 3: Man agemen t 724-746-5 5 00 | blackbox.co m 115 1 3 . Manage ment Th e co ns ol e s e rve r ha s a s mal l n um ber of Manage r e por ts a nd t ool s t hat a re a va il a ble to bot h Administrat o r s a nd Users : • Access and contr ol authorized devices. • V ie w se ri a l po rt l ogs a nd h os t lo gs f or t hose dev ic e s. ?[...]
-
Page 116
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 116 Fi gu re 1 3-3. P o rt logs. To d i sp l a y Ho st log s , sel e c t Manage : Host L og s a nd t he H ost to be d is pl aye d. 1 3 . 3 Se r i a l P o r t T e rm in a l Conn ect i on Adm inistra tor and Use rs can communicate direct ly with the cons o le server c om ma nd [...]
-
Page 117
Chap te r 1 3: Man agemen t 724-746-5 5 00 | blackbox.co m 117 NOTE: You must insta ll SDT Conn ector on t h e com pu ter you are browsing fr om and a dd and t h e c ons ole ser ve r as a gateway as d etai led in Cha pter 6. The al ternate to u s ing S D T Connect o r and y ou r l o cal t elnet c li ent is to run t h e open s ource jcter m java te [...]
-
Page 118
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 118 1 4 . Co nfiguration fr om the Comma nd Line Fo r those who p refer to configure t h eir co n so l e s e r v er at t he Li nu x c omm a nd l ine l ev e l (ra t he r th a n us e a br ows er a nd t he Ma nage me nt C ons ole ), t hi s c ha pte r de sc ri bes h ow t o us e c[...]
-
Page 119
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 119 The config to ol Syntax c onfig [ -ahv ] [ -d id ] [ - g id ] [ -p pa th ] [ -r c onfi gurat o r ] [ -s i d=va lue ] [ -P i d ] De s crip tio n Th e co n fig tool is designed to p erf orm multiple acti on s from on e command if needed, so options can be cha[...]
-
Page 120
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 120 Th e r eg is t er ed co n f ig u rato r s a r e: al e r ts auth c as cad e c ons ole dhcp dialin even tlo g hosts ipaccess ipco n fig na gi os power serialc onfig services slave systemse tti ng s time ups users T h ere ar e three w ays t o delete a confi g eleme nt val u [...]
-
Page 121
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 121 NOTE: Supporte d serial port baud-rates are ‘50’, ‘75’, ‘ 110 ’, ‘134 ’, ‘ 150’ , ‘200’ , ‘ 300 ’, ‘600’, ‘1200’, ‘1800’, ‘ 2400 ’, ‘4800 ’ , ‘ 9600 ’, ' 19200 ', '38400', '57600 &[...]
-
Page 122
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 122 # co nfi g - s c onf i g. po rt s. por t 5. s dt. ss h= on T o c onf ig ur e a use r na me a nd pas sw or d w h e n ac ce ss in g th is p ort wi t h Us e r nam e = us er 1 a nd P a ss wor d = se cre t : # co nfi g - s c onf i g. po rt s. por t #. s dt. use r na me= us er [...]
-
Page 123
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 123 Yo ur new User wi l l be t he ex i st ing t ot al plus 1. If t he pre v i ous c omm a nd ga ve y ou 0 , t he n y ou sta rt w it h us er nu mbe r 1. If y ou a lr e a dy hav e 1 user y ou r ne w use r wi ll be n um ber 2, e tc . To add a user (wi th Us ername[...]
-
Page 124
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 124 1 4 . 4 Add i ng a nd R e m ov i ng U s e r G rou ps Th e co ns ol e s e rve r is configured with a few default user groups (even though onl y two of these groups are visible in th e Management Con sole GUI). T o find out ho w ma n y groups are a lready present: # c onf i[...]
-
Page 125
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 125 To con fi g ur e TA C AC S au th en ti c a tio n : # config -s co n fi g .aut h.tacacs .auth_se rver='c omma separate d list' (li st of remote a uthe n ticti on an d aut horizat ion server s.) # config -s config.aut h .tacacs .acct _serve r='[...]
-
Page 126
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 126 Add othe r network ho st T o ad d any ot her ty pe of net wor k h os t w it h the f ol low in g de tai ls: IP address/ D NS n ame 192.168.3.10 Host name OfficePC Descripti on MyPC All o wed sevice s ssh port 22,https port 443 log l ev el fo r s e rvi c es 1 Iss u e the co[...]
-
Page 127
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 127 Th e fo llo w in g co mm an d w ill s ynch ron ize th e li v e s yst e m wi th th e n ew con f ig u ra t ion : # con f ig -r s er i al co n fig 1 4 .8 Casc aded Ports To ad d a n e w s l av e d e vi c e wi th th e fo llo win g se t tin g s : IP a dd ress/ D[...]
-
Page 128
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 128 # c onf ig -s c onfig.ups.monitors.monit o r1.options. op tion1.opt=option # c onf ig -s c onfig.ups.monitors.monit o r1.options. op tion1.ar g = argument # c onf ig -s config.ups.monitors.m on itor1.options.t otal=1 # co nfi g - s c onf i g. ups .m on it ors . mo ni t or[...]
-
Page 129
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 129 # c onf ig -s config.ports. po rt2.power.ty p e=A PC 7900 # co nfi g - s c onf i g. po rt s. por t 2. powe r. na me= My RPC # c onf ig -s "config.ports. po rt2. po wer.descri p tion=RPC in room 5" # co nfi g - s c onf i g. po rt s. por t 2. powe r[...]
-
Page 130
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 130 N o t i c e Warning A ss um e t he re mo te l og se rve r nee ds a us e r name ' na me 1' a nd pa ssw or d 'se c re t ': # co nfi g - s c onf i g.e ve ntl og .s er ver . use r na me= nam e 1 # co nfi g - s c onf i g.e ve ntl og .s er ver . pas s wor d=[...]
-
Page 131
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 131 # c on f ig -s "config.aler ts.alert 2 .pattern=. *0.0% i d " # con fig - s co n fig . al e rt s. al e rt2 .po rt1 0 =o n # config -s c onfi g .aler ts.a lert 2 .sen sor=tem p # con f ig - s con fig . al ert s . al ert2 . sign al=D SR # con fig - [...]
-
Page 132
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 132 # c on fig -s config.syste m .smt p .subject =SM TP ale rts T o set -up an SMTP SMS server with t h e same details as above: # config -s confi g .syste m .sm tp.server 2=mail . Black Box .c o m # co nfi g - s c onf i g.s yst e m. sm tp. e nc ry pti on 2=S SL (c a n a ls o[...]
-
Page 133
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 133 # co nfi g - s c onf i g. i nte rfa ce s .w a n.m ode =s ta t ic # config -s config.i n terfaces. w an.media=[ Auto | 100b aseTx-F D | 1 00baseTx-HD | 10b aseT- H D ] 10baseT-FD To en ab l e b ri d gi n g b et w e en al l in t er f a c es : # co nfi g - s c[...]
-
Page 134
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 134 Th e fo llo w in g co mm an d w ill s ynch ron ize th e li v e s yst e m wi th th e n ew con f ig u ra t ion : # con fig -r ti m e 14.19 DHCP Server To en ab l e th e DH C P se r v er on th e con so le m an ag e m ent LA N , wi th s et tin g s : Default l ease t ime 20000[...]
-
Page 135
Chap ter 14: Con figu ra tion f ro m th e Co mm and L ine 724-746-5 5 00 | blackbox.co m 135 Th e fo llo w in g co mm an d w ill s ynch ron ize th e li v e s yst e m wi th th e n ew con f ig u ra t ion : # config –a 14.21 NAGIOS To con fi gu r e NA G IO S w i th th e fo llo w in g s et ting s: NAGIOS ho st name console at R3 (Name o f this system[...]
-
Page 136
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 136 Black Box co n sol e se r v er s r un the embe d de d Linux ope rating system . So A d mini strat o r cl as s use rs ca n c on fi gur e t he console server an d mo n i to r an d ma [...]
-
Page 137
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 137 Fo r power and al arm sensor a lerts (pow er load, a nd battery c harge a l erts): /etc/ scri p ts/e n vir on mental -alert F or an i n te rface fa ilover a lert: /etc/scri pts/i nterface -failove r-alert All of these s cripts do a c h eck t o see w hether y ou have c r[...]
-
Page 138
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 138 e m ail to m o re t h an on e ema il a dd ress, fi nd the l ines in the scr ipt res ponsible f or inv o king t he ale rt-email script, t hen a dd th e foll owi ng lines be low th e e xi s tin g li n e s: exp o r t TO A D DR = " em ail add r es s@ do m ain .co m "[...]
-
Page 139
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 139 NE WT OT AL = $[ $ TOT AL -1 ] # Make backup copy of config file cp /et c/ confi g /config.xml /et c/ confi g /config.bak echo "backup of /etc/confi g /config.xml save d in / etc/c on fig/config.bak" if [ -z $NUMB ER ] # test whether a singular node is b ei ng[...]
-
Page 140
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 140 echo Done exit 0 el s e echo "er ror: i tem being d eleted has a n index g r eater than total items. I n crease the t o tal count va riable." exit 0 fi ?[...]
-
Page 141
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 141 slee p 30s fi if [ " $C OU NTE R" - e q 5 ] th en COUNTER=0 " $ @ " s l e e p 2 s fi done ! ?[...]
-
Page 142
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 142 To save the configurati on : # / et c /s cr i pt s/ back up - us b sa ve c onfi g- 20Ma y To c h eck if the backup was saved correctly: # /etc/sc rip ts/ b ackup- u sb list If t h is command does not disp lay "* co n fi g -2 0 M ay " th en the r e wa s an erro r[...]
-
Page 143
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 143 Black Box’s portma ng er pr ogr a m ma na ges the console se rver serial ports . It routes networ k connecti on to serial ports, checks permiss ions, and monitors and logs a l l t [...]
-
Page 144
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 144 portm anage r daemon Th er e i s n o rm al l y n o n e ed to s top an d r es t a rt th e d aem o n . To r es t a rt th e d a em o n n o rm al l y, ju s t ru n th e co m m an d : # portmanager Supporte d comma nd lin e options are: Force portma n ager to run in the foregro[...]
-
Page 145
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 145 fi </ e t c/ con fig /pm sh el l -s t a rt .s h > ?[...]
-
Page 146
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 146 If the sta nd ard system firewall confi guration is no t a d equate f o r your n eeds y ou can b ypass it s afe ly b y crea ting a fil e at /etc /config /filt e r-cust om contai ning comm ands t o build a s p ecial i zed fi rewall. This fi rewall scr ipt will run whenever[...]
-
Page 147
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 147 T o s et t he Us er na me fi e l d (S N MP v ers i on 3 o nl y) : co n f ig - -s e t con fi g. sys t em . snm p .u se rn am e2 = yo u ru s e rn am e . . r e plac i ng your u sername wi th th e use rn am e conf ig . sy st e m. sn mp .u sern am e2 (3 on l y) To set the En[...]
-
Page 148
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 148 Th e k e y f in g erp ri n t i s : 28:aa: 29 :38:ba:40:f 4 :11:5e:3f:d4:fa:e 5:36:14:d6 u ser@serve r $ C rea te a new di re ct ory t o s t ore yo ur ge ne ra te d ke ys . Yo u ca n a ls o na me t he fi le s a fte r t he dev ic e t he y wi ll be us e d f or . For e xa mpl[...]
-
Page 149
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 149 Figu r e 1 5 -1 . If th e Bl a c k B ox d evi c e s e l ect ed to b e th e s er v er w il l on ly h a ve o n e c li en t d e vi c e, th en th e aut ho rized_keys f ile is s imply a c op y of t he publ ic key f o r t ha t de v ic e . If one or mor e de v ice s wi l l be [...]
-
Page 150
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 150 htt p ://www.openbs d .org/cgi-bin/man.cgi?query=ss h& sektion=1 htt p ://www op enbs d .org/cgi-bin/man.cgi?query=ss hd . ! [...]
-
Page 151
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 151 U se Wi nSC P to co py t hi s "a uth or iz e d_ ke ys " fi le int o t he u se rs home dir e ct ory : e . g. /etc/confi g /users /test u ser/. ssh/authorize d_keys of the Black Box ga te w a y wh i ch w i ll be th e S SH s er v er. Yo u w i ll n eed to ma k e s[...]
-
Page 152
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 152 I f t he h os t key has bee n le git i mat e ly c ha nge d, i t ca n be re mov e d fr om t he ~/.ss h/k nown_hosts f ile a nd t he ne w fi nge r pr i nt a dde d. I f it ha s n ot chan g ed, this indicates a seri ou s problem that should be investi g ated imm ediately. [...]
-
Page 153
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 153 Figu r e 1 6 -6 . K ey s . To ge n erate the keys using OpenBSD's OpenSSH suite, we us e the ssh-key gen pr ogra m: $ ssh-ke ygen -t [rsa |dsa] Generati ng pub lic/private [rsa |dsa] key pair. En te r fil e in wh i ch to sa v e th e ke y ( / ho me/ use r/ .s s h/i [...]
-
Page 154
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 154 Each clie n t will then n eed its own set of keys upl o aded through the sam e page. Take care to ensure that the correct type of key s (DSA or R SA) go in th e co rr e ct sp o ts , and th at th e pu b li c an d p ri v a t e ke y s a r e in th e co rr e c t spo t. (* &quo[...]
-
Page 155
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 155 To crea te a 10 24 bit R SA key a nd a self - signe d certific ate, iss u e t h e followi n g openssl c omm a nd fr om t he hos t y ou ha ve op enssl installe d on: openssl re q -x509 -nodes -d ays 1000 -newkey rsa:1024 -key ou t ss l_key.pem - ou t ss l_cert.pem You [...]
-
Page 156
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 156 Opti on s -1, - -o n Pow er O N t a rg et s . -0, - -o ff Pow e r OF F ta rg ets . -c , --cycle Pow e r c y cl e ta rg e ts . -r, --reset Asse rt ha rdware rese t for t argets ( if i mplemente d by RP C). -f, --flas h Tu rn b ea co n ON fo r t a rg et s ( if i mp l e m en[...]
-
Page 157
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 157 status Th i s acti on re t rie ve s t he cu rr e nt st at us of t he de v ice or ou t let Exa mp les: To turn outlet 4 of the pow er device connecte d to serial port 2 on : # pmpower -l port02 -o 4 on To turn an IPM I device off loca ted at IP a dd ress 192.168.1. 100 ([...]
-
Page 158
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 158 Th e co ns ol e s e rve r i n cl ud es t h e ipmitool uti li ty f or managing a nd configuri ng devices that support the Inte llig en t Pl a tfo rm Man ag em en t Int e r f ace (IP M I) ver sion 1.5 and ver sion[...]
-
Page 159
Chap te r 1 5: A dv anced Co n figu ra ti on 724-746-5 5 00 | blackbox.co m 159 -p < port > Rem o te ser ver UDP port to connect t o . D efault is 623. -P < pa ss w or d > Rem o te server p assw ord i s specified on the command line. If supported, it will be ob scure d in the process list. Note! S p ecifying t h e p assword as a command[...]
-
Page 160
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 160 exec Run lis t of co m m and s fro m file set Set runti m e va r i ab l e fo r sh e ll and exec ipm i too l ch a ss i s h el p Chassis Commands: stat u s, power, id entif y, pol icy, restart_ca u se, poh, bootd ev ipm i too l ch a ss i s p o w er h elp chassi s power Com [...]
-
Page 161
Appendi x A : Linu x Com ma nd s and Sou rc e Code 724-746-5 5 00 | blackbox.co m 161 App end i x A . L inux Com m a n d s a nd S ou rc e Cod e Th e co ns ol e s e rve r platf o rm is a dedicated Linux computer, optimized to provid e monitori ng and secure access to serial and network consoles of crit ical server systems a nd their s uppo rti ng po[...]
-
Page 162
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 162 ip6 ta ble s Admini strati on to ol for IPv 6 packet fi lteri ng ipta ble s -re s to re Rest o re IP Tables ipt a bles-save Save IP Ta bl es kill * Se nd a signal t o a process to end g racefully ln * Make link s b etween files logi n Begi n sessi on on the sy stem loopba[...]
-
Page 163
Appendi x A : Linu x Com ma nd s and Sou rc e Code 724-746-5 5 00 | blackbox.co m 163 sl ee p * Delay f or a specif ied a mount of time s m bmnt Help er utility f or mounting SM B file sys tems sm b moun t Mount an SM B FS f il e sy stem sm bu moun t SMB F S u mo u n t fo r no rm a l u s er s snm p d SN M P d a emo n snm p tra p S en d s an SN M P [...]
-
Page 164
1101 a n d 11 02 Secur e Devi ce Ser ve rs 724-746-5 5 00 | blackbox.co m 164 T h e re ar e a ls o a num ber of ot he r CL I c omm a nd s re la te d to othe r ope n s our ce to ol s e mbe dde d i n t he console serv er in cludi ng : PowerMan pr o vides po w er manageme n t fo r m any prec on fi gured rem o te p ow er co n trolle r (R PC) d evices .[...]